Critical FortiClient EMS Vulnerability Exploited in Fresh Attacks
Fortinet rolled out hotfixes for the security defect in April, warning that it had been exploited in the wild as a zero-day and urging immediate patching. Th...
SecurityWeek
20 articles
IBM and Red Hat Commit $5 Billion to Secure Open Source Supply Chains Under “Project Lightwell”
Project Lightwell is designed to fix vulnerabilities without breaking what is already in production. The post IBM and Red Hat Commit $5 Billion to Secure Ope...
New Edamame Platform Aims to Catch AI Coding Agents Going Off the Rails
France-based startup Edamame says its runtime verification platform uses host telemetry and AI analysis to detect coding-agent “intent drift,” secret theft a...
Gitea Vulnerability Exposed 30,000 Deployments to Attacks
The security flaw allowed attackers to pull private container images, exposing source code, credentials, and infrastructure. The post Gitea Vulnerability Exp...
Raising the Cybersecurity Stakes: Ante up for the Agentic Era
CISOs are now facing machine-speed attacks and asking, “How do I agent?” The industry must provide remediation at scale.
Google Unveils AI Threat Defense Platform to Fight AI-Powered Cyberattacks
New AI Threat Defense platform combines capabilities from Mandiant, Wiz and Gemini to help customers fight AI with AI. The post Google Unveils AI Threat Defe...
UK Cyberspying Chief Calls AI ‘an Unstoppable Force’ and Warns About Russia
The speech is the latest in a string of warnings from intelligence experts that Russia is stepping up hostile activity in a “gray zone” that falls just below...
Vulnerability in Popular Conference Software Granted Attackers a 100% Talk Acceptance Rate
Novee researchers discovered an account takeover vulnerability in the open source CFP management tool Pretalx. The post Vulnerability in Popular Conference S...
SecurityWeek to Host AI Risk Summit August 11-12 at the Ritz-Carlton, Half Moon Bay
Now in its third year, the AI Risk Summit is the leading conference that brings together CISOs, security leaders, AI researchers, developers, policymakers, a...
RevEng.AI Raises $15 Million to Hunt for Flaws and Backdoors in Software Binaries
Using an AI model called BinNet, RevEng hunts vulnerabilities and backdoors in released software binaries. The post RevEng.
Romanian Hacker Sentenced to Prison in US for Selling Access to State Network
Catalin Dragomir previously pleaded guilty to selling access to an Oregon state government office’s network. The post Romanian Hacker Sentenced to Prison in ...
Lastwall Raises $11.5 Million for Quantum-Resilient Identity Platform
The new funding, led by BDC Capital’s StrongNorth Fund, will accelerate Lastwall’s North American expansion. The post Lastwall Raises $11.
The Credential Crisis: How Stolen Credentials Defeat Modern Security
As AI accelerates phishing, session hijacking, and credential abuse, security teams are racing to close the gap between attacker speed and defensive response...
‘SymJack’ Attack Turns AI Coding Agents Into Supply Chain Attack Delivery Systems
Malicious repositories and disguised symlinks can trick AI coding agents into silently installing attacker-controlled MCP servers capable of stealing secrets...
GlassWorm Botnet Disrupted
Security firms took down all four command-and-control (C&C) channels used by the GlassWorm malware. The post GlassWorm Botnet Disrupted appeared first on Sec...
LA Metro Cyberattack Linked to Iranian State-Sponsored Hackers
The attack was claimed by a hacktivist group, but evidence showed it used infrastructure linked to Iranian government threat actors. The post LA Metro Cybera...
FBI: Hackers Sending Operatives in Person to Insert USB Drives and Steal Data
The FBI has issued an alert warning of Silent Ransom Group attacks targeting law firms. The post FBI: Hackers Sending Operatives in Person to Insert USB Driv...
CISA Urges Immediate Patching of Exploited LiteSpeed cPanel Plugin Zero-Day
Resolved last week, the vulnerability was exploited in the wild as a zero-day to execute scripts with root privileges. The post CISA Urges Immediate Patching...
Anthropic Releases New Claude Sandbox, Security Guidance Plugin
The AI giant says the new plugin, which helps developers find vulnerabilities as they write code, has been used extensively internally. The post Anthropic Re...
AppOmni’s Marlin AI Brings Autonomous Investigation to SaaS Security
Marlin AI automatically analyzes SaaS misconfigurations, investigates related activity across enterprise environments, and recommends remediation steps — whi...