CISA updated 59 KEV entries in 2025 to specify that the vulnerabilities have been exploited in ransomware attacks.
The post Questions Raised Over CISA’s Silent Ransomware Updates in KEV Catalog appeared first on SecurityWeek.
Zscaler Acquires Browser Security Firm SquareX
Zscaler says the acquisition will allow customers to embed lightweight extensions into any browser, providing increased security and eliminating the need for third-party browsers.
The post Zscaler Acquires Browser Security Firm SquareX appeared first on SecurityWeek.
Spain’s Ministry of Science shuts down systems after breach claims
Spain’s Ministry of Science (Ministerio de Ciencia) announced a partial shutdown of its IT systems, affecting several citizen- and company-facing services. […]
Ransomware gang uses ISPsystem VMs for stealthy payload delivery
Ransomware operators are hosting and delivering malicious payloads at scale by abusing virtual machines (VMs) provisioned by ISPsystem, a legitimate virtual infrastructure management provider. […]
Microsoft to shut down Exchange Online EWS in April 2027
Microsoft announced today that the Exchange Web Services (EWS) API for Exchange Online will be shut down in April 2027, after nearly 20 years. […]
AISURU/Kimwolf Botnet Launches Record-Setting 31.4 Tbps DDoS Attack
The distributed denial-of-service (DDoS) botnet known as AISURU/Kimwolf has been attributed to a record-setting attack that peaked at 31.4 Terabits per second (Tbps) and lasted only 35 seconds.
Cloudflare, which automatically detected and mitigated the activity, said it’s part of a growing number of hyper-volumetric HTTP DDoS attacks mounted by the botnet in the fourth quarter of 2025. The
Cloudflare, which automatically detected and mitigated the activity, said it’s part of a growing number of hyper-volumetric HTTP DDoS attacks mounted by the botnet in the fourth quarter of 2025. The
Italian university La Sapienza goes offline after cyberattack
Rome’s “La Sapienza” university has been targeted by a cyberattack that impacted its IT systems and caused widespread operational disruptions at the educational institute. […]
Romanian oil pipeline operator Conpet discloses cyberattack
Conpet, Romania’s national oil pipeline operator, has disclosed that a cyberattack disrupted its business systems and took down the company’s website on Tuesday. […]
Substack Discloses Security Incident After Hacker Leaks Data
The hacker claims to have stolen nearly 700,000 Substack user records, including email addresses and phone numbers.
The post Substack Discloses Security Incident After Hacker Leaks Data appeared first on SecurityWeek.
When cloud logs fall short, the network tells the truth
Cloud logs can be inconsistent or incomplete, creating blind spots as environments scale and change. Corelight shows how network-level telemetry provides reliable visibility when cloud logs fall short. […]