SecurityWeek’s Cyber Insights 2025 examines expert opinions on the expected evolution of more than a dozen areas of cybersecurity interest over the next 12 months. We spoke to hundreds of individual experts to gain their expert opinions. Here we discuss what to expect in Open Source and the Software Supply Chain. Attacking the OSS supply […]

A vulnerability in Google’s OAuth implementation can be abused to take over the accounts of former employees of failed startups by purchasing their domains, according to a report from secrets scanning firm Truffle Security. The issue is relatively straightforward: when purchasing a failed startup’s domain, anyone can re-create old employee e-mail accounts and use them […]

Google on Tuesday announced the release of Chrome 132 to the stable channel with 16 security fixes, including 13 that resolve vulnerabilities reported by external researchers. Of the externally reported flaws, five are high-severity bugs affecting browser components such as the V8 JavaScript engine, Navigation, the open source 2D graphics library Skia, Metrics, and Tracing. […]

Nvidia, Zoom, and Zyxel this week announced fixes for multiple high-severity vulnerabilities in their products, urging users to update devices as soon as possible. Nvidia released patches for three security defects in Container Toolkit and GPU Operator for Linux, including two high-severity improper isolation bugs that could be exploited using crafted container images. The first […]

North Korean hackers stole approximately $660 million in cryptocurrency in 2024, the US, Japan, and South Korea said in a joint statement on Tuesday. Warning the blockchain technology industry of the threat posed by the North Korean hacking groups, the statement reiterates that the stolen funds are used to fuel Pyongyang’s “unlawful weapons of mass […]

Ivanti on Tuesday announced patches for multiple critical- and high-severity vulnerabilities in Avalanche, Application Control Engine, and Endpoint Manager (EPM). The most severe of the resolved flaws are four absolute path traversal issues in Ivanti EPM that could allow remote, unauthenticated attackers to leak sensitive information. Tracked as CVE-2024-10811, CVE-2024-13161, CVE-2024-13160, and CVE-2024-13159 (CVSS score […]

Fortinet on Tuesday published over a dozen new advisories describing critical- and high-severity vulnerabilities found recently in the company’s products, including a zero-day flaw that has been exploited in the wild since at least November 2024.  The zero-day is tracked as CVE-2024-55591 and it has been described by Fortinet as a critical vulnerability affecting FortiOS […]

Schneider Electric, Siemens, Phoenix Contact and CISA have released ICS product security advisories on the January 2025 Patch Tuesday. Schneider Electric published nine new advisories this month. Six of them describe high-severity vulnerabilities affecting PowerLogic HDPM6000 High-Density Metering System (privilege escalation), RemoteConnect and SCADAPackTM x70 utilities (potential remote code execution), Modicon M340 and BMXNO communication […]

Software maker Adobe on Tuesday rolled out fixes for more than a dozen security defects in multiple products and warned that malicious hackers can exploit these bugs in remote code execution attacks. The company said the vulnerabilities affect Adobe Photoshop, Substance 3D Stager, Illustrator for iPad, Adobe Animate, and the Adobe Substance 3D Designer.  According […]

Microsoft’s struggles with zero-days have stretched into 2025 with fresh news of a trio of already-exploited vulnerabilities in the Windows Hyper-V platform. The software giant on Tuesday called urgent attention to three separate flaws in the Windows Hyper-V NT Kernel Integration Virtualization Service Provider (VSP) and warned that malicious attackers are already launching privilege escalation […]