News

Fortinet and Ivanti on Tuesday announced patches for 18 vulnerabilities across their product portfolios, including three critical-severity bugs. Fortinet published 11 advisories describing as many bugs, including two dealing with critical-severity code execution security defects. Tracked as CVE-2026-44277 (CVSS score of 9.1), the first of them is an improper access control issue in FortiAuthenticator that could be exploited remotely, without authentication, via crafted requests. “FortiAuthenticator Cloud is not impacted by the issue, and hence customers…

Read More

Frame Security emerged from stealth mode on Monday with $50 million in funding raised for its AI-powered cybersecurity awareness and training platform. The investment came from Team8, Index Ventures, Picture Capital, Elad Gil, Cerca Partners, and Tesonet. US- and Israel-based Frame Security was founded by Tal Shlomo, who serves as the company’s CEO, and Sharon Shmueli, who serves as CTO. Shlomo was one of the earliest employees of cloud security giant Wiz, while Shmueli until…

Read More

SecurityWeek’s weekly cybersecurity news roundup offers a concise overview of important developments that may not receive full standalone coverage but remain relevant to the broader threat landscape. This curated summary highlights key stories across vulnerability disclosures, emerging attack methods, policy updates, industry reports, and other noteworthy events to help readers maintain a well-rounded awareness of the evolving cybersecurity environment. Here are this week’s highlights: US government targets 72-hour patch cycles US cybersecurity officials are proposing…

Read More

Poland’s Internal Security Agency (ABW) has documented a significant escalation in cyberattacks targeting industrial control systems (ICS) and other operational technology (OT) infrastructure during 2024 and 2025, with state-sponsored threat actors increasingly shifting focus toward the physical disruption of critical services. A Polish official revealed in August 2025 that a cyberattack could have caused a city to lose its water supply, but the attack was thwarted. No technical information was shared at the time.  The…

Read More

Autonomous offensive security firm XBOW on Wednesday announced raising $35 million in an extension of the Series C funding round announced earlier this year. The initial Series C, in which it raised $120 million, increased the company’s valuation to more than $1 billion. The latest investment brings the total raised by XBOW to more than $270 million. The new funding came from Accenture Ventures, DNX Ventures, Liberty Global Tech Ventures, NVentures, Samsung Ventures, and SentinelOne…

Read More

Palo Alto Networks is working on patches for a critical PAN-OS zero-day that has been exploited to hack some of the company’s firewall models. Tracked as CVE-2026-0300, the vulnerability has been described as a buffer overflow affecting the User-ID Authentication Portal (Captive Portal) service of PAN-OS software.  The zero-day affects PA and VM series firewalls, allowing an unauthenticated attacker to execute malicious code with root privileges via specially crafted packets.  “Limited exploitation has been observed…

Read More

Cisco on Monday announced its intent to acquire Astrix Security, a startup focused on securing non-human identities (NHIs) such as API keys, service accounts, and OAuth tokens increasingly used by applications and AI agents. In a blog post, Cisco said the acquisition is aimed at extending zero trust principles to the emerging “agentic workforce,” where AI agents and machine identities are rapidly expanding the enterprise attack surface. Astrix’s technology is designed to help organizations discover, govern, and…

Read More

The Pentagon said Friday that it has reached deals with seven tech companies to use their artificial intelligence in its classified computer networks, allowing the military to tap into AI-powered capabilities to help it fight wars. Google, Microsoft, Amazon Web Services, Nvidia, OpenAI, Reflection and SpaceX will provide their resources to help “augment warfighter decision-making in complex operational environments,” the Defense Department said. Notably absent from the list is AI company Anthropic, after its public…

Read More