689,000 Affected by Insider Breach at FinWise Bank
A former FinWise employee gained access to American First Finance customer information. The post 689,000 Affected by Insider Breach at FinWise Bank appeared first on SecurityWeek.
Zero Trust Is 15 Years Old — Why Full Adoption Is Worth the Struggle
Fifteen years after its debut, Zero Trust remains the gold standard in cybersecurity theory — but its uneven implementation leaves organizations both stronger and dangerously exposed. The post Zero Trust Is 15 Years Old — Why Full Adoption Is Worth the Struggle appeared first on SecurityWeek.
Silent Push Raises $10 Million for Threat Intelligence Platform
Silent Push, which provides Indicators of Future Attack, has raised a total of $32 million in funding. The post Silent Push Raises $10 Million for Threat Intelligence Platform appeared first on SecurityWeek.
Terra Security Raises $30 Million for AI Penetration Testing Platform
The Israeli cybersecurity startup plans to expand its offensive security offering to cover more enterprise attack surface. The post Terra Security Raises $30 Million for AI Penetration Testing Platform appeared first on SecurityWeek.
6 Browser-Based Attacks Security Teams Need to Prepare For Right Now
Attacks that target users in their web browsers have seen an unprecedented rise in recent years. In this article, we’ll explore what a “browser-based attack” is, and why they’re proving to be so effective. What is a browser-based attack? First, it’s important to establish what a browser-based attack is. InRead More »6 Browser-Based Attacks Security Teams Need to Prepare For Right Now
⚡ Weekly Recap: Bootkit Malware, AI-Powered Attacks, Supply Chain Breaches, Zero-Days & More
In a world where threats are persistent, the modern CISO’s real job isn’t just to secure technology—it’s to preserve institutional trust and ensure business continuity. This week, we saw a clear pattern: adversaries are targeting the complex relationships that hold businesses together, from supply chains to strategic partnerships. With newRead More »⚡ Weekly Recap: Bootkit Malware, AI-Powered Attacks, Supply Chain Breaches, Zero-Days & More
FBI Shares IoCs for Recent Salesforce Intrusion Campaigns
The cybercrime groups tracked as UNC6040 and UNC6395 have been extorting organizations after stealing data from their Salesforce instances. The post FBI Shares IoCs for Recent Salesforce Intrusion Campaigns appeared first on SecurityWeek.
Lawsuit About WhatsApp Security
Attaullah Baig, WhatsApp’s former head of security, has filed a whistleblower lawsuit alleging that Facebook deliberately failed to fix a bunch of security flaws, in violation of its 2019 settlement agreement with the Federal Trade Commission. The lawsuit, alleging violations of the whistleblower protection provision of the Sarbanes-Oxley Act passedRead More »Lawsuit About WhatsApp Security
Google Launched Behind-the-Scenes Campaign Against California Privacy Legislation; It Passed Anyway
Powerful companies typically combine traditional lobbying and strategies used by civil society organizations when regulatory pressures threaten their core business model. The post Google Launched Behind-the-Scenes Campaign Against California Privacy Legislation; It Passed Anyway appeared first on SecurityWeek.
Shiny tools, shallow checks: how the AI hype opens the door to malicious MCP servers
Introduction In this article, we explore how the Model Context Protocol (MCP) — the new “plug-in bus” for AI assistants — can be weaponized as a supply chain foothold. We start with a primer on MCP, map out protocol-level and supply chain attack paths, then walk through a hands-on proofRead More »Shiny tools, shallow checks: how the AI hype opens the door to malicious MCP servers