Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Latest Cybersecurity News

Researchers warn about critical vulnerabilities in Ruijie Networks’ Reyee cloud management platform and Reyee OS network devices.

The new agreement has a narrower scope and additional safeguards to minimize the risk to national security.

Noteworthy stories that might have slipped under the radar: AV brand owner Gen Digital makes a $1 billion acquisition, Microsoft Recall captures sensitive data, MITRE releases ATT&CK evaluations.

Byte Federal says the personal information of 58,000 was compromised after a GitLab flaw allowed attackers to access a server.

The US announced the takedown of Rydox, a marketplace for stolen personal information, and the arrest of three administrators.

Microsoft has patched potentially critical vulnerabilities in Update Catalog and Windows Defender on the server side. 

Germany’s cybersecurity agency BSI has sinkholed a botnet of 30,000 devices shipped with BadBox malware pre-installed.

The Iranian threat group CyberAv3ngers has used custom-built malware named IOCONTROL to target IoT and OT devices in the US and Israel.

The Justice Department announced indictments against 14 North Koreans for involvement in a scheme to pose as remote IT workers to violate sanctions and commit wire fraud, money laundering, and identity theft.

Phishing is more than a mere nuisance—it is a formidable precursor to destructive data breaches.

Threat intel startup Silent Push has raised $10 million in a funding round co-led by Ten Eleven Ventures and Stepstone Group LP.

People on the Move

Mike Byron has been named Chief Financial Officer (CFO) at Exabeam.

Ex-GitHub chief technology officer Mike Hanley has joined GM as CISO.

Network security and compliance assurance firm Titania has appointed Victoria Dimmick as CEO.

Secure browser firm Conceal has appointed Eric Cornelius as Chief Executive Officer.

Shanta Kohli has been named CMO at Sysdig.

More People On The Move
China China

The new agreement has a narrower scope and additional safeguards to minimize the risk to national security.

IOCONTROL OT/ICS/IoT malware IOCONTROL OT/ICS/IoT malware

The Iranian threat group CyberAv3ngers has used custom-built malware named IOCONTROL to target IoT and OT devices in the US and Israel.

North Korean fake IT workers indicted North Korean fake IT workers indicted

The Justice Department announced indictments against 14 North Koreans for involvement in a scheme to pose as remote IT workers to violate sanctions and commit wire fraud, money laundering, and identity theft.

Top Cybersecurity Headlines

Cleo has released patches for the exploited vulnerability and security firms have detailed the malware delivered in attacks.

Cupertino ships iOS 18.2 and macOS Sequoia 15.2 patches to fix data leakage, sandbox escapes and code exection vulnerabilities.

Google’s Willow quantum chip marks a transformative moment in quantum computing development.

SecurityWeek Industry Experts

More Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Don’t miss this Live Attack Demonstration to learn how hackers operate and gain knowledge to strengthen your defenses against deepfake and BEC fraud.

Register

Learn how to develop a holistic solution that provides you and your team the power to mitigate cyber threats effectively within your OT environment.

Register

Upcoming Cybersecurity Events

The AI Risk Summit brings together security and risk management executives, AI researchers, policy makers, software developers and influential business and government stakeholders. [June 2025, Stay Tuned]

Learn More

SecurityWeek’s CISO Forum Summer Summit & Golf Classic will take place June 25-26 at the Ritz-Carlton, Half Moon Bay, CA

Learn More

Huddle with your peers to measure the costs, benefits, and risks of deploying machine learning and predictive AI tools in the enterprise, the threat from adversarial AI and deepfakes, and preparation for the inevitable compliance and regulations. (December 4, 2024)

Learn More

SecurityWeek’s Identity & Zero Trust Strategies Summit is laser focused on helping organizations to level up their Identity and Zero Trust security strategies. (Oct. 9, 2024)

Learn More

Vulnerabilities

Cybercrime

Provider of Cloud-Based Email Security and Compliance Solutions Could Raise Approximately $50 Million Through IPOProofpoint Inc., a Sunnyvale, California based provider of cloud-based security and compliance solutions, filed an S-1 registration statement with the Securities and Exchange Commission this week for a proposed initial public offering.

In today’s digital world, trust is a critical component as consumers spend considerable amounts of time online and on mobile devices shopping, searching and communicating. While these consumers are increasingly becoming concerned with privacy, businesses may be surprised to find out who their customers actually trust, and what it takes to maintain their trust.

Hitachi-LG Data Storage Execs Pay Fines and Head to Prison After Conspiring to Fix the Bidding for Contracts with HP, Dell, and MicrosoftThree Hitachi-LG Data Storage Inc. (HLDS) executives have agreed to pay fines and serve seven to eight months in a U.S. prison, after reaching a plea agreement with the U.S. Department of Justice on price fixing conspiracy charges related to optical disk drives.

France based INSIDE Secure, a provider of semiconductor solutions for secure transactions and digital identity, today announced that it has entered into an agreement to provide Intel with INSIDE’s Near Field Communication (NFC) products and technologies.

As part of their scheduled patch cycles, Microsoft and Adobe Systems today released patches aimed at securing users.Microsoft released 13 security bulletins today for Patch Tuesday, including a patch for the security vulnerability (MS11-087) exploited by Duqu. Adobe meanwhile issued an update for its ColdFusion software for Windows, Mac and UNIX that closes a pair of cross-site scripting vulnerabilities in version 9.0.1 and earlier.

When Evaluating Firewalls, Understand What the Choices Mean in Terms of Benefits and Trade Offs for your Network.Maybe like me, you remember the early days of firewalls. This is before the word resonated as a network architecture imperative.

AlgoSec is making a play to bring its firewall management capabilities to virtual environments.The latest update of the company’s Security Management Suite (version 6.1) has added support for Check Point Security Gateway Virtual Edition. Support for other hypervisor-level firewalls is coming in the future, but the company would not commit to a firm timeline of when that would be or what products will be added to the list.

A recent study from HP and the Ponemon Institute surveyed more than 5,500 IT professionals, from operations to security management, to gauge potential problems with user access and policy enforcement. The results? Unchecked access to data is still an issue, no matter what segment of the business world you’re looking at.

Event image poster

The leading global conference series for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Learn More

Application Security

Application Security

Google has announced the open source availability of Vanir, a patch validation tool for Android platform developers.

Cloud Security

Cloud Security

Researchers warn about critical vulnerabilities in Ruijie Networks’ Reyee cloud management platform and Reyee OS network devices.

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.