SecurityWeek

Zest Security emerged from stealth with $5 million funding and an AI-powered platform that resolves the root source of risk in the cloud.

The new financing brings the total raised by Dazz to $110 million as investors double down on bets in the cloud security remediation space.

Sygnia discovered what it believes to be a variant of the GhostEmperor infection chain leading to the Demodex rootkit – which was first seen and described in 2021.

CISA warns of the in-the-wild exploitation of CVE-2024-39891, a Twilio Authy bug leading to the disclosure of phone number data.

Michigan Medicine is notifying roughly 57,000 individuals of a data breach impacting their personal and health information.

Siemens has released out-of-band updates to patch two potentially serious vulnerabilities in products used in energy supply. 

Verizon subsidiary TracFone Wireless settles for $16 million with the FCC over three old data breaches.

Vanta has raised $150 million in a Series C funding round and it plans on using the money to fuel expansion and AI innovation.

Chrome 127 was promoted to the stable channel with patches for 24 vulnerabilities, including 16 reported externally.

CrowdStrike has shared a preliminary incident review, explaining why the update that caused global chaos was not caught by testing. 

Delta has canceled more than 5,500 flights since the outage started early Friday morning.

KnowBe4 chief executive Stu Sjouwerman: “We sent them their Mac workstation, and the moment it was received, it immediately started to load malware."

Canadian cybersecurity startup Protexxa closes a $10 million Series A funding round that brings the total raised to $15 million.

Google no longer plans on deprecating third-party cookies in Chrome and is working on an updated approach.

U.S. House leaders are calling on CrowdStrike CEO George Kurtz to testify on widespread tech outage that services around the world.

CrowdStrike tested a new technique to speed up the remediation of systems impacted by the recent bad update.

The EvilVideo zero-day vulnerability in Telegram for Android allowed threat actors to send malicious files disguised as videos.

Everything about the Kids Online Safety Act (KOSA): who supports it, who opposes it, and its chances of passing in Congress.

Authorities in the UK infiltrated and disrupted the DDoS-for-hire service DigitalStress, and one suspect was arrested.

The FrostyGoop ICS malware was used recently in an attack against a Ukrainian energy firm that resulted in loss of heating for many buildings.