SecurityWeek

In Other News: Canadian Hacker Jailed, Open Source Zero-Days, Two Sentenced for ATM Jackpotting

Security Week - 9 hours 12 min ago

Noteworthy stories that might have slipped under the radar: Anonymous-linked Canadian hacker jailed, researcher drops zero-days in open source projects, Venezuelans sentenced in the US over ATM jackpotting.

The post In Other News: Canadian Hacker Jailed, Open Source Zero-Days, Two Sentenced for ATM Jackpotting appeared first on SecurityWeek.

Categories: SecurityWeek

Agentic AI Used to Conduct Ransomware Attack via Langflow

Security Week - 13 hours 23 min ago

Attack demonstrates how LLM agents can combine known exploitation techniques with real-time reasoning to automate complex, multi-stage intrusions.

The post Agentic AI Used to Conduct Ransomware Attack via Langflow appeared first on SecurityWeek.

Categories: SecurityWeek

Medtronic Data Breach Impacts 3.8 Million People

Security Week - 14 hours 23 min ago

In April, ShinyHunters accessed the company’s corporate IT systems and stole patients’ personal and medical information.

The post Medtronic Data Breach Impacts 3.8 Million People appeared first on SecurityWeek.

Categories: SecurityWeek

Alleged Scattered Spider Hacker Extradited to US

Security Week - 14 hours 53 min ago

Prosecutors say 19-year-old Peter Stokes was a member of Scattered Spider, the hacking group linked to more than 100 network intrusions and over $100 million in ransom payments.

The post Alleged Scattered Spider Hacker Extradited to US appeared first on SecurityWeek.

Categories: SecurityWeek

Google, FBI Disrupt NetNut Residential Proxy Network Powered by Millions of Devices

Security Week - 16 hours 10 min ago

NetNut rented access to millions of compromised devices, allowing cybercriminals and nation-state actors to mask their identities during attacks.

The post Google, FBI Disrupt NetNut Residential Proxy Network Powered by Millions of Devices appeared first on SecurityWeek.

Categories: SecurityWeek

Critical Cursor AI Code Editor Flaws Could Lead to OS-Level Remote Code Execution

Security Week - 16 hours 25 min ago

The DuneSlide vulnerabilities enable zero-click prompt injection attacks that escape Cursor's sandbox and execute arbitrary code on the underlying operating system.

The post Critical Cursor AI Code Editor Flaws Could Lead to OS-Level Remote Code Execution appeared first on SecurityWeek.

Categories: SecurityWeek

New CitrixBleed Vulnerability Exploited Immediately After Public Disclosure

Security Week - Thu, 07/02/2026 - 11:04am

Hackers are targeting NetScaler appliances using public PoC code to retrieve arbitrary memory content in the HTTP response.

The post New CitrixBleed Vulnerability Exploited Immediately After Public Disclosure appeared first on SecurityWeek.

Categories: SecurityWeek

How to Conduct a Successful Audit of AI-Driven Software Development

Security Week - Thu, 07/02/2026 - 9:15am

As AI-generated code becomes commonplace, CISOs need new audit strategies to measure developer practices, govern AI tool usage, and identify software risks before they reach production.

The post How to Conduct a Successful Audit of AI-Driven Software Development appeared first on SecurityWeek.

Categories: SecurityWeek

FortiBleed Campaign Linked to INC, Lynx Ransomware Attacks

Security Week - Thu, 07/02/2026 - 8:34am

Researchers say credentials harvested from hundreds of thousands of FortiGate firewalls are being used to facilitate ransomware attacks by the INC and Lynx operations.

The post FortiBleed Campaign Linked to INC, Lynx Ransomware Attacks appeared first on SecurityWeek.

Categories: SecurityWeek

Trump Administration Lifts Restrictions on Anthropic’s Claude Models After Cybersecurity Alarm

Security Week - Thu, 07/02/2026 - 7:01am

Anthropic said Tuesday night that its AI model called Claude Fable 5 is now widely available.

The post Trump Administration Lifts Restrictions on Anthropic’s Claude Models After Cybersecurity Alarm appeared first on SecurityWeek.

Categories: SecurityWeek

Cisco Confirms In-the-Wild Exploitation of Unified CM Vulnerability

Security Week - Thu, 07/02/2026 - 6:48am

A PoC exploit has been available since public disclosure, and the first exploitation attempts were observed last week.

The post Cisco Confirms In-the-Wild Exploitation of Unified CM Vulnerability appeared first on SecurityWeek.

Categories: SecurityWeek

‘BioShocking’ Attack Tricks AI Browsers Into Stealing Credentials

Security Week - Thu, 07/02/2026 - 6:45am

Researchers show how context manipulation can cause agentic browsers to abandon safety guardrails and exfiltrate sensitive credentials.

The post ‘BioShocking’ Attack Tricks AI Browsers Into Stealing Credentials appeared first on SecurityWeek.

Categories: SecurityWeek

CISA Warns of Actively Exploited Microsoft SharePoint Vulnerability

Security Week - Thu, 07/02/2026 - 6:30am

CISA says threat actors are exploiting a recently patched SharePoint remote code execution vulnerability (CVE-2026-45659).

The post CISA Warns of Actively Exploited Microsoft SharePoint Vulnerability appeared first on SecurityWeek.

Categories: SecurityWeek

Microsoft Adds New Teams Controls to Block Unauthorized AI Bots From Meetings

Security Week - Wed, 07/01/2026 - 2:08pm

Microsoft's new Teams admin policy requires organizer approval for external AI bots, giving organizations greater visibility and control over automated participants in sensitive meetings.

The post Microsoft Adds New Teams Controls to Block Unauthorized AI Bots From Meetings appeared first on SecurityWeek.

Categories: SecurityWeek

Adobe Patches Critical ColdFusion, Campaign Classic Vulnerabilities

Security Week - Wed, 07/01/2026 - 7:27am

Seven of the security defects have a maximum severity rating of 10/10 and could lead to arbitrary code execution.

The post Adobe Patches Critical ColdFusion, Campaign Classic Vulnerabilities appeared first on SecurityWeek.

Categories: SecurityWeek

Citrix Patches NetScaler Vulnerabilities, Including New ‘HTTP/2 Bomb’ Attack

Security Week - Wed, 07/01/2026 - 7:20am

Citrix urges customers to patch NetScaler after fixing six vulnerabilities, including the HTTP/2 Bomb flaw and a high-severity CitrixBleed-style information disclosure bug.

The post Citrix Patches NetScaler Vulnerabilities, Including New ‘HTTP/2 Bomb’ Attack appeared first on SecurityWeek.

Categories: SecurityWeek

Frontier AI: Six Questions Every Enterprise Should Ask Security Vendors

Security Week - Wed, 07/01/2026 - 6:00am

From model selection and automation to validation and measurable results, the right questions can help enterprises separate genuine AI capabilities from marketing hype.

The post Frontier AI: Six Questions Every Enterprise Should Ask Security Vendors appeared first on SecurityWeek.

Categories: SecurityWeek

Apple Patches Dozens of Vulnerabilities Across iOS, macOS, and Safari

Security Week - Wed, 07/01/2026 - 5:30am

The updates fix vulnerabilities in WebKit, the kernel, WebRTC, Web Extensions, and other components affecting iPhone, iPad, Mac, and Safari users.

The post Apple Patches Dozens of Vulnerabilities Across iOS, macOS, and Safari appeared first on SecurityWeek.

Categories: SecurityWeek

Dawnguard Raises $6.3 Million for Security Architecture Automation Platform

Security Week - Wed, 07/01/2026 - 4:55am

The company has publicly launched its solution to help organizations design, build, and operate secure cloud systems.

The post Dawnguard Raises $6.3 Million for Security Architecture Automation Platform appeared first on SecurityWeek.

Categories: SecurityWeek

Massive Password Spray Campaign Targeting Azure CLI

Security Week - Wed, 07/01/2026 - 3:46am

Hackers were seen making over 81 million login attempts originating from systems associated with hosting provider LSHIY.

The post Massive Password Spray Campaign Targeting Azure CLI appeared first on SecurityWeek.

Categories: SecurityWeek

Pages