Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Latest Cybersecurity News

Public exploit code targeting the Firefox flaws exists, but no in-the-wild exploitation has been observed.

SonicWall SMA1000 zero-day vulnerabilities CVE-2026-15409 and CVE-2026-15410 can be exploited for remote code execution.

Two flaws in Active Directory and SharePoint Server have been exploited as zero-days, and a BitLocker bug was publicly disclosed.

The D1R cybercrime group claimed to have stolen valuable data from Synopsys and Bosch, threatening to leak it unless a ransom is paid. 

The ColdFusion security defects could allow attackers to execute arbitrary code or elevate their privileges.

The flaws can be exploited for authentication bypass, remote code execution, privilege escalation, and directory traversal.

A ClaudeBleed-linked vulnerability reportedly persists across eight patches, exposing potentially sensitive data to other extensions. 

The flaws could allow attackers to access and modify data, and cause system unavailability and request-response desynchronization.

Multiple state-sponsored APTs are compromising poorly secured devices across critical infrastructure sector networks.

UK-based cybersecurity firm Valarian has raised a total of $70 million for its ACRA technology.

A threat actor poisoned several Jscrambler NPM package versions to drop a cross-platform credential stealer.

A new CMMC review and reform task force will conduct a comprehensive review of the program.

Once a notorious blackhat hacker, McGraw shares his journey from high school hacking and prison to redemption as a cybersecurity advocate.

Microsoft Patch Tuesday Microsoft Patch Tuesday

Two flaws in Active Directory and SharePoint Server have been exploited as zero-days, and a BitLocker bug was publicly disclosed.

Bosch hacking claims Bosch hacking claims

The D1R cybercrime group claimed to have stolen valuable data from Synopsys and Bosch, threatening to leak it unless a ransom is paid. 

Claude security Claude security

A ClaudeBleed-linked vulnerability reportedly persists across eight patches, exposing potentially sensitive data to other extensions. 

Top Cybersecurity Headlines

A new CMMC review and reform task force will conduct a comprehensive review of the program.

Once a notorious blackhat hacker, McGraw shares his journey from high school hacking and prison to redemption as a cybersecurity advocate.

Significant cybersecurity M&A deals announced by 1Password, Accenture, Cisco, F5, Rubrik, and SailPoint.

SecurityWeek Industry Experts

More Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this live webinar as we explore why exploitation is outpacing remediation, where risk is growing fastest, and what security leaders can do to close the gap before attackers take advantage.

Register

This year’s summit will help organizations learn how to utilize tools, controls, and design models needed to properly secure cloud environments. Interact with leading solution providers and other end users facing similar challenges in securing a variety of cloud deployments.

Register

Upcoming Cybersecurity Events

Cloud Security Summit 2026

SecurityWeek’s 2026 Cloud Security Summit will help organizations learn how to utilize tools, controls, and design models needed to properly secure cloud environments.
[July 15, 2026 | Virtual]

Read More
AI Risk Summit: Aug 11-12, 2026 (In-Person)

SecurityWeek’s AI Risk Summit is the leading conference where technology, security, and risk leaders converge with AI researchers, developers, and policy makers shaping the future of enterprise AI.
[August 11-12, 2026 | In-Person]

Learn More
CodeSecCon 2026

SecurityWeek’s CodeSecCon 2026 will bring together developers and cybersecurity professionals to revolutionize the way applications are built, secured, and maintained.
[August 19, 2026 | Virtual]

Read More
Attack Surface Management Summit 2026

SecurityWeek’s 2026 Attack Surface Management Summit will evaluate how organizations can protect corporate assets and reduce their attack surface in a modern security program.
[September 16, 2026 | Virtual]

Read More

Vulnerabilities

Cybercrime

Certainly we are no strangers to increased regulations, standards and internal policies, and the resulting audits that impact most organizations – often multiple times per year. While regulations and ensuing IT audits go beyond firewalls and firewall policies, these devices are often a good place to start when it comes to becoming "audit-ready" and gaining continuous visibility of what's going on in your network.

TEHRAN - Iranian forces have carried out what they called cyber warfare tactics for the first time as the Islamic republic's naval units staged manoeuvres in the key Strait of Hormuz, media reports said on Monday. The navy "launched a cyber attack against the computer network of the defensive forces in order to infiltrate the network and hack information or spread virus," the English-language Iran daily reported, quoting Rear Admiral Amir Rastegari.

Cisco remained the leader in the overall security appliance in the third quarter of 2012, according to the latest market numbers from International Data Corporation (IDC). Unified Threat Management appliances accounted for the majority of growth over the quarter.

PARIS - Armed robbers broke into an Apple store in central Paris on New Year's Eve and made off with about one million euros ($1.3 million) in merchandise, police said.The four armed men broke into the shop behind the Palais Garnier Opera around 9:00 pm on Monday, about three hours after it closed.They overpowered an employee, leaving him lightly injured, and loaded the stolen goods into a truck parked near the store.

From hackers’ point of view, launching a successful attack, either malware based or through web application hacking, requires an investment in infrastructure. The infrastructure may take a physical form: Internet servers to host Command and Control servers (C2) and exfiltrated data, or be a logical asset: software hacking tools development, vulnerabilities research and stealth communication protocols definition.

SINGAPORE - Singapore police on Tuesday arrested a 13-year-old Indian boy for posting a Facebook message in which he allegedly threatened to bomb a luxury casino resort in the city-state. The unnamed boy vowed to take "a big big revenge", "spit everywhere" and "plant bombs on Marina Bay Sands", a major tourist attraction, on the day he leaves Singapore, according to The Straits Times.

SAN FRANCISCO - Facebook sidestepped a privacy gaffe on Monday by fixing a flaw that made it possible to snoop on private New Year's Eve messages sent using a "Midnight Delivery" service. Facebook took "Midnight Delivery" offline temporarily to patch a vulnerability pointed out by Britain-based blogger Jack Jenkins.

Trend Micro has spotted a piece of malware in the wild targeting Java-based HTTP servers and Java Servlet containers. According to Trend Micro, the malware is disguised as a Java Server page (JSP). Once installed, it performs backdoor routines and gains control over vulnerable servers.

Microsoft has issued a security advisory, and confirmed reports that a zero-day vulnerability in Internet Explorer has been used in targeted attacks. One such attack was reported last week, when a drive-by download attack on the website maintained by the Council on Foreign Relations (CFR), leveraged the vulnerability to spread malware.

According to an Army spokesperson, 36,000 records maintained by CECOM (Communications-Electronics Command) and Command, Control, Communications, Computers, Intelligence, Surveillance and Reconnaissance (C4ISR), were breached earlier this month by an unknown hacker or group of hackers.

In August, Kaspersky Lab started an initiative to get the public’s help in cracking the encryption used in the payload of the Gauss malware. On Friday, the Hashcat project lent their resources to the cause by releasing a tool to help crack Gauss’ verification hash.

BEIJING - China has approved new rules that require Internet users nationwide to provide real-name identification, state media reported on Friday, as the government increases its already tight online grip. The National People's Congress (NPC), the country's legislature, adopted the measures at a meeting on Friday, the official Xinhua news agency and other media said.

Event image poster

The leading global conference series for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Learn More

Cloud Security

Cloud Security

Hackers were seen making over 81 million login attempts originating from systems associated with hosting provider LSHIY.

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.