The law firm Fried Frank seems to be informing high-profile clients about a recent data security incident.
The post After Goldman, JPMorgan Discloses Law Firm Data Breach appeared first on SecurityWeek.
Cyber Insights 2026: External Attack Surface Management
AI will assist companies in finding their external attack surface, but it will also assist bad actors in locating and attacking the weak points.
The post Cyber Insights 2026: External Attack Surface Management appeared first on SecurityWeek.
Betterment confirms data breach after wave of crypto scam emails
U.S. digital investment advisor Betterment confirmed that hackers breached its systems and sent fake crypto-related messages to some customers. […]
Convincing LinkedIn comment-reply tactic used in new phishing
Scammers are flooding LinkedIn posts with fake “reply” comments that appear to come from the platform, warning of bogus policy violations and urging users to click external links. Some even abuse LinkedIn’s official lnkd.in shortener, making the phishing attempts harder to spot. […]
Broadcom Wi-Fi Chipset Flaw Allows Hackers to Disrupt Networks
The vulnerability was discovered in Asus routers, but all devices using the affected chipset are susceptible to attacks.
The post Broadcom Wi-Fi Chipset Flaw Allows Hackers to Disrupt Networks appeared first on SecurityWeek.
[Webinar] Securing Agentic AI: From MCPs and Tool Access to Shadow API Key Sprawl
AI agents are no longer just writing code. They are executing it.
Tools like Copilot, Claude Code, and Codex can now build, test, and deploy software end-to-end in minutes. That speed is reshaping engineering—but it’s also creating a security gap most teams don’t see until something breaks.
Behind every agentic workflow sits a layer few organizations are actively securing: Machine Control
Tools like Copilot, Claude Code, and Codex can now build, test, and deploy software end-to-end in minutes. That speed is reshaping engineering—but it’s also creating a security gap most teams don’t see until something breaks.
Behind every agentic workflow sits a layer few organizations are actively securing: Machine Control
Target employees confirm leaked code after ‘accelerated’ Git lockdown
Multiple current and former Target employees confirmed that leaked source code samples posted by a threat actor match real internal systems. The company also rolled out an “accelerated” lockdown of its Git server, requiring VPN access, a day after being contacted by BleepingComputer. […]
SAP’s January 2026 Security Updates Patch Critical Vulnerabilities
SAP has released 17 security notes, including four that address critical SQL injection, RCE, and code injection vulnerabilities.
The post SAP’s January 2026 Security Updates Patch Critical Vulnerabilities appeared first on SecurityWeek.
New Advanced Linux VoidLink Malware Targets Cloud and container Environments
Cybersecurity researchers have disclosed details of a previously undocumented and feature-rich malware framework codenamed VoidLink that’s specifically designed for long-term, stealthy access to Linux-based cloud environments
According to a new report from Check Point Research, the cloud-native Linux malware framework comprises an array of custom loaders, implants, rootkits, and modular
According to a new report from Check Point Research, the cloud-native Linux malware framework comprises an array of custom loaders, implants, rootkits, and modular
What Should We Learn From How Attackers Leveraged AI in 2025?
Old Playbook, New Scale: While defenders are chasing trends, attackers are optimizing the basics
The security industry loves talking about “new” threats. AI-powered attacks. Quantum-resistant encryption. Zero-trust architectures. But looking around, it seems like the most effective attacks in 2025 are pretty much the same as they were in 2015. Attackers are exploiting the same entry points that
The security industry loves talking about “new” threats. AI-powered attacks. Quantum-resistant encryption. Zero-trust architectures. But looking around, it seems like the most effective attacks in 2025 are pretty much the same as they were in 2015. Attackers are exploiting the same entry points that