Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Latest Cybersecurity News

Noteworthy stories that might have slipped under the radar: NanoLock Security ceases operations, NSO publishes transparency report, cybersecurity salaries data.  

Hospital Sisters Health System says the personal information of 883,000 individuals was compromised in a 2023 crippling cyberattack.

UK engineering firm IMI says it suffered a cyberattack that resulted in unauthorized access to some of its systems.

University Diagnostic Medical Imaging and Allegheny Health Network have disclosed data breaches impacting approximately 430,000 patients.

An analysis by Chainalysis shows that ransomware payments dropped to $813 million in 2024, from $1.25 billion in 2023. 

Trimble Cityworks is affected by a zero-day vulnerability that has been exploited in attacks involving the delivery of malware.

A bipartisan duo in the the U.S. House is proposing legislation to ban the Chinese artificial intelligence app DeepSeek from federal devices.

Zimperium warns that threat actors have stolen the information of tens of thousands of Android users in India using over 1,000 malicious applications.

Astra Security and Invary have received new funding to fuel development of their vulnerability scanning and runtime security solutions.

Spanish authorities have arrested an individual who allegedly hacked several high-profile organizations, including NATO and the US army.

Five Eyes cybersecurity agencies have released guidance on securing edge devices against increasing threats.

People on the Move

Gigamon has promoted Tony Jarjoura to CFO and Ram Bhide has been hired as Senior VP of engineering.

Cloud security firm Mitiga has appointed Charlie Thomas as Chief Executive Officer.

Cynet announced the appointment of Jason Magee as Chief Executive Officer.

Ajay Garg has joined Saviynt as Chief Development Officer.

Penetration testing and offensive security firm Cobalt has named Gunter Ollmann as Chief Technology Officer.

More People On The Move
DeepSeek Ban DeepSeek Ban

A bipartisan duo in the the U.S. House is proposing legislation to ban the Chinese artificial intelligence app DeepSeek from federal devices.

Natohub hacker arrested Natohub hacker arrested

Spanish authorities have arrested an individual who allegedly hacked several high-profile organizations, including NATO and the US army.

David Kennedy David Kennedy

David Kennedy is a hacker. There is no doubt about that. He has qualities common among hackers, but also many differences.

Top Cybersecurity Headlines

Multiple Zyxel legacy DSL CPE products are affected by exploited zero-day vulnerabilities that will not be patched.

AMD has released patches for a microprocessor vulnerability found by Google that could allow an attacker to load malicious microcode.

The February 2025 Android patches resolve 46 vulnerabilities, including a Linux kernel bug that has been exploited in the wild.

SecurityWeek Industry Experts

More Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Examine the state of cybersecurity in the context of quantum computing and artificial intelligence. Discuss the implications of the new White House administration’s cybersecurity policies and how they will influence the industry’s direction in 2025 and beyond.

Register

Dive into critical topics such as incident response, threat intelligence, and attack surface management. Learn how to align cyber resilience plans with business objectives to reduce potential impacts and secure your organization in an ever-evolving threat landscape.

Watch Now

Upcoming Cybersecurity Events

The AI Risk Summit brings together security and risk management executives, AI researchers, policy makers, software developers and influential business and government stakeholders. [June 2025, Stay Tuned]

Learn More

SecurityWeek’s CISO Forum Summer Summit & Golf Classic will take place June 25-26 at the Ritz-Carlton, Half Moon Bay, CA

Learn More

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.(February 26, 2025)

Learn More

Supply Chain Security Summit
Join us as we explore the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects. (March 19, 2025)

Learn More

Vulnerabilities

Cybercrime

What makes you think your financial institution’s web site is truly secure? Millions of identities, credit card numbers and user login credentials are still being compromised every year by hackers getting into web sites we believe are secure. This valuable information will, undoubtedly, end up in the wrong hands.

Critical Infrastructure Executives Cite Need for Improvement in Managing Cyber-related RisksSenior corporate executives are placing a strong emphasis on risk management generally, but are falling short when it comes to extending that emphasis to the world of IT, a new survey has found.

BlackBerry maker Research In Motion (RIM) on Thursday announced that CESG, the National Technical Authority for Information Assurance in the UK, has given the BlackBerry 7 operating system its stamp of approval for government use, providing public sector workers the option to utilize several late model BlackBerry smartphones.

Hacktivist "Groups" Have Different Motives Behind Their Attacks, But Most Use The Same Tools That Penetration Testers and Other Security Professionals Use or Sell to Others.

Using data collected from DShield, a community based log correlation system that collects data from sensors covering more than 500,000 IP addresses in over 50 countries, the NCC Group has mapped out its latest report on the origination of computer hacking attempts for the first quarter of 2012.For the first time, the UK made an appearance in the top ten, while percentage of hacking attempts coming from Russia and the Netherlands also jumped.

For most of this week, The Pirate Bay (TPB) and Wikileaks have suffered under the pressure of a sustained DDoS attack from unknown sources. For TPB outages occur frequently, but direct attacks (other than court ordered censorship) are rare. Likewise, Wikileaks sometimes suffers outages or slow connections, but they too rarely see a direct attack.

In December of 2009, after months of waiting, the Obama Administration named Howard Schmidt as the White House Cybersecurity Coordinator. After more than forty years in the IT community, the former head of the Information Security Forum and the nation’s first cyber czar will retire at the end of the month.

ICS-CERT, the section of U.S. CERT that deals with Industrial Control Systems, is issuing an advisory after a researcher exposed four separate flaws within Pro-face Pro-server, a popular data management server that offers real-time reporting of automated manufacturing and production environments. Each of the flaws can be targeted remotely to trigger DoS conditions, or code execution.

Neustar Reports Shows DDoS Attacks Can Cost Retailers More Than $100k Per-hourAccording to NeuStar, a provider of information, infrastructure and security solutions, the effects a DDoS attack can be devastating to an organization's brand and operations. A majority (three-quarters) of the IT professionals that spoke with NeuStar for a study on the issue said that they fear negative brand impact or customer experiences because of such an attack.

Wikimedia, the foundation responsible for information hub Wikipedia, is warning users that if they see ads on the encyclopedia’s webpage, their system might be infected with malware. The ads in question are not the ones asking for donations that show up once a year, but for-profit related adverts.

Event image poster

The leading global conference series for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Learn More

Application Security

Cloud Security

Application Security

APIs are easy to develop, simple to implement, and frequently attacked. They are  prime and lucrative targets for cybercriminals. 

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.