SecurityWeek

A vulnerability in Google’s OAuth implementation allows takeover of old employee accounts when domain ownership changes.

Google has released Chrome 132 with fixes for 16 vulnerabilities, including multiple high-severity security defects.

Nvidia, Zoom, and Zyxel have released patches for multiple high-severity vulnerabilities across their products.

The US, Japan, and South Korea say North Korean hackers stole roughly $660 million in cryptocurrency last year.

Ivanti has released patches for multiple vulnerabilities in Endpoint Manager (EPM), including four critical-severity flaws.

Fortinet patches critical vulnerabilities, including a zero-day that has been exploited in the wild since at least November 2024. 

Schneider Electric, Siemens, CISA, and Phoenix Contact have released January 2025 Patch Tuesday ICS security advisories.

Patch Tuesday: Adobe ships patches for more than a dozen security defects in a wide range of software products.

Patch Tuesday: Microsoft's January Patch Tuesday rollout includes fixes for 160 security defects, the largest number of CVEs addressed in any single month since at least 2017.

The executive order comes on the heels of the Biden administration’s proposed restrictions on exports of AI chips, an attempt to balance national security concerns about the technology with economic interests of producers and other countries.

Since no technical means have been found to curtail criminal extortion through prevention or attack, the new proposal is to eliminate its profitability.

WEF's Global Cybersecurity Outlook 2025 report highlights key challenges like the skills gap, third-party risks, and resilience disparities between businesses and private sectors.

BforeAI has raised $10 million in Series B funding, which brings the total raised by the security firm to more than $30 million.

With a security-first culture fully in play, developers will view the protected deployment of AI as a marketable skill, and respond accordingly.

Apparently malicious NPM packages linked to Snyk raised some concerns, but the security firm clarified that it’s part of a research project.

New York identity management startup raises $36 million in an unusually large seed round co-led by Team8 and Intel Capital.

Cyber threat intelligence can inform decisions but is a complex issue. Where it is complete and accurate it is a huge boon.

SAP has released 14 security notes on January 2025 Patch Day, including two addressing critical vulnerabilities in NetWeaver.

CISA and other Western security agencies have shared guidance for OT owners and operators when procuring products. 

A ransomware group tracked as Codefinger is using compromised AWS keys to encrypt S3 bucket data using SSE-C.