SecurityWeek
Flaw in Industrial Computer Maker’s UEFI Apps Enables Secure Boot Bypass on Many Devices
Vulnerable DTResearch UEFI firmware applications can be used in BYOVD attacks to bypass Secure Boot.
The post Flaw in Industrial Computer Maker’s UEFI Apps Enables Secure Boot Bypass on Many Devices appeared first on SecurityWeek.
Webinar Today: Rethinking Endpoint Hardening for Today’s Attack Landscape
Learn how attackers hide in plain sight—and what you can do to stop them without slowing down your business.
The post Webinar Today: Rethinking Endpoint Hardening for Today’s Attack Landscape appeared first on SecurityWeek.
Fortinet, Ivanti Patch High-Severity Vulnerabilities
Patches released by Fortinet and Ivanti resolve over a dozen vulnerabilities, including high-severity flaws leading to code execution, credential leaks.
The post Fortinet, Ivanti Patch High-Severity Vulnerabilities appeared first on SecurityWeek.
40,000 Security Cameras Exposed to Remote Hacking
Bitsight has identified over 40,000 security cameras that can be easily hacked for spying or other types of malicious activity.
The post 40,000 Security Cameras Exposed to Remote Hacking appeared first on SecurityWeek.
Recently Disrupted DanaBot Leaked Valuable Data for 3 Years
Investigators leveraged a vulnerability dubbed DanaBleed to obtain insights into the internal operations of the DanaBot botnet.
The post Recently Disrupted DanaBot Leaked Valuable Data for 3 Years appeared first on SecurityWeek.
Cyera Raises $540 Million to Expand AI-Powered Data Security Platform
Series E funding round brings Cyera’s total funding to over $1.3 billion and values the data security firm at $6 billion.
The post Cyera Raises $540 Million to Expand AI-Powered Data Security Platform appeared first on SecurityWeek.
Horizon3.ai Raises $100 Million in Series D Funding
Horizon3.ai has raised $100 million to expand product capabilities, and to scale its partner ecosystem and federal market presence.
The post Horizon3.ai Raises $100 Million in Series D Funding appeared first on SecurityWeek.
Rethinking Success in Security: Why Climbing the Corporate Ladder Isn’t Always the Goal
Many security professionals feel pressured to pursue leadership roles, but success can also mean going deeper, not just higher.
The post Rethinking Success in Security: Why Climbing the Corporate Ladder Isn’t Always the Goal appeared first on SecurityWeek.
Chrome, Firefox Updates Resolve High-Severity Memory Bugs
Google and Mozilla have released patches for a combined total of four high-severity memory bugs in Chrome and Firefox.
The post Chrome, Firefox Updates Resolve High-Severity Memory Bugs appeared first on SecurityWeek.
ICS Patch Tuesday: Vulnerabilities Addressed by Siemens, Schneider, Aveva, CISA
Industrial solutions providers Siemens, Schneider Electric and Aveva have released June 2025 Patch Tuesday ICS security advisories.
The post ICS Patch Tuesday: Vulnerabilities Addressed by Siemens, Schneider, Aveva, CISA appeared first on SecurityWeek.
How Scammers Are Using AI to Steal College Financial Aid
Fake college enrollments have been surging as crime rings deploy “ghost students” — chatbots that join online classrooms and stay just long enough to collect a financial aid check.
The post How Scammers Are Using AI to Steal College Financial Aid appeared first on SecurityWeek.
Code Execution Flaws Haunt Adobe Acrobat Reader, Adobe Commerce
Patch Tuesday: Adobe documents hundreds of bugs across multiple products and warns of code execution, feature bypass risks.
The post Code Execution Flaws Haunt Adobe Acrobat Reader, Adobe Commerce appeared first on SecurityWeek.
Microsoft Patch Tuesday Covers WebDAV Flaw Marked as ‘Already Exploited’
Redmond warns that external control of a file name or path in WebDAV "allows an unauthorized attacker to execute code over a network."
The post Microsoft Patch Tuesday Covers WebDAV Flaw Marked as ‘Already Exploited’ appeared first on SecurityWeek.
Hackers Stole 300,000 Crash Reports From Texas Department of Transportation
The Texas Department of Transportation has disclosed a data breach impacting the personal information included in 300,000 crash reports.
The post Hackers Stole 300,000 Crash Reports From Texas Department of Transportation appeared first on SecurityWeek.
Swimlane Raises $45 Million for Security Automation Platform
Swimlane has raised $45 million in a growth funding round to fuel its global channel expansion and product innovation.
The post Swimlane Raises $45 Million for Security Automation Platform appeared first on SecurityWeek.
Five Zero-Days, 15 Misconfigurations Found in Salesforce Industry Cloud
Security researchers uncover critical flaws and widespread misconfigurations in Salesforce’s industry-specific CRM solutions.
The post Five Zero-Days, 15 Misconfigurations Found in Salesforce Industry Cloud appeared first on SecurityWeek.
Critical Vulnerability Patched in SAP NetWeaver
SAP has fixed a critical NetWeaver vulnerability allowing attackers to bypass authorization checks and escalate their privileges.
The post Critical Vulnerability Patched in SAP NetWeaver appeared first on SecurityWeek.
Sensitive Information Stolen in Sensata Ransomware Attack
Sensor manufacturer Sensata said a ransomware group had access to its network for more than a week and stole personal information.
The post Sensitive Information Stolen in Sensata Ransomware Attack appeared first on SecurityWeek.
Exploited Vulnerability Impacts Over 80,000 Roundcube Servers
Exploitation of a critical-severity RCE vulnerability in Roundcube started only days after a patch was released.
The post Exploited Vulnerability Impacts Over 80,000 Roundcube Servers appeared first on SecurityWeek.
Vulnerabilities Exposed Phone Number of Any Google User
Google has awarded $5,000 to a researcher who found security holes that enabled brute-forcing the phone number of any user.
The post Vulnerabilities Exposed Phone Number of Any Google User appeared first on SecurityWeek.