Security Week

Subscribe to Security Week feed Security Week
Cybersecurity News, Insights & Analysis
Updated: 29 min 9 sec ago

F5 Patches Multiple NGINX, BIG-IP Vulnerabilities

1 hour 7 min ago

Attackers could exploit the bugs to modify configurations, terminate or restart processes, cross security boundaries, leak memory, and execute code.

The post F5 Patches Multiple NGINX, BIG-IP Vulnerabilities appeared first on SecurityWeek.

Categories: SecurityWeek

China’s Top Cybersecurity Firms Hit by Mounting Military Procurement Bans

1 hour 37 min ago

Chinese cybersecurity firms are facing action from the country’s military, but it’s not due to product or technical failures.

The post China’s Top Cybersecurity Firms Hit by Mounting Military Procurement Bans appeared first on SecurityWeek.

Categories: SecurityWeek

Old UEFI Shims Expose Systems to Secure Boot Bypass

2 hours 27 min ago

Signed by Microsoft, the vulnerable UEFI shim bootloaders could be abused on any system, regardless of the OS.

The post Old UEFI Shims Expose Systems to Secure Boot Bypass appeared first on SecurityWeek.

Categories: SecurityWeek

Nightmare Eclipse Drops ‘LegacyHive’ Windows Zero-Day 

3 hours 38 min ago

The researcher stripped the proof-of-concept (PoC) exploit to prevent immediate exploitation of the vulnerability.

The post Nightmare Eclipse Drops ‘LegacyHive’ Windows Zero-Day  appeared first on SecurityWeek.

Categories: SecurityWeek

Trend Micro, Tanium, ESET and Tenable Patch Severe Product Vulnerabilities

4 hours 19 min ago

The cybersecurity companies patched critical and high-severity vulnerabilities in some of their products.

The post Trend Micro, Tanium, ESET and Tenable Patch Severe Product Vulnerabilities appeared first on SecurityWeek.

Categories: SecurityWeek

Unpatched Cursor Vulnerability Exposes Users to Code Execution

Wed, 07/15/2026 - 10:37am

An attacker can create a malicious repository containing a git.exe in the project root, and Cursor executes it automatically.

The post Unpatched Cursor Vulnerability Exposes Users to Code Execution appeared first on SecurityWeek.

Categories: SecurityWeek

CISA Urges Immediate Patching of Exploited SharePoint Vulnerabilities

Wed, 07/15/2026 - 10:07am

Three vulnerabilities are actively exploited in attacks, including two that have been targeted as zero-days.

The post CISA Urges Immediate Patching of Exploited SharePoint Vulnerabilities appeared first on SecurityWeek.

Categories: SecurityWeek

Windows Bind Link Attacks Can Hide Malware From EDR Tools

Wed, 07/15/2026 - 9:00am

Bitdefender researchers show how Windows bind links can create conflicting filesystem views to hide malware from endpoint security products.

The post Windows Bind Link Attacks Can Hide Malware From EDR Tools appeared first on SecurityWeek.

Categories: SecurityWeek

Virtual Event Today: Cloud & Data Security Summit

Wed, 07/15/2026 - 8:52am

Attendees will be able to interact with leading solution providers and other end users facing similar challenges in securing a variety of cloud deployments.

The post Virtual Event Today: Cloud & Data Security Summit appeared first on SecurityWeek.

Categories: SecurityWeek

US Charges Russian Individuals and Firms for Running Cybercrime Services

Wed, 07/15/2026 - 7:58am

The suspects and their companies were previously sanctioned by the United States and its allies.

The post US Charges Russian Individuals and Firms for Running Cybercrime Services appeared first on SecurityWeek.

Categories: SecurityWeek

Vulnerabilities Patched by Fortinet, Ivanti, ServiceNow

Wed, 07/15/2026 - 7:02am

A critical security defect in the ServiceNow AI platform could allow remote attackers to execute arbitrary code.

The post Vulnerabilities Patched by Fortinet, Ivanti, ServiceNow appeared first on SecurityWeek.

Categories: SecurityWeek

White House Launches AI-Driven ‘Gold Eagle’ Vulnerability Coordination Initiative

Wed, 07/15/2026 - 6:18am

The new program stems from an AI-focused Executive Order signed by President Trump on June 2.

The post White House Launches AI-Driven ‘Gold Eagle’ Vulnerability Coordination Initiative appeared first on SecurityWeek.

Categories: SecurityWeek

Progress Confirms Zero-Day Vulnerability Behind ShareFile Disruption

Wed, 07/15/2026 - 5:48am

The company has rolled out a fix and is restoring access for Storage Zones Controller customers who apply it.

The post Progress Confirms Zero-Day Vulnerability Behind ShareFile Disruption appeared first on SecurityWeek.

Categories: SecurityWeek

ICS Patch Tuesday: Vulnerabilities Fixed by Siemens, Schneider, Rockwell

Wed, 07/15/2026 - 5:19am

The industrial giants fixed dozens of vulnerabilities across their ICS products, with advisories also released by CISA and VDE CERT.

The post ICS Patch Tuesday: Vulnerabilities Fixed by Siemens, Schneider, Rockwell appeared first on SecurityWeek.

Categories: SecurityWeek

Critical Vulnerabilities Patched With Fresh Chrome 150, Firefox 152 Updates

Wed, 07/15/2026 - 3:24am

Public exploit code targeting the Firefox flaws exists, but no in-the-wild exploitation has been observed.

The post Critical Vulnerabilities Patched With Fresh Chrome 150, Firefox 152 Updates appeared first on SecurityWeek.

Categories: SecurityWeek

SonicWall Issues Urgent SMA Patch Warning for Two Zero-Day Exploits

Wed, 07/15/2026 - 1:19am

SonicWall SMA1000 zero-day vulnerabilities CVE-2026-15409 and CVE-2026-15410 can be exploited for remote code execution.

The post SonicWall Issues Urgent SMA Patch Warning for Two Zero-Day Exploits appeared first on SecurityWeek.

Categories: SecurityWeek

Microsoft Patches Record 622 Vulnerabilities, Including Two Exploited Zero-Days

Tue, 07/14/2026 - 2:50pm

Two flaws in Active Directory and SharePoint Server have been exploited as zero-days, and a BitLocker bug was publicly disclosed.

The post Microsoft Patches Record 622 Vulnerabilities, Including Two Exploited Zero-Days appeared first on SecurityWeek.

Categories: SecurityWeek

Synopsys Finds No Evidence of Data Breach Amid Bosch Hack Claims

Tue, 07/14/2026 - 2:18pm

The D1R cybercrime group claimed to have stolen valuable data from Synopsys and Bosch, threatening to leak it unless a ransom is paid. 

The post Synopsys Finds No Evidence of Data Breach Amid Bosch Hack Claims appeared first on SecurityWeek.

Categories: SecurityWeek

Adobe Patches Critical ColdFusion Vulnerabilities

Tue, 07/14/2026 - 1:06pm

The ColdFusion security defects could allow attackers to execute arbitrary code or elevate their privileges.

The post Adobe Patches Critical ColdFusion Vulnerabilities appeared first on SecurityWeek.

Categories: SecurityWeek

7 Severe Vulnerabilities Patched in VMware Avi Load Balancer

Tue, 07/14/2026 - 9:55am

The flaws can be exploited for authentication bypass, remote code execution, privilege escalation, and directory traversal.

The post 7 Severe Vulnerabilities Patched in VMware Avi Load Balancer appeared first on SecurityWeek.

Categories: SecurityWeek

Pages