Search the Portal

From open source libraries to AI-powered coding assistants, speed-driven development is introducing new third-party risks that threat actors are increasingly exploiting. The post From Open Source to OpenAI: The Evolution of Third-Party Risk appeared first on SecurityWeek.

An ongoing campaign has been observed targeting Amazon Web Services (AWS) customers using compromised Identity and Access Management (IAM) credentials to enable cryptocurrency mining. The activity, first detected by Amazon's GuardDuty managed threat detection service and its automated security monitoring systems on November 2, 2025, employs never-before-seen persistence techniques to hamper

Cybersecurity researchers have discovered a new malicious NuGet package that typosquats and impersonates the popular .NET tracing library and its author to sneak in a cryptocurrency wallet stealer. The malicious package, named "Tracer.Fody.NLog," remained on the repository for nearly six years. It was published by a user named "csnemess" on February 26, 2020. It masquerades as "Tracer.Fody,"

Closed CISO communities act as an information exchange, advice center, pressure valve, and safe haven from critical oversight. The post CISO Communities – Cybersecurity’s Secret Weapon appeared first on SecurityWeek.

The e-commerce and logistics company was targeted by the RansomHouse ransomware group in October. The post 700,000 Records Compromised in Askul Ransomware Attack appeared first on SecurityWeek.

The fresh investment comes less than six months after the startup’s seed funding announcement. The post Echo Raises $35 Million in Series A Funding appeared first on SecurityWeek.

The company plans to accelerate product development, scale go-to-market efforts, and hire new talent. The post Verisoul Raises $8.8 Million for Fraud Prevention appeared first on SecurityWeek.

After years of exploiting zero-day and n-day vulnerabilities, Russian state-sponsored threat actors are shifting to misconfigured devices. The post Amazon: Russian Hackers Now Favor Misconfigurations in Critical Infrastructure Attacks appeared first on SecurityWeek.

Amazon's threat intelligence team has disclosed details of a "years-long" Russian state-sponsored campaign that targeted Western critical infrastructure between 2021 and 2025. Targets of the campaign included energy sector organizations across Western nations, critical infrastructure providers in North America and Europe, and entities with cloud-hosted network infrastructure. The activity has

The issue allows attackers to write arbitrary data to any file, or delete arbitrary files to obtain System privileges. The post JumpCloud Remote Assist Vulnerability Can Expose Systems to Takeover appeared first on SecurityWeek.

AI-assisted coding and AI app generation platforms have created an unprecedented surge in software development. Companies are now facing rapid growth in both the number of applications and the pace of change within those applications. Security and privacy teams are under significant pressure as the surface area they must cover is expanding quickly while their staffing levels remain largely

Threat actors have begun to exploit two newly disclosed security flaws in Fortinet FortiGate devices, less than a week after public disclosure. Cybersecurity company Arctic Wolf said it observed active intrusions involving malicious single sign-on (SSO) logins on FortiGate appliances on December 12, 2025. The attacks exploit two critical authentication bypasses (CVE-2025-59718 and CVE-2025-59719

SoundCloud said the information of 20% of users was accessed by hackers who breached its systems. The post User Data Compromised in SoundCloud Hack appeared first on SecurityWeek.

Threat actors are exploiting the two critical authentication bypass vulnerabilities against FortiGate appliances. The post In-the-Wild Exploitation of Fresh Fortinet Flaws Begins appeared first on SecurityWeek.