Login
Runlayer Raises $30 Million in Series A Funding
The startupβs platform functions as a secure control layer, aiming to secure AI tools across enterprises.
The post Runlayer Raises $30 Million in Series A Funding appeared first on SecurityWeek.
Reading view
GitLab Patches Code Execution, Information Disclosure Vulnerabilities
The latest GitLab CE/EE updates address 13 vulnerabilities, including three high-severity defects.
The post GitLab Patches Code Execution, Information Disclosure Vulnerabilities appeared first on SecurityWeek.
25-Year-Old Vulnerability Patched in Curl
The latest version of the open source data transfer tool resolves 18 medium and low-severity vulnerabilities.
The post 25-Year-Old Vulnerability Patched in Curl appeared first on SecurityWeek.
NIST Opens Updated IoT Security Guidance to Public Review
The guidance aims to establish product cybersecurity requirements for IoT devices integrated into federal agenciesβ networks.
The post NIST Opens Updated IoT Security Guidance to Public Review appeared first on SecurityWeek.
Chrome 149 Update Resolves 18 Severe Vulnerabilities
More than half of the bugs are use-after-free defects, which can potentially lead to remote code execution.
The post Chrome 149 Update Resolves 18 Severe Vulnerabilities appeared first on SecurityWeek.
Critical Ubiquiti Vulnerabilities in Attackersβ Crosshairs
The flaws allow remote, unauthenticated attackers to make system changes, access underlying accounts, and inject commands.
The post Critical Ubiquiti Vulnerabilities in Attackersβ Crosshairs appeared first on SecurityWeek.
New βMisticβ RAT Opens Door to Several Ransomware Families
Mistic is used by Woodgnat, an initial access broker working with Qilin, Interlock, Rhysida, Akira, 8Base, and Black Basta.
The post New βMisticβ RAT Opens Door to Several Ransomware Families appeared first on SecurityWeek.
Exploitable CI/CD Vulnerabilities Expose Millions of Repositories to Hijacking
The security defects allow unauthenticated users to take control of the open source software supply chain.
The post Exploitable CI/CD Vulnerabilities Expose Millions of Repositories to Hijacking appeared first on SecurityWeek.
Data Exposure Flaws Threaten Dify AI Platform Used by 1 Million Apps
Attackers could abuse Dify's multi-tenant cloud service to read private chats, preview other tenants' documents, and reach internal APIs.
The post Data Exposure Flaws Threaten Dify AI Platform Used by 1 Million Apps appeared first on SecurityWeek.
FFmpeg PixelSmash Flaw Allows RCE on Video Players, Media Servers, NAS Appliances
Attackers can send crafted media files to execute code in any application that uses FFmpegβs libavcodec library.
The post FFmpeg PixelSmash Flaw Allows RCE on Video Players, Media Servers, NAS Appliances appeared first on SecurityWeek.
OpenAI Refocuses Cybersecurity Efforts on Patching Over Discovery
OpenAI has expanded its Daybreak cybersecurity initiative with a new suite of tools and partnerships.
The post OpenAI Refocuses Cybersecurity Efforts on Patching Over Discovery appeared first on SecurityWeek.
Russian Initial Access Broker Behind FortiBleed Campaign
Using a custom sniffer, the threat actor has captured over 110 million credentials since at least February 2026.
The post Russian Initial Access Broker Behind FortiBleed Campaign appeared first on SecurityWeek.
Attackers Exploit Gravity SMTP Plugin Flaw to Harvest Valuable WordPress Data
Vulnerable WordPress plugin iterations leak API keys, secrets, tokens, server information, and other data.
The post Attackers Exploit Gravity SMTP Plugin Flaw to Harvest Valuable WordPress Data appeared first on SecurityWeek.
North Korean Hackers Blamed for Mastra NPM Supply Chain Attack
A malicious dependency the attackers added to over 140 Mastra packages fetches a payload targeting cryptocurrency extensions.
The post North Korean Hackers Blamed for Mastra NPM Supply Chain Attack appeared first on SecurityWeek.
Fortinet Responds to FortiBleed Campaign
A database of over 86,000 confirmed working credentials was created during the credential-harvesting campaign.
The post Fortinet Responds to FortiBleed Campaign appeared first on SecurityWeek.
More Cybersecurity Firms Disclose Impact From Klue Hack
HackerOne, Huntress, Jamf, OneTrust, Recorded Future, Snyk, and Tanium are among the affected Klue customers.
The post More Cybersecurity Firms Disclose Impact From Klue Hack appeared first on SecurityWeek.
CryptoBandits Malware Doubles as a Backdoor, Abuses Tor
CryptoBandits uses a local SOCKS5 proxy for traffic routing, blending data theft with remote code execution.
The post CryptoBandits Malware Doubles as a Backdoor, Abuses Tor appeared first on SecurityWeek.
FortiBleed: 86,000 Fortinet Device Credentials Compromised
The large-scale credential theft campaign hit roughly half of the internet-accessible Fortinet firewalls and VPNs.
The post FortiBleed: 86,000 Fortinet Device Credentials Compromised appeared first on SecurityWeek.
Cybersecurity Firms Impacted by Klue Supply Chain Attack
The hackers exfiltrated data from Salesforce instances of Klue customers, such as Huntress and Recorded Future.
The post Cybersecurity Firms Impacted by Klue Supply Chain Attack appeared first on SecurityWeek.
15,000 WordPress Websites Cleaned Up in SocGholish Botnet TakedownΒ
Law enforcement and private partners took down 106 SocGholish C&C servers and domains as part of Operation Endgame.
The post 15,000 WordPress Websites Cleaned Up in SocGholish Botnet TakedownΒ appeared first on SecurityWeek.
