Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Latest Cybersecurity News

Schneider Electric, Siemens, CISA, and Phoenix Contact have released January 2025 Patch Tuesday ICS security advisories.

Patch Tuesday: Adobe ships patches for more than a dozen security defects in a wide range of software products.

Patch Tuesday: Microsoft’s January Patch Tuesday rollout includes fixes for 160 security defects, the largest number of CVEs addressed in any single month since at least 2017.

The executive order comes on the heels of the Biden administration’s proposed restrictions on exports of AI chips, an attempt to balance national security concerns about the technology with economic interests of producers and other countries.

Since no technical means have been found to curtail criminal extortion through prevention or attack, the new proposal is to eliminate its profitability.

WEF’s Global Cybersecurity Outlook 2025 report highlights key challenges like the skills gap, third-party risks, and resilience disparities between businesses and private sectors.

BforeAI has raised $10 million in Series B funding, which brings the total raised by the security firm to more than $30 million.

With a security-first culture fully in play, developers will view the protected deployment of AI as a marketable skill, and respond accordingly.

Apparently malicious NPM packages linked to Snyk raised some concerns, but the security firm clarified that it’s part of a research project.

New York identity management startup raises $36 million in an unusually large seed round co-led by Team8 and Intel Capital.

Cyber threat intelligence can inform decisions but is a complex issue. Where it is complete and accurate it is a huge boon.

People on the Move

Stephanie Crowe has been appointed head of the Australian Cyber Security Centre (ACSC).

Cloud security giant Wiz has named Fazal Merchant as President and Chief Financial Officer.

Cybersecurity and data protection company Acronis has appointed Gerald Beuchelt as CISO.

Adam Zoller has joined CrowdStrike as Chief Information Security Officer.

Ekta Singh-Bushell is the first COO of industrial cybersecurity company Dragos.

More People On The Move
zero-day flaw zero-day flaw

Patch Tuesday: Microsoft’s January Patch Tuesday rollout includes fixes for 160 security defects, the largest number of CVEs addressed in any single month since at least 2017.

Cloud attacks exploiting Aviatrix vulnerability Cloud attacks exploiting Aviatrix vulnerability

Attackers are exploiting a critical vulnerability in Aviatrix Controller to execute arbitrary code in AWS cloud environments.

Treasury Hacked by China Treasury Hacked by China

Chinese cyberspies targeted offices dealing with foreign investments and sanctions in the recent US Treasury hack. 

Top Cybersecurity Headlines

A research project into vulnerabilities affecting Microsoft’s PlayReady DRM raises some questions on responsible disclosure.

Google Cloud’s Mandiant has linked the exploitation of CVE-2025-0282, a new Ivanti VPN zero-day, to Chinese cyberspies.

Ivanti confirms zero-day exploitation of a remotely exploitable code execution flaw in its Connect Security product line.

SecurityWeek Industry Experts

More Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Explore trends and technologies that will shape the future of cybersecurity. Discover strategies for vendor selection, integration to minimize redundancies, and maximizing ROI from your cybersecurity investments. Gain actionable insights to ensure your stack is ready for tomorrow’s challenges.

Register

Dive into critical topics such as incident response, threat intelligence, and attack surface management. Learn how to align cyber resilience plans with business objectives to reduce potential impacts and secure your organization in an ever-evolving threat landscape.

Register

Upcoming Cybersecurity Events

The AI Risk Summit brings together security and risk management executives, AI researchers, policy makers, software developers and influential business and government stakeholders. [June 2025, Stay Tuned]

Learn More

SecurityWeek’s CISO Forum Summer Summit & Golf Classic will take place June 25-26 at the Ritz-Carlton, Half Moon Bay, CA

Learn More

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.(February 26, 2025)

Learn More

Supply Chain Security Summit
Join us as we explore the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects. (March 19, 2025)

Learn More

Vulnerabilities

Cybercrime

The Department of Energy (DOE), Department of Justice (DOJ), and the Department of Homeland Security (DHS) need to tighten procedures and controls when it comes to mitigating IT supply chain issues, a recently published GAO report says. The Department of Defense was the only agency to make any progress on the issue.

Wave Systems Gets U.S. Army Contract for Encryption Management for Vehicle-Based Mobile Computers Wave Systems, a Massachusetts-based provider of security, data protection, and encryption solutions, today announced that it has received a contract from the United States Army to provide labor, equipment and management to implement solutions for the Army's self-encrypting drives (SEDs).

Privacy advocates are largely giving the thumbs up to a report from the Federal Trade Commission (FTC) calling for Congress to enact privacy, data security and breach notification laws.The report, entitled “Protecting Consumer Privacy in an Era of Rapid Change: Recommendations For Businesses and Policymakers,” also lays out best practices for businesses for protecting the privacy of American consumers. Building upon a report from December 2010, the updated report calls on corporations to enact the following recommendations:

Good Technology, a provider of mobile device security and management solutions for enterprises, today launched a secure browser for Android devices designed to provide secure access to enterprise resources via mobile devices.Dubbed Good Mobile Access (GMA) for Android, the Web browser is a feature of the company’s flagship Good for Enterprise offering, and enables secure mobile access to “behind-the-firewall applications”, company databases, resources and collaboration tools such as SharePoint data without needing a VPN connection.

They say history repeats itself, or perhaps this is the story of a community recovering from a catastrophe. Either way, the underground is returning to its former glory, and not just in how much business is being conducted – but how it is conducted. In 2006, the English-speaking part of the underground economy was a prosperous community, with several mega-bulletin boards competing for the business and the heart of fraudsters from all over the world.

The University of Hong Kong’s Public Opinion Program offered an unofficial poll for those who could not vote in last week’s elections, but it quickly came under attack the organizers’ said. According to local media, police have arrested two men on charges related to the incident.Ahead of the actual vote on March 25, the University of Hong Kong offered those who were not allowed to vote a chance to express their opinions. The results would not have counted towards any...

Researchers from Kaspersky Lab have found examples of malicious Chrome applications targeting Facebook users in Brazil. The attack use several methods to entice users to install the malware, and despite Google’s best efforts, the criminals behind the attack keep getting new variants into the Chrome Web Store.

In an effort to help users get a better idea of the security status of their MySQL databases, McAfee today released a free open-source audit plug-in that provides detailed database activity audits and helps satisfy audit requirements for the wildly popular open source database platform.McAfee promises that the software-only implementation is easy to deploy and is highly scalable, and ideal for protecting and monitoring MySQL databases in the cloud, with key features including:

Today, Microsoft announced that in collaboration with partners from the financial services industry including FS-ISAC and NACHA, The Electronic Payments Association, and Kyrus Tech, it has successfully taken action against cybercriminal operations that fuel a number of botnets powered by the notorious Zeus family of malware.

Event image poster

The leading global conference series for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Learn More

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.