Information

A recently patched vulnerability in Fortra GoAnywhere MFT (Managed File Transfer) was exploited as a zero-day by a Chinese ransomware group, Microsoft reports. The flaw, tracked as CVE-2025-10035 (CVSS score of 10/10), was disclosed on September 18, when Fortra rolled out patches for it. A deserialization issue in the application’s license servlet, the bug can be exploited for command injection and remote code execution (RCE). Shortly after public disclosure, cybersecurity firm watchTowr warned that the…

Cloud security giant Wiz has announced a new hacking competition where participants can earn significant rewards for demonstrating exploits against widely used cloud software. The competition is named Zeroday.Cloud and it offers participants a total of $4.5 million in bug bounties. Interested security researchers must submit their entry by December 1 and they will demonstrate their exploits live on stage at the Black Hat Europe conference taking place December 10-11 in London.  Wiz has teamed…

SecurityWeek’s cybersecurity news roundup provides a concise compilation of noteworthy stories that might have slipped under the radar. We provide a valuable summary of stories that may not warrant an entire article, but are nonetheless important for a comprehensive understanding of the cybersecurity landscape. Each week, we curate and present a collection of noteworthy developments, ranging from the latest vulnerability discoveries and emerging attack techniques to significant policy changes and industry reports.  Here are this…

Cybersecurity startup Oneleet has announced raising $33 million in a Series A funding round that brings the total raised by the company to $35 million. The investment round was led by Dawn Capital, with additional support from Y Combinator and several angel investors. Founded in 2022 and based in Amsterdam, Netherlands, Oneleet has built a platform that provides organizations with visibility into their security posture to help them improve protections and ensure compliance. The solution…

The OpenSSL Project has announced the availability of several new versions of the open source SSL/TLS toolkit, which include patches for three vulnerabilities. Versions 3.5.4, 3.4.3, 3.3.5, 3.2.6, 3.0.18, 1.0.2zm and 1.1.1zd of the OpenSSL Library have been released. Most of them fix all three vulnerabilities, tracked as CVE-2025-9230, CVE-2025-9231 and CVE-2025-9232. Two of the vulnerabilities have been assigned a ‘moderate severity’ rating. One of them is CVE-2025-9231, which may allow an attacker to recover…

The official Call for Presentations (CFP) for SecurityWeek’s 2025 CISO Forum Virtual Summit, being held November 12-13, 2025, is open through October 10, 2025. Throughout this two-day virtual event, sessions will have a strong focus on participation from CISOs in panel discussions and individual end-user experience presentations, along with talks from industry experts, analysts and other end-users, and thought leadership, strategy and technical sessions. This online event is expected to attract more than 2,500 attendee registrations from around the world. Through…

The Cybersecurity Information Sharing Act (CISA) is designed to provide encouragement and protection for and while sharing threat information. A sunset clause built into the Cybersecurity Information Sharing Act 2015 (PDF) means it will expire at the end of September 2025 unless reauthorized by the US Congress. At the time of writing, it has not been reauthorized. “If you find something in your software that shouldn’t be there, and there’s some indication that it is…