Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Latest Cybersecurity News

Once a notorious blackhat hacker, McGraw shares his journey from high school hacking and prison to redemption as a cybersecurity advocate.

Significant cybersecurity M&A deals announced by 1Password, Accenture, Cisco, F5, Rubrik, and SailPoint.

Unauthenticated attackers could obtain the broker’s confidential OAuth client secret, allowing them to take control of the broker.

The flaw results in malicious code embedded in crafted emails being executed when the emails are opened.

The move targeted people and entities accused of links to an online spying network that the EU claims targeted governments and carried out sabotage operations against critical infrastructure.

Threat actors have been targeting Balbooa Forms and iCagenda Joomla extension flaws for remote code execution.

The company notified customers to manually shut down their servers while it is investigating a credible threat.

The WorldLeaks extortion group claimed to have stolen 720 GB of data from the healthcare testing and laboratory services provider.

Multiple campaigns are using ghost accounts to map GitHub organizations, including their repositories and members.

Other noteworthy stories that might have slipped under the radar: Abnormal AI sued by Anthropic, AssuranceAmerica data breach affects 7 million people, NSA brings back TAO.

Angelo Martino, a former ransomware negotiator, was sentenced to 70 months for helping the BlackCat/Alphv group.

Both foes and allies have targeted the Balochistan Police force in Pakistan for at least two years, according to SentinelOne.

The attackers call victims to direct them to phishing websites mirroring Microsoft Entra ID login pages.

Hacker Conversations: Jesse McGraw Hacker Conversations: Jesse McGraw

Once a notorious blackhat hacker, McGraw shares his journey from high school hacking and prison to redemption as a cybersecurity advocate.

2026 cybersecurity M&A 2026 cybersecurity M&A

Significant cybersecurity M&A deals announced by 1Password, Accenture, Cisco, F5, Rubrik, and SailPoint.

Vulnerability Vulnerability

Unauthenticated attackers could obtain the broker’s confidential OAuth client secret, allowing them to take control of the broker.

Top Cybersecurity Headlines

The WorldLeaks extortion group claimed to have stolen 720 GB of data from the healthcare testing and laboratory services provider.

Both foes and allies have targeted the Balochistan Police force in Pakistan for at least two years, according to SentinelOne.

The attackers call victims to direct them to phishing websites mirroring Microsoft Entra ID login pages.

SecurityWeek Industry Experts

More Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this live webinar as we break down why email-layer defenses alone can’t keep pace with the modern phishing ecosystem, how agentic AI is changing the capacity equation for security teams, and more.

Register

This year’s summit will help organizations learn how to utilize tools, controls, and design models needed to properly secure cloud environments. Interact with leading solution providers and other end users facing similar challenges in securing a variety of cloud deployments.

Register

Upcoming Cybersecurity Events

Cloud Security Summit 2026

SecurityWeek’s 2026 Cloud Security Summit will help organizations learn how to utilize tools, controls, and design models needed to properly secure cloud environments.
[July 15, 2026 | Virtual]

Read More
AI Risk Summit: Aug 11-12, 2026 (In-Person)

SecurityWeek’s AI Risk Summit is the leading conference where technology, security, and risk leaders converge with AI researchers, developers, and policy makers shaping the future of enterprise AI.
[August 11-12, 2026 | In-Person]

Learn More
CodeSecCon 2026

SecurityWeek’s CodeSecCon 2026 will bring together developers and cybersecurity professionals to revolutionize the way applications are built, secured, and maintained.
[August 19, 2026 | Virtual]

Read More
Attack Surface Management Summit 2026

SecurityWeek’s 2026 Attack Surface Management Summit will evaluate how organizations can protect corporate assets and reduce their attack surface in a modern security program.
[September 16, 2026 | Virtual]

Read More

Vulnerabilities

Cybercrime

WASHINGTON - US regulators have launched a series of probes on whether mobile apps targeted at children violate privacy laws by collecting and sharing data which can be used for detailed profiles, officials said Monday. The Federal Trade Commission said its latest review of mobile apps available on Apple's App Store and Google Play found that many collect personal data, and often share this with developers or marketers without disclosing this fact to parents.

IBM Report Says Security is a Top Barrier to Adoption in Business Analytics, Mobile, Social Business and CloudAs business demand for mobile, cloud, social business, and business analytics rises, enterprises have to deal with security concerns and severe IT skill shortages, IBM said in its latest Tech Trends Report.

Shortly after a few Pakistani websites were defaced, the Pakistan Cyber Army (PCA) responded with a massive defacement campaign focusing on China, less than 24-hours after taking out 26 Bangladeshi government domains. As is the case with most defacements from the PCA, or similar groups, the motive is mostly entertainment – unless there is a chance for political propagandizing. According to messages left by the PCA, it would see that propaganda was the aim this time around.

In February of 2008, two backup tapes containing data maintained by the U.S. Secret Service were left behind on a DC Metrorail. Now, nearly five years after the fact, the Department of Homeland Security's Office of Inspector General (DHS-OIG) is launching an investigation into the incident.

Researchers from Rapid7 and the Shadowserver Foundation discovered something unique last week. While browsing files on USENET, they discovered a botnet that has thousands of endpoints, and was able to operate without detection for months. To make matters worse, the botmaster took to Reddit earlier this year in order to brag about it.

Rapid7 on Friday released Metasploit Pro 4.5, the latest version of its flagship penetration testing and security risk assessment tool. The new release brings capabilities that let organizations simulate social engineering attacks and help understand just how vulnerable they may be to phishing attacks.

When I was a boy growing up in New Jersey, the basement in our older family home would flood several times a year. It was on a concrete slab and usually dried out after a few days, so it was okay. I came home from college one weekend and upon hearing my mom say she was going to carpet the basement, I reminded her of the periodic floods. She looked me in the eye and said, "Dammit Alan, I’m doing...

In what appears to be another case of the FBI taking credit for cracking a case they created, a former sailor is being charged with attempted espionage, after he allegedly tried to deliver naval secrets to the Russian Federation.

LONDON - A British student was on Thursday convicted for his role in a series of cyber-attacks by the hacking group Anonymous that cost the US online payments giant PayPal millions of dollars. Christopher Weatherhead, 22, was found guilty of participating in attacks by Anonymous on PayPal, MasterCard and other companies that refused to process payments to the whistleblowing website WikiLeaks.

Before arriving at Apple this fall, Kristin Paget used to break things at Microsoft. Now, her job will be to help secure Mac OS X for Apple, as the company that was once blasé about security starts to take things seriously. Paget’s LinkedIn profile lists her as working at Apple since September 2012 as a “Core OS Security Researcher”.

RIM is planning to release BlackBerry 10, the latest edition of its mobile operating system, on Jan. 30, and with that release comes an unmentioned security feature – password blocking. RIM hasn’t officially announced the protection settings, but a BlackBerry site in the U.K. discovered a list of 106 passwords that are forbidden on the new mobile OS.

Event image poster

The leading global conference series for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Learn More

Cloud Security

Cloud Security

Hackers were seen making over 81 million login attempts originating from systems associated with hosting provider LSHIY.

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.