SecurityWeek
Marks & Spencer Expects Ransomware Attack to Cost $400 Million
UK retailer Marks & Spencer expects the disruptions caused by the recent cyberattack to continue through July.
The post Marks & Spencer Expects Ransomware Attack to Cost $400 Million appeared first on SecurityWeek.
Security Theater or Real Defense? The KPIs That Tell the Truth
In the end, cybersecurity isn’t just about collecting data. It’s about proving that your defenses actually work.
The post Security Theater or Real Defense? The KPIs That Tell the Truth appeared first on SecurityWeek.
Taming the Hacker Storm: Why Millions in Cybersecurity Spending Isn’t Enough
Despite massive investment, the explosion of sophisticated malware and deepfake attacks persists because organizations struggle to verify digital identities and establish fundamental trust.
The post Taming the Hacker Storm: Why Millions in Cybersecurity Spending Isn’t Enough appeared first on SecurityWeek.
Cisco Patches High-Severity DoS, Privilege Escalation Vulnerabilities
Cisco published 10 security advisories detailing over a dozen vulnerabilities, including two high-severity flaws in its Identity Services Engine (ISE) and Unified Intelligence Center.
The post Cisco Patches High-Severity DoS, Privilege Escalation Vulnerabilities appeared first on SecurityWeek.
GitLab, Atlassian Patch High-Severity Vulnerabilities
GitLab and Atlassian have released patches for over a dozen vulnerabilities in their products, including high-severity bugs.
The post GitLab, Atlassian Patch High-Severity Vulnerabilities appeared first on SecurityWeek.
CISA Says Russian Hackers Targeting Western Supply-Lines to Ukraine
Russian military intelligence hackers intensify targeting of Western logistics and technology companies moving supplies into Ukraine.
The post CISA Says Russian Hackers Targeting Western Supply-Lines to Ukraine appeared first on SecurityWeek.
Microsoft Sinkholes Domains, Disrupts Notorious ‘Lumma Stealer’ Malware Operation
Redmond’s threat hunters found 394,000 Windows systems talking to Lumma controllers, a victim pool included global manufacturers.
The post Microsoft Sinkholes Domains, Disrupts Notorious ‘Lumma Stealer’ Malware Operation appeared first on SecurityWeek.
Critical Flaw Allows Remote Hacking of AutomationDirect Industrial Gateway
More than 100 AutomationDirect MB-Gateway devices may be vulnerable to attacks from the internet due to CVE-2025-36535.
The post Critical Flaw Allows Remote Hacking of AutomationDirect Industrial Gateway appeared first on SecurityWeek.
Coinbase Says Rogue Contractor Data Breach Affects 69,461 Users
A mandatory filing to the Maine Attorney General says 69,461 customers nationwide were affected and dates the breach back to last December.
The post Coinbase Says Rogue Contractor Data Breach Affects 69,461 Users appeared first on SecurityWeek.
US Student to Plead Guilty Over PowerSchool Hack
Matthew Lane allegedly hacked PowerSchool using stolen credentials and admitted to extorting a telecoms provider.
The post US Student to Plead Guilty Over PowerSchool Hack appeared first on SecurityWeek.
Cellcom Service Disruption Caused by Cyberattack
Wireless carrier Cellcom has confirmed that a week-long widespread service outage is the result of a cyberattack.
The post Cellcom Service Disruption Caused by Cyberattack appeared first on SecurityWeek.
Google DeepMind Unveils Defense Against Indirect Prompt Injection Attacks
Google DeepMind has developed an ongoing process to counter the continuously evolving threatIndirect prompt injection (IPI) attacks.
The post Google DeepMind Unveils Defense Against Indirect Prompt Injection Attacks appeared first on SecurityWeek.
Wiz Warns of Ongoing Exploitation of Recent Ivanti Vulnerabilities
Wiz warns that threat actors are chaining two recent Ivanti vulnerabilities to achieve unauthenticated remote code execution.
The post Wiz Warns of Ongoing Exploitation of Recent Ivanti Vulnerabilities appeared first on SecurityWeek.
Virtual Event Today: Threat Detection & Incident Response (TDIR) Summit
SecurityWeek’s 2025 Threat Detection & Incident Response (TDIR) Summit takes place as a virtual summit on Wednesday, May 21st.
The post Virtual Event Today: Threat Detection & Incident Response (TDIR) Summit appeared first on SecurityWeek.
Up to 25% of Internet-Exposed ICS Are Honeypots: Researchers
Many of the industrial control system (ICS) instances seen in internet scanning are likely or possibly honeypots, not real devices.
The post Up to 25% of Internet-Exposed ICS Are Honeypots: Researchers appeared first on SecurityWeek.
Ransomware Attack Forces Kettering Health to Cancel Procedures
Kettering Health has canceled inpatient and outpatient procedures as it deals with a system-wide outage caused by a ransomware attack.
The post Ransomware Attack Forces Kettering Health to Cancel Procedures appeared first on SecurityWeek.
Critical OpenPGP.js Vulnerability Allows Spoofing
An OpenPGP.js vulnerability tracked as CVE-2025-47934 allows message signature verification to be spoofed.
The post Critical OpenPGP.js Vulnerability Allows Spoofing appeared first on SecurityWeek.
NATO-Flagged Vulnerability Tops Latest VMware Security Patch Batch
VMware patches flaws that expose users to data leakage, command execution and denial-of-service attacks. No temporary workarounds available.
The post NATO-Flagged Vulnerability Tops Latest VMware Security Patch Batch appeared first on SecurityWeek.
Vulnerability Exploitation Probability Metric Proposed by NIST, CISA Researchers
The Likely Exploited Vulnerabilities (LEV) equations can help augment KEV- and EPSS-based remediation prioritization.
The post Vulnerability Exploitation Probability Metric Proposed by NIST, CISA Researchers appeared first on SecurityWeek.
Event Preview: 2025 Threat Detection & Incident Response (Virtual) Summit
SecurityWeek’s 2025 Threat Detection & Incident Response (TDIR) Summit takes place as a virtual summit on Wednesday, May 21st.
The post Event Preview: 2025 Threat Detection & Incident Response (Virtual) Summit appeared first on SecurityWeek.