News

[[{"value":"Closed CISO communities act as an information exchange, advice center, pressure valve, and safe haven from critical oversight. The post CISO Communities – Cybersecurity’s Secret Weapon appeared first on SecurityWeek."}]] Read…

 Threat actors have been actively exploiting a critical path-traversal vulnerability in Fortinet’s FortiWeb web application firewall since early October 2025, allowing unauthenticated attackers to create rogue administrator accounts and gain full control…

[[{"value":"The e-commerce and logistics company was targeted by the RansomHouse ransomware group in October.  The post 700,000 Records Compromised in Askul Ransomware Attack appeared first on SecurityWeek."}]] Read More  

[[{"value":"The fresh investment comes less than six months after the startup’s seed funding announcement. The post Echo Raises $35 Million in Series A Funding appeared first on SecurityWeek."}]] Read More  

[[{"value":"The company plans to accelerate product development, scale go-to-market efforts, and hire new talent. The post Verisoul Raises $8.8 Million for Fraud Prevention appeared first on SecurityWeek."}]] Read More  

 A new local privilege escalation vulnerability in Microsoft’s Windows Admin Center (WAC), affecting versions up to 2.4.2.1 and environments running WAC 2411 and earlier. Tracked as CVE-2025-64669, the flaw stems…

This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Dec. 16, 2025 –Read the full story from BreachLock Integrating LLMs (large language models) with enterprise applications…

 NoName057(16), also known as 05716nnm or NoName05716, has emerged as a significant threat targeting NATO member states and European organizations. The group, which originated as a covert project within Russia’s…

[[{"value":"After years of exploiting zero-day and n-day vulnerabilities, Russian state-sponsored threat actors are shifting to misconfigured devices. The post Amazon: Russian Hackers Now Favor Misconfigurations in Critical Infrastructure Attacks appeared…

 The dark web landscape constantly shifts between emerging platforms and sudden closures, often driven by the very anonymity they promise. On November 21, 2025, a new contender named Omertà Market…

 FreePBX has addressed critical vulnerabilities enabling authentication bypass and remote code execution in its Endpoint Manager module. Discovered by Horizon3.ai researchers, these flaws affect telephony endpoint configurations in the open-source…

Amazon's threat intelligence team has disclosed details of a "years-long" Russian state-sponsored campaign that targeted Western critical infrastructure between 2021 and 2025. Targets of the campaign included energy sector organizations across Western nations, critical infrastructure providers in North America and Europe, and entities with cloud-hosted network infrastructure. The activity has

 The cybersecurity landscape has once again been rattled by a subtle yet dangerous supply chain attack. A malicious NuGet package named Tracer.Fody.NLog was discovered masquerading as a legitimate .NET tracing…

 ConnectWise has issued a security update for ScreenConnect™ to address a critical vulnerability that could enable attackers to expose sensitive configuration data and install untrusted extensions. The flaw, identified as…

[[{"value":"The issue allows attackers to write arbitrary data to any file, or delete arbitrary files to obtain System privileges. The post JumpCloud Remote Assist Vulnerability Can Expose Systems to Takeover…