News

Fortinet says the large-scale credential-harvesting campaign currently targeting its customers’ firewalls and VPNs does not exploit new vulnerabilities. As part of the campaign, tracked as FortiBleed, threat actors have compiled a database of over 86,000 confirmed working credentials for Fortinet devices in 194 countries. “Based on our initial analysis, we believe the activity involves threat actors reusing credentials from previous incidents and employing brute-force techniques against devices with weak password hygiene and no multi-factor authentication…

Read More

French President Emmanuel Macron on Wednesday urged the world’s wealthy democracies to work together on regulating advanced artificial intelligence systems, speaking at a high-level meeting that included top AI executives. OpenAI CEO Sam Altman issued a similar plea at the Group of Seven summit of major industrialized nations in France, saying an “international forum” is needed for countries to draw up AI guardrails. He said the task of AI safety should not be left to…

Read More

SecurityWeek’s weekly cybersecurity news roundup offers a concise overview of important developments that may not receive full standalone coverage but remain relevant to the broader threat landscape. This curated summary highlights key stories across vulnerability disclosures, emerging attack methods, policy updates, industry reports, and other noteworthy events to help readers maintain a well-rounded awareness of the evolving cybersecurity environment. Here are this week’s highlights: 10-year-old phpBB flaw enables session hijacking Researchers uncovered a critical authentication…

Read More

Cisco on Thursday announced an agreement to acquire identity lifecycle security company WideField Security to strengthen the capabilities of Splunk’s Agentic SOC.  No financial details have been publicly disclosed. WideField raised more than $11 million in Series A funding last year.  WideField has developed technology that enables organizations to discover human and non-human identities, map exposures across accounts and roles, and assess hygiene gaps.  The company’s platform also enables users to detect misconfigurations in authentication…

Read More

Live Webinar: June 17, 2026 at 1PM ET – Register to Attend Today’s attackers are no longer breaking in — they’re logging in. Threat actors are increasingly using sophisticated social engineering, MFA fatigue attacks, session hijacking, credential theft, and help desk impersonation to bypass traditional security controls and move undetected across enterprise environments. In this webinar, we’ll break down the modern identity attack chain and examine how recent breaches exploited weaknesses in authentication, identity verification,…

Read More

Mackay Sugar, a major Australian sugar producer, has been targeted in a ransomware attack that forced it to shut down some of its mills. The hacker attack came to light on June 10, when Mackay Sugar announced it was responding to a cybersecurity incident affecting some of its operations. “Interim processes are in place to support critical business functions and minimise disruption where possible,” the company said at the time. Mackay Sugar operates three cane-processing…

Read More

In response to a recent wave of supply chain attacks targeting the NPM ecosystem, GitHub announced that scripts from dependencies will no longer be executed by default. Multiple major incidents that occurred over the past several months, mainly associated with TeamPCP and the Shai-Hulud self-replicating worm, have been abusing the default, automatic execution of scripts from dependencies during npm install to infect thousands of developers with malware. To better protect users, starting with NPM version…

Read More

AI giant Anthropic said Friday it has taken its latest artificial intelligence models, known as Fable 5 and Mythos 5, offline to comply with a directive from the Trump administration to prevent their use by foreign nationals. The export controls mark the U.S. government’s most significant step to date to restrict access to the most advanced AI models. Anthropic released Fable widely this week. That model is a limited version of the even more advanced…

Read More

SecurityWeek’s weekly cybersecurity news roundup offers a concise overview of important developments that may not receive full standalone coverage but remain relevant to the broader threat landscape. This curated summary highlights key stories across vulnerability disclosures, emerging attack methods, policy updates, industry reports, and other noteworthy events to help readers maintain a well-rounded awareness of the evolving cybersecurity environment. Here are this week’s highlights: IBM and AT&T accused of hack cover-ups A former IBM cybersecurity…

Read More