Oracle has confirmed suffering a data breach but the tech giant is apparently trying to downplay the impact of the incident. The post Oracle Confirms Cloud Hack appeared first on SecurityWeek.

Evidence shows a SpotBugs token compromised in December 2024 was used in the March 2025 GitHub Actions supply chain attack. The post Compromised SpotBugs Token Led to GitHub Actions Supply Chain Hack appeared first on

A critical vulnerability in Apache Parquet can be exploited to execute arbitrary code remotely, leading to complete system compromise. The post Critical Apache Parquet Vulnerability Leads to Remote Code Execution appeared first on SecurityWeek.

Ivanti misdiagnoses a remote code execution vulnerability and Mandiant reports that Chinese hackers are launching in-the-wild exploits. The post Chinese APT Pounces on Misdiagnosed RCE in Ivanti VPN Appliances  appeared first on SecurityWeek.

An unauthenticated SQL injection vulnerability in Halo ITSM could have been exploited to read, modify, or insert data. The post Halo ITSM Vulnerability Exposed Organizations to Remote Hacking appeared first on SecurityWeek.

The notorious cybercrime group Hunters International is dropping ransomware to focus on data theft and extortion. The post Hunters International Ransomware Gang Rebranding, Shifting Focus appeared first on SecurityWeek.

Less than two dozen cybersecurity merger and acquisition (M&A) deals were announced in March 2025. The post Cybersecurity M&A Roundup: 23 Deals Announced in March 2025 appeared first on SecurityWeek.

Two CVEs now exist for an actively exploited CrushFTP vulnerability and much of the security industry is using the ‘wrong one’. The post Details Emerge on CVE Controversy Around Exploited CrushFTP Vulnerability  appeared first on

GitHub has announced new capabilities to help organizations and developers keep secrets in their code protected. The post 39 Million Secrets Leaked on GitHub in 2024 appeared first on SecurityWeek.

Cisco fixes two high-severity denial-of-service vulnerabilities in Meraki devices and Enterprise Chat and Email. The post Vulnerabilities Expose Cisco Meraki and ECE Products to DoS Attacks appeared first on SecurityWeek.

Google’s patches for Quick Share for Windows vulnerabilities leading to remote code execution were incomplete and could be easily bypassed. The post Google Released Second Fix for Quick Share Flaws After Patch Bypass appeared first

Adaptive is pitching a security platform designed to replicate real-world attack scenarios through AI-generated deepfake simulations.  The post Serial Entrepreneurs Raise $43M to Counter AI Deepfakes, Social Engineering appeared first on SecurityWeek.