SecurityWeek

Exploit and vulnerability intelligence provider VulnCheck has raised $12 million in a Series A funding round.

The personal information of 22,000 Western Alliance Bank customers was stolen in a data breach linked to Cl0p’s hacking of the Cleo file transfer tool.

US representatives and senators have reintroduced a bipartisan bill to support the cybersecurity of small water and wastewater utilities.

A year-old vulnerability in a third-party ChatGPT tool is being exploited against financial entities and US government organizations.

Exploits swirling for remote code execution vulnerability (CVE-2025-24813) in open-source Apache Tomcat web server.

First choices for both KEMs and DSAs are already standardized, and organizations should not wait for the backups to be available before migrating to PQC. 

Nearly 8,000 new vulnerabilities affecting the WordPress ecosystem were reported last year, nearly all in plugins and themes.

Threat actors are abusing Microsoft 365 infrastructure in a BEC campaign, and target its users in two brand impersonation campaigns.

The websites of over 100 auto dealerships were found serving malicious ClickFix code in a supply chain compromise.

Vulnerabilities in Nvidia Riva could allow hackers to abuse speech and translation AI services that are typically expensive. 

The tj-actions/changed-files GitHub Action, which is used in 23,000 repositories, has been targeted in a supply chain attack.

Noteworthy stories that might have slipped under the radar: Switzerland requires disclosure of critical infrastructure attacks, ESP32 chips don’t contain a backdoor, MassJacker cryptojacking malware.

The ClickFix technique has been employed by cybercrime and APT groups for information stealer and other malware deployment.

Russian-Israeli LockBit ransomware developer Rostislav Panev has been extradited from Israel to the United States.

Measure the different level of risk inherent to all gen-AI foundational models and use that to fine-tune the operation of in-house AI deployments.

Your guide on how to get through the conference with your sanity, energy, and key performance indicators (KPIs) intact.

Two Microsoft researchers have devised a new jailbreak method that bypasses the safety mechanisms of most AI systems.

The newly discovered SuperBlack ransomware has been exploiting two vulnerabilities in Fortinet firewalls.

A recently disclosed Edimax zero-day vulnerability has been exploited in the wild by Mirai botnets for nearly a year.

Meta’s Facebook security team warns of live exploitation of a zero-day vulnerability in the open-source FreeType library.