Cookeville Regional Medical Center was targeted last year by the Rhysida ransomware group, which stole 500GB of data.
The post Data Breach at Tennessee Hospital Affects 337,000 appeared first on SecurityWeek.
Artemis Emerges From Stealth With $70 Million in Funding
The startup is leveraging AI to prevent AI-powered attacks across applications, users, machines, and cloud workloads.
The post Artemis Emerges From Stealth With $70 Million in Funding appeared first on SecurityWeek.
Cisco says critical Webex Services flaw requires customer action
Cisco has released security updates to patch four critical vulnerabilities, including a fixed improper certificate validation flaw in the company’s cloud-based Webex Services platform that requires further customer action. […]
[Webinar] Find and Eliminate Orphaned Non-Human Identities in Your Environment
In 2024, compromised service accounts and forgotten API keys were behind 68% of cloud breaches. Not phishing. Not weak passwords. Unmanaged non-human identities that nobody was watching.
For every employee in your org, there are 40 to 50 automated credentials: service accounts, API tokens, AI agent connections, andOAuth grants. When projects end or employees leave, most
For every employee in your org, there are 40 to 50 automated credentials: service accounts, API tokens, AI agent connections, andOAuth grants. When projects end or employees leave, most
Splunk Enterprise Update Patches Code Execution Vulnerability
The flaw allows low-privileged users to upload files to a temporary directory to achieve remote code execution.
The post Splunk Enterprise Update Patches Code Execution Vulnerability appeared first on SecurityWeek.
Cisco Patches Four Critical Identity Services, Webex Flaws Enabling Code Execution
Cisco has announced patches to address four critical security flaws impacting Identity Services and Webex Services that could result in arbitrary code execution and allow an attacker to impersonate any user within the service.
The details of the vulnerabilities are below –
The details of the vulnerabilities are below –
CVE-2026-20184 (CVSS score: 9.8) – An improper certificate validation in the integration of single sign-on (SSO)
Microsoft Paid Out $2.3 Million at Zero Day Quest 2026 Hacking Contest
Researchers found more than 80 high-impact cloud and AI vulnerabilities during the event, which had a $5 million prize pool.
The post Microsoft Paid Out $2.3 Million at Zero Day Quest 2026 Hacking Contest appeared first on SecurityWeek.
Obsidian Plugin Abuse Delivers PHANTOMPULSE RAT in Targeted Finance, Crypto Attacks
A “novel” social engineering campaign has been observed abusing Obsidian, a cross-platform note-taking application, as an initial access vector to distribute a previously undocumented Windows remote access trojan called PHANTOMPULSE in attacks targeting individuals in the financial and cryptocurrency sectors.
Dubbed REF6598 by Elastic Security Labs, the activity has been found to leverage
Dubbed REF6598 by Elastic Security Labs, the activity has been found to leverage
NIST Prioritizes NVD Enrichment for CVEs in CISA KEV, Critical Software
To optimize management of CVE volume, entries that do not meet specific criteria will not be automatically enriched.
The post NIST Prioritizes NVD Enrichment for CVEs in CISA KEV, Critical Software appeared first on SecurityWeek.
Data breach at edtech giant McGraw Hill affects 13.5 million accounts
The ShinyHunters extortion group has leaked data from 13.5 million McGraw Hill user accounts, stolen after breaching the company’s Salesforce environment earlier this month. […]