Information

The open source data transfer tool and library curl has been updated this week with patches for 18 vulnerabilities, including one introduced 25 years ago. The flaws, four medium and 14 low-severity, were discovered as part of a community effort after Anthropic’s Mythos discovered a single curl bug in early May. This release resolves the highest number of CVEs patched with a single curl update, including an issue that was introduced in version 7.7, shipped…

Weeks to hours. That’s how fast AI now turns a new vulnerability into a working exploit. Patch-and-pentest cycles were built for a slower world. The question has changed from “are we patched?” to “are we secure right now, and can we prove it?” Here’s the hard truth: finding exposures was never the problem. Proving which ones an attacker could actually use, and deciding the right call on evidence, is the hard part. And no single tool gets…

Fortinet says the large-scale credential-harvesting campaign currently targeting its customers’ firewalls and VPNs does not exploit new vulnerabilities. As part of the campaign, tracked as FortiBleed, threat actors have compiled a database of over 86,000 confirmed working credentials for Fortinet devices in 194 countries. “Based on our initial analysis, we believe the activity involves threat actors reusing credentials from previous incidents and employing brute-force techniques against devices with weak password hygiene and no multi-factor authentication…

French President Emmanuel Macron on Wednesday urged the world’s wealthy democracies to work together on regulating advanced artificial intelligence systems, speaking at a high-level meeting that included top AI executives. OpenAI CEO Sam Altman issued a similar plea at the Group of Seven summit of major industrialized nations in France, saying an “international forum” is needed for countries to draw up AI guardrails. He said the task of AI safety should not be left to…

SecurityWeek’s weekly cybersecurity news roundup offers a concise overview of important developments that may not receive full standalone coverage but remain relevant to the broader threat landscape. This curated summary highlights key stories across vulnerability disclosures, emerging attack methods, policy updates, industry reports, and other noteworthy events to help readers maintain a well-rounded awareness of the evolving cybersecurity environment. Here are this week’s highlights: 10-year-old phpBB flaw enables session hijacking Researchers uncovered a critical authentication…

Cisco on Thursday announced an agreement to acquire identity lifecycle security company WideField Security to strengthen the capabilities of Splunk’s Agentic SOC.  No financial details have been publicly disclosed. WideField raised more than $11 million in Series A funding last year.  WideField has developed technology that enables organizations to discover human and non-human identities, map exposures across accounts and roles, and assess hygiene gaps.  The company’s platform also enables users to detect misconfigurations in authentication…