Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Latest Cybersecurity News

Researchers demonstrate adversarial hallucination squatting against popular AI assistants to achieve remote code execution.

A Go module is used to load PowerShell code that fetches a resolver from public dead drops to execute Windows malware.

The Israeli company has developed a cryptographic posture and post-quantum cryptography management platform.

Two announcements on July 7, 2026, demonstrate the government’s determination to improve the level of cybersecurity within the UK.

Buffer overflow, DoS, command injection, SSRF, authentication bypass, and other types of vulnerabilities have been found in PAN-OS software.

Hackers exploited a zero-day vulnerability in a third-party system to access a KDDI email system for ISPs.

Affecting every major distribution since 2011, the Linux kernel vulnerability allows attackers to gain root access.

The privilege escalation vulnerability tracked as CVE-2026-50656 has been patched with a Microsoft Malware Protection Engine update.

Hackers accessed the institution’s internal network and deleted two drives containing employee, student, and university data.

Wiz has disclosed the details of a new AI coding assistant attack method it has dubbed GhostApproval.

The security refresh resolves 13 use-after-free bugs, including two critical-severity flaws found by Google.

The Spanish startup has closed an extended pre-seed funding round two months after launching its digital identity protection platform.

Tracked as CVE-2026-11405, the vulnerability allows unauthenticated attackers to access a device’s web management interface.

AI hacking AI hacking

Researchers demonstrate adversarial hallucination squatting against popular AI assistants to achieve remote code execution.

Linux vulnerability Linux vulnerability

Affecting every major distribution since 2011, the Linux kernel vulnerability allows attackers to gain root access.

Windows security Windows security

The privilege escalation vulnerability tracked as CVE-2026-50656 has been patched with a Microsoft Malware Protection Engine update.

Top Cybersecurity Headlines

Wiz has disclosed the details of a new AI coding assistant attack method it has dubbed GhostApproval.

The professional services giant says it contained the incident, remediated its source, and experienced no operational or service delivery impact.

Cisco says the threat actor behind the LapDogs campaign has expanded its SOHO router malware toolkit with LongLeash, DogLeash, and JarLeash backdoors.

SecurityWeek Industry Experts

More Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this live webinar as we break down why email-layer defenses alone can’t keep pace with the modern phishing ecosystem, how agentic AI is changing the capacity equation for security teams, and more.

Register

This year’s summit will help organizations learn how to utilize tools, controls, and design models needed to properly secure cloud environments. Interact with leading solution providers and other end users facing similar challenges in securing a variety of cloud deployments.

Register

Upcoming Cybersecurity Events

Cloud Security Summit 2026

SecurityWeek’s 2026 Cloud Security Summit will help organizations learn how to utilize tools, controls, and design models needed to properly secure cloud environments.
[July 15, 2026 | Virtual]

Read More
AI Risk Summit: Aug 11-12, 2026 (In-Person)

SecurityWeek’s AI Risk Summit is the leading conference where technology, security, and risk leaders converge with AI researchers, developers, and policy makers shaping the future of enterprise AI.
[August 11-12, 2026 | In-Person]

Learn More
CodeSecCon 2026

SecurityWeek’s CodeSecCon 2026 will bring together developers and cybersecurity professionals to revolutionize the way applications are built, secured, and maintained.
[August 19, 2026 | Virtual]

Read More
Attack Surface Management Summit 2026

SecurityWeek’s 2026 Attack Surface Management Summit will evaluate how organizations can protect corporate assets and reduce their attack surface in a modern security program.
[September 16, 2026 | Virtual]

Read More

Vulnerabilities

Cybercrime

VASCO Data Security today launched “DIGIPASS Nano,” its latest mobile security offering which consists of a thin film that users place over the SIM card in their mobile device, turning it into a secure mobile device capable of generating one-time passwords and e-signatures.

A rapid shift in the prevalence of real-time attacks from online banking trojans, such as ZeuS, are now more common than password phishing attacks, according to PhoneFactor, a provider of phone-based multi-factor authentication solutions. Organizations lack understanding about what to do to protect against these threats according to the results of the “state of online banking security” survey released today by PhoneFactor.

Solution Enables Enterprises to Deploy Private Mobile App Stores for the EnterpriseMobileIron, a provider of mobile device management and security solutions, has updated its Virtual Smartphone Platform (VSP) with several new features including the ability to let businesses create private “Enterprise App Stores” and deliver in-house iPhone and iPad apps to their employees without having to post them publicly.

According to a recent study, over 50 percent of companies in the U.K. and U.S. have an Electronically Stored Information (ESI) Disclosure strategy in place, but most haven’t revisited policies to address new communication methods such as social networking (30 percent in the U.K. and 21 percent in the U.S.) and new storage technologies such as cloud computing (28 percent in the U.K. and 16 percent in the U.S.).

The day after Twin Towers fell, all kinds of security measures changed and new ones were implemented overnight. Is there a Web identity 911 equivalent wake-up call coming—a single event that will suddenly jolt us into enforced standards overnight?

Core Security Technologies, a Boston based provider of IT security testing and measurement solutions, today introduced the latest version of its automated penetration testing solution, CORE IMPACT Pro version 11.

Salesforce.com today announced "Database.Com," a new service that it’s calling the first “enterprise database built for the cloud,” leveraging the infrastructure and technology that powers it’s core business of 87,000 Salesforce.com customers. The service isn’t scheduled to be available until 2011, maybe they can can come up with a better logo before the service goes live.

Securing Virtual Environments - VM IntrospectionKnowledge is power and, when it comes to security – the more information you have about your environment – the more effective you can be at protecting it. Depth of information is the fundamental benefit behind a concept called Virtual Machine Introspection (VMI). Its use within virtualized environments is absolutely crucial to effective risk mitigation at scale.

Amazon Web Services (AWS) today announced it has achieved Level 1 compliance with the Payment Card Industry (PCI) Data Security Standard (DSS). Organizations can now run their applications on AWS PCI-compliant technology infrastructure to store, process and transmit credit card information in the cloud. The AWS cloud infrastructure has been validated at the highest level (Level 1) of PCI compliance, to build their cardholder environment and achieve PCI certification for their applications.

What is an Advanced Persistent Threat? Attackers are Getting More Sophisticated - Here's an Example of How they Work and Insight on How to Stop Them.The news just broke: Acme has completed a strategic acquisition of Landmark and both companies are being tight-lipped concerning all of the details. Should the acquisition proceed, that's bad news for Acme's toughest competitor, which would – as a result of the deal – be set to lose a clear market advantage.

Amazon Web Services (AWS) today announced it will offer Domain Name System (DNS) service, which it is calling Amazon Route 53, the name coming from the fact that DNS servers respond to queries on port 53 and route end users accordingly.

Event image poster

The leading global conference series for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Learn More

Cloud Security

Cloud Security

Hackers were seen making over 81 million login attempts originating from systems associated with hosting provider LSHIY.

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.