A new attack called ‘CometJacking’ exploits URL parameters to pass to Perplexity’s Comet AI browser hidden instructions that allow access to sensitive data from connected services, like email and calendar. […]
In Other News: PQC Adoption, New Android Spyware, FEMA Data Breach
Other noteworthy stories that might have slipped under the radar: cybercriminals offer money to BBC journalist, LinkedIn user data will train AI, Tile tracker vulnerabilities.
The post In Other News: PQC Adoption, New Android Spyware, FEMA Data Breach appeared first on SecurityWeek.
Presenting AI to the Board as a CISO? Here’s a Template.
Boards want answers on AI: Where is it used? What risks does it create? How is it governed? Keep Aware released a free template to help CISOs present GenAI adoption, risk, exposure & controls clearly to leadership. […]
Oneleet Raises $33 Million for Security Compliance Platform
The cybersecurity startup will expand its engineering team, add more AI capabilities, and invest in go-to-market efforts.
The post Oneleet Raises $33 Million for Security Compliance Platform appeared first on SecurityWeek.
Oracle links Clop extortion attacks to July 2025 vulnerabilities
Oracle has linked an ongoing extortion campaign claimed by the Clop ransomware gang to E-Business Suite (EBS) vulnerabilities that were patched in July 2025. […]
Researchers Warn of Self-Spreading WhatsApp Malware Named SORVEPOTEL
Brazilian users have emerged as the target of a new self-propagating malware that spreads via the popular messaging app WhatsApp.
The campaign, codenamed SORVEPOTEL by Trend Micro, weaponizes the trust with the platform to extend its reach across Windows systems, adding the attack is “engineered for speed and propagation” rather than data theft or ransomware.
“SORVEPOTEL has been observed to
The campaign, codenamed SORVEPOTEL by Trend Micro, weaponizes the trust with the platform to extend its reach across Windows systems, adding the attack is “engineered for speed and propagation” rather than data theft or ransomware.
“SORVEPOTEL has been observed to
Unauthenticated RCE Flaw Patched in DrayTek Routers
The security defect can be exploited remotely via crafted HTTP/S requests to a vulnerable device’s web user interface.
The post Unauthenticated RCE Flaw Patched in DrayTek Routers appeared first on SecurityWeek.
Product Walkthrough: How Passwork 7 Addresses Complexity of Enterprise Security
Passwork is positioned as an on-premises unified platform for both password and secrets management, aiming to address the increasing complexity of credential storage and sharing in modern organizations. The platform recently received a major update that reworks all the core mechanics.
Passwork 7 introduces significant changes to how credentials are organized, accessed, and managed, reflecting
Passwork 7 introduces significant changes to how credentials are organized, accessed, and managed, reflecting
Gmail business users can now send encrypted emails to anyone
Google says that Gmail enterprise users can now send end-to-end encrypted emails to people who use any email service or platform. […]
Organizations Warned of Exploited Meteobridge Vulnerability
Patched in mid-May, the security defect allows remote unauthenticated attackers to execute arbitrary commands with root privileges.
The post Organizations Warned of Exploited Meteobridge Vulnerability appeared first on SecurityWeek.