News

SecurityWeek’s cybersecurity news roundup provides a concise compilation of noteworthy stories that might have slipped under the radar. We provide a valuable summary of stories that may not warrant an entire article, but are nonetheless important for a comprehensive understanding of the cybersecurity landscape. Each week, we curate and present a collection of noteworthy developments, ranging from the latest vulnerability discoveries and emerging attack techniques to significant policy changes and industry reports.  Here are this…

Threat actors are exploiting a critical-severity vulnerability in DELMIA Apriso factory software, the US cybersecurity agency CISA warns. Developed by French company Dassault Systèmes, DELMIA Apriso is a manufacturing operations management (MOM) and manufacturing execution system (MES) software designed for managing every detail of the manufacturing process. The software is used in North America, Europe, and Asia, including in the aerospace and defense, automotive, high-tech, and industrial equipment industries.  Tracked as CVE-2025-5086 (CVSS score of…

Apple in early September sent a fresh wave of threat notifications to French users it believes might have been targeted by commercial spyware. This is at least the fourth time the Cupertino-based tech giant has notified users in France of potential mercenary spyware attacks, according to an alert from the French national Computer Emergency Response Team (CERT-FR). “This alert records all waves of notifications sent by Apple and known to CERT-FR since March 5, 2025.…

Nevada on Wednesday confirmed that the days-long disruption to state systems and services was caused by a ransomware attack. The incident, disclosed on Monday morning as a network security incident, occurred on Sunday, and forced Nevada to close all state offices on Monday and Tuesday. During a press conference on Wednesday, the state’s officials publicly confirmed that a “sophisticated ransomware attack” was the cause of the disruptions. “Upon detection, we immediately activated our established cybersecurity…

Two serious vulnerabilities were patched recently by Xerox in its FreeFlow Core print orchestration platform.  According to pentesting company Horizon3, whose researchers discovered the flaws, FreeFlow Core is affected by an XXE injection flaw (CVE-2025-8355) and a path traversal issue (CVE-2025-8356). The researchers discovered that the vulnerabilities could allow an unauthenticated, remote attacker to execute arbitrary code on affected FreeFlow Core instances. The potential impact has been demonstrated with an exploit that placed a webshell…

Two different firms have tested the newly released GPT-5, and both find its security sadly lacking. After Grok-4 fell to a jailbreak in two days, GPT-5 fell in 24 hours to the same researchers. Separately, but almost simultaneously, red teamers from SPLX (formerly known as SplxAI) declare, “GPT-5’s raw model is nearly unusable for enterprise out of the box. Even OpenAI’s internal prompt layer leaves significant gaps, especially in Business Alignment.” NeuralTrust’s jailbreak employed a…

SecurityWeek’s cybersecurity news roundup provides a concise compilation of noteworthy stories that might have slipped under the radar. We provide a valuable summary of stories that may not warrant an entire article, but are nonetheless important for a comprehensive understanding of the cybersecurity landscape. Each week, we curate and present a collection of noteworthy developments, ranging from the latest vulnerability discoveries and emerging attack techniques to significant policy changes and industry reports.  Here are this…

Spanish authorities have announced the arrest of an individual suspected of being a hacker who has claimed attacks on dozens of organizations.  Police said the unnamed man — described as a “dangerous hacker” — was arrested in the town of Calpe in Spain’s Alicante province, for allegedly launching cyberattacks on more than 40 organizations and leaking stolen data. Investigators searched the suspect’s home, seized electronic devices, and identified more than 50 cryptocurrency accounts. According to…

Virtual conference will explore cybersecurity use-cases for artificial intelligence (AI) technology and the race to protect LLM algorithms from adversarial use. SecurityWeek will host its 2023 Cyber AI & Automation Summit on December 6, 2023 as a fully immersive virtual conference, showcasing prominent technologists discussing the burgeoning AI-powered security landscape. The Cyber AI & Automation Summit will feature keynotes and editorial presentations from Chief Information Security Officers (CISOs), software developers, policy analysts, government representatives and…