SecurityWeek

Multiple vulnerabilities in Ruckus Wireless management products could be exploited to fully compromise the managed environments.

Nova Scotia Power is notifying individuals affected by the recent data breach, including in the United States.

Ivanti, Fortinet, and Splunk have released patches for critical- and high-severity vulnerabilities in their products.

Xu Zewei has been arrested on charges that he is a member of the Chinese state-sponsored hacking group Hafnium (Silk Typhoon).

Adobe patches were also released for medium-severity flaws in After Effects, Audition, Dimension, Experience Manager Screens, FrameMaker, Illustrator, Substance 3D Stager, and Substance 3D Viewer.

Patch Tuesday July 2025: Microsoft rolled out fixes for 130 vulnerabilities, including a zero-day in SQL Server.

The warning came after the department discovered that an impostor attempted to reach out to at least three foreign ministers, a U.S. senator and a governor.

A stolen copy of Shellter Elite shows how easily legitimate security tools can be repurposed by threat actors when vetting and oversight fail.

As organizations rush to adopt agentic AI, security leaders must confront the growing risk of invisible threats and new attack vectors.

SAP has released patches for multiple insecure deserialization vulnerabilities in NetWeaver that could lead to full system compromise.

Researchers released technical information and exploit code targeting a critical vulnerability (CVE-2025-5777) in Citrix NetScaler.

The Australian airline says a cybercriminal attempted to extort it after customer data was stolen from a contact center.

CVE-2025-6554 and three other Chromium vulnerabilities could allow attackers to execute code and corrupt memory remotely.

The notorious Hive successor ceases ransomware operations but pivots to pure data extortion under the new World Leaks brand.

The IT products and services giant did not say how the intrusion occurred or whether any data was stolen from its systems.

Officials identified the suspect as João Roque, a C&M employee who worked in information technology and allegedly helped others gain unauthorized access to PIX systems.

Noteworthy stories that might have slipped under the radar: drug cartel hires hacker to identify FBI informants, prison time for Russian ransomware developer, ransomware negotiator investigated. 

A vulnerability in the Catwatchful spyware allowed a security researcher to retrieve the usernames and passwords of over 62,000 accounts.

Hardcoded SSH credentials in Cisco Unified CM and Unified CM SME could allow attackers to execute commands as root.

SentinelOne says the fake Zoom update scam delivers ‘NimDoor’, a rare Nim-compiled backdoor.