Security Operations Centers (SOCs) are stretched to their limits. Log volumes are surging, threat landscapes are growing more complex, and security teams are chronically understaffed. Analysts face a daily battle with alert noise, fragmented tools, and incomplete data visibility. At the same time, more vendors are phasing out their on-premises SIEM solutions, encouraging migration to SaaS
Proton launches free standalone cross-platform Authenticator app
Proton has launched Proton Authenticator, a free standalone two-factor authentication (2FA) application for Windows, macOS, Linux, Android, and iOS. […]
Honeywell Experion PKS Flaws Allow Manipulation of Industrial Processes
Honeywell has patched several critical and high-severity vulnerabilities in its Experion PKS industrial process control and automation product.
The post Honeywell Experion PKS Flaws Allow Manipulation of Industrial Processes appeared first on SecurityWeek.
Google Project Zero Tackles Upstream Patch Gap With New Policy
Google Project Zero now publicly shares the discovery of a vulnerability and when its 90-day disclosure deadline expires.
The post Google Project Zero Tackles Upstream Patch Gap With New Policy appeared first on SecurityWeek.
Hackers Exploit Critical WordPress Theme Flaw to Hijack Sites via Remote Plugin Install
Threat actors are actively exploiting a critical security flaw in “Alone – Charity Multipurpose Non-profit WordPress Theme” to take over susceptible sites.
The vulnerability, tracked as CVE-2025-5394, carries a CVSS score of 9.8. Security researcher Thái An has been credited with discovering and reporting the bug.
According to Wordfence, the shortcoming relates to an arbitrary file upload
The vulnerability, tracked as CVE-2025-5394, carries a CVSS score of 9.8. Security researcher Thái An has been credited with discovering and reporting the bug.
According to Wordfence, the shortcoming relates to an arbitrary file upload
ShinyHunters behind Salesforce data theft attacks at Qantas, Allianz Life, and LVMH
A wave of data breaches impacting companies like Qantas, Allianz Life, LVMH, and Adidas has been linked to the ShinyHunters extortion group, which has been using voice phishing attacks to steal data from Salesforce CRM instances. […]
Senate Committee Advances Trump Nominee to Lead CISA
Committee Members voted to recommend Sean Plankey for director of the Cybersecurity and Infrastructure Security Agency.
The post Senate Committee Advances Trump Nominee to Lead CISA appeared first on SecurityWeek.
Hackers target Python devs in phishing attacks using fake PyPI site
The Python Software Foundation warned users this week that threat actors are trying to steal their credentials in phishing attacks using a fake Python Package Index (PyPI) website. […]
SafePay ransomware threatens to leak 3.5TB of Ingram Micro data
The SafePay ransomware gang is threatening to leak 3.5TB of data belonging to IT giant Ingram Micro, allegedly stolen from the company’s compromised systems earlier this month. […]
Hackers actively exploit critical RCE in WordPress Alone theme
Threat actors are actively exploiting a critical unauthenticated arbitrary file upload vulnerability in the WordPress theme ‘Alone,’ to achieve remote code execution and perform a full site takeover. […]