SecurityWeek
Zyxel Patches Critical Vulnerability in Many Device Models
The issue impacts the UPnP function of multiple device models and could be exploited for remote code execution.
The post Zyxel Patches Critical Vulnerability in Many Device Models appeared first on SecurityWeek.
US Sanctions Russian Exploit Broker Operation Zero
The broker acquired eight zero-day exploits from a US defense contractor executive jailed for his actions.
The post US Sanctions Russian Exploit Broker Operation Zero appeared first on SecurityWeek.
Trend Micro Patches Critical Apex One Vulnerabilities
TrendAI has fixed eight critical and high-severity issues in Windows and macOS endpoint security products.
The post Trend Micro Patches Critical Apex One Vulnerabilities appeared first on SecurityWeek.
Cisco Patches Catalyst SD-WAN Zero-Day Exploited by Highly Sophisticated Hackers
Already added to CISA’s KEV catalog, the flaw allows attackers to bypass authentication and gain administrative privileges.
The post Cisco Patches Catalyst SD-WAN Zero-Day Exploited by Highly Sophisticated Hackers appeared first on SecurityWeek.
The Blast Radius Problem: Stolen Credentials are Weaponizing Agentic AI
More than half (56%) of the 400,000 vulnerabilities IBM X-Force tracked in 2025 required no authentication before exploitation.
The post The Blast Radius Problem: Stolen Credentials are Weaponizing Agentic AI appeared first on SecurityWeek.
Google Disrupts Chinese Cyberespionage Campaign Targeting Telecoms, Governments
The UNC2814 threat actor has been active since at least 2017, targeting organizations across 42 countries.
The post Google Disrupts Chinese Cyberespionage Campaign Targeting Telecoms, Governments appeared first on SecurityWeek.
SolarWinds Patches Four Critical Serv-U Vulnerabilities
The four security defects could be exploited for remote code execution but require administrative privileges.
The post SolarWinds Patches Four Critical Serv-U Vulnerabilities appeared first on SecurityWeek.
Medical Device Maker UFP Technologies Hit by Cyberattack
UFP Technologies appears to have been targeted in a ransomware attack that involved data theft and file-encrypting malware.
The post Medical Device Maker UFP Technologies Hit by Cyberattack appeared first on SecurityWeek.
Ex-US Defense Contractor Executive Jailed for Selling Exploits to Russia
Peter Williams was sentenced to 87 months in prison for selling cyber exploits to a Russian broker.
The post Ex-US Defense Contractor Executive Jailed for Selling Exploits to Russia appeared first on SecurityWeek.
Over 12 Million Users Impacted by CarGurus Data Breach
Hackers claim to have stolen personally identifiable information and internal corporate data from the automotive firm.
The post Over 12 Million Users Impacted by CarGurus Data Breach appeared first on SecurityWeek.
SecurityWeek Report: 426 Cybersecurity M&A Deals Announced in 2025
SecurityWeek’s M&A data indicates that today's market is more disciplined, and it seems to favor GRC, data protection, and identity.
The post SecurityWeek Report: 426 Cybersecurity M&A Deals Announced in 2025 appeared first on SecurityWeek.
Wynn Resorts Confirms Data Breach After Hackers Remove It From Leak Site
The high-end casino and hotel operator has admitted that employee data was stolen by ShinyHunters.
The post Wynn Resorts Confirms Data Breach After Hackers Remove It From Leak Site appeared first on SecurityWeek.
Astelia Raises $35 Million for Exposure Management
The company will expand its AI-based analysis capabilities, grow its employee base, and scale deployments.
The post Astelia Raises $35 Million for Exposure Management appeared first on SecurityWeek.
Reddit Hit With $20 Million UK Data Privacy Fine Over Child Safety Failings
Britain’s data privacy watchdog slapped online forum Reddit on Tuesday with a fine worth nearly $20 million for failures involving children’s personal information.
The post Reddit Hit With $20 Million UK Data Privacy Fine Over Child Safety Failings appeared first on SecurityWeek.
Claude’s New AI Vulnerability Scanner Sends Cybersecurity Shares Plunging
The stocks of major cybersecurity companies have fallen sharply over fears that AI is disrupting the industry.
The post Claude’s New AI Vulnerability Scanner Sends Cybersecurity Shares Plunging appeared first on SecurityWeek.
Ad Tech Company Optimizely Targeted in Cyberattack
The company says the attackers accessed internal business systems such as Zendesk and Salesforce.
The post Ad Tech Company Optimizely Targeted in Cyberattack appeared first on SecurityWeek.
‘Arkanix Stealer’ Malware Disappears Shortly After Debut
Written in C++ and Python, the malware exfiltrates system information, browser data, and steals files.
The post ‘Arkanix Stealer’ Malware Disappears Shortly After Debut appeared first on SecurityWeek.
VMware Aria Operations Vulnerability Could Allow Remote Code Execution
Broadcom has patched several vulnerabilities in VMware Aria Operations, including high-severity flaws.
The post VMware Aria Operations Vulnerability Could Allow Remote Code Execution appeared first on SecurityWeek.
CISO Conversations: Timothy Youngblood; 4x Fortune 500 CISO/CSO
Timothy Youngblood was CISO at Dell, CISO at Kimberley-Clark, VP & CISO at McDonald’s, and SVP, CSO & Product Security Officer at T-Mobile.
The post CISO Conversations: Timothy Youngblood; 4x Fortune 500 CISO/CSO appeared first on SecurityWeek.
New ‘Sandworm_Mode’ Supply Chain Attack Hits NPM
The malicious code propagates like a worm, poisons AI assistants, exfiltrates secrets, and contains a destructive dead switch.
The post New ‘Sandworm_Mode’ Supply Chain Attack Hits NPM appeared first on SecurityWeek.