Login
The security defects allow attackers to escalate privileges and execute arbitrary code remotely.
The post Organizations Warned of Exploited Windows, Adobe Acrobat Vulnerabilities appeared first on SecurityWeek.
The online travel platform has not said how many customersβ booking information was exposed, but said the issue has been contained.Β
The post Booking.com Says Hackers Accessed User Information appeared first on SecurityWeek.
Claims that βMicrosoft is running one of the largest corporate espionage operations in modern historyβ face scrutiny as researchers analyze LinkedInβs browser extension probing
The post BrowserGate: Claims of LinkedIn βSpyingβ Clash With Security Research Findings appeared first on SecurityWeek.
The AI giant is taking action after determining that a macOS code signing certificate may have been compromised.
The post OpenAI Impacted by North Korea-Linked Axios Supply Chain Hack appeared first on SecurityWeek.
Law enforcement in the US, UK and Canada identified more than $45 million in cryptocurrency and froze $12 million.
The post International Operation Targets Multimillion-Dollar Crypto Theft Schemes appeared first on SecurityWeek.
Download links were replaced by a Russian-speaking threat actor to distribute a recently emerged malware named STX RAT.
The post CPUID Hacked to Serve Trojanized CPU-Z and HWMonitor Downloads appeared first on SecurityWeek.
The malware mimics the legitimate Anthropic installation, relies on DLL sideloading, and cleans up after itself.
The post Fake Claude Website Distributes PlugX RAT appeared first on SecurityWeek.
The feature allows enterprise users to compose and read end-to-end encrypted messages natively on their mobile devices.
The post Gmail Brings End-to-End Encryption to Android and iOS for Enterprise Users appeared first on SecurityWeek.
The vulnerability is tracked as CVE-2026-34621 and Adobe has confirmed that it can be exploited for arbitrary code execution.
The post Adobe Patches Reader Zero-Day Exploited for Months appeared first on SecurityWeek.
Other noteworthy stories that might have slipped under the radar: Jones Day hacked, Internet Bug Bounty program paused due to AI, new Mac stealer malware.
The post In Other News: Cyberattack Stings Stryker, Windows Zero-Day, China Supercomputer Hack appeared first on SecurityWeek.
A critical-severity flaw could be exploited remotely, without authentication, to take over a vulnerable device.
The post Juniper Networks Patches Dozens of Junos OS Vulnerabilities appeared first on SecurityWeek.
The US government has warned that Iran-linked hackers are manipulating PLCs and SCADA systems to cause disruption.
The post Industry Reactions to Iran Hacking ICS in Critical Infrastructure: Feedback Friday appeared first on SecurityWeek.
Attackers could exploit these vulnerabilities in denial-of-service, information disclosure, and arbitrary code execution attacks.
The post Orthanc DICOM Vulnerabilities Lead to Crashes, RCE appeared first on SecurityWeek.
The critical vulnerabilities affect Chromeβs WebML component and they have been reported by anonymous researchers.
The post Chrome 147 Patches 60 Vulnerabilities, Including Two Critical Flaws Worth $86,000 appeared first on SecurityWeek.
The document provides a behavior-based model of the tactics and techniques employed by fraudsters.
The post MITRE Releases Fight Fraud Framework appeared first on SecurityWeek.
Within nine hours, a hacker built an exploit from the unauthenticated bugβs advisory and started using it in the wild.
The post Critical Marimo Flaw Exploited Hours After Public Disclosure appeared first on SecurityWeek.
New Device Bound Session Credentials render stolen session cookies unusable by cryptographically binding authentication.
The post Google Rolls Out Cookie Theft Protections in Chrome appeared first on SecurityWeek.
The security hole affected an EngageLab SDK and it was reported by Microsoft to the vendor one year ago.
The post Microsoft Finds Vulnerability Exposing Millions of Android Crypto Wallet Users appeared first on SecurityWeek.
RSAC researchers hacked Apple Intelligence using the Neural Exect method and Unicode manipulation.
The post Apple Intelligence AI Guardrails Bypassed in New Attack appeared first on SecurityWeek.
From hallucinations and bias to model collapse and adversarial abuse, todayβs AI is built on probability rather than truth, yet enterprises are deploying it at speed without fully understanding the risks.
The post Can We Trust AI? No β But Eventually We Must appeared first on SecurityWeek.
Dozens of such keys can be extracted from appsβ decompiled code to gain access to all Gemini endpoints.
The post Google API Keys in Android Apps Expose Gemini Endpoints to Unauthorized Access appeared first on SecurityWeek.
The bugs could allow attackers to modify protected resources and escalate their privileges to administrator.
The post Palo Alto Networks, SonicWall Patch High-Severity Vulnerabilities appeared first on SecurityWeek.
Beyond monitoring and compliance, visibility acts as a powerful deterrent, shaping user behavior, improving collaboration, and enabling more accurate, data-driven security decisions.
The post The Hidden ROI of Visibility: Better Decisions, Better Behavior, Better Security appeared first on SecurityWeek.
Tracked as UNC6783, the threat actor is likely linked to Mr. Raccoon, the hacker behind the alleged theft of Adobe data from a BPO.
The post Google Warns of New Campaign Targeting BPOs to Steal Corporate Data appeared first on SecurityWeek.
Reputable researcher Haifei Li has come across what appears to be a PDF designed to exploit an unpatched vulnerability.
The post Adobe Reader Zero-Day Exploited for Months: Researcher appeared first on SecurityWeek.
In December 2025, hackers stole names and passport numbers from the European travel companyβs network.
The post 300,000 People Impacted by Eurail Data Breach appeared first on SecurityWeek.
A hacker transferred more than 50 bitcoin from the Bitcoin ATM operatorβs wallets after stealing credentials.Β
The post $3.6 Million Stolen in Bitcoin Depot Hack appeared first on SecurityWeek.
Hackers vowed to revive its efforts against America when the time was right β demonstrating how digital warfare has become ingrained in military conflict.
The post Shaky Ceasefire Unlikely to Stop Cyberattacks From Iran-Linked Hackers for Long appeared first on SecurityWeek.
A total of seven vulnerabilities, most of which can be exploited for DoS attacks, have been patched in OpenSSL.
The post Data Leakage Vulnerability Patched in OpenSSL appeared first on SecurityWeek.
The vulnerability requires authentication for successful exploitation, but another flaw exposes the Jolokia API without authentication.
The post RCE Bug Lurked in Apache ActiveMQ Classic for 13 Years appeared first on SecurityWeek.
The FBI received over 1 million complaints of malicious activity in 2025, with investment, BEC, and tech support scams causing the highest losses.
The post FBI: Cybercrime Losses Neared $21 Billion in 2025 appeared first on SecurityWeek.
Signature Healthcare was forced to cancel some services, and pharmacies are unable to fill prescriptions due to the hacker attack.
The post Massachusetts Hospital Diverts Ambulances as Cyberattack Causes DisruptionΒ appeared first on SecurityWeek.
Focused on persistence, the botnet does not engage in widespread infection and avoids blacklisted IPs and critical infrastructure entities.
The post Evasive Masjesu DDoS Botnet Targets IoT Devices appeared first on SecurityWeek.
The vulnerability allows hackers to upload arbitrary files to a siteβs server and achieve remote code execution.
The post Hackers Targeting Ninja Forms Vulnerability That Exposes WordPress Sites to Takeover appeared first on SecurityWeek.
The APT28 threat group exploited vulnerable TP-Link and MikroTik routers to conduct adversary-in-the-middle (AitM) attacks.
The post US Disrupts Russian Espionage Operation Involving Hacked Routers and DNS Hijacking appeared first on SecurityWeek.
Federal agencies warn attackers are manipulating PLC and SCADA systems across multiple sectors, triggering operational disruptions and raising concerns over broader OT targeting.
The post Iran-Linked Hackers Disrupt US Critical Infrastructure via PLC Attacks appeared first on SecurityWeek.
New AI model drives Project Glasswing, a effort to secure critical software before advanced capabilities fall into the wrong hands.
The post AnthropicΒ Unveils βClaude Mythosβ β A Cybersecurity Breakthrough That Could Also Supercharge Attacks appeared first on SecurityWeek.
The cybersecurity response to AI-enabled nation-state threats cannot be incremental. It must be architectural.
The post The New Rules of Engagement: Matching Agentic Attack Speed appeared first on SecurityWeek.
The startup has created a layered security solution aiming to secure AI agents throughout their entire lifecycle.
The post Trent AI Emerges From Stealth With $13 Million in Funding appeared first on SecurityWeek.
The improper validation of user-supplied JavaScript code allows attackers to execute arbitrary code and access the file system.
The post Critical Flowise Vulnerability in Attacker Crosshairs appeared first on SecurityWeek.
A critical DoS vulnerability in the Framework component of Android has also been fixed with the latest update.
The post Severe StrongBox Vulnerability Patched in Android appeared first on SecurityWeek.
By targeting Grafanaβs AI components, attackers can point to external resources and inject indirect prompts to bypass safeguards.
The post GrafanaGhost: Attackers Can Abuse Grafana to Leak Enterprise Data appeared first on SecurityWeek.
Join the live diagnostic session to expose hidden coverage gaps and shift from flawed tool-level evaluations to a comprehensive, program-level validation discipline.
The post Webinar Today: Why Automated Pentesting Alone Is Not Enough appeared first on SecurityWeek.
Researchers have demonstrated that GPU Rowhammer attacks can be used to escalate privileges.
The post GPUBreach: Root Shell Access Achieved via GPU Rowhammer AttackΒ appeared first on SecurityWeek.
The group is using zero-days, quickly weaponizes fresh bugs, and exfiltrates and encrypts data within days of initial access.
The post Medusa Ransomware Fast to Exploit Vulnerabilities, Breached Systems appeared first on SecurityWeek.
Shchukin is accused of extorting more than $2 million as the head of the GandCrab and REvil ransomware operations.
The post German Police Unmask REvil Ransomware Leader appeared first on SecurityWeek.
The Trump administration says the FY2027 budget refocuses CISA on its core mission: protecting federal agencies and critical infrastructure.
The post White House Seeks to Slash CISA Funding by $707 Million appeared first on SecurityWeek.
The high-end casino and hotel operator has likely paid a ransom to avoid a data leak.
The post Wynn Resorts Says 21,000 Employees Affected by ShinyHunters Hack appeared first on SecurityWeek.
A vulnerability named βAI Agent Trapsβ allows attackers to manipulate, deceive, and exploit visiting agents via malicious web content.
The post Google DeepMind Researchers Map Web Attacks Against AI Agents appeared first on SecurityWeek.
CyberLabRSS