SecurityWeek
Ahold Delhaize Confirms Data Stolen in Ransomware Attack
Ahold Delhaize has confirmed that data was stolen from its systems in November 2024 after a ransomware group claimed the attack.
The post Ahold Delhaize Confirms Data Stolen in Ransomware Attack appeared first on SecurityWeek.
Fresh Windows NTLM Vulnerability Exploited in Attacks
A Windows NTLM vulnerability patched in March has been exploited in attacks targeting government and private institutions.
The post Fresh Windows NTLM Vulnerability Exploited in Attacks appeared first on SecurityWeek.
Man Helped Chinese Nationals Get Jobs Involving Sensitive US Government Projects
Minh Phuong Ngoc Vong pleaded guilty to defrauding US companies of roughly $1 million in a fake IT worker scheme.
The post Man Helped Chinese Nationals Get Jobs Involving Sensitive US Government Projects appeared first on SecurityWeek.
Demystifying Security Posture Management
While the Security Posture Management buzz is real, its long-term viability depends on whether it can deliver measurable outcomes without adding more complexity.
The post Demystifying Security Posture Management appeared first on SecurityWeek.
Vulnerabilities Patched in Atlassian, Cisco Products
Atlassian and Cisco have released patches for multiple high-severity vulnerabilities, including remote code execution bugs.
The post Vulnerabilities Patched in Atlassian, Cisco Products appeared first on SecurityWeek.
Critical Erlang/OTP SSH Flaw Exposes Many Devices to Remote Hacking
Servers exposed to complete takeover due to CVE-2025-32433, an unauthenticated remote code execution flaw in Erlang/OTP SSH.
The post Critical Erlang/OTP SSH Flaw Exposes Many Devices to Remote Hacking appeared first on SecurityWeek.
Why ‘One Community’ Resonates in Cybersecurity
Our collective voices and one community will provide the intelligence we need to safeguard our businesses in today’s modern digital environment.
The post Why ‘One Community’ Resonates in Cybersecurity appeared first on SecurityWeek.
CISA Issues Guidance After Oracle Cloud Hack
CISA is making recommendations for organizations and users in light of the recent Oracle legacy cloud environment hack.
The post CISA Issues Guidance After Oracle Cloud Hack appeared first on SecurityWeek.
Chinese APT Mustang Panda Updates, Expands Arsenal
The Chinese state-sponsored group Mustang Panda has used new and updated malicious tools in a recent attack.
The post Chinese APT Mustang Panda Updates, Expands Arsenal appeared first on SecurityWeek.
SonicWall Flags Old Vulnerability as Actively Exploited
A SonicWall SMA 100 series vulnerability patched in 2021, which went unnoticed at the time of patching, is being exploited in the wild.
The post SonicWall Flags Old Vulnerability as Actively Exploited appeared first on SecurityWeek.
MITRE Hackers’ Backdoor Has Targeted Windows for Years
Windows versions of the BrickStorm backdoor that the Chinese APT used in the MITRE hack last year have been active for years.
The post MITRE Hackers’ Backdoor Has Targeted Windows for Years appeared first on SecurityWeek.
Krebs Exits SentinelOne After Security Clearance Pulled
Chris Krebs has resigned from SentinelOne after security clearance withdrawn and an order to review CISA’s conduct under his leadership.
The post Krebs Exits SentinelOne After Security Clearance Pulled appeared first on SecurityWeek.
Apple Quashes Two Zero-Days With iOS, MacOS Patches
The vulnerabilities are described as code execution and mitigation bypass issues that affect Apple’s iOS, iPadOS and macOS platforms.
The post Apple Quashes Two Zero-Days With iOS, MacOS Patches appeared first on SecurityWeek.
MITRE CVE Program Gets Last-Hour Funding Reprieve
The US government's cybersecurity agency CISA has “executed the option period on the contract” to keep the vulnerability catalog operational.
The post MITRE CVE Program Gets Last-Hour Funding Reprieve appeared first on SecurityWeek.
Many Mobile Apps Fail Basic Security—Posing Serious Risks to Enterprises
Top-ranked mobile apps found using hardcoded keys and exposed cloud buckets.
The post Many Mobile Apps Fail Basic Security—Posing Serious Risks to Enterprises appeared first on SecurityWeek.
Pillar Security Banks $9M for AI Security Guardrails
Shield Capital leads a $9 million seed-stage funding round for Israeli startup building technologies for AI security and privacy guardrails.
The post Pillar Security Banks $9M for AI Security Guardrails appeared first on SecurityWeek.
Ransomware Group Claims Hacking of Oregon Regulator After Data Breach Denial
The Rhysida ransomware gang claims to have stolen 2.5 Tb of files from the Oregon Department of Environmental Quality.
The post Ransomware Group Claims Hacking of Oregon Regulator After Data Breach Denial appeared first on SecurityWeek.
Enhanced Version of ‘BPFDoor’ Linux Backdoor Seen in the Wild
In recent attacks, the state-sponsored backdoor BPFDoor is using a controller to open a reverse shell and move laterally.
The post Enhanced Version of ‘BPFDoor’ Linux Backdoor Seen in the Wild appeared first on SecurityWeek.
Critical Vulnerability Found in Apache Roller Blog Server
A critical vulnerability in Apache Roller could be used to maintain persistent access by reusing older sessions even after password changes.
The post Critical Vulnerability Found in Apache Roller Blog Server appeared first on SecurityWeek.
Microsoft Warns of Node.js Abuse for Malware Delivery
In the past months Microsoft has seen multiple campaigns involving Node.js to deliver malware and other malicious payloads.
The post Microsoft Warns of Node.js Abuse for Malware Delivery appeared first on SecurityWeek.