A summary of the announcements made by vendors in the days leading up to the RSAC 2026 Conference.
The post RSAC 2026 Conference Announcements Summary (Pre-Event) appeared first on SecurityWeek.
The latest M-Trends report is based on insights from over 500,000 hours of Mandiant incident response investigations in 2025.
The post M-Trends 2026: Initial Access Handoff Shrinks From Hours to 22 Seconds appeared first on SecurityWeek.
AstraZeneca Data Breach: What You Need to Know A newly surfaced Dark Web post is drawing attention to an alleged AstraZeneca data breach linked to the LAPSUS$ threat group. Based on the materials reviewed, the claim goes beyond a routine leak post and suggests possible exposure of internal code repositories, access-related data, cloud and infrastructure […]
The semiconductor company says hackers deployed file-encrypting ransomware on the network of a subsidiary in Singapore.
The post Chip Services Firm Trio-Tech Says Subsidiary Hit by Ransomware appeared first on SecurityWeek.
Hackers published a malicious scanner release and replaced tags to point to information-stealer malware.
The post Aqua’s Trivy Vulnerability Scanner Hit by Supply Chain Attack appeared first on SecurityWeek.
CVE-2025-32975: Quest KACE SMA SSO Authentication Bypass Enables Admin Takeover Quest KACE Systems Management Appliance (SMA) has a maximum-severity vulnerability, CVE-2025-32975, that allows an attacker to bypass authentication in the product’s SSO authentication handling. An unauthenticated attacker can potentially impersonate legitimate users and work toward full administrative takeover. Reporting in March 2026 tied suspicious, real-world […]
Crunchyroll Alleged Data Breach: What Do Users Need to Know? Reports of a possible Crunchyroll (A popular anime streaming platform) data breach have drawn attention after claims surfaced that a threat actor may have accessed user-related data and internal support information. Crunchyroll has not publicly confirmed the full scope of those claims, so the story […]
The flaws could allow attackers to access sensitive information, execute code, or cause unexpected behavior.
The post QNAP Patches Four Vulnerabilities Exploited at Pwn2Own appeared first on SecurityWeek.
Attack volumes are back to pre-disruption levels, and the adversary tactics have remained unchanged.
The post Tycoon 2FA Fully Operational Despite Law Enforcement Takedown appeared first on SecurityWeek.
Alleged Rogers, StockX, and Tax Office Data Sales Plus Crypto, Bank, and Magento Listings SOCRadar’s Dark Web Team identified several new underground posts this week, including an alleged database sale tied to Rogers Communications and Fido, a U.S.-focused tax office dataset advertised with sensitive tax and banking fields, and multiple credential-oriented listings connected to Australian […]