Threat actors are exploiting misconfigured web applications used for security training and internal penetration testing, such as DVWA, OWASP Juice Shop, Hackazon, and bWAPP, to gain access to cloud environments of Fortune 500 companies and security vendors. […]
GitLab warns of high-severity 2FA bypass, denial-of-service flaws
GitLab has patched a high-severity two-factor authentication bypass impacting community and enterprise editions of its software development platform. […]
LastPass Users Targeted With Backup-Themed Phishing Emails
Threat actors may have wanted to take advantage of the holiday weekend in the United States to increase their chances of success.
The post LastPass Users Targeted With Backup-Themed Phishing Emails appeared first on SecurityWeek.
North Korean Hackers Target macOS Developers via Malicious VS Code Projects
The hackers trick victims into accessing GitHub or GitLab repositories that are opened using Visual Studio Code.
The post North Korean Hackers Target macOS Developers via Malicious VS Code Projects appeared first on SecurityWeek.
Why Identity Security Must Move Beyond MFA
By integrating identity threat detection with MFA, organizations can protect sensitive data, maintain operational continuity, and reduce risk exposure.
The post Why Identity Security Must Move Beyond MFA appeared first on SecurityWeek.
Tesla hacked, 37 zero-days demoed at Pwn2Own Automotive 2026
Security researchers have hacked the Tesla Infotainment System and earned $516,500 after exploiting 37 zero-days on the first day of the Pwn2Own Automotive 2026 competition. […]
MITRE Launches New Security Framework for Embedded Systems
The Embedded Systems Threat Matrix (ESTM) aims to help organizations protect critical embedded systems.
The post MITRE Launches New Security Framework for Embedded Systems appeared first on SecurityWeek.
Cyber Insights 2026: API Security – Harder to Secure, Impossible to Ignore
API cybersecurity will be a ping pong ball, battered between the rackets of AI-assisted attackers and AI-assisted defenders.
The post Cyber Insights 2026: API Security – Harder to Secure, Impossible to Ignore appeared first on SecurityWeek.
Webinar: How Smart MSSPs Using AI to Boost Margins with Half the Staff
Every managed security provider is chasing the same problem in 2026 — too many alerts, too few analysts, and clients demanding “CISO-level protection” at SMB budgets.
The truth? Most MSSPs are running harder, not smarter. And it’s breaking their margins. That’s where the quiet revolution is happening: AI isn’t just writing reports or surfacing risks — it’s rebuilding how security services are
The truth? Most MSSPs are running harder, not smarter. And it’s breaking their margins. That’s where the quiet revolution is happening: AI isn’t just writing reports or surfacing risks — it’s rebuilding how security services are
Anthropic MCP Server Flaws Lead to Code Execution, Data Exposure
Impacting Anthropic’s official MCP server, the vulnerabilities can be exploited through prompt injections.
The post Anthropic MCP Server Flaws Lead to Code Execution, Data Exposure appeared first on SecurityWeek.