The Personal Information Protection Commission (PIPC), South Korea’s data protection regulator, has fined e-commerce giant Coupang a record 624.6 billion won (roughly $409 million) following a massive data breach affecting more than 37 million customers […]
CISA tells govt agencies to patch critical exploited flaws in 3 days
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) announced a new Binding Operational Directive, 26-04, that prioritizes security updates for Federal Civilian Executive Branch (FCEB) agencies. […]
Hackers Exploit Langflow Vulnerability for Remote Code Execution
Disclosed in March, the security defect enables unauthenticated attackers to write files to arbitrary locations on the system.
The post Hackers Exploit Langflow Vulnerability for Remote Code Execution appeared first on SecurityWeek.
Siemens Says Desigo CC Files Flagged as Malware by Security Engines
A PowerShell script included in patch files appears to be triggering false positives by multiple security engines.
The post Siemens Says Desigo CC Files Flagged as Malware by Security Engines appeared first on SecurityWeek.
AI Broke Vulnerability Management. That’s Why CISOs Are Moving Budget to BAS.
For thirty years, vulnerability management ran on a buffer: the months between when a vulnerability was found and when someone could figure out how to weaponize it. The solution was straightforward enough; triage by severity, schedule the fix, validate, and move on. The buffer was what made that work.
Today, that buffer is gone.
AI didn’t make your team slower. It changed the other side of the
FBI Seizes 13 Websites That Officials Say Were Used by China to Target and Recruit US Workers
The 13 websites purported to be affiliated with consulting companies that advertised job openings for current and former holders of security clearances
The post FBI Seizes 13 Websites That Officials Say Were Used by China to Target and Recruit US Workers appeared first on SecurityWeek.
Splunk, Palo Alto Networks Patch Severe Vulnerabilities
The security defects could allow attackers to create or modify arbitrary files and access and modify protected resources.
The post Splunk, Palo Alto Networks Patch Severe Vulnerabilities appeared first on SecurityWeek.
‘GreatXML’ Zero-Day Exploit Bypasses BitLocker
The PoC exploits Microsoft Defender’s offline scan to spawn a SYSTEM shell when rebooting in Recovery Mode.
The post ‘GreatXML’ Zero-Day Exploit Bypasses BitLocker appeared first on SecurityWeek.
OceanLotus Hits Vietnam Investors With SPECTRALVIPER in FireAnt Attack
The Vietnam-aligned threat actor known as OceanLotus has been attributed to two distinct campaigns that targeted domestic entities and stock investors with a backdoor known as SPECTRALVIPER.
The campaigns involve a prolonged cyber espionage operation aimed at a Vietnamese infrastructure and transport construction corporation between mid-2024 and February 2026, as well as a supply chain attack
Microsoft fixes BitLocker recovery bug on Windows Server 2025
Microsoft has resolved a known issue causing some Windows Server 2025 devices to boot into BitLocker recovery after installing the April 2026 security update. […]