Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Latest Cybersecurity News

Once a notorious blackhat hacker, McGraw shares his journey from high school hacking and prison to redemption as a cybersecurity advocate.

Significant cybersecurity M&A deals announced by 1Password, Accenture, Cisco, F5, Rubrik, and SailPoint.

Unauthenticated attackers could obtain the broker’s confidential OAuth client secret, allowing them to take control of the broker.

The flaw results in malicious code embedded in crafted emails being executed when the emails are opened.

The move targeted people and entities accused of links to an online spying network that the EU claims targeted governments and carried out sabotage operations against critical infrastructure.

Threat actors have been targeting Balbooa Forms and iCagenda Joomla extension flaws for remote code execution.

The company notified customers to manually shut down their servers while it is investigating a credible threat.

The WorldLeaks extortion group claimed to have stolen 720 GB of data from the healthcare testing and laboratory services provider.

Multiple campaigns are using ghost accounts to map GitHub organizations, including their repositories and members.

Other noteworthy stories that might have slipped under the radar: Abnormal AI sued by Anthropic, AssuranceAmerica data breach affects 7 million people, NSA brings back TAO.

Angelo Martino, a former ransomware negotiator, was sentenced to 70 months for helping the BlackCat/Alphv group.

Both foes and allies have targeted the Balochistan Police force in Pakistan for at least two years, according to SentinelOne.

The attackers call victims to direct them to phishing websites mirroring Microsoft Entra ID login pages.

2026 cybersecurity M&A 2026 cybersecurity M&A

Significant cybersecurity M&A deals announced by 1Password, Accenture, Cisco, F5, Rubrik, and SailPoint.

Vulnerability Vulnerability

Unauthenticated attackers could obtain the broker’s confidential OAuth client secret, allowing them to take control of the broker.

Healthcare data breach Healthcare data breach

The WorldLeaks extortion group claimed to have stolen 720 GB of data from the healthcare testing and laboratory services provider.

Top Cybersecurity Headlines

Both foes and allies have targeted the Balochistan Police force in Pakistan for at least two years, according to SentinelOne.

The attackers call victims to direct them to phishing websites mirroring Microsoft Entra ID login pages.

Researchers demonstrate adversarial hallucination squatting against popular AI assistants to achieve remote code execution.

SecurityWeek Industry Experts

More Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this live webinar as we break down why email-layer defenses alone can’t keep pace with the modern phishing ecosystem, how agentic AI is changing the capacity equation for security teams, and more.

Register

This year’s summit will help organizations learn how to utilize tools, controls, and design models needed to properly secure cloud environments. Interact with leading solution providers and other end users facing similar challenges in securing a variety of cloud deployments.

Register

Upcoming Cybersecurity Events

Cloud Security Summit 2026

SecurityWeek’s 2026 Cloud Security Summit will help organizations learn how to utilize tools, controls, and design models needed to properly secure cloud environments.
[July 15, 2026 | Virtual]

Read More
AI Risk Summit: Aug 11-12, 2026 (In-Person)

SecurityWeek’s AI Risk Summit is the leading conference where technology, security, and risk leaders converge with AI researchers, developers, and policy makers shaping the future of enterprise AI.
[August 11-12, 2026 | In-Person]

Learn More
CodeSecCon 2026

SecurityWeek’s CodeSecCon 2026 will bring together developers and cybersecurity professionals to revolutionize the way applications are built, secured, and maintained.
[August 19, 2026 | Virtual]

Read More
Attack Surface Management Summit 2026

SecurityWeek’s 2026 Attack Surface Management Summit will evaluate how organizations can protect corporate assets and reduce their attack surface in a modern security program.
[September 16, 2026 | Virtual]

Read More

Vulnerabilities

Cybercrime

LAS VEGAS - Visibility was a commonly heard word at Palo Alto Networks' Ignite conference this week in Las Vegas as customers described the requirements of their network and what they need to enable users to deploy the applications they want without compromising security.

WASHINGTON - The investigation that toppled CIA chief David Petraeus has sparked fresh debate over online privacy and the government's ability to snoop into private email accounts. "When the CIA director cannot hide his activities online, what hope is there for the rest of us?" said Chris Soghoian of the American Civil Liberties Union's Privacy and Technology Project

Just when you start getting comfortable thinking that DDoS or SQL injections are the attack methods that deserve your heavyweight protective measures, another type of vulnerability rears its ugly head larger and louder. Recently it's been cross-site attacks that are on the rise and warrant close scrutiny.

Vormetric, a provider of enterprise encryption and key management solutions, today announced that Alan Kessler has been appointed as the company’s new President and CEO. Kessler comes to Vormetric from HP where he was VP of Worldwide Sales and Service for Enterprise Security Products, and responsible for HP ArcSight, HP TippingPoint, HP Fortify, HP Application Security Center and HP Atalla product lines.

Official Requests Up for Web data: In First half of 2012, Google Received 20,938 Requests for Data from Government EntitiesSAN FRANCISCO - Google said Tuesday the number of government requests to hand over data from users or to take down Web content rose in the first six months of 2012, extending a trend of recent years.

Alexander Pope’s famous quote “To err is human; to forgive, divine” highlights the common flaw found within all of us – that we make mistakes. While insider risks are a real problem in organizations (whether copying data off unto unencrypted USB drives, clicking on malicious sites/links, etc.), the insiders carrying the greatest risk are the ones with all of the access - administrators. One set of risks is posed by a malicious and/or disgruntled administrator, or compromised administrator accounts.

Employees are becoming more aware of the risks of using personal devices to access corporate resources and are somewhat willing to grant IT some control over their personal devices, according to a recent mobility survey from Blue Coat Systems.

DUBAI - The United Arab Emirates issued a new law toughening penalties for cyber crimes to include jail terms for anyone who calls for regime change or mocks its rulers, newspapers reported on Tuesday. Under the new law, which annuls one issued in 2006, the spreading of any material that calls for "toppling, changing the regime or seizing power" is punishable by a prison sentence, Emarat Alyoum reported, citing the text.

BELIZE CITY - John McAfee, founder of the eponymous anti-virus company, is on the run for killing another US citizen in a resort town, Belizean police said Monday. Police raided McAfee's mansion on the island of Ambergris Caye, in northeastern Belize, late Sunday to question him about the murder of American Gregory Faull. But McAfee was nowhere to be found, said the head of the country's anti-organized crime brigade, Marco Vidal.

Supporters of Anonymous have raided the Organization for Security and Co-operation in Europe (OSCE), accusing them of failing to hold up their end of a promise to keep an eye on the Ukrainian elections. The raid resulted in several hundred documents being leaked, most marked as classified or confidential, and covering everything from political memos and internal communications to phone records.

Event image poster

The leading global conference series for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Learn More

Cloud Security

Cloud Security

Hackers were seen making over 81 million login attempts originating from systems associated with hosting provider LSHIY.

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.