SecurityWeek

The Adobe Patch Tuesday rollout covers 54 vulnerabilities, including code execution issues in the oft-targeted Adobe ColdFusion software.

The post Adobe Calls Urgent Attention to Critical ColdFusion Flaws appeared first on SecurityWeek.

Texas network access control startup closes a Series B round led by Updata Partners and brings the total raised to $60 million.

The post Network Access Vendor Portnox Secures $37.5 Million Investment appeared first on SecurityWeek.

San Francisco smart contract security startup closes a $6.75 million seed funding round led by Archetype and Winklevoss Capital.

The post Octane Raises $6.75M for Smart Contract Security Tech appeared first on SecurityWeek.

Spektion has emerged from stealth mode with $5 million in seed funding for its vulnerability management solution.

The post Vulnerability Management Firm Spektion Emerges From Stealth With $5 Million in Funding appeared first on SecurityWeek.

While often relegated to a purely functional role, DNS offers unparalleled opportunities for preemptive defense against cyberattacks.

The post DNS: The Secret Weapon CISOs May Be Overlooking In the Fight Against Cyberattacks appeared first on SecurityWeek.

Anecdotes has raised $55 million in an extended Series B funding round that brings the total raised by the company to $85 million. 

The post Anecdotes Raises $30 Million for Enterprise GRC Platform appeared first on SecurityWeek.

SAP released 20 security notes on April 2025 patch day, including three addressing critical code injection and authentication bypass flaws.

The post SAP Patches Critical Code Injection Vulnerabilities appeared first on SecurityWeek.

Silicon Valley startup secures big investment from Menlo Ventures and Mayfield Fund to solve the “shadow AI” security problem.

The post Aurascape Banks Hefty $50 Million to Mitigate ‘Shadow AI’ Risks appeared first on SecurityWeek.

An update for the WhatsApp desktop app for Windows patches CVE-2025-30401, a spoofing vulnerability that could be used to trick users.

The post WhatsApp Vulnerability Could Facilitate Remote Code Execution appeared first on SecurityWeek.

A sophisticated APT tracked as ToddyCat has exploited an ESET DLL search order hijacking vulnerability for malware delivery.

The post ESET Vulnerability Exploited for Stealthy Malware Execution appeared first on SecurityWeek.

The new funds will be used to extend Corsha’s reach into critical infrastructure and further improve its own use of AI.

The post Corsha Raises $18 Million to Enhance and Extend Machine-to-Machine Security appeared first on SecurityWeek.

Tailscale’s new Series C funding round brings the total raised by the company for its secure networking platform to $275 million.

The post Tailscale Raises $160 Million for Secure Networking Platform  appeared first on SecurityWeek.

More than 5,000 Ivanti Connect Secure appliances are vulnerable to attacks exploiting CVE-2025-22457, which has been used by Chinese hackers.

The post Exploited Vulnerability Puts 5,000 Ivanti VPN Appliances at Risk appeared first on SecurityWeek.

Android’s latest security update resolves two exploited Kernel vulnerabilities, as well as critical-severity bugs.

The post Android Update Patches Two Exploited Vulnerabilities appeared first on SecurityWeek.

Huntress has shared details on the post-exploitation activities of threat actors targeting the recent CrushFTP vulnerability.

The post Threat Actors Setting Up Persistent Access to Hosts Hacked in CrushFTP Attacks appeared first on SecurityWeek.

As PCI DSS 4.0.1 comes into force, it shows the power of industry collaboration in cybersecurity.

The post PCI DSS 4.0.1: A Cybersecurity Blueprint by the Industry, for the Industry appeared first on SecurityWeek.

Experimental Sec-Gemini v1 touts a combination of Google’s Gemini LLM capabilities with real-time security data and tooling from Mandiant.

The post Google Pushing ‘Sec-Gemini’ AI Model for Threat-Intel Workflows appeared first on SecurityWeek.

‘PoisonSeed’ phishing campaign targets CRM and bulk email providers to distribute “crypto seed phrase” messages.

The post CRM, Bulk Email Providers Targeted in Crypto Phishing Campaign appeared first on SecurityWeek.

NIST has marked pre-2018 CVEs in NVD as ‘Deferred’ and will no longer spend resources on enriching them.

The post NIST Puts Pre-2018 CVEs on Back Burner as It Works to Clear Backlog appeared first on SecurityWeek.

Explore industry moves and significant changes in the industry for the week of April 7, 2025. Stay updated with the latest industry trends and shifts.