SecurityWeek

China-linked APT Salt Typhoon has been exploiting known vulnerabilities in Cisco devices in attacks on telecom providers in the US and abroad.

ClearSky Cyber Security says it has seen a new Windows zero-day being exploited by a Chinese APT named Mustang Panda. 

Identity management provider SGNL has raised $30 million in a Series A funding round led by Brightmind Partners.

Attempts to exploit CVE-2024-0108, an authentication bypass vulnerability in Palo Alto firewalls, started one day after disclosure. 

Rapid7 finds a new zero-day vulnerability in PostgreSQL and links it to chain of attacks against a BeyondTrust Remote Support product.

Poland is being targeted by various forms of cyberattacks and sabotage actions believed to be sponsored by Russia.

The Sarcoma ransomware group is threatening to leak data stolen from Taiwanese printed circuit board manufacturer Unimicron.

CyberArk acquires early stage Boston startup Zilla Security for $165M, expanding its identity security and IGA capabilities.

Millions of uninformed users have flocked to DeepSeek and share personal information without considering security or privacy risks.

A toolset associated with China-linked espionage intrusions was employed in a ransomware attack, likely by a single individual.

An analysis conducted by SecurityWeek shows that 405 cybersecurity-related mergers and acquisitions were announced in 2024.

Jscrambler has received a $5.2 million investment from Iberis Capital to accelerate innovation and research.

Palo Alto Networks has published 10 new security advisories, including one for a high-severity firewall authentication bypass vulnerability.

Threat actors are increasingly exploiting two old vulnerabilities in ThinkPHP and OwnCloud in their attacks.

Google has released a Chrome 133 update to address four high-severity vulnerabilities reported by external researchers.

The Italian government denied it hacked seven cellphones with military-grade surveillance technology from Paragon Solutions.

QuSecure is pitching a software-based security architecture that overlays onto current networks to help businesses with PQC migration.

A subgroup of the Russia-linked Seashell Blizzard is tasked with broad initial access operations to sustain long-term persistence.

Security and compliance automation firm Drata has acquired trust center platform SafeBase in a quarter billion dollar deal.

Ivanti and Fortinet on Tuesday released patches for multiple critical- and high-severity vulnerabilities in their products.