SecurityWeek

Industrial giants Siemens, Rockwell, Schneider and ABB have released their March 2025 Patch Tuesday ICS security advisories.

Patch Tuesday: Microsoft ships urgent cover for another WIndows CLFS vulnerability already exploited in the wild.

The Adobe Patch Tuesday rollout covers 54 vulnerabilities, including code execution issues in the oft-targeted Adobe ColdFusion software.

Texas network access control startup closes a Series B round led by Updata Partners and brings the total raised to $60 million.

San Francisco smart contract security startup closes a $6.75 million seed funding round led by Archetype and Winklevoss Capital.

Spektion has emerged from stealth mode with $5 million in seed funding for its vulnerability management solution.

While often relegated to a purely functional role, DNS offers unparalleled opportunities for preemptive defense against cyberattacks.

Anecdotes has raised $55 million in an extended Series B funding round that brings the total raised by the company to $85 million. 

SAP released 20 security notes on April 2025 patch day, including three addressing critical code injection and authentication bypass flaws.

Silicon Valley startup secures big investment from Menlo Ventures and Mayfield Fund to solve the “shadow AI” security problem.

An update for the WhatsApp desktop app for Windows patches CVE-2025-30401, a spoofing vulnerability that could be used to trick users.

A sophisticated APT tracked as ToddyCat has exploited an ESET DLL search order hijacking vulnerability for malware delivery.

The new funds will be used to extend Corsha’s reach into critical infrastructure and further improve its own use of AI.

Tailscale’s new Series C funding round brings the total raised by the company for its secure networking platform to $275 million.

More than 5,000 Ivanti Connect Secure appliances are vulnerable to attacks exploiting CVE-2025-22457, which has been used by Chinese hackers.

Android’s latest security update resolves two exploited Kernel vulnerabilities, as well as critical-severity bugs.

Huntress has shared details on the post-exploitation activities of threat actors targeting the recent CrushFTP vulnerability.

As PCI DSS 4.0.1 comes into force, it shows the power of industry collaboration in cybersecurity.

Experimental Sec-Gemini v1 touts a combination of Google’s Gemini LLM capabilities with real-time security data and tooling from Mandiant.

‘PoisonSeed’ phishing campaign targets CRM and bulk email providers to distribute “crypto seed phrase” messages.