SecurityWeek

T-Mobile paid $33 million in a private arbitration process over a SIM swap attack leading to cryptocurrency theft.

Forescout has found dozens of vulnerabilities in solar power systems from Sungrow, Growatt and SMA.

Straiker has emerged from stealth mode with a solution designed to help enterprises secure AI agents and applications.

OpenAI has raised its maximum bug bounty payout to $100,000 (up from $20,000) for high-impact flaws in its infrastructure and products.

Exploitation of Windows MMC zero-day is being pinned on a ransomware gang known as EncryptHub (an affiliate of RansomHub)

AMTSO has developed a Sandbox Evaluation Framework to standardize the testing of malware analysis solutions. 

The late-stage startup said the round was led Coatue Management and brings Island’s total external funding to approximately $730 million.

A new ransomware group called Arkana claims to have compromised the US telecommunications provider WideOpenWest.

SplxAI has raised $7 million in a seed funding round led by LAUNCHub Ventures to secure agentic AI systems.

Production line monitoring cameras made by Inaba can be hacked for surveillance and sabotage, but they remain unpatched.

macOS users are targeted with multiple versions of the ReaderUpdate malware written in Crystal, Nim, Rust, and Go programming languages.

Threat actors have started probing servers impacted by a critical-severity vulnerability in the web application development framework Next.js.

Despite Oracle categorically denying that its Cloud systems have been breached, sample data released by the hacker seems to prove otherwise.

The vulnerability, tracked as CVE-2025-2783, was chained with a second exploit for remote code execution in attacks targeting organizations in Russia.

DrayTek routers around the world are rebooting and the vendor’s statement suggests that it may involve the exploitation of a vulnerability.

The authentication bypass vulnerability, tagged as CVE-2025-22230, carries a CVSS severity score of 7.8/10.

Microsoft has expanded the capabilities of Security Copilot with AI agents tackling data security, phishing, and identity management.

Charm Security has emerged from stealth mode with $8 million in funding for AI-powered scams and social engineering prevention.

Email-related data breach suffered by wheelchair and other mobility equipment provider Numotion affects almost 500,000 individuals. 

Which Security Testing Approach is Right for You: BAS, Automated Penetration Testing, or Both?