SecurityWeek

Engineering firm Smiths Group has disclosed a cyberattack that forced it to take some systems offline and activate business continuity plans.

Rockwell Automation has released six new security advisories to inform customers about several critical and high-severity vulnerabilities.

Artificial intelligence is upending cybersecurity. It is used by adversaries in their attacks, and by defenders in their defense.

Threat actors have been exploiting SimpleHelp remote access software shortly after the disclosure of three vulnerabilities.

Frenos, a company that has developed an autonomous OT security assessment platform, has raised $3.88 million in seed funding. 

What is DeepSeek, the Chinese AI company whose R1 chatbot upended stock markets and fueled debates on economic and geopolitical competition?

VMware warns that a malicious user with network access may be able to use specially crafted SQL queries to gain database access.

The investment includes equity and debt from new investors Qualcomm Ventures, Pavilion Capital, Singtel Innov8, and Sixty Degree Capital. 

Hackers stole more than $85 million in crypto assets from hot wallets at cryptocurrency exchange Phemex.

Endpoint management and security firm NinjaOne to acquire cloud data backup, archiving, and recovery solutions provider Dropsuite for $252 million.

The European Union has added three Russian nationals to its sanctions list for their involvement in cyberattacks against Estonia.

China’s DeepSeek blamed sign-up disruptions on a cyberattack as researchers started finding vulnerabilities in the R1 AI model. 

ENGlobal has informed the SEC that personal information was compromised in a November 2024 ransomware attack.

SonicWall has confirmed that an SMA 1000 zero-day tracked as CVE-2025-23006 has been exploited in the wild.

Apple has released fixes for dozens of vulnerabilities in its mobile and desktop products, including an iOS zero-day exploited in attacks.

UK telecoms firm TalkTalk has confirmed falling victim to a data breach after a threat actor boasted about hacking it.

Vulnerabilities in LTE/5G core infrastructure, some remotely exploitable, could lead to persistent denial-of-service to entire cities.

Cybersecurity regulations are facing a tipping point. There are too many and they are too complex to manage – and it’s getting worse.

Opengrep is a new consortium-backed fork of Semgrep, intended to be and remain a true genuine OSS SAST tool.

Industrial automation protocols continue to be the most targeted in OT attacks, but building automation systems have been increasingly targeted.