The medium-severity flaw has been exploited in combination with a critical bug for remote code execution.

The post SonicWall Patches Exploited SMA 1000 Zero-Day appeared first on SecurityWeek.

The malware provides full device control and real-time surveillance capabilities like those of advanced spyware.

The post New $150 Cellik RAT Grants Android Control, Trojanizes Google Play Apps appeared first on SecurityWeek.

Led by Bain Capital Ventures, the investment round brings the total raised by the company to $146.5 million.

The post Adaptive Security Raises $81 Million in Series B Funding appeared first on SecurityWeek.

The malware hijacks purchase commissions, tracks users, removes security headers, injects hidden iframes, and bypasses CAPTCHA.

The post GhostPoster Firefox Extensions Hide Malware in Icons appeared first on SecurityWeek.

The startup takes an agentic approach to preventing vulnerability exploitation by uncovering exposure across assets.

The post Dux Emerges From Stealth Mode With $9 Million in Funding appeared first on SecurityWeek.

The fresh investment comes less than six months after the startup’s seed funding announcement.

The post Echo Raises $35 Million in Series A Funding appeared first on SecurityWeek.

The company plans to accelerate product development, scale go-to-market efforts, and hire new talent.

The post Verisoul Raises $8.8 Million for Fraud Prevention appeared first on SecurityWeek.

The issue allows attackers to write arbitrary data to any file, or delete arbitrary files to obtain System privileges.

The post JumpCloud Remote Assist Vulnerability Can Expose Systems to Takeover appeared first on SecurityWeek.

Threat actors are exploiting the two critical authentication bypass vulnerabilities against FortiGate appliances.

The post In-the-Wild Exploitation of Fresh Fortinet Flaws Begins appeared first on SecurityWeek.

The sovereign smartphone OS runs along Android or iOS, allowing users to switch between secure, isolated environments.

The post Soverli Raises $2.6 Million for Secure Smartphone OS appeared first on SecurityWeek.

Atlassian has released software updates for Bamboo, Bitbucket, Confluence, Crowd, Fisheye/Crucible, and Jira.

The post Atlassian Patches Critical Apache Tika Flaw appeared first on SecurityWeek.

Nathan Austad admitted in court to launching a credential stuffing attack against a fantasy sports and betting website.

The post Third DraftKings Hacker Pleads Guilty appeared first on SecurityWeek.

Hackers stole names, addresses, dates of birth, and Social Security numbers from the credit report and identity verification services provider.

The post 700Credit Data Breach Impacts 5.8 Million Individuals appeared first on SecurityWeek.

Threat actors have hacked at least nine organizations by exploiting the recently patched Gladinet CentreStack flaw.

The post Gladinet CentreStack Flaw Exploited to Hack Organizations appeared first on SecurityWeek.

Because user input is not sufficiently sanitized, attackers could exploit the flaw to define external entities within an XML request.

The post Recent GeoServer Vulnerability Exploited in Attacks appeared first on SecurityWeek.

XSS remains the top software weakness, followed by SQL injection and CSRF. Buffer overflow issues and improper access control make it to top 25.

The post MITRE Releases 2025 List of Top 25 Most Dangerous Software Vulnerabilities appeared first on SecurityWeek.

All critical vulnerabilities in Microsoft, third-party, and open source code are eligible for rewards if they impact Microsoft services.

The post Microsoft Bug Bounty Program Expanded to Third-Party Code appeared first on SecurityWeek.

Danielle Hillmer allegedly concealed the fact that her employer’s cloud platform did not meet DoD requirements.

The post Former Accenture Employee Charged Over Cybersecurity Fraud appeared first on SecurityWeek.

In April 2025, hackers stole personal information belonging to patrons and employees and their family members.

The post Pierce County Library Data Breach Impacts 340,000 appeared first on SecurityWeek.

The exploited flaw allows attackers to overwrite files outside the repository, leading to remote code execution.

The post Unpatched Gogs Zero-Day Exploited for Months appeared first on SecurityWeek.