The vulnerability impacts multiple Rust tar parsers, allowing attackers to smuggle additional archive entries. The post TARmageddon Flaw in Popular Rust Library Leads to RCE appeared first on SecurityWeek.| SecurityWeek
One of the flaws can be exploited by remote unauthenticated attackers for arbitrary command execution. The post Critical Vulnerabilities Patched in TP-Link’s Omada Gateways appeared first on SecurityWeek.| SecurityWeek
The company’s IAM platform identifies AI agents, supports assigning permission to them, and tracks all activity. The post Keycard Emerges From Stealth Mode With $38 Million in Funding appeared first on SecurityWeek.| SecurityWeek
Star Blizzard started using the NoRobot (BaitSwitch) and MaybeRobot (SimpleFix) malware after public reporting on the LostKeys malware. The post Russian APT Switches to New Backdoor After Malware Exposed by Researchers appeared first on SecurityWeek.| SecurityWeek
If you are recruiting for a Field CISO, Field CTO, etc., or are looking to leverage a resource at your company in one of these roles, what are some things you should be aware of? The post What Makes a Great Field CXO: Lessons from the Front Lines appeared first on SecurityWeek.| SecurityWeek
Jewett-Cameron Company says hackers stole sensitive information and are threatening to release it unless a ransom is paid. The post Fencing and Pet Company Jewett-Cameron Hit by Ransomware appeared first on SecurityWeek.| SecurityWeek
The Critical Patch Update contains 374 new security patches that resolve many vulnerabilities. The post Oracle Releases October 2025 Patches appeared first on SecurityWeek.| SecurityWeek
Participants exploited 34 previously unknown vulnerabilities to hack printers, NAS devices, and smart home products. The post Hackers Earn Over $520,000 on First Day of Pwn2Own Ireland 2025 appeared first on SecurityWeek.| SecurityWeek
The Series A round was led by Two Bear Capital and included participation from Gula Tech Adventures, Next Frontier Capital, and others. The post Gravwell Closes $15.4M Funding Round to Expand Data Analytics and Security Platform appeared first on SecurityWeek.| SecurityWeek
NetRise appointed the former CISA Senior Advisor and Strategist as a Strategic Advisor. The post SBOM Pioneer Allan Friedman Joins NetRise to Advance Supply Chain Visibility appeared first on SecurityWeek.| SecurityWeek
“What is novel here is the attempt to frame alleged negligence not just against customers, but against the vendor and its native, first-party security tools." The post Hackers Extorting Salesforce After Stealing Data From Dozens of Customers appeared first on AppOmni.| AppOmni
Valid, complete reports detailing remote code execution or elevation of privilege bugs in .NET qualify for the maximum rewards.| SecurityWeek
In 2024, Google paid out nearly $12 million in bug bounties through its revamped vulnerability reward programs.| SecurityWeek
Google announces a bug bounty program and other initiatives for increasing the safety and security of artificial intelligence (AI)| SecurityWeek
Wiz announced Zeroday.Cloud, a new hacking competition where participants can earn significant rewards for cloud software exploits.| SecurityWeek
Google launches new dedicated AI Vulnerability Reward Program (VRP) with rewards of up to $20,000 for critical flaws.| SecurityWeek
Threat actors are impersonating known brands in a widespread campaign aimed at infecting macOS users with information stealer malware.| SecurityWeek
Tiffany and Company is notifying customers in the United States and Canada that their personal information was stolen by hackers.| SecurityWeek
Japanese brewing giant Asahi Group Holdings announced that its operations in the country have been disrupted by a cyberattack.| SecurityWeek
New report outlines the Top 25 MCP vulnerabilities and how attackers could exploit AI agents, plus strategies for defense.| SecurityWeek
SolarWinds announced a hotfix for RCE vulnerability in Web Help Desk, and this is the third time it attempts to address the issue.| SecurityWeek
L1TF Reloaded is a vulnerability combining the old L1TF and half-Spectre hardware flaws to bypass deployed software mitigations.| SecurityWeek
Supermicro has patched two BMC vulnerabilities that can be exploited to perform malicious firmware updates on impacted devices.| SecurityWeek
Libraesva has addressed a vulnerability in its integrated email security platform that has been exploited in the wild.| SecurityWeek
British automobile manufacturer Jaguar Land Rover (JLR) is scrambling to restore applications and operations that were impacted by a cyberattack.| SecurityWeek
Threat actors are exploiting a critical-severity vulnerability in DELMIA Apriso factory software, CISA warns.| SecurityWeek
HMI products made by Novakon are affected by serious vulnerabilities, and the vendor does not appear to have released any patches.| SecurityWeek
At least two ransomware groups exploited the Windows zero-day CVE-2025-29824 before it was patched by Microsoft.| SecurityWeek
Fortinet patches critical vulnerabilities, including a zero-day that has been exploited in the wild since at least November 2024.| SecurityWeek
Hackers have leaked 15,000 Fortinet firewall configurations, which were apparently obtained as a result of exploitation of CVE-2022–40684.| SecurityWeek
The vulnerability (CVE-2025-55177) was exploited along an iOS/macOS zero-day in suspected spyware attacks.| SecurityWeek
Payment solutions company KioSoft took a long time to address a serious vulnerability affecting some of its NFC-based cards.| SecurityWeek
Threat actors injected malicious code into multiple popular NPM packages after their maintainers fell for a well-crafted phishing email.| SecurityWeek
Apple has announced major mobile and desktop platform releases and addressed an exploited bug in older platforms.| SecurityWeek
The small Swiss town of Rolle acknowledged that it had underestimated the severity of a cyberattack, following reports the personal data of the entire population was exposed online| SecurityWeek
A massive hoard of internal chats has been leaked from Black Basta, rivalling the Conti leaks of late February 2022.| SecurityWeek
Fairmont Federal Credit Union notifying 187,000 individuals that their personal and financial information was stolen in a 2023 data breach.| SecurityWeek
Samsung’s September 2025 security updates for Android devices include a patch for a vulnerability that has been exploited in the wild.| SecurityWeek
SecurityWeek provides cybersecurity news and information to global enterprises, with expert insights & analysis for IT security professionals| SecurityWeek
Wireless carrier Cellcom has confirmed that a week-long widespread service outage is the result of a cyberattack.| SecurityWeek