SecurityWeek
Microsoft Using AI to Uncover Critical Bootloader Vulnerabilities
Using the Security Copilot tool, Microsoft discovered 20 critical vulnerabilities in widely deployed open-source bootloaders.
The post Microsoft Using AI to Uncover Critical Bootloader Vulnerabilities appeared first on SecurityWeek.
Hackers Could Unleash Chaos Through Backdoor in China-Made Robot Dogs
An undocumented remote access backdoor in the Unitree Go1 Robot Dog allows remote control over the tunnel network and use of the vision cameras to see through their eyes.
The post Hackers Could Unleash Chaos Through Backdoor in China-Made Robot Dogs appeared first on SecurityWeek.
Hackers Looking for Vulnerable Palo Alto Networks GlobalProtect Portals
GreyNoise warns of a coordinated effort probing the internet for potentially vulnerable Palo Alto Networks GlobalProtect instances.
The post Hackers Looking for Vulnerable Palo Alto Networks GlobalProtect Portals appeared first on SecurityWeek.
Security Operations Firm ReliaQuest Raises $500M at $3.4B Valuation
ReliaQuest has announced a new growth funding round that brings the total raised by the firm to over $830 million.
The post Security Operations Firm ReliaQuest Raises $500M at $3.4B Valuation appeared first on SecurityWeek.
Ransomware Group Takes Credit for National Presto Industries Attack
A ransomware group has claimed responsibility for a March cyberattack on National Presto Industries subsidiary National Defense Corporation.
The post Ransomware Group Takes Credit for National Presto Industries Attack appeared first on SecurityWeek.
Critical Vulnerability Found in Canon Printer Drivers
Microsoft’s offensive security team warned Canon about a critical code execution vulnerability in printer drivers.
The post Critical Vulnerability Found in Canon Printer Drivers appeared first on SecurityWeek.
CrushFTP Blames Security Firms for Fast Exploitation of Vulnerability
Shadowserver has started seeing exploitation attempts aimed at a CrushFTP vulnerability tracked as CVE-2025-2825 and CVE-2025-31161.
The post CrushFTP Blames Security Firms for Fast Exploitation of Vulnerability appeared first on SecurityWeek.
Check Point Responds to Hacking Claims
Check Point has responded to a hacker’s claims of sensitive data theft, confirming an incident but saying that it had limited impact.
The post Check Point Responds to Hacking Claims appeared first on SecurityWeek.
Apple Patches Recent Zero-Days in Older iPhones
Apple has released a hefty round of security updates for its desktop and mobile products, patching two recent zero-days in older iPhone models.
The post Apple Patches Recent Zero-Days in Older iPhones appeared first on SecurityWeek.
France’s Antitrust Watchdog Fines Apple for Problems With App Tracking Transparency
France’s antitrust watchdog fined Apple 150 million euros ($162 million) over a privacy feature protecting users from apps snooping on them.
The post France’s Antitrust Watchdog Fines Apple for Problems With App Tracking Transparency appeared first on SecurityWeek.
Threat Actors Deploy WordPress Malware in ‘mu-plugins’ Directory
Sucuri has discovered multiple malware families deployed in the WordPress mu-plugins directory to evade routine security checks.
The post Threat Actors Deploy WordPress Malware in ‘mu-plugins’ Directory appeared first on SecurityWeek.
Zero to Hero – A “Measured” Approach to Building a World-Class Offensive Security Program
A strong security program will sometimes require substantial organizational and cultural changes around security practices, and inevitably, a higher cost.
The post Zero to Hero – A “Measured” Approach to Building a World-Class Offensive Security Program appeared first on SecurityWeek.
Hacker Leaks Samsung Customer Data
Hacker leaks 270,000 customer tickets allegedly stolen from Samsung Germany using long-compromised credentials.
The post Hacker Leaks Samsung Customer Data appeared first on SecurityWeek.
Part of EU’s New €1.3 Billion Investment Going to Cybersecurity
The European Commission plans on investing €1.3 billion ($1.4 billion) in cybersecurity, artificial intelligence and digital skills.
The post Part of EU’s New €1.3 Billion Investment Going to Cybersecurity appeared first on SecurityWeek.
‘Crocodilus’ Android Banking Trojan Allows Device Takeover, Data Theft
The newly identified Android banking trojan Crocodilus takes over devices, enabling overlay attacks, remote control, and keylogging.
The post ‘Crocodilus’ Android Banking Trojan Allows Device Takeover, Data Theft appeared first on SecurityWeek.
Industry Moves for the week of March 31, 2025 - SecurityWeek
CISA Analyzes Malware Used in Ivanti Zero-Day Attacks
CISA has published its analysis of Resurge, a SpawnChimera malware variant used in attacks targeting a recent Ivanti Connect Secure zero-day.
The post CISA Analyzes Malware Used in Ivanti Zero-Day Attacks appeared first on SecurityWeek.
170,000 Impacted by Data Breach at Chord Specialty Dental Partners
An email security incident at Chord Specialty Dental Partners, a US dental service organization, has impacted more than 170,000 people.
The post 170,000 Impacted by Data Breach at Chord Specialty Dental Partners appeared first on SecurityWeek.
Critical Condition: Legacy Medical Devices Remain Easy Targets for Ransomware
Analysis found that 99% of healthcare organizations are vulnerable to publicly available exploits.
The post Critical Condition: Legacy Medical Devices Remain Easy Targets for Ransomware appeared first on SecurityWeek.
9-Year-Old NPM Crypto Package Hijacked for Information Theft
Nearly a dozen crypto packages on NPM, including one published 9 years ago, have been hijacked to deliver infostealers.
The post 9-Year-Old NPM Crypto Package Hijacked for Information Theft appeared first on SecurityWeek.