SecurityWeek

Noteworthy stories that might have slipped under the radar: Cloudflare outage not caused by cyberattack, Dutch police identified 126 users of Cracked.io, the Victoria’s Secret cyberattack has cost $10 million. 

The post In Other News: Cloudflare Outage, Cracked.io Users Identified, Victoria’s Secret Cyberattack Cost appeared first on SecurityWeek.

Threat actors have abused the TeamFiltration pentesting framework to target over 80,000 Entra ID user accounts.

The post TeamFiltration Abused in Entra ID Account Takeover Campaign appeared first on SecurityWeek.

Industry professionals comment on the Trump administration’s new executive order on cybersecurity. 

The post Industry Reactions to Trump Cybersecurity Executive Order: Feedback Friday appeared first on SecurityWeek.

CISA warns that vulnerable SimpleHelp RMM instances have been exploited against a utility billing software provider’s customers.

The post SimpleHelp Vulnerability Exploited Against Utility Billing Software Users appeared first on SecurityWeek.

Multiple legitimate, unusual tools were used in a Fog ransomware attack, including one employed by Chinese hacking group APT41.

The post Fog Ransomware Attack Employs Unusual Tools appeared first on SecurityWeek.

Mitel has announced patches for a MiCollab path traversal vulnerability that can be exploited remotely without authentication.

The post Critical Vulnerability Exposes Many Mitel MiCollab Instances to Remote Hacking appeared first on SecurityWeek.

Trend Micro patches critical-severity Apex Central and Endpoint Encryption PolicyServer flaws leading to remote code execution.

The post Critical Vulnerabilities Patched in Trend Micro Apex Central, Endpoint Encryption appeared first on SecurityWeek.

ZeroRISC has raised $10 million in seed funding for production-grade open source silicon security, built on OpenTitan designs.

The post ZeroRISC Raises $10 Million for Open Source Silicon Security Solutions appeared first on SecurityWeek.

Citizen Lab publishes forensic proof that spyware maker Paragon can compromise up-to-date iPhones. Journalists in Europe among victims.

The post Paragon ‘Graphite’ Spyware Linked to Zero-Click Hacks on Newest iPhones appeared first on SecurityWeek.

AI-generated voice deepfakes have crossed the uncanny valley, fueling a surge in fraud that outpaces traditional security measures. Detection technology is racing to keep up.

The post The AI Arms Race: Deepfake Generation vs. Detection appeared first on SecurityWeek.

Hirundo tackles AI hallucinations and bias by making trained models “forget” poisoned, malicious, and confidential data.

The post Hirundo Raises $8 Million to Eliminate AI’s Bad Behavior appeared first on SecurityWeek.

The new attack technique uses smartwatches to capture ultrasonic covert communication in air-gapped environments and exfiltrate data.

The post New ‘SmartAttack’ Steals Air-Gapped Data Using Smartwatches appeared first on SecurityWeek.

Microsoft recently patched CVE-2025-32711, a vulnerability that could have been used for zero-click attacks to steal data from Copilot.

The post ‘EchoLeak’ AI Attack Enabled Theft of Sensitive Data via Microsoft 365 Copilot appeared first on SecurityWeek.

It’s time for enterprises to stop treating unmanaged devices as an edge case and start securing them as part of a unified Zero Trust strategy.

The post The ZTNA Blind Spot: Why Unmanaged Devices Threaten Your Hybrid Workforce appeared first on SecurityWeek.

Between May 2024 and April 2025, Cloudflare blocked 109 billion malicious requests targeting organizations protected under Project Galileo.

The post Surge in Cyberattacks Targeting Journalists: Cloudflare appeared first on SecurityWeek.

Palo Alto Networks has released patches for seven vulnerabilities and incorporated the latest Chrome fixes in its products.

The post Palo Alto Networks Patches Privilege Escalation Vulnerabilities appeared first on SecurityWeek.

Interpol has announced a crackdown on infostealer malware in Asia as part of an effort called Operation Secure.

The post Interpol Targets Infostealers: 20,000 IPs Taken Down, 32 Arrested, 216,000 Victims Notified appeared first on SecurityWeek.

Beyond potentially halting sales of physical goods, breaches can expose customers’ personal data to future phishing or fraud attempts.

The post With Retail Cyberattacks on the Rise, Customers Find Orders Blocked and Shelves Empty appeared first on SecurityWeek.

Cybersecurity heavyweight Securonix acquires ThreatQuotient to boost plans to build an all-in-one security operations stack.

The post Securonix Acquires Threat Intelligence Firm ThreatQuotient appeared first on SecurityWeek.

Maze and its investors are betting on finding profits in software that uses AI-powered agents to automate critical parts of the process.

The post Maze Banks $25M to Tackle Cloud Security with AI Agents appeared first on SecurityWeek.