SecurityWeek

The late-stage startup said the round was led Coatue Management and brings Island’s total external funding to approximately $730 million.

A new ransomware group called Arkana claims to have compromised the US telecommunications provider WideOpenWest.

SplxAI has raised $7 million in a seed funding round led by LAUNCHub Ventures to secure agentic AI systems.

Production line monitoring cameras made by Inaba can be hacked for surveillance and sabotage, but they remain unpatched.

macOS users are targeted with multiple versions of the ReaderUpdate malware written in Crystal, Nim, Rust, and Go programming languages.

Threat actors have started probing servers impacted by a critical-severity vulnerability in the web application development framework Next.js.

Despite Oracle categorically denying that its Cloud systems have been breached, sample data released by the hacker seems to prove otherwise.

The vulnerability, tracked as CVE-2025-2783, was chained with a second exploit for remote code execution in attacks targeting organizations in Russia.

DrayTek routers around the world are rebooting and the vendor’s statement suggests that it may involve the exploitation of a vulnerability.

The authentication bypass vulnerability, tagged as CVE-2025-22230, carries a CVSS severity score of 7.8/10.

Microsoft has expanded the capabilities of Security Copilot with AI agents tackling data security, phishing, and identity management.

Charm Security has emerged from stealth mode with $8 million in funding for AI-powered scams and social engineering prevention.

Email-related data breach suffered by wheelchair and other mobility equipment provider Numotion affects almost 500,000 individuals. 

Which Security Testing Approach is Right for You: BAS, Automated Penetration Testing, or Both?

Weaver Ant, a cyberespionage-focused APT operating out of China, is targeting telecom providers for persistent access.

Threats themselves change very little, but the tactics used are continually revised to maximize the criminals’ return on investment and effort.

Frank Trezza is fairly typical of most hackers. Early pranks sometimes leading to something more serious.

Authorities in seven African countries arrested 300 suspects in an international crackdown on cybercriminal networks targeting businesses.

Critical remote code execution vulnerabilities found by Wiz researchers in Ingress NGINX Controller for Kubernetes.

The effects of the backlog are already being felt in vulnerability management circles where NVD data promises an enriched source of truth.