Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Latest Cybersecurity News

Researchers warn about critical vulnerabilities in Ruijie Networks’ Reyee cloud management platform and Reyee OS network devices.

The new agreement has a narrower scope and additional safeguards to minimize the risk to national security.

Noteworthy stories that might have slipped under the radar: AV brand owner Gen Digital makes a $1 billion acquisition, Microsoft Recall captures sensitive data, MITRE releases ATT&CK evaluations.

Byte Federal says the personal information of 58,000 was compromised after a GitLab flaw allowed attackers to access a server.

The US announced the takedown of Rydox, a marketplace for stolen personal information, and the arrest of three administrators.

Microsoft has patched potentially critical vulnerabilities in Update Catalog and Windows Defender on the server side. 

Germany’s cybersecurity agency BSI has sinkholed a botnet of 30,000 devices shipped with BadBox malware pre-installed.

The Iranian threat group CyberAv3ngers has used custom-built malware named IOCONTROL to target IoT and OT devices in the US and Israel.

The Justice Department announced indictments against 14 North Koreans for involvement in a scheme to pose as remote IT workers to violate sanctions and commit wire fraud, money laundering, and identity theft.

Phishing is more than a mere nuisance—it is a formidable precursor to destructive data breaches.

Threat intel startup Silent Push has raised $10 million in a funding round co-led by Ten Eleven Ventures and Stepstone Group LP.

People on the Move

Mike Byron has been named Chief Financial Officer (CFO) at Exabeam.

Ex-GitHub chief technology officer Mike Hanley has joined GM as CISO.

Network security and compliance assurance firm Titania has appointed Victoria Dimmick as CEO.

Secure browser firm Conceal has appointed Eric Cornelius as Chief Executive Officer.

Shanta Kohli has been named CMO at Sysdig.

More People On The Move
China China

The new agreement has a narrower scope and additional safeguards to minimize the risk to national security.

IOCONTROL OT/ICS/IoT malware IOCONTROL OT/ICS/IoT malware

The Iranian threat group CyberAv3ngers has used custom-built malware named IOCONTROL to target IoT and OT devices in the US and Israel.

North Korean fake IT workers indicted North Korean fake IT workers indicted

The Justice Department announced indictments against 14 North Koreans for involvement in a scheme to pose as remote IT workers to violate sanctions and commit wire fraud, money laundering, and identity theft.

Top Cybersecurity Headlines

Cleo has released patches for the exploited vulnerability and security firms have detailed the malware delivered in attacks.

Cupertino ships iOS 18.2 and macOS Sequoia 15.2 patches to fix data leakage, sandbox escapes and code exection vulnerabilities.

Google’s Willow quantum chip marks a transformative moment in quantum computing development.

SecurityWeek Industry Experts

More Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Don’t miss this Live Attack Demonstration to learn how hackers operate and gain knowledge to strengthen your defenses against deepfake and BEC fraud.

Register

Learn how to develop a holistic solution that provides you and your team the power to mitigate cyber threats effectively within your OT environment.

Register

Upcoming Cybersecurity Events

The AI Risk Summit brings together security and risk management executives, AI researchers, policy makers, software developers and influential business and government stakeholders. [June 2025, Stay Tuned]

Learn More

SecurityWeek’s CISO Forum Summer Summit & Golf Classic will take place June 25-26 at the Ritz-Carlton, Half Moon Bay, CA

Learn More

Huddle with your peers to measure the costs, benefits, and risks of deploying machine learning and predictive AI tools in the enterprise, the threat from adversarial AI and deepfakes, and preparation for the inevitable compliance and regulations. (December 4, 2024)

Learn More

SecurityWeek’s Identity & Zero Trust Strategies Summit is laser focused on helping organizations to level up their Identity and Zero Trust security strategies. (Oct. 9, 2024)

Learn More

Vulnerabilities

Cybercrime

Taking a break form the normal spin-cycle of security news, assets from the once popular Digg.com have been sold for $500,000, or 0.0005 Instagrams (Instagram was purchased by Facebook for a cool $1 billion earlier this year).At one point, Digg was valued at $175,000,000, but the shift to sites like Reddit (Digg’s longtime Web rival) and Twitter as an instant news source eventually caused the site’s decline.

After Reuters reported that China’s ZTE Corp (ZTEC) had sold monitoring equipment to Iran, in addition to software and technological goods manufactured in the U.S. – something that is forbidden under trade embargos – the Department of Commerce initiated an investigation. Now, according to an FBI affidavit, it has emerged that ZTE Corp went out of its way to impede the Department of Commerce’s inquiry.

Phandroid, a web site dedicated to Android news and discussion, is urging all of its users – more than a million of them in fact – to change their passwords after a server hosting their online forum was hacked earlier this week. News of this latest compromise comes after a string of security incidents this month, leaving some to wonder what’s next.

Using technology to steal high-tech cars is not new. In my book, When Gadgets Betray Us, I use the example of Radko Soucek, a car thief from the Czech Republic who would steal luxury cars off the streets of Prague in about twenty minutes. Soucek used a laptop preloaded with an algorithm for specific makes and models of cars to help him decipher the keyless entry and ignition sequence.

Three months after announcing a partnership with several security companies to provide free antivirus, Facebook has now established a new service Malware Checkpoint for users worried their computer may be infected.

Microsoft has issued a security advisory, and encouraged users of Windows Vista and Windows 7 to disable the Windows Sidebar and associated gadgets. The move comes just before a scheduled talk at BlackHat this month, where researchers will explore the types of flaws that exist in existing gadgets, as well as other weaknesses.

Instagram "Friendship" Vulnerability Exposed Users' Private Photos and Profile InformationSpanish researcher Sebastián Guerrero published an advisory on Wednesday, detailing what he called a ‘friendship’ vulnerability in the popular image application, Instagram. The imaging social phenomenon fixed the flaw within hours of his public disclosure.

Backupify, a provider of online backup services for cloud application data, today announced that it has secured $9 million in series C funding that will be used to accelerate further development and adoption of its backup tools.

Researchers have uncovered a new Web-based exploit that targets Windows, Linux, and Mac OS X computers.Users visiting a specially crafted website are prompted to run a Java applet that hasn't been signed by a trusted certificate authority, Karmina Aquino, a senior analyst at F-Secure, wrote in a blog post July 10. If allowed to run, the applet checks the user's operating system and delivers a payload customized for that platform, whether it's Windows, Mac OS X, or Linux.

Symantec found two malicious apps on Google Play that may have infected up to 100,000 users before it was removed by Google. The malware posed as two apps, "Super Mario Bros." and "GTA3 Moscow City," and used a remote payload technique to avoid detection, Irfan Asrar, a security researcher from Symantec, wrote on the Symantec Connect blog July 10. Both apps appeared on Google Play on June 24, and racked up between 50,000 to 100,000 downloads in less than two...

Email messaging and Web security solutions firm AppRiver, its mid-year Threat and Spamscape report, noted a significant uptick in malware-laden messages during the first half of this year. The report, which focuses on spam and malware trends, showed strong continued appearances of popular malware including Zeus, SpyEye, and the Blackhole toolkit, and a rise in mobile malware—echoing other recent vendor reports.

Plesk, a popular Web hosting control panel – second to cPanel in the hosting market – was recently updated in order to address Remote File Inclusion vulnerabilities. This flaw is being blamed for a rash of website compromises, which successfully targeted some 50,000 domains.

Event image poster

The leading global conference series for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Learn More

Application Security

Application Security

Google has announced the open source availability of Vanir, a patch validation tool for Android platform developers.

Cloud Security

Cloud Security

Researchers warn about critical vulnerabilities in Ruijie Networks’ Reyee cloud management platform and Reyee OS network devices.

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.