Category: securityweek

A supply chain attack called GhostAction has enabled threat actors to steal secrets and exploit them. The post GitHub Workflows Attack Affects Hundreds of Repos, Thousands of Secrets appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read…

Read more →

The list of impacted cybersecurity firms has been expanded to include BeyondTrust, Bugcrowd, CyberArk, Cato Networks, JFrog, and Rubrik. The post Salesloft GitHub Account Compromised Months Before Salesforce Attack appeared first on SecurityWeek. This article has been indexed from SecurityWeek…

Read more →

The private repositories of hundreds of organizations were published publicly in the second phase of the Nx supply chain attack. The post Over 6,700 Private Repositories Made Public in Nx Supply Chain Attack appeared first on SecurityWeek. This article has…

Read more →

Canadian firm Wealthsimple says a data breach impacts the information of some customers, but accounts and funds remain secure. The post Fintech Firm Wealthsimple Says Supply Chain Attack Resulted in Data Breach appeared first on SecurityWeek. This article has been…

Read more →

Significant cybersecurity M&A deals announced by Accenture, CrowdStrike, F5, Okta, and SentinelOne. The post Cybersecurity M&A Roundup: 27 Deals Announced in August 2025 appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article: Cybersecurity M&A…

Read more →

Widespread adoption of AI coding tools accelerates development—but also introduces critical vulnerabilities that demand stronger governance and oversight. The post How to Close the AI Governance Gap in Software Development appeared first on SecurityWeek. This article has been indexed from…

Read more →

Called A2, the framework mimics human analysis to identify vulnerabilities in Android applications and then validates them. The post Academics Build AI-Powered Android Vulnerability Discovery and Validation Tool appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read…

Read more →

Noteworthy stories that might have slipped under the radar: Google fined €325 million, City of Baltimore sent $1.5 million to scammer, Bridgestone targeted in cyberattack. The post In Other News: Scammers Abuse Grok, US Manufacturing Attacks, Gmail Security Claims Debunked…

Read more →

The AI-powered automated penetration testing firm will invest the new funds in R&D, team expansion, and global scale. The post FireCompass Raises $20 Million for Offensive Security Platform appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read…

Read more →

The hackers were seen actively monitoring cyber threat intelligence to discover and rebuild exposed infrastructure. The post North Korean Hackers Targeted Hundreds in Fake Job Interview Attacks appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the…

Read more →

Proofpoint, SpyCloud, Tanium, and Tenable confirmed that hackers accessed information stored in their Salesforce instances. The post More Cybersecurity Firms Hit by Salesforce-Salesloft Drift Breach appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article:…

Read more →

A critical SAP S/4HANA code injection flaw tracked as CVE-2025-42957 and allowing full system takeover has been exploited in the wild. The post Recent SAP S/4HANA Vulnerability Exploited in Attacks appeared first on SecurityWeek. This article has been indexed from…

Read more →

Security researchers interested in participating in the 2026 Apple Security Research Device program can apply until October 31. The post Apple Seeks Researchers for 2026 iPhone Security Program appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read…

Read more →

An AI supply chain issue named Model Namespace Reuse can allow attackers to deploy malicious models and achieve code execution. The post AI Supply Chain Attack Method Demonstrated Against Google, Microsoft Products appeared first on SecurityWeek. This article has been…

Read more →

Marat Tyukov, Mikhail Gavrilov, and Pavel Akulov targeted US critical infrastructure and over 500 energy companies in 135 countries. The post US Offers $10 Million for Three Russian Energy Firm Hackers appeared first on SecurityWeek. This article has been indexed…

Read more →

The Israeli startup’s AI-powered no-code platform helps security teams design and deploy custom apps in minutes—tackling tool sprawl without heavy engineering. The post Sola Security Raises $35M to Bring No-Code App Building to Cybersecurity Teams appeared first on SecurityWeek. This…

Read more →

SBOM adoption will drive software supply chain security, decreasing risks and costs, and improving transparency. The post US, Allies Push for SBOMs to Bolster Cybersecurity appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article:…

Read more →

Google has observed ViewState deserialization attacks leveraging a sample machine key exposed in older deployment guides. The post Hackers Exploit Sitecore Zero-Day for Malware Delivery appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article:…

Read more →

Wytec’s website was defaced twice by unknown threat actors more than a week ago and it has yet to be brought back online. The post Wytec Expects Significant Financial Loss Following Website Hack appeared first on SecurityWeek. This article has…

Read more →

Elevation of privilege flaws in Android Runtime (CVE-2025-48543) and Linux kernel (CVE-2025-38352) have been exploited in targeted attacks. The post Two Exploited Vulnerabilities Patched in Android appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original…

Read more →