Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Latest Cybersecurity News

Two flaws in Active Directory and SharePoint Server have been exploited as zero-days, and a BitLocker bug was publicly disclosed.

The D1R cybercrime group claimed to have stolen valuable data from Synopsys and Bosch, threatening to leak it unless a ransom is paid. 

The ColdFusion security defects could allow attackers to execute arbitrary code or elevate their privileges.

The flaws can be exploited for authentication bypass, remote code execution, privilege escalation, and directory traversal.

A ClaudeBleed-linked vulnerability reportedly persists across eight patches, exposing potentially sensitive data to other extensions. 

The flaws could allow attackers to access and modify data, and cause system unavailability and request-response desynchronization.

Multiple state-sponsored APTs are compromising poorly secured devices across critical infrastructure sector networks.

UK-based cybersecurity firm Valarian has raised a total of $70 million for its ACRA technology.

A threat actor poisoned several Jscrambler NPM package versions to drop a cross-platform credential stealer.

A new CMMC review and reform task force will conduct a comprehensive review of the program.

Once a notorious blackhat hacker, McGraw shares his journey from high school hacking and prison to redemption as a cybersecurity advocate.

Significant cybersecurity M&A deals announced by 1Password, Accenture, Cisco, F5, Rubrik, and SailPoint.

Unauthenticated attackers could obtain the broker’s confidential OAuth client secret, allowing them to take control of the broker.

Microsoft Patch Tuesday Microsoft Patch Tuesday

Two flaws in Active Directory and SharePoint Server have been exploited as zero-days, and a BitLocker bug was publicly disclosed.

Bosch hacking claims Bosch hacking claims

The D1R cybercrime group claimed to have stolen valuable data from Synopsys and Bosch, threatening to leak it unless a ransom is paid. 

Claude security Claude security

A ClaudeBleed-linked vulnerability reportedly persists across eight patches, exposing potentially sensitive data to other extensions. 

Top Cybersecurity Headlines

A new CMMC review and reform task force will conduct a comprehensive review of the program.

Once a notorious blackhat hacker, McGraw shares his journey from high school hacking and prison to redemption as a cybersecurity advocate.

Significant cybersecurity M&A deals announced by 1Password, Accenture, Cisco, F5, Rubrik, and SailPoint.

SecurityWeek Industry Experts

More Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this live webinar as we explore why exploitation is outpacing remediation, where risk is growing fastest, and what security leaders can do to close the gap before attackers take advantage.

Register

This year’s summit will help organizations learn how to utilize tools, controls, and design models needed to properly secure cloud environments. Interact with leading solution providers and other end users facing similar challenges in securing a variety of cloud deployments.

Register

Upcoming Cybersecurity Events

Cloud Security Summit 2026

SecurityWeek’s 2026 Cloud Security Summit will help organizations learn how to utilize tools, controls, and design models needed to properly secure cloud environments.
[July 15, 2026 | Virtual]

Read More
AI Risk Summit: Aug 11-12, 2026 (In-Person)

SecurityWeek’s AI Risk Summit is the leading conference where technology, security, and risk leaders converge with AI researchers, developers, and policy makers shaping the future of enterprise AI.
[August 11-12, 2026 | In-Person]

Learn More
CodeSecCon 2026

SecurityWeek’s CodeSecCon 2026 will bring together developers and cybersecurity professionals to revolutionize the way applications are built, secured, and maintained.
[August 19, 2026 | Virtual]

Read More
Attack Surface Management Summit 2026

SecurityWeek’s 2026 Attack Surface Management Summit will evaluate how organizations can protect corporate assets and reduce their attack surface in a modern security program.
[September 16, 2026 | Virtual]

Read More

Vulnerabilities

Cybercrime

WASHINGTON - New Jersey's decision to allow voters displaced by superstorm Sandy to cast ballots by email has prompted a flood of warnings over security, secrecy and a potential for legal entanglements. State officials in New Jersey announced the plan Saturday, saying it could help victims of the unprecedented storm along with rescuers who may also be unable to get to polling places.

Rumors circulated early on Monday that Anonymous has kicked off their OpVendetta campaign with a hack on PayPal. While this hasn’t been confirmed, other related defacements and server compromises have been linked to the operation, as the faceless legion aims to make people remember the 5th of November. [Updated With Additonal Statements from PayPal Below]

With Halloween past us, there’s an excess of sugar in our blood, and remnant imaginings of monsters under the bed. So perhaps that’s why when the topic of “silver bullet security” recently came up, my mind immediately went to Werewolves. The term was used, as it often is, in a discussion about Application Whitelisting—the industrial automation industry’s rightful poster child for endpoint security.

Malware protection firm FireEye has teamed up with EMC’s RSA Security division through a new interoperability agreement that will leverage threat information from FireEye’s Malware Protection System (MPS) and feed that data into RSA’s NetWitness network monitoring platform.

Hundreds of webpages maintained by NBC Universal were defaced over the weekend, by a hacker going by the name of “pyknik.” In addition to NBC, this attacker also targeted a Lady Gaga fan site. Web software used by both domains is speculated to be the primary source of access used in the attack.

A hacker zine has posted details that expose some questionable security practices maintained by image hosting service ImageShack, in addition to source code used by the service. The zine also singled out Symantec and exposed the personal details (dox) for several Anonymous supporters.

WASHINGTON - Few want to even think about it, but the 2012 US election result could be clouded by problems with voting machines ... again. Twelve years after the Florida punch card debacle in which thousands of votes went uncounted in the crucial state, some experts cite similar concerns about voting technology.

Security software firm Quarri Technologies has extended its hardened Web browser technology to iOS devices to protect against various Web attacks, including session hijacking and data theft. Quarri Protect on Q Mobile for iOS prevents Web browsers from copying and saving data onto iOS devices, Quarri Technologies told SecurityWeek. POQ Mobile for iOS will be part of Quarri's Protect On Q security suite, which already protects Windows systems and Android devices.

According to a recent report from AVG Technologies, many SMBs in the US and UK are missing out on the benefits of cloud technologies due to basic confusion. The organizations that particpated in the study were unsure of cloud services or felt they were only for large organizations.

Researchers at VUPEN Security say they have uncovered multiple vulnerabilities in Windows and Internet Explorer 10 that can be combined to bypass security features in Windows 8. According to VUPEN CEO Chaouki Bekrar, exploiting the vulnerabilities result in remote code execution without any user interaction beyond visiting a webpage.

WASHINGTON - The Pentagon will no longer retain an exclusive contract with Blackberry maker Research in Motion and has invited companies such as Apple to offer smart phones to its vast work force. The move, announced Thursday, comes only days after another government agency, the US Immigration and Customs Enforcement agency, said it was dropping the Blackberry device altogether in favor of Apple's iPhone.

GlobalSign, an SSL Certificate provider, and CloudFlare, a company that helps accelerate Web site performance and improve site security, have teamed up to help GlobalSign customers improve the load time of SSL-secured web content.

Event image poster

The leading global conference series for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Learn More

Cloud Security

Cloud Security

Hackers were seen making over 81 million login attempts originating from systems associated with hosting provider LSHIY.

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.