Service desks are on the front lines of defense—and attackers know it. Attackers are using social engineering attacks to trick agents into changing passwords, disabling MFA, and granting access. Learn more from Specops Software on how to secure your service desk. […]
NATO-Flagged Vulnerability Tops Latest VMware Security Patch Batch
VMware patches flaws that expose users to data leakage, command execution and denial-of-service attacks. No temporary workarounds available.
The post NATO-Flagged Vulnerability Tops Latest VMware Security Patch Batch appeared first on SecurityWeek.
South Asian Ministries Hit by SideWinder APT Using Old Office Flaws and Custom Malware
High-level government institutions in Sri Lanka, Bangladesh, and Pakistan have emerged as the target of a new campaign orchestrated by a threat actor known as SideWinder.
“The attackers used spear phishing emails paired with geofenced payloads to ensure that only victims in specific countries received the malicious content,” Acronis researchers Santiago Pontiroli, Jozsef Gegeny, and Prakas
“The attackers used spear phishing emails paired with geofenced payloads to ensure that only victims in specific countries received the malicious content,” Acronis researchers Santiago Pontiroli, Jozsef Gegeny, and Prakas
AWS Default IAM Roles Found to Enable Lateral Movement and Cross-Service Exploitation
Cybersecurity researchers have discovered risky default identity and access management (IAM) roles impacting Amazon Web Services that could open the door for attackers to escalate privileges, manipulate other AWS services, and, in some cases, even fully compromise AWS accounts.
“These roles, often created automatically or recommended during setup, grant overly broad permissions, such as full S3
“These roles, often created automatically or recommended during setup, grant overly broad permissions, such as full S3
Vulnerability Exploitation Probability Metric Proposed by NIST, CISA Researchers
The Likely Exploited Vulnerabilities (LEV) equations can help augment KEV- and EPSS-based remediation prioritization.
The post Vulnerability Exploitation Probability Metric Proposed by NIST, CISA Researchers appeared first on SecurityWeek.
Event Preview: 2025 Threat Detection & Incident Response (Virtual) Summit
SecurityWeek’s 2025 Threat Detection & Incident Response (TDIR) Summit takes place as a virtual summit on Wednesday, May 21st.
The post Event Preview: 2025 Threat Detection & Incident Response (Virtual) Summit appeared first on SecurityWeek.
TrustCloud Raises $15 Million for Security Assurance Platform
AI-native security assurance firm TrustCloud has raised $15 million in a strategic funding round led by ServiceNow Ventures.
The post TrustCloud Raises $15 Million for Security Assurance Platform appeared first on SecurityWeek.
The Crowded Battle: Key Insights from the 2025 State of Pentesting Report
In the newly released 2025 State of Pentesting Report, Pentera surveyed 500 CISOs from global enterprises (200 from within the USA) to understand the strategies, tactics, and tools they use to cope with the thousands of security alerts, the persisting breaches and the growing cyber risks they have to handle. The findings reveal a complex picture of progress, challenges, and a shifting mindset
CloudSEK Raises $19 Million for Threat Intelligence Platform
Threat protection and intelligence firm CloudSEK raises $19 million in funding from new and existing investors.
The post CloudSEK Raises $19 Million for Threat Intelligence Platform appeared first on SecurityWeek.
O2 Service Vulnerability Exposed User Location
A vulnerability in O2’s implementation of the IMS standard resulted in user location data being exposed in network responses.
The post O2 Service Vulnerability Exposed User Location appeared first on SecurityWeek.