Sotheby's has disclosed a data breach impacting personal information, including SSNs.

The post Hackers Steal Sensitive Data From Auction House Sotheby’s appeared first on SecurityWeek.

Hackers stole names, addresses, dates of birth, email addresses, Social Security numbers, government IDs, and other information.

The post Prosper Data Breach Impacts 17.6 Million Accounts appeared first on SecurityWeek.

A public PoC existed when Adobe patched the Experience Manager Forms (AEM Forms) bug in early August.

The post Organizations Warned of Exploited Adobe AEM Forms Vulnerability appeared first on SecurityWeek.

More information has come to light on the cyberattack disclosed this week by F5, including on attribution and potential risks.

The post F5 Hack: Attack Linked to China, BIG-IP Flaws Patched, Governments Issue Alerts  appeared first on SecurityWeek.

The tech giant has rolled out fixes for 173 CVEs, including five critical-severity security defects.

The post Microsoft Patches 173 Vulnerabilities, Including Exploited Windows Flaws appeared first on SecurityWeek.

SecurityWeek talks to Microsoft Deputy CISOs Ann Johnson and Mark Russinovich.

The post CISO Conversations: Are Microsoft’s Deputy CISOs a Signpost to the Future? appeared first on SecurityWeek.

Apple has announced significant updates to its bug bounty program, including new categories and target flags.

The post Apple Bug Bounty Update: Top Payout $2 Million, $35 Million Paid to Date appeared first on SecurityWeek.

The hackers claim the theft of over 2 million photos of government identification documents provided to Discord for age verification.

The post Discord Says 70,000 Users Had IDs Exposed in Recent Data Breach appeared first on SecurityWeek.

The new product is called CodeMender and it can rewrite vulnerable code to prevent future exploits. 

The post Google DeepMind’s New AI Agent Finds and Fixes Vulnerabilities  appeared first on SecurityWeek.

Hundreds of internet-exposed Oracle E-Business Suite instances may still be vulnerable to attacks.

The post Exploitation of Oracle EBS Zero-Day Started 2 Months Before Patching appeared first on SecurityWeek.

The Year 2036/2038 problem is a bug that will be triggered in more than a decade, but hackers could exploit it today against ICS and consumer devices.

The post The Y2K38 Bug Is a Vulnerability, Not Just a Date Problem, Researchers Warn appeared first on SecurityWeek.

Salesforce says the extortion attempts are related to past or unsubstantiated incidents, and not to fresh intrusions.

The post Hackers Extorting Salesforce After Stealing Data From Dozens of Customers appeared first on SecurityWeek.

Oracle has informed customers that it has patched a critical remote code execution vulnerability tracked as CVE-2025-61882.

The post Oracle E-Business Suite Zero-Day Exploited in Cl0p Attacks appeared first on SecurityWeek.

The software giant’s investigation showed that vulnerabilities patched in July 2025 may be involved.

The post Oracle Says Known Vulnerabilities Possibly Exploited in Recent Extortion Attacks appeared first on SecurityWeek.

Hackers claim to have stolen 28,000 private repositories, including data associated with major companies that use Red Hat services.

The post Red Hat Confirms GitLab Instance Hack, Data Theft appeared first on SecurityWeek.

Executives at major firms received extortion threats alleging theft of sensitive data from Oracle EBS, with possible ties to Cl0p and FIN11.

The post Hackers Launch Extortion Campaign Targeting Oracle E-Business Suite Customers appeared first on SecurityWeek.

Impacting VMware Aria Operations and VMware Tools, the flaw can be exploited to elevate privileges on the VM.

The post Broadcom Fails to Disclose Zero-Day Exploitation of VMware Vulnerability appeared first on SecurityWeek.

Flynn has been DeepMind’s VP of security since May 2024. Before then he had been a CISO with Amazon, CISO at Uber, and director of information security at Facebook.

The post CISO Conversations: John ‘Four’ Flynn, VP of Security at Google DeepMind appeared first on SecurityWeek.

The incident has resulted in a system failure that impacted orders and shipments in Japan, and call center operations.

The post Cyberattack on Beer Giant Asahi Disrupts Production  appeared first on SecurityWeek.

The CISA is set to expire on September 30, 2025, raising urgent questions about risk, politics, and the future of threat intelligence.

The post The Cybersecurity Information Sharing Act Faces Expiration appeared first on SecurityWeek.