Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Latest Cybersecurity News

The US government shared exploit chains, IOCs and post-incident forensics data to help network defenders hunt for signs of Chinese hacking gangs.

The Trump administration has disbanded the Cyber Safety Review Board (CSRB), ending one of the few bright spots at CISA.

DryRun Security has raised $8.7 million in a seed funding round for its AI-powered application security solutions. 

Doti’s platform uses AI to improve, automate, and streamline standard office and business processes across distributed and hybrid environments. 

Join Us in Shaping the Future of Supply Chain Security – Don’t miss this chance to be part of the conversation addressing one of the most pressing cybersecurity challenges .

APIs are easy to develop, simple to implement, and frequently attacked. They are  prime and lucrative targets for cybercriminals. 

$380,000 paid out on the first day of Pwn2Own Automotive 2025 for exploits targeting car infotainment units, operating systems, and chargers. 

The Mirai-based Murdoc botnet has been actively targeting Avtech and Huawei devices for roughly half a year.

Oracle has released 318 new security patches to address roughly 200 unique CVEs as part of its January 2025 Critical Patch Update.

Cloudflare saw a 53% increase in DDoS attack frequency last year, when it blocked a record-breaking 5.6 Tbps attack.

ABB has patched building control product vulnerabilities that can expose many facilities to remote attacks.

People on the Move

Karl Triebes has joined Ivanti as Chief Product Officer.

Steven Hernandez has joined USAID as CISO and Deputy CIO.

Data security and privacy firm Protegrity has named Michael Howard as its CEO.

Anand Ramanathan has been appointed as Chief Product Officer at Deepwatch.

Managed security platform provider Deepwatch has appointed Sammie Walker as CMO.

More People On The Move
Ivanti vulnerability Ivanti vulnerability

The US government shared exploit chains, IOCs and post-incident forensics data to help network defenders hunt for signs of Chinese hacking gangs.

DDoS attack DDoS attack

Cloudflare saw a 53% increase in DDoS attack frequency last year, when it blocked a record-breaking 5.6 Tbps attack.

PowerSchool data breach PowerSchool data breach

PowerSchool says the personal information of students and educators was stolen in a December 2024 data breach.

Top Cybersecurity Headlines

HPE is investigating claims by the hacker IntelBroker, who is offering to sell source code and other data allegedly stolen from the tech giant.

The Treasury Department announced sanctions in connection with a massive Chinese hack of American telecommunications companies and a breach of its own computer network.

In 2024 organizations informed the US government about 720 healthcare data breaches affecting a total of 186 million user records.

SecurityWeek Industry Experts

More Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Explore trends and technologies that will shape the future of cybersecurity. Discover strategies for vendor selection, integration to minimize redundancies, and maximizing ROI from your cybersecurity investments. Gain actionable insights to ensure your stack is ready for tomorrow’s challenges.

Register

Dive into critical topics such as incident response, threat intelligence, and attack surface management. Learn how to align cyber resilience plans with business objectives to reduce potential impacts and secure your organization in an ever-evolving threat landscape.

Register

Upcoming Cybersecurity Events

The AI Risk Summit brings together security and risk management executives, AI researchers, policy makers, software developers and influential business and government stakeholders. [June 2025, Stay Tuned]

Learn More

SecurityWeek’s CISO Forum Summer Summit & Golf Classic will take place June 25-26 at the Ritz-Carlton, Half Moon Bay, CA

Learn More

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.(February 26, 2025)

Learn More

Supply Chain Security Summit
Join us as we explore the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects. (March 19, 2025)

Learn More

Vulnerabilities

Cybercrime

Rush for New Technology Often Makes Security an After-Thought, Putting Organizations at RiskAccording to Ernst & Young’s just-released 2011 Global Information Security, organizations are rushing to adopt new technologies including cloud computing, tablets and social media, but are often leaving security as an after-thought.

After one of their own was kidnapped while participating in Operation PaperStorm, Anonymous has threatened to expose the Zetas drug cartel unless the Anon is released. The comments, made in a video posted to YouTube, inform the Zetas family that they’ve made a huge mistake with the kidnapping, and give them until Saturday to respond.

In Mumbai, Indian authorities seized components from servers in a data center, after Symantec informed them that they were communicating with the command and control (C&C) infrastructure used by Duqu, the Trojan that is touted as the precursor to the next Stuxnet. However, experts are now saying that the connection between the two malicious programs is questionable.

Initiative Will Focus on Creating Cyber Education Programs for K-12 through Career and Technical Education Levels.The National Cyber Security Alliance (NCSA), acting on behalf of the National Cybersecurity Education Council, has signed a memorandum of understanding with the US Dept. of Education (DOE), to establish cybersecurity related training programs in schools across the nation, grades K-12.

Balancing Risk and Reward in Information Security: Are you Willing to Spend X to Avoid Y?My daughters tell me that I am too careful and I over-think decisions. I research a car before buying, and build a spreadsheet that includes things like warranties and total cost of ownership for a year. I think, however, that I am just practical.

Red Hat today announced that it has joined Facebook’s Open Compute Project, a non-profit foundation with a simple, yet challenging goal – design the most efficient computing infrastructures at the lowest possible cost.With this goal in mind, Red Hat is now part of the ecosystem of engineers, architects and developers that are looking to redefine the next-generation datacenter. As the largest provider of open source software and services, this is a huge addition of support to the project.

What Do 4G/LTE Networks' Entirely New Infrastructure Mean for Security?By now, we’ve all seen the uncharacteristically techie ads for 4G/LTE phones and services. Even for those of us who don’t know that LTE stands for Long Term Evolution, the 4G postscript reassures us that we are going to get more, better, and faster. After all, the “Gs” have been part of our vernacular and consciousness for a while.

Microsoft has dismissed a lawsuit against a company it contended a month ago was at the heart of the now-defunct Kelihos botnet.In September, Microsoft named Dominique Piatti and his company dotFree Group SRO as controllers of the botnet. The move marked the first time Microsoft had named a defendant in one of its botnet-related civil suits.

What Can we Learn From Some of the Significant Hacks in 2011?As we round the corner to the last quarter of 2011 and move into the busy holiday season (for hackers too), it’s a good time to look back at some of the hacks that made headlines this year. And 2011 was a monumental year for hackers. Businesses as well as consumers felt the brunt of cybercrime by the millions, some of them a few times over. Here’s a look...

Event image poster

The leading global conference series for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Learn More

Application Security

Application Security

DryRun Security has raised $8.7 million in a seed funding round for its AI-powered application security solutions. 

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.