President Joe Biden issued an executive order on Thursday aimed at strengthening the nation’s cybersecurity and making it easier to go after foreign adversaries or hacking groups that try to compromise US internet and telecommunication systems. Provisions in the order call for the development of minimum cybersecurity standards for government technology contractors and require that […]

A hacker group has leaked data associated with roughly 15,000 Fortinet firewalls and an analysis has shown that it was likely obtained back in 2022 through the exploitation of a vulnerability. The hackers who leaked the data are calling themselves Belsen Group and they claim this is their “first official operation”. They announced on January […]

In 2024, organizations informed the US government about more than 580 healthcare data breaches affecting a total of nearly 180 million user records. SecurityWeek has conducted an analysis of the healthcare breach database maintained by the US Department of Health and Human Services Office for Civil Rights (HHS OCR), which stores information on incidents impacting […]

Jen Easterly, the outgoing head of the U.S. government’s Cybersecurity and Infrastructure Security Agency, said Wednesday she hopes her agency is allowed to continue its election-related work under new leadership despite “contentiousness” around that part of its mission. “I really, really hope that we can continue to support those state and local election officials,” she […]

The FBI, working in tandem with law enforcement authorities in France, have turned the PlugX malware’s own self-delete mechanism against it, erasing the China-linked remote access trojan from more than 4,200 infected computers in the United States. Using court-approved access to a command-and-control (C2) server, investigators sent self-delete commands embedded within the malware’s functionality, wiping […]

The International Monetary Fund estimates that in the past two decades, nearly one-fifth of reported cyber incidents have affected the global financial sector, causing $12 billion in direct losses to financial firms. Not only has the EU taken notice, but it is also on the verge of taking action. With January 17, 2025 as the […]

SecurityWeek’s Cyber Insights 2025 examines expert opinions on the expected evolution of more than a dozen areas of cybersecurity interest over the next 12 months. We spoke to hundreds of individual experts to gain their expert opinions. Here we discuss what to expect in Open Source and the Software Supply Chain. Attacking the OSS supply […]

A vulnerability in Google’s OAuth implementation can be abused to take over the accounts of former employees of failed startups by purchasing their domains, according to a report from secrets scanning firm Truffle Security. The issue is relatively straightforward: when purchasing a failed startup’s domain, anyone can re-create old employee e-mail accounts and use them […]

Google on Tuesday announced the release of Chrome 132 to the stable channel with 16 security fixes, including 13 that resolve vulnerabilities reported by external researchers. Of the externally reported flaws, five are high-severity bugs affecting browser components such as the V8 JavaScript engine, Navigation, the open source 2D graphics library Skia, Metrics, and Tracing. […]

Nvidia, Zoom, and Zyxel this week announced fixes for multiple high-severity vulnerabilities in their products, urging users to update devices as soon as possible. Nvidia released patches for three security defects in Container Toolkit and GPU Operator for Linux, including two high-severity improper isolation bugs that could be exploited using crafted container images. The first […]