SecurityWeek

Private messages, Bitcoin addresses, victim data, and attacker information were leaked after someone hacked a LockBit admin panel.

British startup exits stealth with $20 million in seed-stage financing led by US investors Scout Ventures and Artis Ventures.

Four people have been arrested in Poland and several websites associated with DDoS-for-hire services have been shut down.

SonicWall patches three SMA 100 vulnerabilities, including a potential zero-day, that could be chained to execute arbitrary code remotely.

Russia-linked APT Star Blizzard is using the ClickFix technique in recent attacks distributing the LostKeys malware.

The patches for an exploited Samsung MagicINFO vulnerability are ineffective and a Mirai botnet has started targeting it.

Cisco releases patches for 26 vulnerabilities in IOS and IOS XE software, including 17 critical- and high-severity bugs.

SysAid patches IT service management software vulnerabilities that can be chained for unauthenticated remote command execution. 

Health technology and consumer electronics firm Masimo detected unauthorized activity on its network in late April.

Cisco unveils its Quantum Network Entanglement Chip and new Quantum Labs, laying the groundwork for a scalable quantum internet that connects distributed quantum computers into a unified, powerful system.

Code quality and security firm CodeAnt has secured $2 million in seed funding and it has been valued at $20 million.

CrowdStrike said the planned cuts will affect approximately 500 employees and will span the first half of fiscal 2026.

Ox Security has raised a total $94 million since its launch in 2021 with ambitious plans to cash in on two fast-moving trends.

By baking minimum expectations into procurement conversations, the plan is to steer software vendors to “secure-by-design and default” basics.

The US has sanctioned Myanmar warlord Saw Chit Thu and his militia for their roles in cyber scams causing billions in losses to American victims.

Meta has won its WhatsApp hacking lawsuit against Israeli spyware company NSO Group in an “important step forward for privacy and security”.

Application performance monitoring provider AppSignal has raised $22 million in a Series A funding round led by Elsewhere Partners.

At least two ransomware groups exploited the Windows zero-day CVE-2025-29824 before it was patched by Microsoft.

Threat actors are targeting a critical-severity vulnerability in the OttoKit WordPress plugin to gain administrative privileges.

Agencies say the attacks leverage basic intrusion techniques, but poor cyber hygiene within critical infrastructure organizations could lead to disruptions and damage.