Threat actors are leveraging the file-sharing service for payload delivery in AitM phishing and BEC attacks.
The post Phishers Abuse SharePoint in New Campaign Targeting Energy Sector appeared first on SecurityWeek.
Hackers get $1,047,000 for 76 zero-days at Pwn2Own Automotive 2026
Pwn2Own Automotive 2026 has ended with security researchers earning $1,047,000 after exploiting 76 zero-day vulnerabilities between January 21 and January 23. […]
Fortinet Confirms Active FortiCloud SSO Bypass on Fully Patched FortiGate Firewalls
Fortinet has officially confirmed that it’s working to completely plug a FortiCloud SSO authentication bypass vulnerability following reports of fresh exploitation activity on fully-patched firewalls.
“In the last 24 hours, we have identified a number of cases where the exploit was to a device that had been fully upgraded to the latest release at the time of the attack, which suggested a new
“In the last 24 hours, we have identified a number of cases where the exploit was to a device that had been fully upgraded to the latest release at the time of the attack, which suggested a new
Cyber Insights 2026: Regulations and the Tangled Mess of Compliance Requirements
Cyber regulations are where politics meets business – where business becomes subject to political realities.
The post Cyber Insights 2026: Regulations and the Tangled Mess of Compliance Requirements appeared first on SecurityWeek.
Under Armour Looking Into Data Breach Affecting Customers’ Email Addresses
Clothing retailer Under Armour is investigating a recent data breach that purloined customers’ email addresses and other personal information, but so far there are no signs the hackers stole any passwords or financial information. The breach is believed to have happened late last year, and affected 72 million email addresses, according to information cited by […]
The post Under Armour Looking Into Data Breach Affecting Customers’ Email Addresses appeared first on SecurityWeek.
CISA Releases Product Categories List to Propel Post-Quantum Cryptography Adoption Pursuant to President Trump’s Executive Order 14306
Organizations Warned of Exploited Zimbra Collaboration Vulnerability
CISA has added the Zimbra flaw to the KEV catalog along with three other bugs exploited in the wild.
The post Organizations Warned of Exploited Zimbra Collaboration Vulnerability appeared first on SecurityWeek.
Infotainment, EV Charger Exploits Earn Hackers $1M at Pwn2Own Automotive 2026
Pwn2Own participants disclosed a total of 76 vulnerabilities during the three-day event.
The post Infotainment, EV Charger Exploits Earn Hackers $1M at Pwn2Own Automotive 2026 appeared first on SecurityWeek.
TikTok Forms U.S. Joint Venture to Continue Operations Under 2025 Executive Order
TikTok on Friday officially announced that it formed a joint venture that will allow the hugely popular video-sharing application to continue operating in the U.S.
The new venture, named TikTok USDS Joint Venture LLC, has been established in compliance with the Executive Order signed by U.S. President Donald Trump in September 2025, the platform said. The new deal will see TikTok’s Chinese
The new venture, named TikTok USDS Joint Venture LLC, has been established in compliance with the Executive Order signed by U.S. President Donald Trump in September 2025, the platform said. The new deal will see TikTok’s Chinese
Phishing Attack Uses Stolen Credentials to Install LogMeIn RMM for Persistent Access
Cybersecurity researchers have disclosed details of a new dual-vector campaign that leverages stolen credentials to deploy legitimate Remote Monitoring and Management (RMM) software for persistent remote access to compromised hosts.
“Instead of deploying custom viruses, attackers are bypassing security perimeters by weaponizing the necessary IT tools that administrators trust,” KnowBe4 Threat
“Instead of deploying custom viruses, attackers are bypassing security perimeters by weaponizing the necessary IT tools that administrators trust,” KnowBe4 Threat