SecurityWeek
OpenSSH Patches Vulnerabilities Allowing MitM, DoS Attacks
The latest OpenSSH update patches two vulnerabilities, including one that enabled MitM attacks with no user interaction.
The post OpenSSH Patches Vulnerabilities Allowing MitM, DoS Attacks appeared first on SecurityWeek.
VC Company Insight Partners Hacked
Venture capital firm Insight Partners has been targeted in a cyberattack that involved unauthorized access to its information systems.
The post VC Company Insight Partners Hacked appeared first on SecurityWeek.
Chrome 133, Firefox 135 Updates Patch High-Severity Vulnerabilities
Google and Mozilla resolve high-severity memory safety vulnerabilities with the latest Chrome and Firefox security updates.
The post Chrome 133, Firefox 135 Updates Patch High-Severity Vulnerabilities appeared first on SecurityWeek.
New FrigidStealer macOS Malware Distributed as Fake Browser Update
A recently identified macOS infostealer named FrigidStealer has been distributed through a compromised website, as a fake browser update.
The post New FrigidStealer macOS Malware Distributed as Fake Browser Update appeared first on SecurityWeek.
Free Diagram Tool Aids Management of Complex ICS/OT Cybersecurity Decisions
Admeritia has launched Cyber Decision Diagrams, a free tool designed to help organizations manage complex decisions related to ICS/OT cybersecurity.
The post Free Diagram Tool Aids Management of Complex ICS/OT Cybersecurity Decisions appeared first on SecurityWeek.
Lee Enterprises Newspaper Disruptions Caused by Ransomware
Lee Enterprises has shared more details on the recent cyberattack, saying the attackers encrypted and stole files.
The post Lee Enterprises Newspaper Disruptions Caused by Ransomware appeared first on SecurityWeek.
How Russian Hackers Are Exploiting Signal ‘Linked Devices’ Feature for Real-Time Spying
Mandiant warns that multiple Russian APTs are abusing a nifty Signal Messenger feature to surreptitiously spy on encrypted conversations.
The post How Russian Hackers Are Exploiting Signal ‘Linked Devices’ Feature for Real-Time Spying appeared first on SecurityWeek.
Pangea Launches AI Guard and Prompt Guard to Combat Gen-AI Security Risks
Guardrail specialist releases new products to aid the development and use of secure gen-AI apps.
The post Pangea Launches AI Guard and Prompt Guard to Combat Gen-AI Security Risks appeared first on SecurityWeek.
MirrorTab Raises $8.5M Seed Round to Take on Browser-Based Attacks
San Francisco startup secures $8.5 million in seed funding led by Valley Capital Partners to tackle browser-based malware attacks.
The post MirrorTab Raises $8.5M Seed Round to Take on Browser-Based Attacks appeared first on SecurityWeek.
Finastra Starts Notifying People Impacted by Recent Data Breach
Financial software firm Finastra is notifying individuals whose personal information was stolen in a recent data breach.
The post Finastra Starts Notifying People Impacted by Recent Data Breach appeared first on SecurityWeek.
Critical Vulnerability Patched in Juniper Session Smart Router
A critical vulnerability tracked as CVE-2025-21589 has been patched in Juniper Networks’ Session Smart Router.
The post Critical Vulnerability Patched in Juniper Session Smart Router appeared first on SecurityWeek.
Singulr Launches With $10M in Funding for AI Security and Governance Platform
Singulr AI announced its launch with $10 million in seed funding raised for an enterprise AI security and governance platform.
The post Singulr Launches With $10M in Funding for AI Security and Governance Platform appeared first on SecurityWeek.
Golang Backdoor Abuses Telegram for C&C Communication
A newly discovered Golang backdoor is abusing Telegram for communication with its command-and-control (C&C) server.
The post Golang Backdoor Abuses Telegram for C&C Communication appeared first on SecurityWeek.
Microsoft Warns of Improved XCSSET macOS Malware
Microsoft has observed a new variant of the XCSSET malware being used in limited attacks against macOS users.
The post Microsoft Warns of Improved XCSSET macOS Malware appeared first on SecurityWeek.
Palo Alto Networks Confirms Exploitation of Firewall Vulnerability
Palo Alto Networks has confirmed that a recently patched firewall vulnerability tracked as CVE-2025-0108 is being actively exploited.
The post Palo Alto Networks Confirms Exploitation of Firewall Vulnerability appeared first on SecurityWeek.
Ex-NSO Group CEO’s Security Firm Dream Raises $100M at $1.1B Valuation
Israeli cybersecurity startup Dream has raised $100 million in Series B funding and is now valued at $1.1 billion.
The post Ex-NSO Group CEO’s Security Firm Dream Raises $100M at $1.1B Valuation appeared first on SecurityWeek.
New FinalDraft Malware Spotted in Espionage Campaign
A newly identified malware family abuses the Outlook mail service for communication, via the Microsoft Graph API.
The post New FinalDraft Malware Spotted in Espionage Campaign appeared first on SecurityWeek.
Russian State Hackers Target Organizations With Device Code Phishing
Russian hackers have been targeting government, defense, telecoms, and other organizations in a device code phishing campaign.
The post Russian State Hackers Target Organizations With Device Code Phishing appeared first on SecurityWeek.
127 Servers of Bulletproof Hosting Service Zservers Seized by Dutch Police
After governments announced sanctions against the Zservers/XHost bulletproof hosting service, Dutch police took 127 servers offline.
The post 127 Servers of Bulletproof Hosting Service Zservers Seized by Dutch Police appeared first on SecurityWeek.
Downloads of DeepSeek’s AI Apps Paused in South Korea Over Privacy Concerns
DeepSeek has temporarily paused downloads of its chatbot apps in South Korea while it works with local authorities to address privacy concerns.
The post Downloads of DeepSeek’s AI Apps Paused in South Korea Over Privacy Concerns appeared first on SecurityWeek.