The company has updated the program’s scope and has combined the rewards for abuse and security issues into a single table.
The post Google Offers Up to $20,000 in New AI Bug Bounty Program appeared first on SecurityWeek.
Step Into the Password Graveyard… If You Dare (and Join the Live Session)
Every year, weak passwords lead to millions in losses — and many of those breaches could have been stopped.
Attackers don’t need advanced tools; they just need one careless login.
For IT teams, that means endless resets, compliance struggles, and sleepless nights worrying about the next credential leak.
This Halloween, The Hacker News and Specops Software invite you to a live webinar: “
Attackers don’t need advanced tools; they just need one careless login.
For IT teams, that means endless resets, compliance struggles, and sleepless nights worrying about the next credential leak.
This Halloween, The Hacker News and Specops Software invite you to a live webinar: “
North Korean Hackers Have Stolen $2 Billion in Cryptocurrency in 2025
The hackers are believed to have stolen over $6 billion for the Pyongyang regime, financing its military programs.
The post North Korean Hackers Have Stolen $2 Billion in Cryptocurrency in 2025 appeared first on SecurityWeek.
Severe Figma MCP Vulnerability Lets Hackers Execute Code Remotely — Patch Now
Cybersecurity researchers have disclosed details of a now-patched vulnerability in the popular figma-developer-mcp Model Context Protocol (MCP) server that could allow attackers to achieve code execution.
The vulnerability, tracked as CVE-2025-53967 (CVSS score: 7.5), is a command injection bug stemming from the unsanitized use of user input, opening the door to a scenario where an attacker can
The vulnerability, tracked as CVE-2025-53967 (CVSS score: 7.5), is a command injection bug stemming from the unsanitized use of user input, opening the door to a scenario where an attacker can
Radiflow Unveils New OT Security Platform
Radiflow360 provides enhanced visibility, risk management, and incident response capabilities for mid-sized industrial enterprises.
The post Radiflow Unveils New OT Security Platform appeared first on SecurityWeek.
Ransomware Group Claims Attack on Beer Giant Asahi
The hackers claim the theft of 27 gigabytes of data, including contracts, employee information, and financial documents.
The post Ransomware Group Claims Attack on Beer Giant Asahi appeared first on SecurityWeek.
DraftKings Warns Users of Credential Stuffing Attacks
Hackers accessed user accounts and compromised names, addresses, phone numbers, email addresses, and other information.
The post DraftKings Warns Users of Credential Stuffing Attacks appeared first on SecurityWeek.
No Time to Waste: Embedding AI to Cut Noise and Reduce Risk
Artificial intelligence is reshaping cybersecurity on both sides of the battlefield. Cybercriminals are using AI-powered tools to accelerate and automate attacks at a scale defenders have never faced before. Security teams are overwhelmed by an explosion of vulnerability data, tool outputs, and alerts, all while operating with finite human resources. The irony is that while AI has become a
Exploitation of Oracle EBS Zero-Day Started 2 Months Before Patching
Hundreds of internet-exposed Oracle E-Business Suite instances may still be vulnerable to attacks.
The post Exploitation of Oracle EBS Zero-Day Started 2 Months Before Patching appeared first on SecurityWeek.
OpenAI Disrupts Russian, North Korean, and Chinese Hackers Misusing ChatGPT for Cyberattacks
OpenAI on Tuesday said it disrupted three activity clusters for misusing its ChatGPT artificial intelligence (AI) tool to facilitate malware development.
This includes a Russian‑language threat actor, who is said to have used the chatbot to help develop and refine a remote access trojan (RAT), a credential stealer with an aim to evade detection. The operator also used several ChatGPT accounts to
This includes a Russian‑language threat actor, who is said to have used the chatbot to help develop and refine a remote access trojan (RAT), a credential stealer with an aim to evade detection. The operator also used several ChatGPT accounts to