SecurityWeek

SecurityWeek is a reliable source for news and articles from experts in information security. It is well-respected among senior information security leaders, researchers, and service providers. The content on SecurityWeek emphasizes strategies, methods, research, and data related to security. Additionally, it covers topics such as online privacy, compliance, cybercrime, and emerging security trends.

International

English

Online/Digital

Outlet metrics

Domain Authority

Ranking

Global

#155746

United States

#57710

Computers Electronics and Technology/Computer Security

#163

Traffic sources

Monthly visitors

Articles

Cy4Data Labs Raises $10 Million to Secure Data in Use

6 days ago | securityweek.com | Ionut Arghire

California-based data protection startup Cy4Data Labs on Thursday announced raising $10 million in a Series A funding round led by Pelion Venture Partners. This is the first investment round for the company. Cy4Data Labs has built a solution that can protect data across on-premises, cloud, and SaaS environments, even when in use, by keeping it always encrypted, using NIST-approved standards.
Ahold Delhaize Confirms Data Stolen in Ransomware Attack

6 days ago | securityweek.com | Ionut Arghire

Dutch food giant Ahold Delhaize on Thursday announced that data was stolen from its systems during a November 2024 cyberattack. The incident occurred in early November, impacting Giant Food pharmacies and Hannaford supermarkets and knocking Hannaford’s ecommerce portal offline. The Ahold Delhaize-owned stores, however, remained open.
Fresh Windows NTLM Vulnerability Exploited in Attacks

6 days ago | securityweek.com | Ionut Arghire

The exploitation of a Windows NTLM vulnerability started roughly a week after patches were released last month, Check Point warns. Tracked as CVE-2025-24054 (CVSS score of 6.5) and resolved on March 2025 Patch Tuesday, the medium-severity flaw could allow NTLM hash disclosure, enabling attackers to perform spoofing attacks over a network. According to Microsoft’s advisory, successful exploitation of the bug requires minimal interaction from the user.
Man Helped Chinese Nationals Get Jobs Involving Sensitive US Government Projects

1 week ago | securityweek.com | Ionut Arghire

A Maryland man admitted in court to obtaining remote IT work at US companies on behalf of individuals located in China. As part of the scheme, the man, Minh Phuong Ngoc Vong, 40, of Bowie, defrauded 13 US companies that hired him as a remote software developer, by allowing others to use company-provided assets to do the IT work and receive payment for it.
Vulnerabilities Patched in Atlassian, Cisco Products

1 week ago | securityweek.com | Ionut Arghire

Atlassian and Cisco this week announced patches for multiple high-severity vulnerabilities in their products, including flaws leading to remote code execution. Atlassian released seven updates that address four high-severity flaws impacting third-party dependencies in Bamboo, Confluence, and Jira, including some that were publicly disclosed nearly six years ago.
Chinese APT Mustang Panda Updates, Expands Arsenal

1 week ago | securityweek.com | Ionut Arghire

The Chinese espionage-focused APT tracked as Mustang Panda has used an updated backdoor and several new tools in a recent attack, cybersecurity firm Zscaler reports. Active for over a decade, the state-sponsored hacking group, also tracked as Basin, Bronze President, Earth Preta, and Red Delta, is known for targeting government and military entities, as well as NGOs and minority groups, mainly in East Asia, but also in Europe.
MITRE Hackers' Backdoor Has Targeted Windows for Years

1 week ago | securityweek.com | Ionut Arghire

Newly identified versions of the BrickStorm backdoor used in the MITRE hack in early 2024 are targeting Windows environments, cybersecurity firm Nviso warns. To hack MITRE, a Chinese APT tracked as UNC5221 exploited two zero-day vulnerabilities in an Ivanti Connect Secure VPN as early as December 31, 2023, following up with fingerprinting in January 4, 2024, and lateral movement and malware deployment in the next few days.
Krebs Exits SentinelOne After Security Clearance Pulled

1 week ago | securityweek.com | Ryan Naraine

Chris Krebs has resigned as SentineOne’s Chief Intelligence and Public Policy Officer less than a week after the revocation of his security clearance and a presidential order to review CISA’s conduct under his leadership. Krebs, who doubled as President of PinnacleOne, SentinelOne’s strategic advisory group, said the resignation is effective immediately. “I want to be clear: this is my decision, and mine alone,” Krebs said in a goodbye note to SentinelOne staff.
Apple Quashes Two Zero-Days With iOS, MacOS Patches

1 week ago | securityweek.com | Ryan Naraine

Apple on Wednesday shipped out‑of‑band operating system updates to fix a pair of security bugs the company says were already exploited in “extremely sophisticated” attacks against a small number of iOS targets. The vulnerabilities, tagged as CVE-2025-31200 and CVE-2025-31201, are described as code execution and mitigation bypass issues that affect Apple’s iOS, iPadOS and macOS platforms.
MITRE CVE Program Gets Last-Hour Funding Reprieve

1 week ago | securityweek.com | Ryan Naraine

The US government’s cybersecurity agency CISA says there will be no lapse in critical CVE services provided by the MITRE Corporation. Just hours after the MITRE Corporation warned that the expiration of federal funding for the CVE Program would cause major disruptions, CISA announced it has “executed the option period on the contract” to keep the vulnerability catalog operational. “The CVE Program is invaluable to the cyber community and a priority of CISA.