Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Latest Cybersecurity News

Patch Tuesday: Adobe ships patches for more than a dozen security defects in a wide range of software products.

Patch Tuesday: Microsoft’s January Patch Tuesday rollout includes fixes for 160 security defects, the largest number of CVEs addressed in any single month since at least 2017.

The executive order comes on the heels of the Biden administration’s proposed restrictions on exports of AI chips, an attempt to balance national security concerns about the technology with economic interests of producers and other countries.

Since no technical means have been found to curtail criminal extortion through prevention or attack, the new proposal is to eliminate its profitability.

WEF’s Global Cybersecurity Outlook 2025 report highlights key challenges like the skills gap, third-party risks, and resilience disparities between businesses and private sectors.

BforeAI has raised $10 million in Series B funding, which brings the total raised by the security firm to more than $30 million.

With a security-first culture fully in play, developers will view the protected deployment of AI as a marketable skill, and respond accordingly.

Apparently malicious NPM packages linked to Snyk raised some concerns, but the security firm clarified that it’s part of a research project.

New York identity management startup raises $36 million in an unusually large seed round co-led by Team8 and Intel Capital.

Cyber threat intelligence can inform decisions but is a complex issue. Where it is complete and accurate it is a huge boon.

SAP has released 14 security notes on January 2025 Patch Day, including two addressing critical vulnerabilities in NetWeaver.

People on the Move

Stephanie Crowe has been appointed head of the Australian Cyber Security Centre (ACSC).

Cloud security giant Wiz has named Fazal Merchant as President and Chief Financial Officer.

Cybersecurity and data protection company Acronis has appointed Gerald Beuchelt as CISO.

Adam Zoller has joined CrowdStrike as Chief Information Security Officer.

Ekta Singh-Bushell is the first COO of industrial cybersecurity company Dragos.

More People On The Move
zero-day flaw zero-day flaw

Patch Tuesday: Microsoft’s January Patch Tuesday rollout includes fixes for 160 security defects, the largest number of CVEs addressed in any single month since at least 2017.

Cloud attacks exploiting Aviatrix vulnerability Cloud attacks exploiting Aviatrix vulnerability

Attackers are exploiting a critical vulnerability in Aviatrix Controller to execute arbitrary code in AWS cloud environments.

Treasury Hacked by China Treasury Hacked by China

Chinese cyberspies targeted offices dealing with foreign investments and sanctions in the recent US Treasury hack. 

Top Cybersecurity Headlines

A research project into vulnerabilities affecting Microsoft’s PlayReady DRM raises some questions on responsible disclosure.

Google Cloud’s Mandiant has linked the exploitation of CVE-2025-0282, a new Ivanti VPN zero-day, to Chinese cyberspies.

Ivanti confirms zero-day exploitation of a remotely exploitable code execution flaw in its Connect Security product line.

SecurityWeek Industry Experts

More Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Explore trends and technologies that will shape the future of cybersecurity. Discover strategies for vendor selection, integration to minimize redundancies, and maximizing ROI from your cybersecurity investments. Gain actionable insights to ensure your stack is ready for tomorrow’s challenges.

Register

Dive into critical topics such as incident response, threat intelligence, and attack surface management. Learn how to align cyber resilience plans with business objectives to reduce potential impacts and secure your organization in an ever-evolving threat landscape.

Register

Upcoming Cybersecurity Events

The AI Risk Summit brings together security and risk management executives, AI researchers, policy makers, software developers and influential business and government stakeholders. [June 2025, Stay Tuned]

Learn More

SecurityWeek’s CISO Forum Summer Summit & Golf Classic will take place June 25-26 at the Ritz-Carlton, Half Moon Bay, CA

Learn More

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.(February 26, 2025)

Learn More

Supply Chain Security Summit
Join us as we explore the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects. (March 19, 2025)

Learn More

Vulnerabilities

Cybercrime

If 2012 has shown us anything about the security landscape, it’s that we’ve come very far in defending against – and deterring – attacks. And we’ve also learned that while we cannot control attackers themselves, we have endless power in our preparation for, and responses to, their attacks. With all of the new security technology and services available, we have the tools we need to raise the defensibility of every layer of our security shields.

SAN JUAN, PUERTO RICO – So long as wireless carriers and phone manufacturers drag their feet on regular operating system updates, Android users will remain vulnerable to malware and other attacks, a technologist and policy analyst said Monday.

MANILA, Feb 5, 2013 (AFP) - The Philippine Supreme Court has again stopped the government from enforcing a controversial cybercrime law, officials said Tuesday, amid concern it would severely curb Internet freedoms. Justice Secretary Leila de Lima said a fresh "temporary restraining order" (TRO) issued by the Supreme Court meant the law passed last year could not take effect.

Despite the fact that a majority of IT respondents say that their cloud deployments were successful, and have saved their respective organization's money, many still do not trust the cloud with sensitive or personal information. Moreover, some fear storing their data in the cloud due to concerns over government or legal action.

After suffering a breach last week that impacted some 250,000 accounts, Twitter is looking to bolster security by investing in two-factor authentication. The news comes by way of a job posting, where the micro-blogging site has asked security developers to come forward.

A document containing business data, including some personal details, from several regional U.S. financial firms was leaked by Anonymous earlier this week. On Tuesday, the Federal Reserve confirmed that one of their systems was breached, but would not directly link the breach to the data released by Anonymous’ OpLastResort.

SpeedTest.net, a free service that tests the performance of Broadband connections, was compromised and made to serve malware, according to security vendor Invincea. The situation has since been cleaned up. Details and pictures can be found here on Invincea's blog.

Google blacklisted the domain of netseer.com in response to a malware attack on the site, triggering a chain reaction that led to a number of high-traffic websites being flagged. This included sites such as ZDNet and The Guardian UK. According to NetSeer, the situation was resolved as of 9:30 a.m. PT.  The situation began when netseer.com was hacked and infected with malware. After the hack, Google added the domain to its list of sites affected by malware, and Chrome and...

Web security firm WhiteHat Security on Tuesday announced that it landed a $31 million round of funding led by JMI Equity, with additional investment from previous investor, Investor Growth Capital (IGC).

Ending weeks of rumors and speculation, Dell Inc. today said that it would be going private in a $24.4 billion deal that would put the company in the hands of founder and CEO Michael Dell and private equity firm Silver Lake.

WASHINGTON - The US Department of Energy on Monday confirmed it was the target of a cyber attack in January, which stole employee and contractor data, but said no classified data was compromised.

Two researchers have uncovered a new vulnerability in the Transport Layer Security (TLS) and Datagram TLS (DTLS) protocols that allow attackers to recover plaintext from a TLS/DTLS connection when CBC-mode encryption is used.

Event image poster

The leading global conference series for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Learn More

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.