CyberSecurity Updates

Autonomous offensive security firm XBOW on Wednesday announced raising $35 million in an extension of the Series C funding round announced earlier this year. The initial Series C, in which it raised $120 million, increased the company’s valuation to more than $1 billion. The latest investment brings the total raised by XBOW to more than $270 million. The new funding came from Accenture Ventures, DNX Ventures, Liberty Global Tech Ventures, NVentures, Samsung Ventures, and SentinelOne…

Palo Alto Networks is working on patches for a critical PAN-OS zero-day that has been exploited to hack some of the company’s firewall models. Tracked as CVE-2026-0300, the vulnerability has been described as a buffer overflow affecting the User-ID Authentication Portal (Captive Portal) service of PAN-OS software.  The zero-day affects PA and VM series firewalls, allowing an unauthenticated attacker to execute malicious code with root privileges via specially crafted packets.  “Limited exploitation has been observed…

Cisco on Monday announced its intent to acquire Astrix Security, a startup focused on securing non-human identities (NHIs) such as API keys, service accounts, and OAuth tokens increasingly used by applications and AI agents. In a blog post, Cisco said the acquisition is aimed at extending zero trust principles to the emerging “agentic workforce,” where AI agents and machine identities are rapidly expanding the enterprise attack surface. Astrix’s technology is designed to help organizations discover, govern, and…

The Pentagon said Friday that it has reached deals with seven tech companies to use their artificial intelligence in its classified computer networks, allowing the military to tap into AI-powered capabilities to help it fight wars. Google, Microsoft, Amazon Web Services, Nvidia, OpenAI, Reflection and SpaceX will provide their resources to help “augment warfighter decision-making in complex operational environments,” the Defense Department said. Notably absent from the list is AI company Anthropic, after its public…

A recently discovered phishing kit provides miscreants with a broad range of capabilities, including an AI assistant and automated domain registration, Varonis reports. Dubbed Bluekit, it has been advertised as offering over 40 website templates, support for two-factor authentication, geolocation emulation, antibot cloaking, notifications, spoofing capabilities, voice cloning, and a mail sender. According to Varonis, the phishing kit contains templates for email and cloud services, developer platforms, cryptocurrency services, and retail and social media platforms,…

SecurityWeek’s weekly cybersecurity news roundup offers a concise overview of important developments that may not receive full standalone coverage but remain relevant to the broader threat landscape. This curated summary highlights key stories across vulnerability disclosures, emerging attack methods, policy updates, industry reports, and other noteworthy events to help readers maintain a well-rounded awareness of the evolving cybersecurity environment. Here are this week’s highlights: OFAC hits Iranian central bank crypto reserves OFAC designated two cryptocurrency…