Microsoft announced an increase in bug bounty payouts to $30,000 for AI vulnerabilities found in Dynamics 365 and Power Platform services and products. […]
Interlock ransomware claims DaVita attack, leaks stolen data
The Interlock ransomware gang has claimed the cyberattack on DaVita kidney dialysis firm and leaked data allegedly stolen from the organization. […]
Verizon DBIR Flags Major Patch Delays on VPNs, Edge Appliances
The latest Verizon DBIR landed this week with a startling statistic about the security posture of VPNs and network edge devices.
The post Verizon DBIR Flags Major Patch Delays on VPNs, Edge Appliances appeared first on SecurityWeek.
Yale New Haven Health data breach affects 5.5 million patients
Yale New Haven Health (YNHHS) is warning that threat actors stole the personal data of 5.5 million patients in a cyberattack earlier this month. […]
Lazarus Hits 6 South Korean Firms via Cross EX, Innorix Zero-Day and ThreatNeedle Malware
At least six organizations in South Korea have been targeted by the prolific North Korea-linked Lazarus Group as part of a campaign dubbed Operation SyncHole.
The activity targeted South Korea’s software, IT, financial, semiconductor manufacturing, and telecommunications industries, according to a report from Kaspersky published today. The earliest evidence of compromise was first detected in
The activity targeted South Korea’s software, IT, financial, semiconductor manufacturing, and telecommunications industries, according to a report from Kaspersky published today. The earliest evidence of compromise was first detected in
Microsoft fixes bug causing incorrect 0x80070643 WinRE errors
Microsoft says it resolved a known issue causing erroneous 0x80070643 installation failure errors when deploying the April 2025 Windows Recovery Environment (WinRE) updates. […]
Push Security Raises $30 Million in Series B Funding
Push Security has raised $30 million in Series B funding to scale its browser-based identity security platform.
The post Push Security Raises $30 Million in Series B Funding appeared first on SecurityWeek.
Linux io_uring PoC Rootkit Bypasses System Call-Based Threat Detection Tools
Cybersecurity researchers have demonstrated a proof-of-concept (PoC) rootkit dubbed Curing that leverages a Linux asynchronous I/O mechanism called io_uring to bypass traditional system call monitoring.
This causes a “major blind spot in Linux runtime security tools,” ARMO said.
“This mechanism allows a user application to perform various actions without using system calls,” the company said in
This causes a “major blind spot in Linux runtime security tools,” ARMO said.
“This mechanism allows a user application to perform various actions without using system calls,” the company said in
159 CVEs Exploited in Q1 2025 — 28.3% Within 24 Hours of Disclosure
As many as 159 CVE identifiers have been flagged as exploited in the wild in the first quarter of 2025, up from 151 in Q4 2024.
“We continue to see vulnerabilities being exploited at a fast pace with 28.3% of vulnerabilities being exploited within 1-day of their CVE disclosure,” VulnCheck said in a report shared with The Hacker News.
This translates to 45 security flaws that have been weaponized
“We continue to see vulnerabilities being exploited at a fast pace with 28.3% of vulnerabilities being exploited within 1-day of their CVE disclosure,” VulnCheck said in a report shared with The Hacker News.
This translates to 45 security flaws that have been weaponized
SecLytics Rebrands as Augur Security, Raises $7M in Seed Funding
AI-powered threat prevention company Augur (rebranded from SecLytics) has raised $7 million in seed funding.
The post SecLytics Rebrands as Augur Security, Raises $7M in Seed Funding appeared first on SecurityWeek.