News

SecurityWeek13h
AI Hallucinations Create a New Software Supply Chain Threat
AI-generated code tools are creating fake package names—opening the door to ‘slopsquatting’ attacks and pose a growing supply ...
SecurityWeek10h
Trend Micro Flags Incomplete Nvidia Patch That Leaves AI Containers Exposed
Trend Micro researchers flagging problems with Nvidia’s patch for a critical, code execution vulnerability in the Nvidia ...
SecurityWeek13h
Threat Actor Allegedly Selling Fortinet Firewall Zero-Day Exploit
A threat actor claims to offer a zero-day exploit for an unauthenticated remote code execution vulnerability in Fortinet ...
SecurityWeek14h
New ‘ResolverRAT’ Targeting Healthcare, Pharmaceutical Organizations
Organizations in the healthcare and pharmaceutical sectors have been targeted with ResolverRAT, a new malware family with advanced capabilities.
SecurityWeek17h
Malicious NPM Packages Target Cryptocurrency, PayPal Users
Threat actors have been publishing malicious NPM packages to steal the information and funds of PayPal and cryptocurrency wallet users.
SecurityWeek10h
Huntress Documents In-The-Wild Exploitation of Critical Gladinet Vulnerabilities
The flaw, tagged as CVE-2025-30406, was added to CISA’s Known Exploited Vulnerabilities (KEV) catalog in early April.
SecurityWeek5d
Groucho’s Wit, Cloud Complexity, and the Case for Consistent Security Policy
Those are my principles, and if you don’t like them…well, I have others.” Although the humor in this quote is obvious, the ...
SecurityWeek7dOpinion
PCI DSS 4.0.1: A Cybersecurity Blueprint by the Industry, for the Industry
PCI DSS 4.0.1 is a major new version but remains true to the council’s principles and focuses on 'What' Matters in ...
SecurityWeek3d
China Admitted to Volt Typhoon Cyberattacks on US Critical Infrastructure: Report
In a secret meeting between Chinese and US officials, the former confirmed conducting cyberattacks on US infrastructure.
SecurityWeek3d
Rising Tides: Bryson Bort on Cyber Entrepreneurship and the Needed Focus on Critical Infrastructure
Interview with Bryson Bort, CEO/Founder of SCYTHE and co-founder of ICS Village, a non-profit building awareness for critical ...
SecurityWeek6d
SAP Patches Critical Code Injection Vulnerabilities
SAP released 20 security notes on April 2025 patch day, including three addressing critical code injection and authentication ...
SecurityWeek5d
ICS Patch Tuesday: Vulnerabilities Addressed by Rockwell, ABB, Siemens, Schneider
Industrial giants Siemens, Rockwell, Schneider and ABB have released their March 2025 Patch Tuesday ICS security advisories.