Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Latest Cybersecurity News

Two flaws in Active Directory and SharePoint Server have been exploited as zero-days, and a BitLocker bug was publicly disclosed.

The D1R cybercrime group claimed to have stolen valuable data from Synopsys and Bosch, threatening to leak it unless a ransom is paid. 

The ColdFusion security defects could allow attackers to execute arbitrary code or elevate their privileges.

The flaws can be exploited for authentication bypass, remote code execution, privilege escalation, and directory traversal.

A ClaudeBleed-linked vulnerability reportedly persists across eight patches, exposing potentially sensitive data to other extensions. 

The flaws could allow attackers to access and modify data, and cause system unavailability and request-response desynchronization.

Multiple state-sponsored APTs are compromising poorly secured devices across critical infrastructure sector networks.

UK-based cybersecurity firm Valarian has raised a total of $70 million for its ACRA technology.

A threat actor poisoned several Jscrambler NPM package versions to drop a cross-platform credential stealer.

A new CMMC review and reform task force will conduct a comprehensive review of the program.

Once a notorious blackhat hacker, McGraw shares his journey from high school hacking and prison to redemption as a cybersecurity advocate.

Significant cybersecurity M&A deals announced by 1Password, Accenture, Cisco, F5, Rubrik, and SailPoint.

Unauthenticated attackers could obtain the broker’s confidential OAuth client secret, allowing them to take control of the broker.

Microsoft Patch Tuesday Microsoft Patch Tuesday

Two flaws in Active Directory and SharePoint Server have been exploited as zero-days, and a BitLocker bug was publicly disclosed.

Bosch hacking claims Bosch hacking claims

The D1R cybercrime group claimed to have stolen valuable data from Synopsys and Bosch, threatening to leak it unless a ransom is paid. 

Claude security Claude security

A ClaudeBleed-linked vulnerability reportedly persists across eight patches, exposing potentially sensitive data to other extensions. 

Top Cybersecurity Headlines

A new CMMC review and reform task force will conduct a comprehensive review of the program.

Once a notorious blackhat hacker, McGraw shares his journey from high school hacking and prison to redemption as a cybersecurity advocate.

Significant cybersecurity M&A deals announced by 1Password, Accenture, Cisco, F5, Rubrik, and SailPoint.

SecurityWeek Industry Experts

More Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this live webinar as we explore why exploitation is outpacing remediation, where risk is growing fastest, and what security leaders can do to close the gap before attackers take advantage.

Register

This year’s summit will help organizations learn how to utilize tools, controls, and design models needed to properly secure cloud environments. Interact with leading solution providers and other end users facing similar challenges in securing a variety of cloud deployments.

Register

Upcoming Cybersecurity Events

Cloud Security Summit 2026

SecurityWeek’s 2026 Cloud Security Summit will help organizations learn how to utilize tools, controls, and design models needed to properly secure cloud environments.
[July 15, 2026 | Virtual]

Read More
AI Risk Summit: Aug 11-12, 2026 (In-Person)

SecurityWeek’s AI Risk Summit is the leading conference where technology, security, and risk leaders converge with AI researchers, developers, and policy makers shaping the future of enterprise AI.
[August 11-12, 2026 | In-Person]

Learn More
CodeSecCon 2026

SecurityWeek’s CodeSecCon 2026 will bring together developers and cybersecurity professionals to revolutionize the way applications are built, secured, and maintained.
[August 19, 2026 | Virtual]

Read More
Attack Surface Management Summit 2026

SecurityWeek’s 2026 Attack Surface Management Summit will evaluate how organizations can protect corporate assets and reduce their attack surface in a modern security program.
[September 16, 2026 | Virtual]

Read More

Vulnerabilities

Cybercrime

DAMASCUS - Most communications were down in Syria on Thursday and clashes near the capital closed off the road to Damascus airport, monitors said, as rebels warned of a possible government assault. A regime air strike on the northern city of Aleppo, meanwhile, killed at least 15 civilians, said the Syrian Observatory for Human Rights.

Symantec on Thursday announced Norton Zone, a new consumer-focused secure file sharing service designed to enable users to safely access, sync and share photos, videos and documents from any Windows, Mac, Android or iOS device. As part of the service, all files are scanned for viruses and malware before being shared.

A Network Freeze Doesn’t Mean There Aren’t Risks On Your Network That Need To Be Addressed... The holidays are officially upon us (and have been apparently since the minute after Halloween was over). While consumers are racing to get all of their shopping done and businesses spend inordinate amounts of time and money trying to keep their stores busy, many IT operations teams are either preparing or in the midst of putting their network on ice.

Piwik, an open source alternative to Google Analytics, announced on Tuesday that they had suffered a security breach, and the attacker inserted a backdoor into their software, which was available for download for a few hours. Piwik is used by 460,000 websites, and has been downloaded well over a million times. The platform is a self hosted, open source alternative to Google Analytics that’s been around since 2007.

Entrust introduced new services today with the goal of helping its customers solve common challenges associated with managing digital certificates. The additional services are part of the company's Entrust Discovery service, and are meant to ensure organizations can avoid application outages, enforce compliance and manage multi-source certificate environments.

Earlier this month, pro-Palestine supporters of Anonymous launched “OpIsrael”, a virtual offensive against Israel in protest of Israel’s strikes inside of Gaza. The campaign has been linked to nearly a thousand website defacements, and numerous DDoS attacks, forcing Israel to fight a two front war. 

Security testing firm NSS Labs has released the latest results from its web browser security comparative series, which this time evaluated the effectiveness of phishing protection from the most popular Web browsers – Apple’s Safari, Google Chrome, Microsoft Internet Explorer, and Mozilla’s Firefox.

On Tuesday, for unknown reasons at the time, Google suddenly started re-verifying people to previous levels of access. As it turns out, the reason was that Google's Webmaster Tools platform was impacted by a glitch that gave access to users who previously had access to the services, but had since had that access revoked. Only a small percentage of accounts were said to have seen the random re-verifications.

Printers manufactured by Samsung, and sold via Dell or direct channels, are vulnerable to attack thanks to a hard-coded administrator account in the device’s firmware. The company says that devices made after Oct. 31 are not vulnerable, but it will take time before a patch tool is released.

The International Atomic Energy Agency (IAEA) reportedly is taking steps to secure its information after data was stolen from one of its former servers and posted online. According to the IAEA, the stolen data includes email addresses for some experts working with the agency. The data was posted online by a group going by the name Parastoo, which in Farsi translates to "swallow."

Event image poster

The leading global conference series for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Learn More

Cloud Security

Cloud Security

Hackers were seen making over 81 million login attempts originating from systems associated with hosting provider LSHIY.

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.