Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Latest Cybersecurity News

Staffers at the nation’s cybersecurity agency whose job is to ensure the security of US elections have been placed on administrative leave.

A hacker recently offered to sell 20 million OpenAI credentials, but the data likely comes from information stealers, not the AI firm’s systems.

Cupertino’s security response team said the flaw was used in “an extremely sophisticated attack against specific targeted individuals.” 

French organizers said “the summit aims at promoting an ambitious French and European AI strategy” as advances in the sector have been led by the U.S. and China.

A critical vulnerability found in Orthanc servers can pose a serious risk to medical data and healthcare operations.

Microsoft has added more Copilot consumer products to its bug bounty program and is offering higher rewards for medium-severity vulnerabilities.

HPE is notifying an unknown number of individuals that Russian hackers accessed their personal information in a December 2023 attack.

Evan Light was sentenced to 20 years in federal prison for hacking an investment holdings company and stealing $37 million in cryptocurrency.

Memorial Hospital and Manor says 120,000 people had their personal information stolen in a November 2024 ransomware attack.

News analysis: The big AI platforms are emerging as frontline early warning systems, detecting nation-state hackers at the outset of their campaigns. Can this help save the threat intel industry?

SolarWinds will become a privately held company following its acquisition by Turn/River Capital for $4.4 billion in cash. 

People on the Move

Software giant Atlassian has named David Cross as its new CISO.

Dan Pagel has been named the new CEO of risk management and remediation firm Brinqa.

The City of Phoenix has promoted Mitch Kohlbecker to the role of Chief Information Security Officer.

Gigamon has promoted Tony Jarjoura to CFO and Ram Bhide has been hired as Senior VP of engineering.

Cloud security firm Mitiga has appointed Charlie Thomas as Chief Executive Officer.

More People On The Move
iPhone security iPhone security

Cupertino’s security response team said the flaw was used in “an extremely sophisticated attack against specific targeted individuals.” 

Threat Intelligence Report Threat Intelligence Report

News analysis: The big AI platforms are emerging as frontline early warning systems, detecting nation-state hackers at the outset of their campaigns. Can this help save the threat intel industry?

Turn/River Capital acquires SolarWinds Turn/River Capital acquires SolarWinds

SolarWinds will become a privately held company following its acquisition by Turn/River Capital for $4.4 billion in cash. 

Top Cybersecurity Headlines

Hospital Sisters Health System says the personal information of 883,000 individuals was compromised in a 2023 crippling cyberattack.

A bipartisan duo in the the U.S. House is proposing legislation to ban the Chinese artificial intelligence app DeepSeek from federal devices.

Spanish authorities have arrested an individual who allegedly hacked several high-profile organizations, including NATO and the US army.

SecurityWeek Industry Experts

More Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Examine the state of cybersecurity in the context of quantum computing and artificial intelligence. Discuss the implications of the new White House administration’s cybersecurity policies and how they will influence the industry’s direction in 2025 and beyond.

Register

Dive into critical topics such as incident response, threat intelligence, and attack surface management. Learn how to align cyber resilience plans with business objectives to reduce potential impacts and secure your organization in an ever-evolving threat landscape.

Watch Now

Upcoming Cybersecurity Events

The AI Risk Summit brings together security and risk management executives, AI researchers, policy makers, software developers and influential business and government stakeholders. [June 2025, Stay Tuned]

Learn More

SecurityWeek’s CISO Forum Summer Summit & Golf Classic will take place June 25-26 at the Ritz-Carlton, Half Moon Bay, CA

Learn More

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.(February 26, 2025)

Learn More

Supply Chain Security Summit
Join us as we explore the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects. (March 19, 2025)

Learn More

Vulnerabilities

Cybercrime

Hacktivist "Groups" Have Different Motives Behind Their Attacks, But Most Use The Same Tools That Penetration Testers and Other Security Professionals Use or Sell to Others.

Using data collected from DShield, a community based log correlation system that collects data from sensors covering more than 500,000 IP addresses in over 50 countries, the NCC Group has mapped out its latest report on the origination of computer hacking attempts for the first quarter of 2012.For the first time, the UK made an appearance in the top ten, while percentage of hacking attempts coming from Russia and the Netherlands also jumped.

For most of this week, The Pirate Bay (TPB) and Wikileaks have suffered under the pressure of a sustained DDoS attack from unknown sources. For TPB outages occur frequently, but direct attacks (other than court ordered censorship) are rare. Likewise, Wikileaks sometimes suffers outages or slow connections, but they too rarely see a direct attack.

In December of 2009, after months of waiting, the Obama Administration named Howard Schmidt as the White House Cybersecurity Coordinator. After more than forty years in the IT community, the former head of the Information Security Forum and the nation’s first cyber czar will retire at the end of the month.

ICS-CERT, the section of U.S. CERT that deals with Industrial Control Systems, is issuing an advisory after a researcher exposed four separate flaws within Pro-face Pro-server, a popular data management server that offers real-time reporting of automated manufacturing and production environments. Each of the flaws can be targeted remotely to trigger DoS conditions, or code execution.

Neustar Reports Shows DDoS Attacks Can Cost Retailers More Than $100k Per-hourAccording to NeuStar, a provider of information, infrastructure and security solutions, the effects a DDoS attack can be devastating to an organization's brand and operations. A majority (three-quarters) of the IT professionals that spoke with NeuStar for a study on the issue said that they fear negative brand impact or customer experiences because of such an attack.

Wikimedia, the foundation responsible for information hub Wikipedia, is warning users that if they see ads on the encyclopedia’s webpage, their system might be infected with malware. The ads in question are not the ones asking for donations that show up once a year, but for-profit related adverts.

Stephen Fletcher, the executive director of Utah’s Dept. of Technology Services (DTS), has resigned following the aftermath of a massive data breach earlier this year that exposed nearly one million people, including children. The staffing changes come after preliminary investigations exposed serious flaws within the state’s IT practices, including storing information that shouldn’t have been kept at all.

In an apparent act of cyber espionage, as the acts are being called by Shadowserver researchers Steven Adair and Ned Moran, persons unknown have staged a series of strategic web compromises in order to spread malware. The attackers hijacked several websites related to matters of government and foreign policy, and used them to deliver malicious payloads to visitors by leveraging unpatched software flaws.

A California woman was sentenced Monday to five years in federal prison for her role in an international phishing operation that tried to defraud banks of more than $1 million.Nichole Michelle Merzi, 26, of Oceanside, was sentenced following a six-week trial in 2011 that ended with her being convicted of bank and wire fraud conspiracy, aggravated identity theft, computer fraud conspiracy and money laundering conspiracy charges.

Event image poster

The leading global conference series for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Learn More

Application Security

Cloud Security

Application Security

APIs are easy to develop, simple to implement, and frequently attacked. They are  prime and lucrative targets for cybercriminals. 

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.