SecurityWeek

Pwn2Own participants demonstrated exploits against VMs, AI, browsers, servers, containers, and operating systems.

Google says the hacking group behind the recent cyberattacks on UK retailers is now shifting focus to the US.

A summary of noteworthy stories that might have slipped under the radar this week.

The 15th edition of NATO’s Locked Shields cyber defense exercise brought together 4,000 experts from 41 countries.

Russia-linked APT28 has been exploiting mail server vulnerabilities against government and defense entities since September 2023.

The FBI says former federal and state government officials are targeted with texts and AI-generated voice messages impersonating senior US officials.

Pwn2Own participants have earned tens of thousands of dollars for Red Hat, Windows, Oracle VirtualBox, Docker Desktop, and AI exploits.

Once a key figure in the Angler exploit kit underworld, Tarasov’s life has unraveled into detention, paranoia, and an unwanted return to the Russia he publicly despised.

Coinbase said a group of rogue contractors were bribed to pull customer data from internal systems, leading to a $20 million ransom demand.

American steel giant Nucor on Wednesday disclosed a cybersecurity incident that bears the hallmarks of a ransomware attack.

Enterprise cybersecurity giant Proofpoint is buying Germany-based Microsoft 365 security solutions provider Hornetsecurity.

The China-linked hacking group Earth Ammit has launched multi-wave attacks in Taiwan and South Korea to disrupt the drone sector.

Two ransomware groups and several Chinese APTs have been exploiting two recent SAP NetWeaver vulnerabilities.

Nova Scotia Power says a wide range of personal and financial information was stolen in the recent cyberattack.

The Australian Human Rights Commission says data submitted through the complaint form on its website was inadvertently exposed.

Google has rolled out a Chrome 136 update that resolves a high-severity vulnerability for which a public exploit exists.

Google bundles multiple safeguards under a single Android toggle to protect high-risk users from advanced mobile malware implants.

Trying to block AI tools outright is a losing strategy. SaaS and AI are increasingly inseparable, and AI isn’t limited to tools like ChatGPT or Copilot anymore.

Intel, AMD and Arm each published security advisories on Patch Tuesday, including for newly disclosed CPU attacks.

Kosovo citizen Liridon Masurica has appeared in a US court, facing charges for his role in operating the cybercrime marketplace BlackDB.cc.