SecurityWeek

Agentic AI can be a great tool for many of the ‘gray area’ tasks that SOC analysts undertake.

The incident impacted multiple web and mobile applications, licensing services, downloads and online store, website, wiki, MathWorks accounts, and other services.

Data broker giant LexisNexis Risk Solutions says personal information was stolen from 364,000 people in a December 2024 data breach.

The Czech government issues a blunt warning to China after APT31 hackers linked to intrusion at critical infrastructure network.

Identity security automation platform Cerby has raised $40 million in Series B funding to scale operations.

Mandiant warns that a Vietnamese hacking group tracked as UNC6032 is distributing malware via fake AI video generator websites.

Security researchers warn that OneDrive’s file sharing tool may grant third-party web apps access to all your files—not just the one you choose to upload.

Google and Mozilla released patches for Chrome and FireFox to address a total of 21 vulnerabilities between the two browsers, including three rated high severity.

New report says organizations should always consider environmental context when assessing the impact of vulnerabilities in CISA KEV catalog.

Physicist Neil Johnson explores how fundamental laws of nature could explain why AI sometimes fails—and what to do about it.

Hackers exploited a vulnerability in Cetus Protocol, a liquidity provider on the SUI blockchain.

Zscaler signals a big push into the security-operations market with the announcement of plans to buy Denver-based Red Canary.

Sina Gholinejad pleaded guilty to computer-fraud and wire-fraud-conspiracy charges linked to the Robbinhood ransomware hit on Baltimore.

Sophos warns that a DragonForce ransomware operator chained three vulnerabilities in SimpleHelp to target a managed service provider.

Microsoft flags a new Kremlin hacking team buying stolen usernames and passwords from infostealer markets for use in cyberespionage attacks. 

Security firm Socket warns flags a campaign targeting NPM users with tens of malicious packages that can hijack system information.

The agencies said that the group, which they called Laundry Bear, is actively trying to steal sensitive data from EU and NATO countries and is “extremely likely Russian state supported.”

As cloud security spending surges to $111 billion, new data highlights Microsoft's dominance, the U.S. market's outsized role, and Google's strategic acquisition of Wiz.

The FBI warns US law firms that the Silent Ransom Group (SRG) has been constantly targeting the legal industry.

Nova Scotia Power has finally admitted that the recent cyberattack was a ransomware attack, but it hasn’t paid the hackers.