Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Latest Cybersecurity News

Security and compliance automation firm Drata has acquired trust center platform SafeBase in a quarter billion dollar deal.

Ivanti and Fortinet on Tuesday released patches for multiple critical- and high-severity vulnerabilities in their products.

A new GAO report assesses that the Coast Guard needs to improve Maritime Transportation System (MTS) cybersecurity.

Chipmakers Intel, AMD and Nvidia on Tuesday published new security advisories to inform customers about vulnerabilities found in their products. 

A fresh post on the Kraken ransomware group’s leak website refers to data stolen in a 2022 cyberattack, Cisco says.

Industrial giants Schneider Electric and Siemens have released February 2025 Patch Tuesday ICS security advisories.

On the eve of the Munich Security Conference, Google argues that the cybercriminal threat should be treated as a national security threat like state-backed hacking groups.

The Microsoft Patch Tuesday machine hummed loudly this month with urgent fixes for a pair of already-exploited Windows zero-days.

Patch Tuesday: Adobe patches 45 vulnerabilities across multiple products and warns of remote code execution exploitation risks.

Russia-based bulletproof hosting services provider Zservers was sanctioned for providing services to support LockBit ransomware operations.

OpenSSL has patched CVE-2024-12797, a high-severity vulnerability found by Apple that can allow man-in-the-middle attacks.

People on the Move

Cyber exposure management firm Armis has promoted Alex Mosher to President.

Software giant Atlassian has named David Cross as its new CISO.

Dan Pagel has been named the new CEO of risk management and remediation firm Brinqa.

The City of Phoenix has promoted Mitch Kohlbecker to the role of Chief Information Security Officer.

Gigamon has promoted Tony Jarjoura to CFO and Ram Bhide has been hired as Senior VP of engineering.

More People On The Move
Microsoft Zero-Days Microsoft Zero-Days

The Microsoft Patch Tuesday machine hummed loudly this month with urgent fixes for a pair of already-exploited Windows zero-days.

Intel security Intel security

Intel says roughly 100 of the 374 vulnerabilities it patched last year were firmware and hardware security defects.

iPhone security iPhone security

Cupertino’s security response team said the flaw was used in “an extremely sophisticated attack against specific targeted individuals.” 

Top Cybersecurity Headlines

News analysis: The big AI platforms are emerging as frontline early warning systems, detecting nation-state hackers at the outset of their campaigns. Can this help save the threat intel industry?

SolarWinds will become a privately held company following its acquisition by Turn/River Capital for $4.4 billion in cash. 

Hospital Sisters Health System says the personal information of 883,000 individuals was compromised in a 2023 crippling cyberattack.

SecurityWeek Industry Experts

More Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Examine the state of cybersecurity in the context of quantum computing and artificial intelligence. Discuss the implications of the new White House administration’s cybersecurity policies and how they will influence the industry’s direction in 2025 and beyond.

Register

Dive into critical topics such as incident response, threat intelligence, and attack surface management. Learn how to align cyber resilience plans with business objectives to reduce potential impacts and secure your organization in an ever-evolving threat landscape.

Watch Now

Upcoming Cybersecurity Events

The AI Risk Summit brings together security and risk management executives, AI researchers, policy makers, software developers and influential business and government stakeholders. [June 2025, Stay Tuned]

Learn More

SecurityWeek’s CISO Forum Summer Summit & Golf Classic will take place June 25-26 at the Ritz-Carlton, Half Moon Bay, CA

Learn More

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.(February 26, 2025)

Learn More

Supply Chain Security Summit
Join us as we explore the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects. (March 19, 2025)

Learn More

Vulnerabilities

Cybercrime

WASHINGTON - Backers of a cybersecurity bill which stalled in Congress last year offered changes Monday in an effort to ease concerns of privacy and civil liberties activists.

WASHINGTON - WikiLeaks on Monday launched a searchable archive containing 1.7 million US State Department documents from 1973-6 that had long been in the public domain, billing it as a victory for transparency.

Network security firm Sourcefire on Monday announced that it has appointed John Becker as its new Chief Executive Officer, taking over for Martin Roesch who has served as interim Chief Executive Officer since June 2012 after John Burris took a medical leave of absence to undergo a series of treatments for colon cancer.

BadB, a man with deep ties to the carding community, notorious for his connections to CarderPlanet before authorities shut it down in 2004, was sentenced to 88 months in prison last week for trafficking in stolen credit cards.

A new report from McAfee outlines the growing risks in the sales and commerce industry, due in part to the mix of legacy and newer Point of Sale (POS) systems, in addition to secondary market hardware. Overall, McAfee’s point is that businesses need to focus on more than just PCI DSS compliance.

There is a shift going on in the security business. It’s been a slow-moving wave for a while now – a shift from reactive to proactive. In the long view, you can see that the pendulum has swung back and forth a few times.

Veracode, known for their application security testing offerings, has released their annual report on the state of software security, which focuses on software vulnerability trends and predictions.

JERUSALEM - A mass cyber attack by hacker groups targeting Israel which began Saturday continued on Monday, but the damage was negligible, the Shin Bet domestic security agency said. "As of noon on Monday, the state of alert continues and the efforts and activity to prevent the cyber attacks that began on Saturday night are ongoing," the agency said in a statement.

JERUSALEM - Hackers have launched an assault on Israeli websites, but the damage has been minimal as the Jewish state is prepared to fend off such attacks, one of the country's top cyber experts said on Sunday.

WASHINGTON - Tensions have soared in recent weeks over North Korea, which has threatened a nuclear strike against the United States and has allegedly moved missiles to its east coast. How Did It Come To This?

First discovered in 2011, the Shylock banking Trojan affects virtually all versions of Windows from Windows 2000 onward, and has turned into one of the most advanced forms of financial fraud malware around. And according to new discoveries by Symantec, Shylock has recently become even more powerful thanks to a number of new modules that significantly beef up its functionality and ability to steal money and sensitive data.

The Australian Federal Police (AFP) have said that a 17-year-old has appeared in court to face charges related to actions taken on behalf of Anonymous. The statement didn’t mention however, the nature of the charges with specifics, as the person in question is still a minor.

I have a pet peeve about virtualization and security, and it happens to be a minor thing with syntax. It comes down to this question; what is the difference between virtual and virtualized, and why does it matter in in the language of security?

Event image poster

The leading global conference series for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Learn More

Application Security

Application Security

San Francisco application security startup raises $100 million in a Series D funding round led by Menlo Ventures. 

Cloud Security

Application Security

APIs are easy to develop, simple to implement, and frequently attacked. They are  prime and lucrative targets for cybercriminals. 

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.