Search the Portal

The Experience Manager security update resolves 117 vulnerabilities, including 116 identified as cross-site scripting (XSS) bugs. The post Adobe Patches Nearly 140 Vulnerabilities appeared first on SecurityWeek.

Microsoft has addressed a Windows vulnerability exploited as zero-day that allows attackers to obtain System privileges. The post Microsoft Patches 57 Vulnerabilities, Three Zero-Days appeared first on SecurityWeek.

Promotions across Microsoft’s security organization reinforce the company’s shift toward AI-driven defense and tighter operational oversight under Global CISO Igor Tsyganskiy. The post Microsoft Names New Operating CISOs in Strategic Move to Strengthen Cyberdefense appeared first on SecurityWeek.

Threat actors with ties to North Korea have likely become the latest to exploit the recently disclosed critical security React2Shell flaw in React Server Components (RSC) to deliver a previously undocumented remote access trojan dubbed EtherRAT. "EtherRAT leverages Ethereum smart contracts for command-and-control (C2) resolution, deploys five independent Linux persistence mechanisms, and

The AI-powered platform autonomously conducts security design reviews and proactively identifies design flaws across development work. The post Prime Security Raises $20 Million to Build Agentic Security Architect appeared first on SecurityWeek.

Learn how GRC and SOC teams can turn shared threat intelligence into faster action, clearer communication, and stronger organizational resilience. The post Webinar Today: Inside the First 72 hours of a Cyber Event appeared first on SecurityWeek.

Four distinct threat activity clusters have been observed leveraging a malware loader known as CastleLoader, strengthening the previous assessment that the tool is offered to other threat actors under a malware-as-a-service (MaaS) model. The threat actor behind CastleLoader has been assigned the name GrayBravo by Recorded Future's Insikt Group, which was previously tracking it as TAG-150.

North Korean threat actors are believed to be behind CVE-2025-55182 exploitation delivering EtherRAT. The post React2Shell Attacks Linked to North Korean Hackers appeared first on SecurityWeek.

The funding round was led by KKR, with participation from Sixth Street Growth, TenEleven, and Carrick Capital Partners. The post Identity Security Firm Saviynt Raises $700 Million at $3 Billion Valuation appeared first on SecurityWeek.

The threat actor known as Storm-0249 is likely shifting from its role as an initial access broker to adopt a combination of more advanced tactics like domain spoofing, DLL side-loading, and fileless PowerShell execution to facilitate ransomware attacks. "These methods allow them to bypass defenses, infiltrate networks, maintain persistence, and operate undetected, raising serious concerns for

The US seeks information on the leader of Emennet Pasargad, Mohammad Bagher Shirinkar, and long-time employee Fatemeh Sedighian Kashi. The post US Posts $10 Million Bounty for Iranian Hackers appeared first on SecurityWeek.

Proofpoint said Hornetsecurity brings in nearly $200 million in annual recurring revenue, with a 20% year-over-year growth rate. The post Proofpoint Completes $1.8 Billion Acquisition of Hornetsecurity appeared first on SecurityWeek.

The botnet attempts to steal credentials from infected TBK DVR devices, in addition to abusing them to launch DDoS attacks. The post New ‘Broadside’ Botnet Poses Risk to Shipping Companies appeared first on SecurityWeek.

Zero Trust helps organizations shrink their attack surface and respond to threats faster, but many still struggle to implement it because their security tools don’t share signals reliably. 88% of organizations admit they’ve suffered significant challenges in trying to implement such approaches, according to Accenture. When products can’t communicate, real-time access decisions break down. The