TrendAI Patches Apex One Zero-Day Exploited in the Wild
CVE-2026-34926 is a directory traversal flaw that can be exploited against the on-premise version of Apex One. The post TrendAI Patches Apex One Zero-Day Exp...
SecurityWeek
20 articles
Grafana Says Codebase and Other Data Stolen via TanStack Supply Chain Attack
Hackers accessed Grafana’s GitHub repositories after a token compromised in the TanStack attack was not rotated. The post Grafana Says Codebase and Other Dat...
Cisco Patches Critical Vulnerability in Secure Workload
Insufficient validation and authentication in the Secure Workload’s REST APIs provide remote attackers with Site Admin privileges. The post Cisco Patches Cri...
Ocean Emerges From Stealth With $28M for Agentic Email Security Platform
The company has developed a platform that uses specialized AI agents to inspect every incoming message. The post Ocean Emerges From Stealth With $28M for Age...
Apple Rejected 2 Million App Store Submissions in 2025 for Security and Fraud Prevention
The company blocked over 1.1 billion accounts and $2.
Drupal Patches Highly Critical Vulnerability Exposing Websites to Hacking
CVE-2026-9082 can be exploited without authentication for information disclosure, privilege escalation, and remote code execution. The post Drupal Patches Hi...
Socket Raises $60 Million at $1 Billion Valuation
The company will invest in its firewall, certified patches, protection extensions, new products, and team expansion. The post Socket Raises $60 Million at $1...
Microsoft Patches Exploited UnDefend and RedSun Defender Zero-Days
The bugs could be exploited to elevate privileges to System or create a denial-of-service (DoS) condition. The post Microsoft Patches Exploited UnDefend and ...
Google’s Surge in Chrome Vulnerability Discoveries Likely Driven by AI
More than 200 vulnerabilities patched in recent Chrome releases are marked as ‘reported by Google’. The post Google’s Surge in Chrome Vulnerability Discoveri...
Supply Chain Security Crisis: Too Many Vulnerabilities, Too Little Visibility
New vulnerabilities are being discovered too fast, the time-to-exploitation is too short, and our visibility into them is largely lacking. The post Supply Ch...
Quantum Bridge Raises $8 Million for Quantum-Safe Key Distribution Solution
The new Series A funding round brings the total raised by Quantum Bridge to $16 million. The post Quantum Bridge Raises $8 Million for Quantum-Safe Key Distr...
Microsoft Rolls Out Mitigations for ‘YellowKey’ BitLocker Bypass
The exploitation is mitigated by preventing the FsTx Auto Recovery Utility from starting when the WinRE image launches. The post Microsoft Rolls Out Mitigati...
AI-Powered App Attacks Are Faster, More Frequent and Harder to Stop
Digital.ai’s latest threat report warns that agentic AI has erased the distinction between emerging and primary targets, enabling attackers to strike mobile ...
1Password Teams With OpenAI to Stop AI Coding Agents From Leaking Credentials
1Password says AI coding agents should never hold persistent secrets, introducing a just-in-time credential model for OpenAI Codex designed to keep credentia...
Anthropic Silently Patches Claude Code Sandbox Bypass
The researcher who found it says the vulnerability could have been chained with a prompt injection to exfiltrate data. The post Anthropic Silently Patches Cl...
Over 320 NPM Packages Hit by Fresh Mini Shai-Hulud Supply Chain Attack
A compromised maintainer account was used to publish malicious package versions across the @antv namespace. The post Over 320 NPM Packages Hit by Fresh Mini ...
Caught Off Guard: Securing AI After It Hits Production
As enterprises rush AI projects into production, security teams are increasingly being forced into reactive mode. The post Caught Off Guard: Securing AI Afte...
Real-World ICS Security Tales From the Trenches
SecurityWeek spoke with several ICS security experts and companies about their most memorable experiences in the field. The post Real-World ICS Security Tale...
Virtual Event Today: Threat Detection & Incident Response Summit
The speed and sophistication of cyberattacks have outpaced traditional defense methods. Please join us online today from 11AM -4PM ET for the Threat Detectio...
GitHub Confirms Hack Impacting 3,800 Internal Repositories
The TeamPCP hacking group accessed the repositories after a GitHub employee installed a poisoned VS Code extension. The post GitHub Confirms Hack Impacting 3...