Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Latest Cybersecurity News

Public exploit code targeting the Firefox flaws exists, but no in-the-wild exploitation has been observed.

SonicWall SMA1000 zero-day vulnerabilities CVE-2026-15409 and CVE-2026-15410 can be exploited for remote code execution.

Two flaws in Active Directory and SharePoint Server have been exploited as zero-days, and a BitLocker bug was publicly disclosed.

The D1R cybercrime group claimed to have stolen valuable data from Synopsys and Bosch, threatening to leak it unless a ransom is paid. 

The ColdFusion security defects could allow attackers to execute arbitrary code or elevate their privileges.

The flaws can be exploited for authentication bypass, remote code execution, privilege escalation, and directory traversal.

A ClaudeBleed-linked vulnerability reportedly persists across eight patches, exposing potentially sensitive data to other extensions. 

The flaws could allow attackers to access and modify data, and cause system unavailability and request-response desynchronization.

Multiple state-sponsored APTs are compromising poorly secured devices across critical infrastructure sector networks.

UK-based cybersecurity firm Valarian has raised a total of $70 million for its ACRA technology.

A threat actor poisoned several Jscrambler NPM package versions to drop a cross-platform credential stealer.

A new CMMC review and reform task force will conduct a comprehensive review of the program.

Once a notorious blackhat hacker, McGraw shares his journey from high school hacking and prison to redemption as a cybersecurity advocate.

Microsoft Patch Tuesday Microsoft Patch Tuesday

Two flaws in Active Directory and SharePoint Server have been exploited as zero-days, and a BitLocker bug was publicly disclosed.

Bosch hacking claims Bosch hacking claims

The D1R cybercrime group claimed to have stolen valuable data from Synopsys and Bosch, threatening to leak it unless a ransom is paid. 

Claude security Claude security

A ClaudeBleed-linked vulnerability reportedly persists across eight patches, exposing potentially sensitive data to other extensions. 

Top Cybersecurity Headlines

A new CMMC review and reform task force will conduct a comprehensive review of the program.

Once a notorious blackhat hacker, McGraw shares his journey from high school hacking and prison to redemption as a cybersecurity advocate.

Significant cybersecurity M&A deals announced by 1Password, Accenture, Cisco, F5, Rubrik, and SailPoint.

SecurityWeek Industry Experts

More Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this live webinar as we explore why exploitation is outpacing remediation, where risk is growing fastest, and what security leaders can do to close the gap before attackers take advantage.

Register

This year’s summit will help organizations learn how to utilize tools, controls, and design models needed to properly secure cloud environments. Interact with leading solution providers and other end users facing similar challenges in securing a variety of cloud deployments.

Register

Upcoming Cybersecurity Events

Cloud Security Summit 2026

SecurityWeek’s 2026 Cloud Security Summit will help organizations learn how to utilize tools, controls, and design models needed to properly secure cloud environments.
[July 15, 2026 | Virtual]

Read More
AI Risk Summit: Aug 11-12, 2026 (In-Person)

SecurityWeek’s AI Risk Summit is the leading conference where technology, security, and risk leaders converge with AI researchers, developers, and policy makers shaping the future of enterprise AI.
[August 11-12, 2026 | In-Person]

Learn More
CodeSecCon 2026

SecurityWeek’s CodeSecCon 2026 will bring together developers and cybersecurity professionals to revolutionize the way applications are built, secured, and maintained.
[August 19, 2026 | Virtual]

Read More
Attack Surface Management Summit 2026

SecurityWeek’s 2026 Attack Surface Management Summit will evaluate how organizations can protect corporate assets and reduce their attack surface in a modern security program.
[September 16, 2026 | Virtual]

Read More

Vulnerabilities

Cybercrime

Verdasys, a Waltham, Massachusetts-based provider of information security solutions for businesses, this week announced global availability of the Verdasys Managed Service for Information Protection (MSIP), a cloud-based managed service for protecting sensitive data.

Since Operation Ababil began, the websites of banks such as CitiGroup and Wells Fargo have faced periodic bombardment from attackers. But while the big-name banks may garner most of the headlines, the problem of distributed denial-of-service (DDoS) attacks against the financial industry is more widespread than some may think.

Insurance giant Travelers this week launched a new offering designed to help small businesses protect against the growing risks of cyber attacks and data breaches. Dubbed “CyberFirst Essentials – Small Business”, the new offering provides insurance coverage to protect against some of the most common information security breaches including:

Fixmo, a provider of mobile security and risk management solutions, announced on Tuesday that it has received a strategic investment from Samsung Ventures, the venture capital arm of the Samsung Group.

What would happen if Chinese or Russian agents were to conduct a covert operation, sabotaging America’s electricity grid using targeted bombs, leading to widespread power-outages resulting in, amongst other things, patients dying in hospitals, an economic crash, traffic accidents, and people freezing in their houses. Would this neutralize a nation’s armed forces ability to retaliate?

A draft proposal for the Cyber Security Strategy of the European Union has been circulating ahead of official publication, which would require public and private organizations to disclose cyber attacks, regardless if PII was exposed.

Oracle isn’t having a good month as far as PR and security is concerned. Adam Gowdiak, a researcher in Poland with Security Explorations, says that Oracle’s recent patch for Java contains not one, but two additional vulnerabilities.

The computer emergency response team in Poland, CERT Polska, announced last week that they’ve taken over several domains linked to the Virut botnet. While it may not have a long-term impact on the botnets operations, CERT Polska’s actions have certainly delivered a devastating blow to the malware family.

Hackers participating in this year's Pwn2Own contest at the CanSecWest conference in Vancouver will have more than just a web browser to use as their playground. This time, the upcoming competition will feature a new focus on browser plug-ins.

If Jason Bourne was a real-world government operative today, he would focus less time on the covert world of espionage and violent assassination plots, and would focus more on cybersecurity. The critical infrastructure networks that operate our electrical grids, power our water treatment plants, and enable communications are being targeted by hackers and nation states, and the impact of such attacks have the ability to wreak significant havoc.

WASHINGTON - Authoritarian regimes around the world are using technology from a Silicon Valley firm for Internet surveillance, filtering and censorship, according to a report by Canadian researchers.

Event image poster

The leading global conference series for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Learn More

Cloud Security

Cloud Security

Hackers were seen making over 81 million login attempts originating from systems associated with hosting provider LSHIY.

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.