SecurityWeek

NIST has marked pre-2018 CVEs in NVD as ‘Deferred’ and will no longer spend resources on enriching them.

The Port of Seattle says the personal information of 90,000 individuals was stolen in an August 2024 ransomware attack.

A 20-year-old arrested last year and charged alongside others believed to be members of Scattered Spider has pleaded guilty.

A patch has been released for a serious information disclosure vulnerability affecting a Verizon call filtering application.

Noteworthy stories that might have slipped under the radar: Apple adding TCC events to Endpoint Security, cybersecurity funding report for Q1 2025, Trump fires the head of NSA and Cyber Command.

The State Bar of Texas is notifying thousands of individuals that their personal information was stolen in a February ransomware attack.

US and allied countries warn of threat actors using the “fast flux” technique to change DNS records and hide malicious servers’ locations.

Oracle has confirmed suffering a data breach but the tech giant is apparently trying to downplay the impact of the incident.

A critical vulnerability in Apache Parquet can be exploited to execute arbitrary code remotely, leading to complete system compromise.

Evidence shows a SpotBugs token compromised in December 2024 was used in the March 2025 GitHub Actions supply chain attack.

Ivanti misdiagnoses a remote code execution vulnerability and Mandiant reports that Chinese hackers are launching in-the-wild exploits.

An unauthenticated SQL injection vulnerability in Halo ITSM could have been exploited to read, modify, or insert data.

The notorious cybercrime group Hunters International is dropping ransomware to focus on data theft and extortion.

Less than two dozen cybersecurity merger and acquisition (M&A) deals were announced in March 2025.

GitHub has announced new capabilities to help organizations and developers keep secrets in their code protected.

Two CVEs now exist for an actively exploited CrushFTP vulnerability and much of the security industry is using the ‘wrong one’.

Cisco fixes two high-severity denial-of-service vulnerabilities in Meraki devices and Enterprise Chat and Email.

Google’s patches for Quick Share for Windows vulnerabilities leading to remote code execution were incomplete and could be easily bypassed.

Adaptive is pitching a security platform designed to replicate real-world attack scenarios through AI-generated deepfake simulations. 

Vulnerabilities in open source ChatGPT alternative Jan AI expose systems to remote, unauthenticated manipulation.