Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Latest Cybersecurity News

Once a notorious blackhat hacker, McGraw shares his journey from high school hacking and prison to redemption as a cybersecurity advocate.

Significant cybersecurity M&A deals announced by 1Password, Accenture, Cisco, F5, Rubrik, and SailPoint.

Unauthenticated attackers could obtain the broker’s confidential OAuth client secret, allowing them to take control of the broker.

The flaw results in malicious code embedded in crafted emails being executed when the emails are opened.

The move targeted people and entities accused of links to an online spying network that the EU claims targeted governments and carried out sabotage operations against critical infrastructure.

Threat actors have been targeting Balbooa Forms and iCagenda Joomla extension flaws for remote code execution.

The company notified customers to manually shut down their servers while it is investigating a credible threat.

The WorldLeaks extortion group claimed to have stolen 720 GB of data from the healthcare testing and laboratory services provider.

Multiple campaigns are using ghost accounts to map GitHub organizations, including their repositories and members.

Other noteworthy stories that might have slipped under the radar: Abnormal AI sued by Anthropic, AssuranceAmerica data breach affects 7 million people, NSA brings back TAO.

Angelo Martino, a former ransomware negotiator, was sentenced to 70 months for helping the BlackCat/Alphv group.

Both foes and allies have targeted the Balochistan Police force in Pakistan for at least two years, according to SentinelOne.

The attackers call victims to direct them to phishing websites mirroring Microsoft Entra ID login pages.

2026 cybersecurity M&A 2026 cybersecurity M&A

Significant cybersecurity M&A deals announced by 1Password, Accenture, Cisco, F5, Rubrik, and SailPoint.

Vulnerability Vulnerability

Unauthenticated attackers could obtain the broker’s confidential OAuth client secret, allowing them to take control of the broker.

Healthcare data breach Healthcare data breach

The WorldLeaks extortion group claimed to have stolen 720 GB of data from the healthcare testing and laboratory services provider.

Top Cybersecurity Headlines

Both foes and allies have targeted the Balochistan Police force in Pakistan for at least two years, according to SentinelOne.

The attackers call victims to direct them to phishing websites mirroring Microsoft Entra ID login pages.

Researchers demonstrate adversarial hallucination squatting against popular AI assistants to achieve remote code execution.

SecurityWeek Industry Experts

More Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this live webinar as we break down why email-layer defenses alone can’t keep pace with the modern phishing ecosystem, how agentic AI is changing the capacity equation for security teams, and more.

Register

This year’s summit will help organizations learn how to utilize tools, controls, and design models needed to properly secure cloud environments. Interact with leading solution providers and other end users facing similar challenges in securing a variety of cloud deployments.

Register

Upcoming Cybersecurity Events

Cloud Security Summit 2026

SecurityWeek’s 2026 Cloud Security Summit will help organizations learn how to utilize tools, controls, and design models needed to properly secure cloud environments.
[July 15, 2026 | Virtual]

Read More
AI Risk Summit: Aug 11-12, 2026 (In-Person)

SecurityWeek’s AI Risk Summit is the leading conference where technology, security, and risk leaders converge with AI researchers, developers, and policy makers shaping the future of enterprise AI.
[August 11-12, 2026 | In-Person]

Learn More
CodeSecCon 2026

SecurityWeek’s CodeSecCon 2026 will bring together developers and cybersecurity professionals to revolutionize the way applications are built, secured, and maintained.
[August 19, 2026 | Virtual]

Read More
Attack Surface Management Summit 2026

SecurityWeek’s 2026 Attack Surface Management Summit will evaluate how organizations can protect corporate assets and reduce their attack surface in a modern security program.
[September 16, 2026 | Virtual]

Read More

Vulnerabilities

Cybercrime

After an attacker recently leaked the source code for VMware's ESX Server online, VMware downplayed the significance of the breach, saying the stolen code was outdated.

On Tuesday, Adobe issued updates to Flash Player for Windows, Mac, and Linux in order to address seven recently identified security vulnerabilities. According to Adobe, the issues patched this week could allow an attacker to execute code, or at the least trigger a system crash. The patches address five buffer overflow vulnerabilities, a memory corruption vulnerability, and a security bypass issue.

A group of activist hackers calling themselves NullCrew have targeted the UK’s Ministry of Defence (MOD), and used a simple SQL Injection attack to plunder thousands of email addresses and passwords. According to the NullCrew disclosure, the MOD’s webmaster made a terrible mistake, as the group was able to life more than 3,000 email address and password combinations from a database by using an “easy as [expletive] SQL Injection.”

Threat researchers from malware protection firm FireEye have discovered a new type of malware on systems that have been infected with the Gh0st RAT (Remote Access Trojan), with plenty of evidence that suggests that the botmasters for Gh0st are experimenting with new tools.

Officials at Coca-Cola reportedly hid the fact that the company was victimized in a breach in 2009. According to Bloomberg News, the FBI approached the company when it learned hackers had stolen sensitive files about the company's $2.4 billion acquisition of China Huiyuan Juice Group, which eventually collapsed. The compromise was reportedly occurred via emails with malicious links that were sent to company executives.

WASHINGTON - New Jersey's decision to allow voters displaced by superstorm Sandy to cast ballots by email has prompted a flood of warnings over security, secrecy and a potential for legal entanglements. State officials in New Jersey announced the plan Saturday, saying it could help victims of the unprecedented storm along with rescuers who may also be unable to get to polling places.

Rumors circulated early on Monday that Anonymous has kicked off their OpVendetta campaign with a hack on PayPal. While this hasn’t been confirmed, other related defacements and server compromises have been linked to the operation, as the faceless legion aims to make people remember the 5th of November. [Updated With Additonal Statements from PayPal Below]

With Halloween past us, there’s an excess of sugar in our blood, and remnant imaginings of monsters under the bed. So perhaps that’s why when the topic of “silver bullet security” recently came up, my mind immediately went to Werewolves. The term was used, as it often is, in a discussion about Application Whitelisting—the industrial automation industry’s rightful poster child for endpoint security.

Malware protection firm FireEye has teamed up with EMC’s RSA Security division through a new interoperability agreement that will leverage threat information from FireEye’s Malware Protection System (MPS) and feed that data into RSA’s NetWitness network monitoring platform.

Hundreds of webpages maintained by NBC Universal were defaced over the weekend, by a hacker going by the name of “pyknik.” In addition to NBC, this attacker also targeted a Lady Gaga fan site. Web software used by both domains is speculated to be the primary source of access used in the attack.

A hacker zine has posted details that expose some questionable security practices maintained by image hosting service ImageShack, in addition to source code used by the service. The zine also singled out Symantec and exposed the personal details (dox) for several Anonymous supporters.

WASHINGTON - Few want to even think about it, but the 2012 US election result could be clouded by problems with voting machines ... again. Twelve years after the Florida punch card debacle in which thousands of votes went uncounted in the crucial state, some experts cite similar concerns about voting technology.

Security software firm Quarri Technologies has extended its hardened Web browser technology to iOS devices to protect against various Web attacks, including session hijacking and data theft. Quarri Protect on Q Mobile for iOS prevents Web browsers from copying and saving data onto iOS devices, Quarri Technologies told SecurityWeek. POQ Mobile for iOS will be part of Quarri's Protect On Q security suite, which already protects Windows systems and Android devices.

According to a recent report from AVG Technologies, many SMBs in the US and UK are missing out on the benefits of cloud technologies due to basic confusion. The organizations that particpated in the study were unsure of cloud services or felt they were only for large organizations.

Event image poster

The leading global conference series for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Learn More

Cloud Security

Cloud Security

Hackers were seen making over 81 million login attempts originating from systems associated with hosting provider LSHIY.

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.