Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Latest Cybersecurity News

Five Eyes cybersecurity agencies have released guidance on securing edge devices against increasing threats.

The blame of security incidents may be shared—but the burden of response always falls on the security team. Here’s how to prepare for the inevitable.

Critical vulnerabilities in Cisco Identity Services Engine could lead to elevation of privileges and  system configuration modifications.

Researchers see dozens of fake DeepSeek websites used for credential phishing, cryptocurrency theft, and scams.

7AI has launched an agentic security platform, which uses AI agents to handle repetitive tasks.

San Francisco application security startup raises $100 million in a Series D funding round led by Menlo Ventures. 

DeepSeek has computer code that could send some user login information to China Mobile.

With each passing year, social engineering attacks are becoming bigger and bolder thanks to rapid advancements in artificial intelligence.

David Kennedy is a hacker. There is no doubt about that. He has qualities common among hackers, but also many differences.

Just as OT technology differs from IT technology, the threats, likely adversaries, and potential harm also differ.

A significant number of cybersecurity-related merger and acquisition (M&A) deals announced in January 2025. 

People on the Move

Cloud security firm Mitiga has appointed Charlie Thomas as Chief Executive Officer.

Cynet announced the appointment of Jason Magee as Chief Executive Officer.

Ajay Garg has joined Saviynt as Chief Development Officer.

Penetration testing and offensive security firm Cobalt has named Gunter Ollmann as Chief Technology Officer.

Data security company Cyberhaven has named Chris Bates as its Chief Security Officer.

More People On The Move
David Kennedy David Kennedy

David Kennedy is a hacker. There is no doubt about that. He has qualities common among hackers, but also many differences.

Exploited vulnerability Exploited vulnerability

Multiple Zyxel legacy DSL CPE products are affected by exploited zero-day vulnerabilities that will not be patched.

AMD CPU vulnerability AMD CPU vulnerability

AMD has released patches for a microprocessor vulnerability found by Google that could allow an attacker to load malicious microcode.

Top Cybersecurity Headlines

The February 2025 Android patches resolve 46 vulnerabilities, including a Linux kernel bug that has been exploited in the wild.

2025 is an important year – it is probably our last chance to start our migration to post quantum cryptography before we are all undone by cryptographically relevant quantum computers.

“Texas will not allow the Chinese Communist Party to infiltrate our state’s critical infrastructure through data-harvesting AI and social media apps,” Abbott said.

SecurityWeek Industry Experts

More Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Explore trends and technologies that will shape the future of cybersecurity. Discover strategies for vendor selection, integration to minimize redundancies, and maximizing ROI from your cybersecurity investments. Gain actionable insights to ensure your stack is ready for tomorrow’s challenges.

Register

Dive into critical topics such as incident response, threat intelligence, and attack surface management. Learn how to align cyber resilience plans with business objectives to reduce potential impacts and secure your organization in an ever-evolving threat landscape.

Register

Upcoming Cybersecurity Events

The AI Risk Summit brings together security and risk management executives, AI researchers, policy makers, software developers and influential business and government stakeholders. [June 2025, Stay Tuned]

Learn More

SecurityWeek’s CISO Forum Summer Summit & Golf Classic will take place June 25-26 at the Ritz-Carlton, Half Moon Bay, CA

Learn More

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.(February 26, 2025)

Learn More

Supply Chain Security Summit
Join us as we explore the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects. (March 19, 2025)

Learn More

Vulnerabilities

Cybercrime

Rumors circulated early on Monday that Anonymous has kicked off their OpVendetta campaign with a hack on PayPal. While this hasn’t been confirmed, other related defacements and server compromises have been linked to the operation, as the faceless legion aims to make people remember the 5th of November. [Updated With Additonal Statements from PayPal Below]

With Halloween past us, there’s an excess of sugar in our blood, and remnant imaginings of monsters under the bed. So perhaps that’s why when the topic of “silver bullet security” recently came up, my mind immediately went to Werewolves. The term was used, as it often is, in a discussion about Application Whitelisting—the industrial automation industry’s rightful poster child for endpoint security.

Malware protection firm FireEye has teamed up with EMC’s RSA Security division through a new interoperability agreement that will leverage threat information from FireEye’s Malware Protection System (MPS) and feed that data into RSA’s NetWitness network monitoring platform.

Hundreds of webpages maintained by NBC Universal were defaced over the weekend, by a hacker going by the name of “pyknik.” In addition to NBC, this attacker also targeted a Lady Gaga fan site. Web software used by both domains is speculated to be the primary source of access used in the attack.

A hacker zine has posted details that expose some questionable security practices maintained by image hosting service ImageShack, in addition to source code used by the service. The zine also singled out Symantec and exposed the personal details (dox) for several Anonymous supporters.

WASHINGTON - Few want to even think about it, but the 2012 US election result could be clouded by problems with voting machines ... again. Twelve years after the Florida punch card debacle in which thousands of votes went uncounted in the crucial state, some experts cite similar concerns about voting technology.

Security software firm Quarri Technologies has extended its hardened Web browser technology to iOS devices to protect against various Web attacks, including session hijacking and data theft. Quarri Protect on Q Mobile for iOS prevents Web browsers from copying and saving data onto iOS devices, Quarri Technologies told SecurityWeek. POQ Mobile for iOS will be part of Quarri's Protect On Q security suite, which already protects Windows systems and Android devices.

According to a recent report from AVG Technologies, many SMBs in the US and UK are missing out on the benefits of cloud technologies due to basic confusion. The organizations that particpated in the study were unsure of cloud services or felt they were only for large organizations.

Researchers at VUPEN Security say they have uncovered multiple vulnerabilities in Windows and Internet Explorer 10 that can be combined to bypass security features in Windows 8. According to VUPEN CEO Chaouki Bekrar, exploiting the vulnerabilities result in remote code execution without any user interaction beyond visiting a webpage.

WASHINGTON - The Pentagon will no longer retain an exclusive contract with Blackberry maker Research in Motion and has invited companies such as Apple to offer smart phones to its vast work force. The move, announced Thursday, comes only days after another government agency, the US Immigration and Customs Enforcement agency, said it was dropping the Blackberry device altogether in favor of Apple's iPhone.

GlobalSign, an SSL Certificate provider, and CloudFlare, a company that helps accelerate Web site performance and improve site security, have teamed up to help GlobalSign customers improve the load time of SSL-secured web content.

Russia Puts First Sites on New Internet BlacklistMOSCOW - Russia on Thursday put into force a new law on the Internet that allows the government to block websites with banned content, prompting fears that it will be used to suppress free speech.

Event image poster

The leading global conference series for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Learn More

Application Security

Application Security

San Francisco application security startup raises $100 million in a Series D funding round led by Menlo Ventures. 

Cloud Security

Application Security

APIs are easy to develop, simple to implement, and frequently attacked. They are  prime and lucrative targets for cybercriminals. 

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.