Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Latest Cybersecurity News

The CitrixBleed 2 vulnerability in NetScaler may expose organizations to compromise even if patches have been applied.

Google has filed a lawsuit against the Badbox 2.0 botnet operators, after identifying over 10 million infected Android devices.

Wiz researchers discovered NVIDIAScape, an Nvidia Container Toolkit flaw that can be exploited for full control of the host machine.

Anne Arundel Dermatology said hackers had access to its systems for three months and may have stolen personal and health information. 

A settlement has been reached in the class action brought by investors against Meta over the Cambridge Analytica incident, but details have not been shared.

Virtual event brings together leading experts, practitioners, and innovators for a full day of insightful discussions and tactical guidance on evolving threats and real-world defense strategies in cloud security.

Cybersecurity startup Empirical Security has raised $12 million in seed funding for its vulnerability management platform. 

Karen Serobovich Vardanyan pleaded not guilty to charges related to his alleged role in the Ryuk ransomware operation.

Deployed on mobile devices confiscated by Chinese law enforcement, Massistant can collect user information, files, and location.

An $8 billion class action investors’ lawsuit against Meta stemming from the 2018 privacy scandal involving the Cambridge Analytica political consulting firm.

Four CVEs disclosed at the Pwn2Own Berlin 2025 hacking competition have been patched in VMware products.

People on the Move

Kenna Security co-founder Ed Bellis has joined Empirical Security as Chief Executive Officer.

Robert Shaker II has joined application security firm ActiveState as Chief Product and Technology Officer.

MorganFranklin Cyber has promoted Nick Stallone and Ferdinand Hamada into newly created roles.

Jessica Newman has joined Sophos as General Manager of Global Cyber Insurance.

Breach and attack simulation solutions provider AttackIQ has appointed Pete Luban as Field Chief Information Security Officer.

More People On The Move
Badbox 2 botnet lawsuit by Google Badbox 2 botnet lawsuit by Google

Google has filed a lawsuit against the Badbox 2.0 botnet operators, after identifying over 10 million infected Android devices.

Oracle patches Oracle patches

Oracle’s July 2025 Critical Patch Update contains 309 security patches that address approximately 200 unique CVEs.

UNFI Cyberattack UNFI Cyberattack

Cyberattack disrupted UNFI’s operations in June; company estimates $50–$60 million net income hit but anticipates insurance will cover most losses.

Top Cybersecurity Headlines

Chinese hacking group Salt Typhoon targeted a National Guard unit’s network and tapped into communications with other units.

DragonForce says it stole more than 150 gigabytes of data from US department store chain Belk in a May cyberattack.

A vulnerability affecting systems named End-of-Train and Head-of-Train can be exploited by hackers to cause trains to brake. 

SecurityWeek Industry Experts

More Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

This online session will explore resilience planning in response to geopolitical tensions and help CISOs navigate the current state of federal cybersecurity initiatives.

Register

Join the summit to explore critical threats to public cloud infrastructure, APIs, and identity systems through discussions, case studies, and insights into emerging technologies like AI and LLMs.

Register

Upcoming Cybersecurity Events

The AI Risk Summit brings together security and risk management executives, AI researchers, policy makers, software developers and influential business and government stakeholders. [August 19-20, 2025 | Ritz-Carlton, Half Moon Bay]

Learn More

SecurityWeek’s CISO Forum Summer Summit & Golf Classic will take place August 19-20 at the Ritz-Carlton, Half Moon Bay, CA. (www.cisoforum.com)

Learn More

The Threat Detection & Incident Response Summit delves into big-picture strategies to reduce attack surfaces, improve patch management, conduct post-incident forensics, and tools and tricks needed in a modern organization. [May 21, 2025 – Virtual]

Learn More

SecurityWeek’s Cloud and Data Security Summit returns with a deliberate focus on exposed attack surfaces and weaknesses in public cloud infrastructure and APIs. [July 16, 2025 – Virtual]

Learn More

Vulnerabilities

Cybercrime

Saudi Arabia-based Aramco was attacked earlier this month by malware that targeted some 30,000 workstations. According to the state-owned group which controls all of Saudi Arabia's oil production, things have been cleaned up in short time, and oil production itself was not impacted.

Security researchers from FireEye have discovered a new zero-day Java vulnerability that is being targeted in the wild. According to FireEye researcher Atif Mushtaq, the latest version of Java 7 is vulnerable, but some reports say Java 6 and earlier versions may not be vulnerable.

ROME - (AFP) - Italy's police said Saturday they have seized so far this year 52 million counterfeit items, including train tickets, smartphones, condoms and detergents, with much of them coming from China. The financial police's counter-fraud division said 97 members of organised criminal gangs, 41 percent of them Italian, were arrested during the same first seven months of 2012 in connection with the counterfeit goods.

On Thursday, law enforcement officials with the Criminal Investigation and Detection Group (CIDG) and the Presidential Anti-Organized Crime Commission (PAOCC) in the Philippines arrested more than 300 in a cybercrime sweep. The arrests took place in several subdivisions, and the operation is being hailed as the biggest cybercrime operation in the nation’s history.

Security researchers from Websense have discovered a new malware campaign targeting BlackBerry customers. The malicious emails say that the recipient has successfully created a Blackberry ID, and attempts to infect their system via a malicious attachment. "To enjoy the full benefits of your BlackBerry ID, please follow the instructions in the attached file," the email reads.

DARPA Opens the Door to ‘Plan X’ ProposalsIn June, SecurityWeek reported on a plan from the secretive Defense Advanced Research Projects Agency (DARPA), which will improve the government’s cyberwar capabilities. As expected, DARPA has said they will hold a meeting next month to solicit ideas.

NEW DELHI - (AFP) - India on Friday defended itself against accusations of heavy-handed online censorship, saying it had been successful in blocking content blamed for fuelling ethnic tensions.

SAN FRANCISCO - (AFP) - Microsoft on Thursday unveiled a new corporate logo for the first time in 25 years as the US tech giant geared up for a series of big product launches. It features a symbol made up of four separate colored squares -- reminiscent of the old Windows logo featuring wavy squares -- next to the name of the company. The previous logo was simply the italicized name.

Google is looking to go proactive on privacy issues. The search giant recently posted a job listing for a data privacy engineer to work within their Privacy Red Team. The listing is notable, given that Google settled a privacy case with the FTC last week to the tune of $22.5 million.

Mocana, a provider of software and network services for securing mobile devices, today announced it has secured $25 million in series D funding that will be used to drive the company's two-pronged strategy for mobile security.

A Vulnerability Management (VM) program is commonly defined as the “cyclical practice of identifying, classifying, remediating, and mitigating vulnerabilities" . According to Gartner’s report , the purpose of the remediation phase is to harden the environment, prior to eliminating the vulnerability, by using desktop and network security tools, while the mitigation phase role is to eliminate the root causes of the vulnerability by applying a patch to the system.

Event image poster

The leading global conference series for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Learn More

Application Security

Application Security

RevEng.ai has raised $4.15 million in seed funding for an AI platform that automatically detects malicious code and vulnerabilities in software.

Cloud Security

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.