Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Latest Cybersecurity News

The Israeli company has developed a cryptographic posture and post-quantum cryptography management platform.

Two announcements on July 7, 2026, demonstrate the government’s determination to improve the level of cybersecurity within the UK.

Buffer overflow, DoS, command injection, SSRF, authentication bypass, and other types of vulnerabilities have been found in PAN-OS software.

Hackers exploited a zero-day vulnerability in a third-party system to access a KDDI email system for ISPs.

Affecting every major distribution since 2011, the Linux kernel vulnerability allows attackers to gain root access.

The privilege escalation vulnerability tracked as CVE-2026-50656 has been patched with a Microsoft Malware Protection Engine update.

Hackers accessed the institution’s internal network and deleted two drives containing employee, student, and university data.

Wiz has disclosed the details of a new AI coding assistant attack method it has dubbed GhostApproval.

The security refresh resolves 13 use-after-free bugs, including two critical-severity flaws found by Google.

The Spanish startup has closed an extended pre-seed funding round two months after launching its digital identity protection platform.

Tracked as CVE-2026-11405, the vulnerability allows unauthenticated attackers to access a device’s web management interface.

The professional services giant says it contained the incident, remediated its source, and experienced no operational or service delivery impact.

Cisco says the threat actor behind the LapDogs campaign has expanded its SOHO router malware toolkit with LongLeash, DogLeash, and JarLeash backdoors.

Linux vulnerability Linux vulnerability

Affecting every major distribution since 2011, the Linux kernel vulnerability allows attackers to gain root access.

Windows security Windows security

The privilege escalation vulnerability tracked as CVE-2026-50656 has been patched with a Microsoft Malware Protection Engine update.

AI coding hack AI coding hack

Wiz has disclosed the details of a new AI coding assistant attack method it has dubbed GhostApproval.

Top Cybersecurity Headlines

The professional services giant says it contained the incident, remediated its source, and experienced no operational or service delivery impact.

Cisco says the threat actor behind the LapDogs campaign has expanded its SOHO router malware toolkit with LongLeash, DogLeash, and JarLeash backdoors.

Two newly disclosed critical vulnerabilities in Adobe ColdFusion and Langflow join two Joomla extension flaws in CISA’s Known Exploited Vulnerabilities catalog, with federal agencies given until July 10 to patch.

SecurityWeek Industry Experts

More Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this live webinar as we break down why email-layer defenses alone can’t keep pace with the modern phishing ecosystem, how agentic AI is changing the capacity equation for security teams, and more.

Register

This year’s summit will help organizations learn how to utilize tools, controls, and design models needed to properly secure cloud environments. Interact with leading solution providers and other end users facing similar challenges in securing a variety of cloud deployments.

Register

Upcoming Cybersecurity Events

Cloud Security Summit 2026

SecurityWeek’s 2026 Cloud Security Summit will help organizations learn how to utilize tools, controls, and design models needed to properly secure cloud environments.
[July 15, 2026 | Virtual]

Read More
AI Risk Summit: Aug 11-12, 2026 (In-Person)

SecurityWeek’s AI Risk Summit is the leading conference where technology, security, and risk leaders converge with AI researchers, developers, and policy makers shaping the future of enterprise AI.
[August 11-12, 2026 | In-Person]

Learn More
CodeSecCon 2026

SecurityWeek’s CodeSecCon 2026 will bring together developers and cybersecurity professionals to revolutionize the way applications are built, secured, and maintained.
[August 19, 2026 | Virtual]

Read More
Attack Surface Management Summit 2026

SecurityWeek’s 2026 Attack Surface Management Summit will evaluate how organizations can protect corporate assets and reduce their attack surface in a modern security program.
[September 16, 2026 | Virtual]

Read More

Vulnerabilities

Cybercrime

Late last week, the University of Hawaii West O‘ahu (UHWO) notified approximately 40,000 individuals that their personal information may have been compromised, after being tipped off by the Liberty Coalition, a non-profit group based in Washington D.C. The Liberty Coalition is a good group (not hackers or cybercriminals) and has been actively assisting the University and the FBI in their investigation.

Email retention management is about managing email data according to prescribed corporate policy and legal requirementsEnterprises that treat their large and increasing volumes of email data as a technology issue to be handled by their IT departments rather than managing it as the business asset and risk it truly are putting themselves in a dangerous position, according to experts at C2C, a provider of email, file and messaging management solutions.

Larry Ellison has pulled out his wallet again. eCommerce software provider Art Technology Group, Inc. (ATG) today announced that it has agreed to be acquired by Oracle for $1.0 billion in cash.Cambridge, MA based ATG provides high end eCommerce software that is used by more than 1,000 customers globally. By combining forces, Oracle and ATG expect to help businesses grow revenue, strengthen customer loyalty, improve brand value, achieve better operating results, and increase business agility across online and traditional commerce...

After Bloomberg published an article this morning saying that Fortinet Inc. was in acquisition discussions with IBM, Fortinet responded with a formal statement denying the report.Late Monday afternoon Fortinet issued the following statement:

Data Protection Fears Result in Organizations Avoiding Virtual Machines for Mission-Critical ApplicationsFears around data protection are slowing mass adoption of virtualization, according to a recent survey of 500 chief information officers. The survey showed that 44 percent of CIOs say they are avoiding using virtualization for certain mission-critical workloads due to concerns about backup and recovery.

A few days ago I got back from an AMTSO workshop in Munich. AMTSO is the Anti-Malware Testing Standards Organization, and I also wrote about it back in June. It’s essentially a coalition of organizations with an interest in improving anti-malware testing, and as you might expect, its current membership largely consists of security vendors and testers. Why would you expect that?

Science Applications International Corporation (SAIC) announced today that it has teamed with the University of Maryland (UMD) to support initiatives that promote education, research, and technology development in cybersecurity.

Webroot today announced it has acquired Prevx, a UK based provider of cloud-based anti-malware solutions.Prevx provides cloud-based antivirus protection and behavior-based malware detection, helping to block threats before they can reach a PC or corporate network.

The PCI Security Standards Council (PCI SSC), the industry standards body that oversees the Payment Card Industry Data Security Standard (PCI DSS), PIN Transaction Security (PTS) requirements and the Payment Application Data Security Standard (PA-DSS), this week released version 2.0 of the PCI DSS and PA-DSS.

F-Secure this week announced that that the newest version of its Messaging Security Gateway product now also offers 256 bit AES encryption for email, helping to protect sensitive data being shared between users and helping to comply with corporate security policies.

Event image poster

The leading global conference series for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Learn More

Cloud Security

Cloud Security

Hackers were seen making over 81 million login attempts originating from systems associated with hosting provider LSHIY.

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.