Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Latest Cybersecurity News

ThreatMate has raised $3.2 million in seed funding for its AI-powered attack surface management solution for MSPs.

Noteworthy stories that might have slipped under the radar: NanoLock Security ceases operations, NSO publishes transparency report, cybersecurity salaries data.  

Hospital Sisters Health System says the personal information of 883,000 individuals was compromised in a 2023 crippling cyberattack.

UK engineering firm IMI says it suffered a cyberattack that resulted in unauthorized access to some of its systems.

University Diagnostic Medical Imaging and Allegheny Health Network have disclosed data breaches impacting approximately 430,000 patients.

An analysis by Chainalysis shows that ransomware payments dropped to $813 million in 2024, from $1.25 billion in 2023. 

Trimble Cityworks is affected by a zero-day vulnerability that has been exploited in attacks involving the delivery of malware.

A bipartisan duo in the the U.S. House is proposing legislation to ban the Chinese artificial intelligence app DeepSeek from federal devices.

Zimperium warns that threat actors have stolen the information of tens of thousands of Android users in India using over 1,000 malicious applications.

Astra Security and Invary have received new funding to fuel development of their vulnerability scanning and runtime security solutions.

Spanish authorities have arrested an individual who allegedly hacked several high-profile organizations, including NATO and the US army.

People on the Move

Gigamon has promoted Tony Jarjoura to CFO and Ram Bhide has been hired as Senior VP of engineering.

Cloud security firm Mitiga has appointed Charlie Thomas as Chief Executive Officer.

Cynet announced the appointment of Jason Magee as Chief Executive Officer.

Ajay Garg has joined Saviynt as Chief Development Officer.

Penetration testing and offensive security firm Cobalt has named Gunter Ollmann as Chief Technology Officer.

More People On The Move
DeepSeek Ban DeepSeek Ban

A bipartisan duo in the the U.S. House is proposing legislation to ban the Chinese artificial intelligence app DeepSeek from federal devices.

Natohub hacker arrested Natohub hacker arrested

Spanish authorities have arrested an individual who allegedly hacked several high-profile organizations, including NATO and the US army.

David Kennedy David Kennedy

David Kennedy is a hacker. There is no doubt about that. He has qualities common among hackers, but also many differences.

Top Cybersecurity Headlines

Multiple Zyxel legacy DSL CPE products are affected by exploited zero-day vulnerabilities that will not be patched.

AMD has released patches for a microprocessor vulnerability found by Google that could allow an attacker to load malicious microcode.

The February 2025 Android patches resolve 46 vulnerabilities, including a Linux kernel bug that has been exploited in the wild.

SecurityWeek Industry Experts

More Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Examine the state of cybersecurity in the context of quantum computing and artificial intelligence. Discuss the implications of the new White House administration’s cybersecurity policies and how they will influence the industry’s direction in 2025 and beyond.

Register

Dive into critical topics such as incident response, threat intelligence, and attack surface management. Learn how to align cyber resilience plans with business objectives to reduce potential impacts and secure your organization in an ever-evolving threat landscape.

Watch Now

Upcoming Cybersecurity Events

The AI Risk Summit brings together security and risk management executives, AI researchers, policy makers, software developers and influential business and government stakeholders. [June 2025, Stay Tuned]

Learn More

SecurityWeek’s CISO Forum Summer Summit & Golf Classic will take place June 25-26 at the Ritz-Carlton, Half Moon Bay, CA

Learn More

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.(February 26, 2025)

Learn More

Supply Chain Security Summit
Join us as we explore the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects. (March 19, 2025)

Learn More

Vulnerabilities

Cybercrime

Enterprise key and certificate management firm Venafi, in conjunction with Osterman Research, recently released the results of a study, which showed that most organizations fail to understand the risks associated with improper implementation and management of SSL deployments.The sample size for the study, 174 IT / InfoSec professionals, is rather small, but the data collected by Venafi is relevant nevertheless.

Two weeks ago, Mac security researchers at Intego discovered a variant of the Flashback Trojan using clever methods to infect systems. On Friday, Intego reported that a new variant of Flashback is targeting passwords and as a byproduct of infection, Flashback is crashing several notable applications.

The world has changed. The predicted consolidation of all things electronic (i.e., telephony, games, Internet, email, entertainment, social, calendars, etc.) fits in my jacket pocket and has become an indispensible part of my life. I seamlessly work from my office, my home, my car and around the world as though there are no walls.

Trustwave, a provider of IT security and compliance solutions, today announced additions to its managed security services portfolio, including new managed Web Application Firewall and Information and Event Management (SIEM) solutions.The offerings add to the company’s existing managed security services offerings, including managed encryption, network access control, two-factor authentication and unified threat management.

In the Cybersecurity Battle, the Side with Information Superiority Wins.Whether we’re engaging foes in warfare or protecting our computer networks, having information superiority is essential to success. Defined in the US Army Vision 2010 doctrine as “the capability to collect, process, and disseminate an uninterrupted flow of information while exploiting or denying an adversary’s ability to do the same,” information superiority is identified as “the key enabler in 21st century operations”.

The security of device-independent quantum key distribution (QKD) has been deemed ineffective by a team of Canadian researchers, and at least one commercial product already in use for telecommunications is directly affected.

LogLogic, a provider of SIEM and log management solutions, today released the findings of a study conducted in conjunction with research firm Echelon One on the topics of cloud and “Big Data”. Key in their discoveries is that many seasoned IT professionals have many misconceptions about big data and what it actually is.

Rapid7 released version 4.2 of the Metasploit Framework today, which includes tools needed to assess risk on networks that are deploying or have already deployed IPv6. In addition, the new version offers an additional 54 exploits, 66 auxiliary modules, 43 post-exploitation modules, and 18 payloads.

Juniper Networks today announced that it has acquired Mykonos Software, a security startup that provides technology that uses deception to detect and confuse attackers. Things move fast in the security world, as the company just announced a $4 million round of funding in late January led by Tom Golisano, founder of payroll processing giant Paychex, and former owner of the Buffalo Sabres.

Apple has included a new – and admittedly interesting – security function in the upcoming version of Mac OS Mountain Lion (OS X 10.8). Called Gatekeeper, the function will restrict the installation of downloaded applications based on their source. Think of it as a step-up on Microsoft’s Authenticode. Yet, is it more control for the user, or more control over the user? Also, will it really prevent malicious applications from being installed?

Event image poster

The leading global conference series for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Learn More

Application Security

Cloud Security

Application Security

APIs are easy to develop, simple to implement, and frequently attacked. They are  prime and lucrative targets for cybercriminals. 

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.