Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Latest Cybersecurity News

Tracked as CVE-2026-11405, the vulnerability allows unauthenticated attackers to access a device’s web management interface.

The professional services giant says it contained the incident, remediated its source, and experienced no operational or service delivery impact.

Cisco says the threat actor behind the LapDogs campaign has expanded its SOHO router malware toolkit with LongLeash, DogLeash, and JarLeash backdoors.

Join the webinar as we break down why email-layer defenses alone can’t keep pace with the modern phishing ecosystem.

The “Rogue Agent” vulnerability could have enabled attackers to silently manipulate AI conversations, exfiltrate data, and compromise every Dialogflow CX agent within the same Google Cloud project.

Two newly disclosed critical vulnerabilities in Adobe ColdFusion and Langflow join two Joomla extension flaws in CISA’s Known Exploited Vulnerabilities catalog, with federal agencies given until July 10 to patch.

Researchers show how attackers can use a crafted public GitHub Issue to trick AI-powered workflows into exposing data from private repositories without authentication.

The alleged victim, believed to be a small Ohio county, reportedly paid the extortion group to prevent the public release of sensitive stolen data.

Attackers are exploiting the critical Gitea vulnerability CVE-2026-20896 to bypass authentication with a single HTTP header and access vulnerable repositories and secrets.

The audits are reportedly being spearheaded by CISA’s Attack Surface Evaluation team, a specialized unit tasked with conducting digital defense assessments and simulated hacking exercises.

Hackers are exploiting a recently patched critical vulnerability (CVE-2026-48282) in Adobe ColdFusion that carries a CVSS score of 10/10.

Researchers say the Iran-linked threat actor used an adaptable modular malware framework and compromised IT service providers to reach high-value targets in Israel.

Tarah Wheeler is CISO at TPO Group, a firm that provides cybersecurity consultancy for high-stakes organizations. But despite this elevated position, her journey was far from typical.

Accenture Data Breach Accenture Data Breach

The professional services giant says it contained the incident, remediated its source, and experienced no operational or service delivery impact.

China APT China APT

Cisco says the threat actor behind the LapDogs campaign has expanded its SOHO router malware toolkit with LongLeash, DogLeash, and JarLeash backdoors.

CISA KEV CISA KEV

Two newly disclosed critical vulnerabilities in Adobe ColdFusion and Langflow join two Joomla extension flaws in CISA’s Known Exploited Vulnerabilities catalog, with federal agencies given until July 10 to patch.

Top Cybersecurity Headlines

Researchers say the Iran-linked threat actor used an adaptable modular malware framework and compromised IT service providers to reach high-value targets in Israel.

The 16-year-old Januscape flaw affects Linux’s KVM hypervisor, allowing attackers to escape virtual machines and potentially execute code on the underlying host.

The PolinRider campaign has compromised more than 100 legitimate open source packages and repositories to deliver a backdoor and information stealer to developers.

SecurityWeek Industry Experts

More Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this live webinar as we break down why email-layer defenses alone can’t keep pace with the modern phishing ecosystem, how agentic AI is changing the capacity equation for security teams, and more.

Register

This year’s summit will help organizations learn how to utilize tools, controls, and design models needed to properly secure cloud environments. Interact with leading solution providers and other end users facing similar challenges in securing a variety of cloud deployments.

Register

Upcoming Cybersecurity Events

Cloud Security Summit 2026

SecurityWeek’s 2026 Cloud Security Summit will help organizations learn how to utilize tools, controls, and design models needed to properly secure cloud environments.
[July 15, 2026 | Virtual]

Read More
AI Risk Summit: Aug 11-12, 2026 (In-Person)

SecurityWeek’s AI Risk Summit is the leading conference where technology, security, and risk leaders converge with AI researchers, developers, and policy makers shaping the future of enterprise AI.
[August 11-12, 2026 | In-Person]

Learn More
CodeSecCon 2026

SecurityWeek’s CodeSecCon 2026 will bring together developers and cybersecurity professionals to revolutionize the way applications are built, secured, and maintained.
[August 19, 2026 | Virtual]

Read More
Attack Surface Management Summit 2026

SecurityWeek’s 2026 Attack Surface Management Summit will evaluate how organizations can protect corporate assets and reduce their attack surface in a modern security program.
[September 16, 2026 | Virtual]

Read More

Vulnerabilities

Cybercrime

Backupify, a provider of online backup, archiving and export services for cloud-based data, today launched a backup and archival solution for Facebook Fan Pages.With the new solution, users can backup all Facebook data from a unified account. Backup of Fan Pages adds to the company’s existing solutions to backup other Facebook data, including News Feeds, Wall Posts, Photo Albums and Messages.

Blue Coat Systems, Inc. today announced that its Blue Coat PacketShaper appliances are now capable of delivering instant awareness of Web applications and content using “classification by URL category” functionality. With the new features, PacketShaper appliances provide control that can immediately manage new Web applications and content without requiring updates 
or new policies.

A former technical operations associate in Bristol-Myers Squibb's management training program entered a guilty plea last week to a one-count information charging him with theft of trade secrets from the company, according to an announcement today from U.S. Attorney for the Northern District of New York Richard S. Hartunian.

Organizations Fail to Support Database Security Deployments and Training; Database, Audit and Security Departments Fail to Communicate or Take ResponsibilityComplacency is hampering information security efforts, resulting in lax security practices and oversight, and leaving sensitive corporate data vulnerable theft. That was the general conclusion according to the results of a survey of database administrators and managers released today.

Multi-Site Data Protection Software Helps Businesses Backup Multiple Locations with EaseNETGEAR, Inc. today announced “ReadyNAS Replicate,” a software application that simplifies the replication of that data to another ReadyNAS whether the two systems are on the same LAN or across the globe.Through a single interface, ReadyNAS Replicate enables customers to schedule multi-site backup jobs and to restore files across locations, slashing management time and improving investment return.

Quova Helps Developers Integrate Security and Compliance Features into Applications Using Free IP Geolocation Quova, Inc., a provider of IP Geolocation data, has rolled out Quova Developer Portal, a Web portal providing free access to the Quova API and enabling developers to instantly build their own Quova-powered applications to the web, desktop and mobile devices.

Raytheon Expands Cybersecurity Portfolio with Acquisition of Trusted Computer SolutionsRaytheon announced today that is has acquired Trusted Computer Solutions (TCS), a privately held provider of IT security solutions.

Event image poster

The leading global conference series for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Learn More

Cloud Security

Cloud Security

Hackers were seen making over 81 million login attempts originating from systems associated with hosting provider LSHIY.

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.