News

The OpenSSL Project has announced the availability of several new versions of the open source SSL/TLS toolkit, which include patches for three vulnerabilities. Versions 3.5.4, 3.4.3, 3.3.5, 3.2.6, 3.0.18, 1.0.2zm and 1.1.1zd of the OpenSSL Library have been released. Most of them fix all three vulnerabilities, tracked as CVE-2025-9230, CVE-2025-9231 and CVE-2025-9232. Two of the vulnerabilities have been assigned a ‘moderate severity’ rating. One of them is CVE-2025-9231, which may allow an attacker to recover…

The official Call for Presentations (CFP) for SecurityWeek’s 2025 CISO Forum Virtual Summit, being held November 12-13, 2025, is open through October 10, 2025. Throughout this two-day virtual event, sessions will have a strong focus on participation from CISOs in panel discussions and individual end-user experience presentations, along with talks from industry experts, analysts and other end-users, and thought leadership, strategy and technical sessions. This online event is expected to attract more than 2,500 attendee registrations from around the world. Through…

The Cybersecurity Information Sharing Act (CISA) is designed to provide encouragement and protection for and while sharing threat information. A sunset clause built into the Cybersecurity Information Sharing Act 2015 (PDF) means it will expire at the end of September 2025 unless reauthorized by the US Congress. At the time of writing, it has not been reauthorized. “If you find something in your software that shouldn’t be there, and there’s some indication that it is…

SecurityWeek’s cybersecurity news roundup provides a concise compilation of noteworthy stories that might have slipped under the radar. We provide a valuable summary of stories that may not warrant an entire article, but are nonetheless important for a comprehensive understanding of the cybersecurity landscape. Each week, we curate and present a collection of noteworthy developments, ranging from the latest vulnerability discoveries and emerging attack techniques to significant policy changes and industry reports.  Here are this…

A crackdown on cybercrime coordinated by Interpol has led to the arrests across 14 African countries of 260 people suspected in online romance and extortion scams, the organization announced Friday. The operation took place in July and August and focused on scams in which perpetrators build online romantic relationships to extract money from targets or blackmail them with explicit images, Interpol said. Altogether the scams targeted more than 1,400 victims who lost nearly $2.8 million,…

Prompt injection and an expired domain could have been used to target Salesforce’s Agentforce platform for data theft. The attack method, dubbed ForcedLeak, was discovered by researchers at Noma Security, a company that recently raised $100 million for its AI agent security platform. Salesforce Agentforce enables businesses to build and deploy autonomous AI agents across functions such as sales, marketing, and commerce. These agents act independently to complete multi-step tasks without constant human intervention. The…

Jaguar Land Rover said Tuesday that its production lines, shut down after a cyberattack in August, will remain at a halt until at least Oct. 1. Britain’s biggest automaker sent workers home from its factories in central and northwest England on Aug. 31. The shutdown has rippled through the U.K. auto industry. JLR, which is owned by India’s Tata Motors, employs more than 30,000 people, with its supply chain supporting tens of thousands more jobs.…