CyberSecurity Updates

Legit Security has detailed a vulnerability in the GitHub Copilot Chat AI assistant that led to sensitive data leakage and full control over Copilot’s responses. Combining a Content Security Policy (CSP) bypass with remote prompt injection, Legit Security’s Omer Mayraz was able to leak AWS keys and zero-day bugs from private repositories, and influence the responses Copilot provided to other users. Copilot Chat is designed to provide code explanations and suggestions, and allows users to…

Read More

Industrial cybersecurity firm Radiflow has unveiled a new platform for mid-sized enterprises. The new platform, named Radiflow360, leverages AI to provide enhanced visibility, risk management, and incident response capabilities.  According to Radiflow, the platform enables comprehensive visibility and control over OT networks, with an AI assistant speeding up assessments and threat prioritization. Radiflow360, which integrates with other Radiflow and third-party tools, helps streamline compliance and accelerate incident response. The company advertises the platform as ideal…

Read More

A recently patched vulnerability in Fortra GoAnywhere MFT (Managed File Transfer) was exploited as a zero-day by a Chinese ransomware group, Microsoft reports. The flaw, tracked as CVE-2025-10035 (CVSS score of 10/10), was disclosed on September 18, when Fortra rolled out patches for it. A deserialization issue in the application’s license servlet, the bug can be exploited for command injection and remote code execution (RCE). Shortly after public disclosure, cybersecurity firm watchTowr warned that the…

Read More

Cloud security giant Wiz has announced a new hacking competition where participants can earn significant rewards for demonstrating exploits against widely used cloud software. The competition is named Zeroday.Cloud and it offers participants a total of $4.5 million in bug bounties. Interested security researchers must submit their entry by December 1 and they will demonstrate their exploits live on stage at the Black Hat Europe conference taking place December 10-11 in London.  Wiz has teamed…

Read More

SecurityWeek’s cybersecurity news roundup provides a concise compilation of noteworthy stories that might have slipped under the radar. We provide a valuable summary of stories that may not warrant an entire article, but are nonetheless important for a comprehensive understanding of the cybersecurity landscape. Each week, we curate and present a collection of noteworthy developments, ranging from the latest vulnerability discoveries and emerging attack techniques to significant policy changes and industry reports.  Here are this…

Read More

Cybersecurity startup Oneleet has announced raising $33 million in a Series A funding round that brings the total raised by the company to $35 million. The investment round was led by Dawn Capital, with additional support from Y Combinator and several angel investors. Founded in 2022 and based in Amsterdam, Netherlands, Oneleet has built a platform that provides organizations with visibility into their security posture to help them improve protections and ensure compliance. The solution…

Read More

The OpenSSL Project has announced the availability of several new versions of the open source SSL/TLS toolkit, which include patches for three vulnerabilities. Versions 3.5.4, 3.4.3, 3.3.5, 3.2.6, 3.0.18, 1.0.2zm and 1.1.1zd of the OpenSSL Library have been released. Most of them fix all three vulnerabilities, tracked as CVE-2025-9230, CVE-2025-9231 and CVE-2025-9232. Two of the vulnerabilities have been assigned a ‘moderate severity’ rating. One of them is CVE-2025-9231, which may allow an attacker to recover…

Read More

The official Call for Presentations (CFP) for SecurityWeek’s 2025 CISO Forum Virtual Summit, being held November 12-13, 2025, is open through October 10, 2025. Throughout this two-day virtual event, sessions will have a strong focus on participation from CISOs in panel discussions and individual end-user experience presentations, along with talks from industry experts, analysts and other end-users, and thought leadership, strategy and technical sessions. This online event is expected to attract more than 2,500 attendee registrations from around the world. Through…

Read More