Security Week
Runlayer Raises $30 Million in Series A Funding
The startup’s platform functions as a secure control layer, aiming to secure AI tools across enterprises.
The post Runlayer Raises $30 Million in Series A Funding appeared first on SecurityWeek.
Cal Water Finds No Evidence of OT Activity After Hackers Claimed They Could Disrupt Water Supply
Mandiant has helped the California water utility investigate the cyberattack launched by Iranian hacker group Handala.
The post Cal Water Finds No Evidence of OT Activity After Hackers Claimed They Could Disrupt Water Supply appeared first on SecurityWeek.
Lantronix Serial-to-IP Converter Flaw Exploited in Attacks After OT Threat Warning
The exploited flaw, CVE-2025-67038, is one of the vulnerabilities disclosed in April as part of the BRIDGE:BREAK research project.
The post Lantronix Serial-to-IP Converter Flaw Exploited in Attacks After OT Threat Warning appeared first on SecurityWeek.
GitLab Patches Code Execution, Information Disclosure Vulnerabilities
The latest GitLab CE/EE updates address 13 vulnerabilities, including three high-severity defects.
The post GitLab Patches Code Execution, Information Disclosure Vulnerabilities appeared first on SecurityWeek.
25-Year-Old Vulnerability Patched in Curl
The latest version of the open source data transfer tool resolves 18 medium and low-severity vulnerabilities.
The post 25-Year-Old Vulnerability Patched in Curl appeared first on SecurityWeek.
SecurityWeek ICS Cybersecurity Conference Heads to Nashville for Special 25-Year Anniversary Edition
The 2026 Industrial Control Systems (ICS) Cybersecurity Conference takes place October 6-8, 2026, at the W Nashville.
The post SecurityWeek ICS Cybersecurity Conference Heads to Nashville for Special 25-Year Anniversary Edition appeared first on SecurityWeek.
NIST Opens Updated IoT Security Guidance to Public Review
The guidance aims to establish product cybersecurity requirements for IoT devices integrated into federal agencies’ networks.
The post NIST Opens Updated IoT Security Guidance to Public Review appeared first on SecurityWeek.
Chrome 149 Update Resolves 18 Severe Vulnerabilities
More than half of the bugs are use-after-free defects, which can potentially lead to remote code execution.
The post Chrome 149 Update Resolves 18 Severe Vulnerabilities appeared first on SecurityWeek.
Cisco SD-WAN Zero-Day Exploited Months Before Patching
CVE-2026-20245, the 7th Cisco SD-WAN vulnerability exploited in 2026, was used for months prior to its disclosure and patching.
The post Cisco SD-WAN Zero-Day Exploited Months Before Patching appeared first on SecurityWeek.
When Information Becomes the Attack Surface – Understanding AI Agent Traps
From hidden content injections to cognitive state poisoning, attackers are turning trusted data sources into traps for autonomous AI.
The post When Information Becomes the Attack Surface – Understanding AI Agent Traps appeared first on SecurityWeek.
Microsoft and Allies Smash Shared Infrastructure of Amadey and StealC Malware
Hundreds of C&C servers were disrupted in an operation involving law enforcement and several cybersecurity companies.
The post Microsoft and Allies Smash Shared Infrastructure of Amadey and StealC Malware appeared first on SecurityWeek.
Exclusive: Meet AIVEX, a New Triage Model Built to Reduce Supply Chain Threat and Risk
The new framework seeks to help security teams identify which software supply chain vulnerabilities pose the greatest operational, safety, and business risks in AI-driven environments.
The post Exclusive: Meet AIVEX, a New Triage Model Built to Reduce Supply Chain Threat and Risk appeared first on SecurityWeek.
macOS Weaknesses Chained to Silently Disable Endpoint Security Agents
A standard non-admin account is sufficient to conduct an attack that exploits legitimate OS behavior rather than software vulnerabilities.
The post macOS Weaknesses Chained to Silently Disable Endpoint Security Agents appeared first on SecurityWeek.
Third DraftKings Hacker Sentenced to 18 Months in Prison
Nathan Austad has been ordered to pay roughly $1.8 million in forfeiture and restitution, and the sentence also includes 3 years of supervised release.
The post Third DraftKings Hacker Sentenced to 18 Months in Prison appeared first on SecurityWeek.
Critical Ubiquiti Vulnerabilities in Attackers’ Crosshairs
The flaws allow remote, unauthenticated attackers to make system changes, access underlying accounts, and inject commands.
The post Critical Ubiquiti Vulnerabilities in Attackers’ Crosshairs appeared first on SecurityWeek.
Agentic AI Security: Wrong Context, Wrong Decisions at Machine Speed
Context is the central plank of AI in general, and agentic AI in particular. If an AI system doesn’t have the correct context, it cannot make the correct decisions.
The post Agentic AI Security: Wrong Context, Wrong Decisions at Machine Speed appeared first on SecurityWeek.
New ‘Mistic’ RAT Opens Door to Several Ransomware Families
Mistic is used by Woodgnat, an initial access broker working with Qilin, Interlock, Rhysida, Akira, 8Base, and Black Basta.
The post New ‘Mistic’ RAT Opens Door to Several Ransomware Families appeared first on SecurityWeek.
Exploitable CI/CD Vulnerabilities Expose Millions of Repositories to Hijacking
The security defects allow unauthenticated users to take control of the open source software supply chain.
The post Exploitable CI/CD Vulnerabilities Expose Millions of Repositories to Hijacking appeared first on SecurityWeek.
BeyondTrust, LastPass Impacted by Klue-Salesforce Incident
Over a dozen Klue customers have confirmed that hackers stole data from their Salesforce instances.
The post BeyondTrust, LastPass Impacted by Klue-Salesforce Incident appeared first on SecurityWeek.
Webinar Today: Modern Exposure Validation in the AI Era
The exploit timeline collapsed. Make sure your validation didn't.
The post Webinar Today: Modern Exposure Validation in the AI Era appeared first on SecurityWeek.