SecurityWeek

CISA has updated the Minimum Elements for a Software Bill of Materials (SBOM) guidance and is seeking public comment.

Netskope has an annual recurring revenue of more than $707 million, but it’s still not profitable, reporting a net loss of $170 million in H1. 

The Arch Linux Project has been targeted in a DDoS attack that disrupted its website, repository, and forums.

Farmers New World Life Insurance and Farmers Group have filed separate data breach notifications with state authorities. 

Dubbed Operation Serengeti 2.0, the operation took place between June and August.

Noteworthy stories that might have slipped under the radar: cryptojacker sentenced to prison, ECC.fail Rowhammer attack, and Microsoft limits China’s access to MAPP.

Silk Typhoon was seen exploiting n-day and zero-day vulnerabilities for initial access to victim systems.

Davis Lu was sentenced to four years in prison for installing malicious code on employer’s systems and for deleting encrypted data.

CPAP Medical Supplies and Services has disclosed a data breach resulting from an intrusion that occurred in December 2024.

AWS has addressed a vulnerability that could have been leveraged to bypass Trusted Advisor’s S3 bucket permissions check.

Between June and August, over 300 entities were targeted with the Atomic macOS Stealer via malvertising.

MITRE has updated the list of Most Important Hardware Weaknesses to align it with evolving hardware security challenges.

Colt Technology Services is working on restoring systems disrupted by a ransomware attack that involved data theft.

Noah Urban was sentenced to 10 years in prison for his role in the notorious cybercriminal operation known as Scattered Spider.

A researcher has tested nearly a dozen password managers and found that they were all vulnerable to clickjacking attacks.

Russian state-sponsored hackers tracked as Static Tundra continue to target Cisco devices affected by CVE-2018-0171.

Orange Belgium says hackers accessed data pertaining to 850,000 customer accounts during a July cyberattack.

Apple has rolled out iOS and macOS updates that resolve a zero-day vulnerability exploited in highly targeted attacks.

A $50,000 reward from Europol for two members of the Qilin ransomware group is a ‘scam’, according to the law enforcement agency.

Instead of GPT-5 Pro, your query could be quietly redirected to an older, weaker model, opening the door to jailbreaks, hallucinations, and unsafe outputs.