Security Week
US Charges Russian Individuals and Firms for Running Cybercrime Services
The suspects and their companies were previously sanctioned by the United States and its allies.
The post US Charges Russian Individuals and Firms for Running Cybercrime Services appeared first on SecurityWeek.
Vulnerabilities Patched by Fortinet, Ivanti, ServiceNow
A critical security defect in the ServiceNow AI platform could allow remote attackers to execute arbitrary code.
The post Vulnerabilities Patched by Fortinet, Ivanti, ServiceNow appeared first on SecurityWeek.
White House Launches AI-Driven ‘Gold Eagle’ Vulnerability Coordination Initiative
The new program stems from an AI-focused Executive Order signed by President Trump on June 2.
The post White House Launches AI-Driven ‘Gold Eagle’ Vulnerability Coordination Initiative appeared first on SecurityWeek.
Progress Confirms Zero-Day Vulnerability Behind ShareFile Disruption
The company has rolled out a fix and is restoring access for Storage Zones Controller customers who apply it.
The post Progress Confirms Zero-Day Vulnerability Behind ShareFile Disruption appeared first on SecurityWeek.
ICS Patch Tuesday: Vulnerabilities Fixed by Siemens, Schneider, Rockwell
The industrial giants fixed dozens of vulnerabilities across their ICS products, with advisories also released by CISA and VDE CERT.
The post ICS Patch Tuesday: Vulnerabilities Fixed by Siemens, Schneider, Rockwell appeared first on SecurityWeek.
Critical Vulnerabilities Patched With Fresh Chrome 150, Firefox 152 Updates
Public exploit code targeting the Firefox flaws exists, but no in-the-wild exploitation has been observed.
The post Critical Vulnerabilities Patched With Fresh Chrome 150, Firefox 152 Updates appeared first on SecurityWeek.
SonicWall Issues Urgent SMA Patch Warning for Two Zero-Day Exploits
SonicWall SMA1000 zero-day vulnerabilities CVE-2026-15409 and CVE-2026-15410 can be exploited for remote code execution.
The post SonicWall Issues Urgent SMA Patch Warning for Two Zero-Day Exploits appeared first on SecurityWeek.
Microsoft Patches Record 622 Vulnerabilities, Including Two Exploited Zero-Days
Two flaws in Active Directory and SharePoint Server have been exploited as zero-days, and a BitLocker bug was publicly disclosed.
The post Microsoft Patches Record 622 Vulnerabilities, Including Two Exploited Zero-Days appeared first on SecurityWeek.
Synopsys Finds No Evidence of Data Breach Amid Bosch Hack Claims
The D1R cybercrime group claimed to have stolen valuable data from Synopsys and Bosch, threatening to leak it unless a ransom is paid.
The post Synopsys Finds No Evidence of Data Breach Amid Bosch Hack Claims appeared first on SecurityWeek.
Adobe Patches Critical ColdFusion Vulnerabilities
The ColdFusion security defects could allow attackers to execute arbitrary code or elevate their privileges.
The post Adobe Patches Critical ColdFusion Vulnerabilities appeared first on SecurityWeek.
7 Severe Vulnerabilities Patched in VMware Avi Load Balancer
The flaws can be exploited for authentication bypass, remote code execution, privilege escalation, and directory traversal.
The post 7 Severe Vulnerabilities Patched in VMware Avi Load Balancer appeared first on SecurityWeek.
Unpatched Claude for Chrome Flaw Lets Extensions Read Gmail, Calendar
A ClaudeBleed-linked vulnerability reportedly persists across eight patches, exposing potentially sensitive data to other extensions.
The post Unpatched Claude for Chrome Flaw Lets Extensions Read Gmail, Calendar appeared first on SecurityWeek.
SAP Patches Critical Vulnerabilities in NetWeaver, Approuter, Commerce Cloud
The flaws could allow attackers to access and modify data, and cause system unavailability and request-response desynchronization.
The post SAP Patches Critical Vulnerabilities in NetWeaver, Approuter, Commerce Cloud appeared first on SecurityWeek.
US, Allies Warn of Russian Cyberattacks Targeting Critical Infrastructure Routers
Multiple state-sponsored APTs are compromising poorly secured devices across critical infrastructure sector networks.
The post US, Allies Warn of Russian Cyberattacks Targeting Critical Infrastructure Routers appeared first on SecurityWeek.
Valarian Raises $50 Million for Sovereign Infrastructure Control Layer
UK-based cybersecurity firm Valarian has raised a total of $70 million for its ACRA technology.
The post Valarian Raises $50 Million for Sovereign Infrastructure Control Layer appeared first on SecurityWeek.
Multiple Jscrambler Packages Impacted by Supply Chain Attack
A threat actor poisoned several Jscrambler NPM package versions to drop a cross-platform credential stealer.
The post Multiple Jscrambler Packages Impacted by Supply Chain Attack appeared first on SecurityWeek.
Pentagon Suspends CMMC Phase 2 as It Rethinks Contractor Cybersecurity Rules
A new CMMC review and reform task force will conduct a comprehensive review of the program.
The post Pentagon Suspends CMMC Phase 2 as It Rethinks Contractor Cybersecurity Rules appeared first on SecurityWeek.
Hacker Conversations: Jesse McGraw (GhostExodus), From Blackhat Hacker to Redemption
Once a notorious blackhat hacker, McGraw shares his journey from high school hacking and prison to redemption as a cybersecurity advocate.
The post Hacker Conversations: Jesse McGraw (GhostExodus), From Blackhat Hacker to Redemption appeared first on SecurityWeek.
Cybersecurity M&A Roundup: 37 Deals Announced in June 2026
Significant cybersecurity M&A deals announced by 1Password, Accenture, Cisco, F5, Rubrik, and SailPoint.
The post Cybersecurity M&A Roundup: 37 Deals Announced in June 2026 appeared first on SecurityWeek.
RabbitMQ Vulnerability Threatens Enterprise Systems
Unauthenticated attackers could obtain the broker's confidential OAuth client secret, allowing them to take control of the broker.
The post RabbitMQ Vulnerability Threatens Enterprise Systems appeared first on SecurityWeek.
