Valid, complete reports detailing remote code execution or elevation of privilege bugs in .NET qualify for the maximum rewards.
The post Microsoft Boosts .NET Bounty Program Rewards to $40,000 appeared first on SecurityWeek.
Russian Cyberspies Target Foreign Embassies in Moscow via AitM Attacks: Microsoft
Russian state-sponsored APT Secret Blizzard has used ISP-level AitM attacks to infect diplomatic devices with malware.
The post Russian Cyberspies Target Foreign Embassies in Moscow via AitM Attacks: Microsoft appeared first on SecurityWeek.
AI-Generated Malicious npm Package Drains Solana Funds from 1,500+ Before Takedown
Cybersecurity researchers have flagged a malicious npm package that was generated using artificial intelligence (AI) and concealed a cryptocurrency wallet drainer.
The package, @kodane/patch-manager, claims to offer “advanced license validation and registry optimization utilities for high-performance Node.js applications.” It was uploaded to npm by a user named “Kodane” on July 28, 2025. The
The package, @kodane/patch-manager, claims to offer “advanced license validation and registry optimization utilities for high-performance Node.js applications.” It was uploaded to npm by a user named “Kodane” on July 28, 2025. The
DHS Launches Over $100 Million in Funding to Strengthen Communities’ Cyber Defenses
You Are What You Eat: Why Your AI Security Tools Are Only as Strong as the Data You Feed Them
Just as triathletes know that peak performance requires more than expensive gear, cybersecurity teams are discovering that AI success depends less on the tools they deploy and more on the data that powers them
The junk food problem in cybersecurity
Imagine a triathlete who spares no expense on equipment—carbon fiber bikes, hydrodynamic wetsuits, precision GPS watches—but fuels their
The junk food problem in cybersecurity
Imagine a triathlete who spares no expense on equipment—carbon fiber bikes, hydrodynamic wetsuits, precision GPS watches—but fuels their
Pwn2Own hacking contest pays $1 million for WhatsApp exploit
The Zero Day Initiative is offering a $1 million reward to security researchers who will demonstrate a zero-click WhatsApp exploit at its upcoming Pwn2Own Ireland 2025 hacking contest. […]
Cyber Risk Management Firm Safe Raises $70 Million
Safe has raised $70 million in Series C funding to advance cyber risk management through specialized AI agents.
The post Cyber Risk Management Firm Safe Raises $70 Million appeared first on SecurityWeek.
Echo Raises $15M in Seed Funding for Vulnerability-Free Container Images
Echo received funding for creating thousands of container images that are not affected by any CVE, for enterprise-grade software infrastructure.
The post Echo Raises $15M in Seed Funding for Vulnerability-Free Container Images appeared first on SecurityWeek.
Storm-2603 Deploys DNS-Controlled Backdoor in Warlock and LockBit Ransomware Attacks
The threat actor linked to the exploitation of the recently disclosed security flaws in Microsoft SharePoint Server is using a bespoke command-and-control (C2) framework called AK47 C2 (also spelled ak47c2) in its operations.
The framework includes at least two different types of clients, HTTP-based and Domain Name System (DNS)-based, which have been dubbed AK47HTTP and AK47DNS, respectively, by
The framework includes at least two different types of clients, HTTP-based and Domain Name System (DNS)-based, which have been dubbed AK47HTTP and AK47DNS, respectively, by
Bill Aims to Create National Strategy for Quantum Cybersecurity Migration
Two US senators introduced a bipartisan bill to help prepare federal government agencies for quantum computing threats.
The post Bill Aims to Create National Strategy for Quantum Cybersecurity Migration appeared first on SecurityWeek.