Noteworthy stories that might have slipped under the radar: Huntress research raises concerns, Google paid out $1.6 million for cloud vulnerabilities, California web browser bill. The post In Other News: $900k for XSS Bugs, HybridPetya Malware, Burger King Censors Research appeared first on SecurityWeek.
A deserialization of untrusted data in the MOM software allows attackers to achieve remote code execution. The post DELMIA Factory Software Vulnerability Exploited in Attacks appeared first on SecurityWeek.
Apple this year sent at least four rounds of notifications to French users potentially targeted by commercial spyware. The post Apple Sends Fresh Wave of Spyware Notifications to French Users appeared first on SecurityWeek.
Cybersecurity researchers have discovered a new ransomware strain dubbed HybridPetya that resembles the notorious Petya/NotPetya malware, while also incorporating the ability to bypass the Secure Boot mechanism in Unified Extensible Firmware Interface (UEFI) systems using a now-patched vulnerability disclosed earlier this year. Slovakian cybersecurity company ESET said the samples wereRead More »New HybridPetya Ransomware Bypasses UEFI Secure Boot With CVE-2024-7344 Exploit
F5 is buying CalypsoAI for its adaptive AI inference security solutions, which will be integrated into its Application Delivery and Security Platform. The post F5 to Acquire CalypsoAI for $180 Million appeared first on SecurityWeek.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a critical security flaw impacting Dassault Systèmes DELMIA Apriso Manufacturing Operations Management (MOM) software to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerability, tracked as CVE-2025-5086, carries a CVSS score of 9.0 outRead More »Critical CVE-2025-5086 in DELMIA Apriso Actively Exploited, CISA Issues Warning
CISA says it is time for the CVE Program to focus on improving trust, responsiveness, and the caliber of vulnerability data. The post CISA: CVE Program to Focus on Vulnerability Data Quality appeared first on SecurityWeek.
Exploiting incomplete speculative execution attack mitigations extended to the branch predictor state, VMScape leaks arbitrary memory. The post VMScape: Academics Break Cloud Isolation With New Spectre Attack appeared first on SecurityWeek.
KioSoft was notified about a serious NFC card vulnerability in 2023 and only recently claimed to have released a patch. The post Payment System Vendor Took Year+ to Patch Infinite Card Top-Up Hack: Security Firm appeared first on SecurityWeek.
The security landscape for cloud-native applications is undergoing a profound transformation. Containers, Kubernetes, and serverless technologies are now the default for modern enterprises, accelerating delivery but also expanding the attack surface in ways traditional security models can’t keep up with. As adoption grows, so does complexity. Security teams are askedRead More »Cloud-Native Security in 2025: Why Runtime Visibility Must Take Center Stage
