Security Week

Subscribe to Security Week feed Security Week
Cybersecurity News, Insights & Analysis
Updated: 11 min 13 sec ago

Chinese APT Pounces on Misdiagnosed RCE in Ivanti VPN Appliances 

8 hours 23 min ago

Ivanti misdiagnoses a remote code execution vulnerability and Mandiant reports that Chinese hackers are launching in-the-wild exploits.

The post Chinese APT Pounces on Misdiagnosed RCE in Ivanti VPN Appliances  appeared first on SecurityWeek.

Categories: SecurityWeek

Halo ITSM Vulnerability Exposed Organizations to Remote Hacking

9 hours 46 min ago

An unauthenticated SQL injection vulnerability in Halo ITSM could have been exploited to read, modify, or insert data.

The post Halo ITSM Vulnerability Exposed Organizations to Remote Hacking appeared first on SecurityWeek.

Categories: SecurityWeek

Hunters International Ransomware Gang Rebranding, Shifting Focus

12 hours 28 min ago

The notorious cybercrime group Hunters International is dropping ransomware to focus on data theft and extortion.

The post Hunters International Ransomware Gang Rebranding, Shifting Focus appeared first on SecurityWeek.

Categories: SecurityWeek

Cybersecurity M&A Roundup: 23 Deals Announced in March 2025

13 hours 30 min ago

Less than two dozen cybersecurity merger and acquisition (M&A) deals were announced in March 2025.

The post Cybersecurity M&A Roundup: 23 Deals Announced in March 2025 appeared first on SecurityWeek.

Categories: SecurityWeek

39 Million Secrets Leaked on GitHub in 2024

14 hours 34 min ago

GitHub has announced new capabilities to help organizations and developers keep secrets in their code protected.

The post 39 Million Secrets Leaked on GitHub in 2024 appeared first on SecurityWeek.

Categories: SecurityWeek

Details Emerge on CVE Controversy Around Exploited CrushFTP Vulnerability 

15 hours 1 min ago

Two CVEs now exist for an actively exploited CrushFTP vulnerability and much of the security industry is using the ‘wrong one’.

The post Details Emerge on CVE Controversy Around Exploited CrushFTP Vulnerability  appeared first on SecurityWeek.

Categories: SecurityWeek

Vulnerabilities Expose Cisco Meraki and ECE Products to DoS Attacks

15 hours 31 min ago

Cisco fixes two high-severity denial-of-service vulnerabilities in Meraki devices and Enterprise Chat and Email.

The post Vulnerabilities Expose Cisco Meraki and ECE Products to DoS Attacks appeared first on SecurityWeek.

Categories: SecurityWeek

Google Released Second Fix for Quick Share Flaws After Patch Bypass

16 hours 28 min ago

Google’s patches for Quick Share for Windows vulnerabilities leading to remote code execution were incomplete and could be easily bypassed.

The post Google Released Second Fix for Quick Share Flaws After Patch Bypass appeared first on SecurityWeek.

Categories: SecurityWeek

Serial Entrepreneurs Raise $43M to Counter AI Deepfakes, Social Engineering

Wed, 04/02/2025 - 12:48pm

Adaptive is pitching a security platform designed to replicate real-world attack scenarios through AI-generated deepfake simulations. 

The post Serial Entrepreneurs Raise $43M to Counter AI Deepfakes, Social Engineering appeared first on SecurityWeek.

Categories: SecurityWeek

Vulnerabilities Expose Jan AI Systems to Remote Manipulation

Wed, 04/02/2025 - 12:10pm

Vulnerabilities in open source ChatGPT alternative Jan AI expose systems to remote, unauthenticated manipulation.

The post Vulnerabilities Expose Jan AI Systems to Remote Manipulation appeared first on SecurityWeek.

Categories: SecurityWeek

Cyberhaven Banks $100 Million in Series D, Valuation Hits $1 Billion

Wed, 04/02/2025 - 11:28am

Cyberhaven bags $100 million in funding at a billion-dollar valuation, a sign that investors remain bullish on data security startups.

The post Cyberhaven Banks $100 Million in Series D, Valuation Hits $1 Billion appeared first on SecurityWeek.

Categories: SecurityWeek

AI Giving Rise of the ‘Zero-Knowledge’ Threat Actor

Wed, 04/02/2025 - 10:06am

The rise of zero-knowledge threat actors powered by AI marks a turning point in the business of cybercrime where sophisticated attacks are no longer confined to skilled attackers.

The post AI Giving Rise of the ‘Zero-Knowledge’ Threat Actor appeared first on SecurityWeek.

Categories: SecurityWeek

Google DeepMind Unveils Framework to Exploit AI’s Cyber Weaknesses

Wed, 04/02/2025 - 9:43am

DeepMind found that current AI frameworks are ad hoc, not systematic, and fail to provide defenders with useful insights.

The post Google DeepMind Unveils Framework to Exploit AI’s Cyber Weaknesses appeared first on SecurityWeek.

Categories: SecurityWeek

North Korea’s IT Operatives Are Exploiting Remote Work Globally

Wed, 04/02/2025 - 9:23am

The global rise of North Korean IT worker infiltration poses a serious cybersecurity risk—using fake identities, remote access, and extortion to compromise organizations.

The post North Korea’s IT Operatives Are Exploiting Remote Work Globally appeared first on SecurityWeek.

Categories: SecurityWeek

ImageRunner Flaw Exposed Sensitive Information in Google Cloud

Wed, 04/02/2025 - 8:10am

Google has patched a Cloud Run vulnerability dubbed ImageRunner that could have been exploited to gain access to sensitive data.

The post ImageRunner Flaw Exposed Sensitive Information in Google Cloud appeared first on SecurityWeek.

Categories: SecurityWeek

Lazarus Uses ClickFix Tactics in Fake Cryptocurrency Job Attacks

Wed, 04/02/2025 - 6:45am

North Korea’s Lazarus hackers are using the ClickFix technique for malware deployment in fresh attacks targeting the cryptocurrency ecosystem.

The post Lazarus Uses ClickFix Tactics in Fake Cryptocurrency Job Attacks appeared first on SecurityWeek.

Categories: SecurityWeek

Questions Remain Over Attacks Causing DrayTek Router Reboots

Wed, 04/02/2025 - 6:30am

DrayTek has shared some clarifications regarding the recent attacks causing router reboots, but some questions remain unanswered. 

The post Questions Remain Over Attacks Causing DrayTek Router Reboots appeared first on SecurityWeek.

Categories: SecurityWeek

Google Brings End-to-End Encrypted Emails to All Enterprise Gmail Users

Wed, 04/02/2025 - 6:05am

Gmail now allows enterprise users to send end-to-end encrypted emails to colleagues, and will soon allow sending to any inbox.

The post Google Brings End-to-End Encrypted Emails to All Enterprise Gmail Users appeared first on SecurityWeek.

Categories: SecurityWeek

Chrome 135, Firefox 137 Patch High-Severity Vulnerabilities

Wed, 04/02/2025 - 4:54am

Chrome 135 and Firefox 137 were released on Tuesday with fixes for several high-severity memory safety vulnerabilities.

The post Chrome 135, Firefox 137 Patch High-Severity Vulnerabilities appeared first on SecurityWeek.

Categories: SecurityWeek

Microsoft Using AI to Uncover Critical Bootloader Vulnerabilities

Tue, 04/01/2025 - 5:38pm

Using the Security Copilot tool, Microsoft discovered 20 critical vulnerabilities in widely deployed open-source bootloaders.

The post Microsoft Using AI to Uncover Critical Bootloader Vulnerabilities appeared first on SecurityWeek.

Categories: SecurityWeek

Pages