The company is one of the many victims of the 2025 Oracle E-Business Suite (EBS) hacking campaign.
The post Madison Square Garden Data Breach Confirmed Months After Hacker Attack appeared first on SecurityWeek.
⚡ Weekly Recap: SD-WAN 0-Day, Critical CVEs, Telegram Probe, Smart TV Proxy SDK and More
This week is not about one big event. It shows where things are moving. Network systems, cloud setups, AI tools, and common apps are all being pushed in different ways. Small gaps in access control, exposed keys, and normal features are being used as entry points.
The pattern becomes clear only when you see everything together. Faster scans, smarter misuse of trusted services, and steady
The pattern becomes clear only when you see everything together. Faster scans, smarter misuse of trusted services, and steady
Nick Andersen Appointed Acting Director of CISA
Madhu Gottumukkala has been assigned to a new role within the Department of Homeland Security.
The post Nick Andersen Appointed Acting Director of CISA appeared first on SecurityWeek.
AWS Expands Security Hub Into a Cross-Domain Security Platform
The AWS Security Hub Extended plan aims to reduce security tool sprawl by correlating findings across multiple security domains.
The post AWS Expands Security Hub Into a Cross-Domain Security Platform appeared first on SecurityWeek.
Anthropic confirms Claude is down in a worldwide outage
Claude appears to be having a major outage right now, with elevated errors reported across all platforms. […]
How to Protect Your SaaS from Bot Attacks with SafeLine WAF
Most SaaS teams remember the day their user traffic started growing fast. Few notice the day bots started targeting them.
On paper, everything looks great: more sign-ups, more sessions, more API calls. But in reality, something feels off:
On paper, everything looks great: more sign-ups, more sessions, more API calls. But in reality, something feels off:
Sign-ups increase, but users aren’t activating.
Server costs rise faster than revenue.
Logs are filled with repeated requests from strange user agents.
If
North Korean APT Targets Air-Gapped Systems in Recent Campaign
Using Windows shortcut files, the APT deployed a new implant, a loader, a propagation tool, and two backdoors.
The post North Korean APT Targets Air-Gapped Systems in Recent Campaign appeared first on SecurityWeek.
Google Working Towards Quantum-Safe Chrome HTTPS Certificates
The internet giant is developing an evolution of the certificates based on Merkle Tree Certificates (MTCs).
The post Google Working Towards Quantum-Safe Chrome HTTPS Certificates appeared first on SecurityWeek.
US-Israel and Iran Trade Cyberattacks: Pro-West Hacks Cause Disruption as Tehran Retaliates
Both sides conduct hacking and other attacks, including the deployment of wiper malware, DDoS, and disruptions to critical infrastructure.
The post US-Israel and Iran Trade Cyberattacks: Pro-West Hacks Cause Disruption as Tehran Retaliates appeared first on SecurityWeek.
APT28 Tied to CVE-2026-21513 MSHTML 0-Day Exploited Before Feb 2026 Patch Tuesday
A recently disclosed security flaw patched by Microsoft may have been exploited by the Russia-linked state-sponsored threat actor known as APT28, according to new findings from Akamai.
The vulnerability in question is CVE-2026-21513 (CVSS score: 8.8), a high-severity security feature bypass affecting the MSHTML Framework.
“Protection mechanism failure in MSHTML Framework allows an unauthorized
The vulnerability in question is CVE-2026-21513 (CVSS score: 8.8), a high-severity security feature bypass affecting the MSHTML Framework.
“Protection mechanism failure in MSHTML Framework allows an unauthorized