Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Latest Cybersecurity News

Two flaws in Active Directory and SharePoint Server have been exploited as zero-days, and a BitLocker bug was publicly disclosed.

The D1R cybercrime group claimed to have stolen valuable data from Synopsys and Bosch, threatening to leak it unless a ransom is paid. 

The ColdFusion security defects could allow attackers to execute arbitrary code or elevate their privileges.

The flaws can be exploited for authentication bypass, remote code execution, privilege escalation, and directory traversal.

A ClaudeBleed-linked vulnerability reportedly persists across eight patches, exposing potentially sensitive data to other extensions. 

The flaws could allow attackers to access and modify data, and cause system unavailability and request-response desynchronization.

Multiple state-sponsored APTs are compromising poorly secured devices across critical infrastructure sector networks.

UK-based cybersecurity firm Valarian has raised a total of $70 million for its ACRA technology.

A threat actor poisoned several Jscrambler NPM package versions to drop a cross-platform credential stealer.

A new CMMC review and reform task force will conduct a comprehensive review of the program.

Once a notorious blackhat hacker, McGraw shares his journey from high school hacking and prison to redemption as a cybersecurity advocate.

Significant cybersecurity M&A deals announced by 1Password, Accenture, Cisco, F5, Rubrik, and SailPoint.

Unauthenticated attackers could obtain the broker’s confidential OAuth client secret, allowing them to take control of the broker.

Microsoft Patch Tuesday Microsoft Patch Tuesday

Two flaws in Active Directory and SharePoint Server have been exploited as zero-days, and a BitLocker bug was publicly disclosed.

Bosch hacking claims Bosch hacking claims

The D1R cybercrime group claimed to have stolen valuable data from Synopsys and Bosch, threatening to leak it unless a ransom is paid. 

Claude security Claude security

A ClaudeBleed-linked vulnerability reportedly persists across eight patches, exposing potentially sensitive data to other extensions. 

Top Cybersecurity Headlines

A new CMMC review and reform task force will conduct a comprehensive review of the program.

Once a notorious blackhat hacker, McGraw shares his journey from high school hacking and prison to redemption as a cybersecurity advocate.

Significant cybersecurity M&A deals announced by 1Password, Accenture, Cisco, F5, Rubrik, and SailPoint.

SecurityWeek Industry Experts

More Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this live webinar as we explore why exploitation is outpacing remediation, where risk is growing fastest, and what security leaders can do to close the gap before attackers take advantage.

Register

This year’s summit will help organizations learn how to utilize tools, controls, and design models needed to properly secure cloud environments. Interact with leading solution providers and other end users facing similar challenges in securing a variety of cloud deployments.

Register

Upcoming Cybersecurity Events

Cloud Security Summit 2026

SecurityWeek’s 2026 Cloud Security Summit will help organizations learn how to utilize tools, controls, and design models needed to properly secure cloud environments.
[July 15, 2026 | Virtual]

Read More
AI Risk Summit: Aug 11-12, 2026 (In-Person)

SecurityWeek’s AI Risk Summit is the leading conference where technology, security, and risk leaders converge with AI researchers, developers, and policy makers shaping the future of enterprise AI.
[August 11-12, 2026 | In-Person]

Learn More
CodeSecCon 2026

SecurityWeek’s CodeSecCon 2026 will bring together developers and cybersecurity professionals to revolutionize the way applications are built, secured, and maintained.
[August 19, 2026 | Virtual]

Read More
Attack Surface Management Summit 2026

SecurityWeek’s 2026 Attack Surface Management Summit will evaluate how organizations can protect corporate assets and reduce their attack surface in a modern security program.
[September 16, 2026 | Virtual]

Read More

Vulnerabilities

Cybercrime

SAN FRANCISCO - Google on Friday reported unexplained disruptions to its service in China. "We've checked and there is nothing wrong on our end," a Google spokeswoman told AFP. An online tool that tracks outages or disruptions to the California-based Internet giant's services showed online traffic in China plummet mid-day.

WASHINGTON - Lockheed Martin sacked its president and chief executive-in-waiting Christopher Kubasik Friday over an unauthorized "close personal relationship" with an employee of the company. The company said it took the action after an ethics investigation confirmed the "improper conduct" which violated the powerful defense contractor's code of ethics.

LONDON - Britain's tax department on Friday confirmed it was investigating missing data after a newspaper reported that HSBC bank was being probed over offshore accounts in Jersey used by criminals. "We can confirm we have received the data and we are studying it," HM Revenue and Customs (HMRC) said in a statement. "We receive information from a very wide range of sources which we use to ensure the tax rules are being respected.

The infamous Stuxnet virus infected Chevron’s network in 2010, according to a report from The Wall Street Journal. The oil giant told the paper that they believe the infection was not intended, noting that the government wasn’t aware of how far the infection spread.

MoneyGram International Inc., a company that provides money transfer services, has reached a deal with the U.S. Department of Justice and will pay $100 million for aiding and abetting wire fraud and failing to maintain an effective anti-money laundering program.

Sendmail this week announced the release of the Sentrion Rogue Email Application Control (REAC) appliance, a new offering designed to address the security and compliance needs of organizations migrating email-generating systems and applications to the cloud. Details on REAC were announced at their annual International Messaging Infrastructure Summit in Washington, D.C.

With more than $32 billion in reported cyber-security losses in the U.S. alone last year (and with unreported losses likely to be equally huge), there should be no doubt that cyber crime is a serious problem.

Microsoft is prepping fixes for 19 security vulnerabilities for this month's Patch Tuesday. The vulnerabilities are stretched out across six bulletins, four of which are rated critical. Those four address 13 bugs affecting Windows, Internet Explorer and the .NET Framework.

Researchers at Group-IB have discovered a new vulnerability in Adobe Reader that is being sold on criminal forums. The moderate price, $30,000 - $50,000, likely reflects some of the limitations the vulnerability has to cope with. According to Group-IB’s initial disclosure, the vulnerability is being sold to a limited circle of criminals, and has already been added to custom versions of the Blackhole Exploit Kit.

SAN FRANCISCO - Some people logging onto Twitter on Thursday were greeted with word that their passwords were reset due to concerns their accounts may have been breached by hackers. The San Francisco-based one-to-many text messaging service said the routine security precaution was accidentally applied to more users than intended. Twitter did not specify the number of accounts involved.

Event image poster

The leading global conference series for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Learn More

Cloud Security

Cloud Security

Hackers were seen making over 81 million login attempts originating from systems associated with hosting provider LSHIY.

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.