SecurityWeek

Anecdotes has raised $55 million in an extended Series B funding round that brings the total raised by the company to $85 million. 

SAP released 20 security notes on April 2025 patch day, including three addressing critical code injection and authentication bypass flaws.

Silicon Valley startup secures big investment from Menlo Ventures and Mayfield Fund to solve the “shadow AI” security problem.

An update for the WhatsApp desktop app for Windows patches CVE-2025-30401, a spoofing vulnerability that could be used to trick users.

A sophisticated APT tracked as ToddyCat has exploited an ESET DLL search order hijacking vulnerability for malware delivery.

The new funds will be used to extend Corsha’s reach into critical infrastructure and further improve its own use of AI.

Tailscale’s new Series C funding round brings the total raised by the company for its secure networking platform to $275 million.

More than 5,000 Ivanti Connect Secure appliances are vulnerable to attacks exploiting CVE-2025-22457, which has been used by Chinese hackers.

Android’s latest security update resolves two exploited Kernel vulnerabilities, as well as critical-severity bugs.

Huntress has shared details on the post-exploitation activities of threat actors targeting the recent CrushFTP vulnerability.

As PCI DSS 4.0.1 comes into force, it shows the power of industry collaboration in cybersecurity.

Experimental Sec-Gemini v1 touts a combination of Google’s Gemini LLM capabilities with real-time security data and tooling from Mandiant.

‘PoisonSeed’ phishing campaign targets CRM and bulk email providers to distribute “crypto seed phrase” messages.

NIST has marked pre-2018 CVEs in NVD as ‘Deferred’ and will no longer spend resources on enriching them.

The Port of Seattle says the personal information of 90,000 individuals was stolen in an August 2024 ransomware attack.

A 20-year-old arrested last year and charged alongside others believed to be members of Scattered Spider has pleaded guilty.

A patch has been released for a serious information disclosure vulnerability affecting a Verizon call filtering application.

Noteworthy stories that might have slipped under the radar: Apple adding TCC events to Endpoint Security, cybersecurity funding report for Q1 2025, Trump fires the head of NSA and Cyber Command.

The State Bar of Texas is notifying thousands of individuals that their personal information was stolen in a February ransomware attack.

US and allied countries warn of threat actors using the “fast flux” technique to change DNS records and hide malicious servers’ locations.