Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Latest Cybersecurity News

Two flaws in Active Directory and SharePoint Server have been exploited as zero-days, and a BitLocker bug was publicly disclosed.

The D1R cybercrime group claimed to have stolen valuable data from Synopsys and Bosch, threatening to leak it unless a ransom is paid. 

The ColdFusion security defects could allow attackers to execute arbitrary code or elevate their privileges.

The flaws can be exploited for authentication bypass, remote code execution, privilege escalation, and directory traversal.

A ClaudeBleed-linked vulnerability reportedly persists across eight patches, exposing potentially sensitive data to other extensions. 

The flaws could allow attackers to access and modify data, and cause system unavailability and request-response desynchronization.

Multiple state-sponsored APTs are compromising poorly secured devices across critical infrastructure sector networks.

UK-based cybersecurity firm Valarian has raised a total of $70 million for its ACRA technology.

A threat actor poisoned several Jscrambler NPM package versions to drop a cross-platform credential stealer.

A new CMMC review and reform task force will conduct a comprehensive review of the program.

Once a notorious blackhat hacker, McGraw shares his journey from high school hacking and prison to redemption as a cybersecurity advocate.

Significant cybersecurity M&A deals announced by 1Password, Accenture, Cisco, F5, Rubrik, and SailPoint.

Unauthenticated attackers could obtain the broker’s confidential OAuth client secret, allowing them to take control of the broker.

Bosch hacking claims Bosch hacking claims

The D1R cybercrime group claimed to have stolen valuable data from Synopsys and Bosch, threatening to leak it unless a ransom is paid. 

Claude security Claude security

A ClaudeBleed-linked vulnerability reportedly persists across eight patches, exposing potentially sensitive data to other extensions. 

Pentagon DOD Pentagon DOD

A new CMMC review and reform task force will conduct a comprehensive review of the program.

Top Cybersecurity Headlines

Once a notorious blackhat hacker, McGraw shares his journey from high school hacking and prison to redemption as a cybersecurity advocate.

Significant cybersecurity M&A deals announced by 1Password, Accenture, Cisco, F5, Rubrik, and SailPoint.

Unauthenticated attackers could obtain the broker’s confidential OAuth client secret, allowing them to take control of the broker.

SecurityWeek Industry Experts

More Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this live webinar as we explore why exploitation is outpacing remediation, where risk is growing fastest, and what security leaders can do to close the gap before attackers take advantage.

Register

This year’s summit will help organizations learn how to utilize tools, controls, and design models needed to properly secure cloud environments. Interact with leading solution providers and other end users facing similar challenges in securing a variety of cloud deployments.

Register

Upcoming Cybersecurity Events

Cloud Security Summit 2026

SecurityWeek’s 2026 Cloud Security Summit will help organizations learn how to utilize tools, controls, and design models needed to properly secure cloud environments.
[July 15, 2026 | Virtual]

Read More
AI Risk Summit: Aug 11-12, 2026 (In-Person)

SecurityWeek’s AI Risk Summit is the leading conference where technology, security, and risk leaders converge with AI researchers, developers, and policy makers shaping the future of enterprise AI.
[August 11-12, 2026 | In-Person]

Learn More
CodeSecCon 2026

SecurityWeek’s CodeSecCon 2026 will bring together developers and cybersecurity professionals to revolutionize the way applications are built, secured, and maintained.
[August 19, 2026 | Virtual]

Read More
Attack Surface Management Summit 2026

SecurityWeek’s 2026 Attack Surface Management Summit will evaluate how organizations can protect corporate assets and reduce their attack surface in a modern security program.
[September 16, 2026 | Virtual]

Read More

Vulnerabilities

Cybercrime

Andrew Auernheimer, of Goatse Security fame, was found guilty on Tuesday of one count of conspiracy to gain unauthorized access to computers and one count of identity theft. His case started back in 2010, when he and Daniel Spitler exposed a logic flaw in a web application used by AT&T iPad customers.

In a muffled and convoluted audio recording, the ex-councilman of the village of Carmelita, Anthony Rhaburn, allegedly tries to convince an employee working for John McAfee to help the government of Belize kill him. The audio recording (embedded at the bottom of this article) is part of a blog post made by McAfee, as the saga of his collapsing world unfolds.

Symantec researchers have discovered a piece of malware that leverages Google Docs to communicate with its command-and-control (C&C) server. The malware is a version of the Makadocs Trojan, which opens a backdoor on the compromised computer and tries to steal information. The latest version of the malware uses Google Docs are a proxy server to reach its C&C.

Just days after NASA warned that a laptop containing unencrypted sensitive employee information was stolen from the space agency, another large organization has come forward and acknowledged a similar incident, also involving a stolen laptop loaded with sensitive personal information, and resulting in many individuals being put at risk.

SAN FRANCISCO - Hewlett-Packard (NYSE:HPQ) called Tuesday for a probe into "willful" financial misstatements by Autonomy, a British software firm it bought for over $10 billion, which HP now says was overvalued. HP's share price tumbled 10.7 percent to $11.87 in midday trade on Wall Street, as the new problems weighed on the US computer giant already struggling with a changing technology landscape.

When the worst happens, and a breach has caused serious damage to your organization, you may be placed into a position where you need to contact law enforcement, perhaps even the FBI. If that happens to be the case, a recent document published by Public Intelligence outlines the things that will help you when the feds have to be called in.

Evaluating All Security Solutions in Full Context, and Focusing On Solutions with Low Operational Impact Are Key For SuccessIt’s a typical scenario in an enterprise. Sam from the security department walks into a meeting and tells everyone, “I’ve got this great new security solution that I am about to buy and need to deploy. It will keep the all the latest malware from infecting anything on our network.”

Last week, someone posted a module to the Full Disclosure mailing list, which turned out to be a rootkit for Linux. Experts examined it, and concluded that if anything, it’s a unique piece of malware, in addition to it being a credible risk to LAMPP deployments.

Symantec today released the latest version of its consumer-focused mobile security offering, Norton Mobile Security. The latest version adds support for iOS devices, the ability to backup contacts, an improved user experience, and helps recover a lost or stolen device and prevent unauthorized user from accessing their data. Norton Mobile Security offers new and improved features including:

Event image poster

The leading global conference series for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Learn More

Cloud Security

Cloud Security

Hackers were seen making over 81 million login attempts originating from systems associated with hosting provider LSHIY.

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.