The initiative, named CI Fortify, focuses on isolation and recovery efforts that would see critical infrastructure organizations proactively disconnect from third-party dependencies and find ways to operate without reliable telecommunications and internet.
Cisco patched a Crosswork Network Controller and Network Services Orchestrator denial-of-service vulnerability that requires manually rebooting targeted systems for recovery. [...]
A critical vulnerability in the popular Node.js sandboxing library vm2 allows escaping the sandbox and executing arbitrary code on the host system. [...]
Google has announced expanded Binary Transparency for Android as a way to safeguard the ecosystem from supply chain attacks. "This new public ledger ensures the Google apps on your device are exactly what we intended to build and distribute," Google's product and security teams said. The initiative
A critical security flaw has been discovered in Fanwei E-cology10, a widely used enterprise collaboration platform built for medium and large organizations. The vulnerability, tracked as QVD-2026-14149, allows attackers to remotely execute arbitrary code on the target server without needing any logi
The Iranian state-sponsored hacking group known as MuddyWater (aka Mango Sandstorm, Seedworm, and Static Kitten) has been attributed to a ransomware attack in what has been described as a "false flag" operation. The attack, observed by Rapid7 in early 2026, has been found to leverage social engineer
A severe zero-authorization vulnerability in Schemata’s API, an AI-powered virtual training platform holding active Department of Defense (DoD) contracts, recently exposed highly sensitive military training materials and U.S. service member records. Discovered by the open-source AI hacking agent Str
Palo Alto Networks warned customers today that a critical-severity unpatched vulnerability in the PAN-OS User-ID Authentication Portal is being exploited in attacks. [...]
The agency has issued guidance to help critical infrastructure operators prepare for cyberattacks by foreign threat actors. The post CISA: Critical Infrastructure Must Master Isolation, Recovery appeared first on SecurityWeek.
The aviation and aerospace sector has become one of the most actively targeted industries by ransomware operators and data extortion groups in 2025 and 2026. From passenger-processing platforms to satellite-dependent navigation systems, attackers are finding that disrupting even a single vendor in t Source: Cybersecurity News
Australia has announced the creation of a Cyber Incident Review Board, a move aimed at strengthening the country’s ability to respond to and learn from major cyberattacks. The initiative places Australia among a small group of jurisdictions globally that have formalised independent review mechanisms Source: The Cyber Express
Containing fixes for critical-severity vulnerabilities, the monthly rollouts will focus on addressing priority issues faster. The post Oracle Debuts Monthly Critical Security Patch Updates appeared first on SecurityWeek. Source: Security Week
Researchers at cybersecurity firm ESET attributed the campaign to APT37 and said the hackers used a backdoor attached to a suite of card games from a company called Sqgame. Source: The Record
Cisco has announced its intent to acquire Astrix Security Ltd., an industry leader in Non-Human Identity (NHI) security. This strategic acquisition aims to protect enterprise environments from the expanding attack surface created by the rapid deployment of AI agents. The modern workplace is undergoi Source: Cybersecurity News
A critical unauthenticated remote code execution vulnerability in the Weaver E-cology platform is currently being actively exploited in the wild. CVE-2026-22679 carries a maximum CVSS score of 9.8 and affects Weaver E-cology 10.0 builds released before 20260312. The security flaw exists in an expose Source: Cybersecurity News
Qualcomm Technologies has released a critical security bulletin addressing multiple severe vulnerabilities in its proprietary and open-source software. These security updates are essential for protecting devices from severe flaws that threaten a vast ecosystem of hardware powered by Snapdragon proce Source: Cybersecurity News
Attackers have found a way to intercept SMS-based one-time passwords from a victim's mobile device without deploying a single line of malware on the phone itself. Instead, they go through the Windows PC the phone is already connected to. Researchers documented an active intrusion campaign active sin Source: The Cyber Express
A Canvas cybersecurity incident has disrupted services at Instructure, the company behind the widely used Canvas platform, raising concerns among educational institutions over potential data exposure and service interruptions. The Canvas cybersecurity incident first came to light late Friday, when I Source: The Cyber Express
It is always a bit jarring when the "digital locksmiths" are the ones getting their locks picked. Cybersecurity firm Trellix on Saturday confirmed it suffered a breach involving its internal source code repositories, proving that even the defenders aren't immune to the threats they fight. The Incide Source: The Cyber Express
GnuTLS version 3.8.13 has been officially released to patch a dozen security vulnerabilities, including critical flaws affecting secure network communications. The update is highly recommended for all systems using GnuTLS, as it addresses memory corruption, authentication bypasses, and certificate v Source: Cybersecurity News