Search the Portal

Officials said data will now be classified as one of four categories: “public,” “sensitive,” “confidential” or “restricted.” The post Nevada Unveils New Statewide Data Classification Policy Months After Cyberattack appeared first on SecurityWeek.

Cybersecurity researchers have discovered what they said is the first known malicious Microsoft Outlook add-in detected in the wild. In this unusual supply chain attack detailed by Koi Security, an unknown attacker claimed the domain associated with a now-abandoned legitimate add-in to serve a fake Microsoft login page, stealing over 4,000 credentials in the process. The activity has been

Gain practical insights on balancing security, user experience, and operational efficiency while staying ahead of increasingly sophisticated threats. The post Webinar Today: Identity Under Attack – Strengthen Your Identity Defenses appeared first on SecurityWeek.

Indian defense sector and government-aligned organizations have been targeted by multiple campaigns that are designed to compromise Windows and Linux environments with remote access trojans capable of stealing sensitive data and ensuring continued access to infected machines. The campaigns are characterized by the use of malware families like Geta RAT, Ares RAT, and DeskRAT, which are often

The secrets security company has raised more than $100 million since its creation in 2017. The post GitGuardian Raises $50 Million for Secrets and Non-Human Identity Security appeared first on SecurityWeek.

The Conduent data breach affects at least 25 million individuals, up from 10 million estimated a few months ago. The post Conduent Breach Hits Volvo Group: Nearly 17,000 Employees’ Data Exposed appeared first on SecurityWeek.

The startup relies on AI agents to identify software vulnerabilities and validate them before reporting. The post Zast.AI Raises $6 Million for AI-Powered Code Security appeared first on SecurityWeek.

It's Patch Tuesday, which means a number of software vendors have released patches for various security vulnerabilities impacting their products and services. Microsoft issued fixes for 59 flaws, including six actively exploited zero-days in various Windows components that could be abused to bypass security features, escalate privileges, and trigger a denial-of-service (DoS) condition. Elsewhere

Security failures don’t always start with attackers, sometimes they start with missing truth. The post Security in the Dark: Recognizing the Signs of Hidden Information appeared first on SecurityWeek.

After a decade and a half of service, the current certificates will expire, and new ones will be rolled out. The post Microsoft to Refresh Windows Secure Boot Certificates in June 2026 appeared first on SecurityWeek.

Day became a professional hacker by choice. But that doesn’t mean he isn’t a natural hacker. The post Hacker Conversations: Professional Hacker Douglas Day appeared first on SecurityWeek.

It also fixed a high-severity authentication bypass that could be exploited remotely without authentication to obtain credentials. The post Ivanti Patches Endpoint Manager Vulnerabilities Disclosed in October 2025 appeared first on SecurityWeek.

Intentionally vulnerable training applications are widely used for security education, internal testing, and product demonstrations. Tools such as OWASP Juice Shop, DVWA, Hackazon, and bWAPP are designed to be insecure by default, making them useful for learning how common attack techniques work in controlled environments. The issue is not the applications themselves, but how they are often

More than two dozen advisories have been published by the chip giants for vulnerabilities found recently in their products. The post Chipmaker Patch Tuesday: Over 80 Vulnerabilities Addressed by Intel and AMD appeared first on SecurityWeek.