Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Latest Cybersecurity News

A years-long espionage campaign has targeted telecoms companies in Asia with tools associated with Chinese groups.

Ilya Sutskever’s new company is focused on safely developing “superintelligence” – a reference to AI systems that are smarter than humans.

Pomerium raises $13.75 million in Series A funding for dynamic user identity verification and access management platform.

LockBit appears to once again be the most active ransomware group, but experts believe the hackers may just be inflating their numbers. 

Hundreds of PC and server models may be affected by CVE-2024-0762, a privilege escalation and code execution flaw in Phoenix SecureCore UEFI firmware.

AI model weights govern outputs from the system, but altered or ‘poisoned’, they can make the output erroneous and, in extremis, useless and dangerous.

Enterprise identity company raises new capital from JP Morgan and Hercules Capital as it prepares for an IPO exit.

A threat actor targeting Chinese-speaking victims has been using the SquidLoader malware loader in recent attacks.

Atlassian has released Confluence, Crucible, and Jira updates to address multiple high-severity vulnerabilities.

Post-quantum cryptography (PQC) company PQShield has raised $37 million in Series B funding for its quantum-safe cryptography solutions.

A statewide outage of the Massachusetts 911 system was the result of a firewall that blocked calls from reaching emergency responders.

People on the Move

Data security startup Reco adds Merritt Baer as CISO

Chris Pashley has been named CISO at Advanced Research Projects Agency for Health (ARPA-H).

Satellite cybersecurity company SpiderOak has named Kip Gering as its new Chief Revenue Officer.

Merlin Ventures has appointed cybersecurity executive Andrew Smeaton as the firm’s CISO-in-Residence.

Retired U.S. Army General and former NSA Director Paul M. Nakasone has joined the Board of Directors at OpenAI.

More People On The Move
UEFI vulnerability UEFI vulnerability

Hundreds of PC and server models may be affected by CVE-2024-0762, a privilege escalation and code execution flaw in Phoenix SecureCore UEFI firmware.

AI Weights AI Weights

AI model weights govern outputs from the system, but altered or ‘poisoned’, they can make the output erroneous and, in extremis, useless and dangerous.

AMD hack AMD hack

AMD has launched an investigation after a notorious hacker announced selling sensitive data allegedly belonging to the company.

Top Cybersecurity Headlines

Researchers have targeted the MTE security feature in Arm CPUs and showed how attackers could bypass protections.

A British man has been arrested in Spain for allegedly being the ringleader of the notorious Scattered Spider cybercrime group.

Microsoft is not rolling out Recall with Copilot+ PCs as it’s seeking additional feedback and working on improving security.

SecurityWeek Industry Experts

More Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn how you can transform your security strategy to build your organization’s resilience in the face of evolving threats.

Register

The AI Risk Summit brings together security and risk management executives, AI researchers, policy makers, software developers and influential business and government stakeholders.

Register

Upcoming Cybersecurity Events

The AI Risk Summit brings together security and risk management executives, AI researchers, policy makers, software developers and influential business and government stakeholders. [June 25-26, Ritz-Carlton, Half Moon Bay, CA]

Learn More

SecurityWeek’s CISO Forum Summer Summit & Golf Classic will take place June 25-26 at the Ritz-Carlton, Half Moon Bay, CA

Learn More

SecurityWeek’s annual cloud security virtual summit returns with a deliberate focus on exposed attack surfaces and weaknesses in public cloud infrastructure and APIs.

Learn More

SecurityWeek’s Identity & Zero Trust Strategies Summit is laser focused on helping organizations to level up their Identity and Zero Trust security strategies.

Learn More

Vulnerabilities

Cybercrime

World Cup fans continue to be prime targets for cybercriminals this summer with new mobile viruses targeting smart-phone users looking for the latest news and content surrounding the international soccer tournament being held in South Africa this year.

The number of spam messages approached 6 billion for the month of January and never dipped below 3.5 billion during the past six months, according to SaaS e-mail and web security provider AppRiver’s mid-year Threat and Spamscape report.

The third installment of the "Twilight" franchise, “Eclipse,” which premiered this week, is breaking records for a midnight opening and fans are searching in the masses for any details about the film they can find online. Cyber criminals know this and have already "poisoned" common search results hoping to gain access to people's computers and infect them with malware.

Core Security, maker of penetration testers used by “red teams” to identify security vulnerabilities, today announced beta availability of a fully automated testing solution with the ability to continuously test and measure the overall security standing of an enterprise.

(ISC)2, the large not-for-profit information security professionals organization, today announced that Devon Bryan, CISSP, deputy associate chief information officer for cybersecurity for the U.S. Internal Revenue Service (IRS), has been selected as the new co-chair of the (ISC)2 U.S. Government Advisory Board (GAB) for Cyber Security.

According to a recent survey conducted by security information and event management company NetForensics, the perceived need for protection against network threats is going up, while the resources available to deal with the problem are headed in the opposite direction.

Event image poster

The leading global conference series for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Learn More

Application Security

Application Security

A critical vulnerability tracked as CVE-2024-34359 and dubbed Llama Drama can allow hackers to target AI product developers.

Cloud Security