To optimize management of CVE volume, entries that do not meet specific criteria will not be automatically enriched.
The post NIST Prioritizes NVD Enrichment for CVEs in CISA KEV, Critical Software appeared first on SecurityWeek.
Cisco Patches Critical Vulnerabilities in Webex, ISE
The flaws can be exploited remotely to impersonate users or execute arbitrary commands on the underlying OS.
The post Cisco Patches Critical Vulnerabilities in Webex, ISE appeared first on SecurityWeek.
Ransomware Hits Automotive Data Expert Autovista
The automotive analysis and data company is working with external experts to investigate the attack.
The post Ransomware Hits Automotive Data Expert Autovista appeared first on SecurityWeek.
Claude Code, Gemini CLI, GitHub Copilot Agents Vulnerable to Prompt Injection via Comments
A researcher has disclosed the details of the AI attack method he has named ‘Comment and Control’.
The post Claude Code, Gemini CLI, GitHub Copilot Agents Vulnerable to Prompt Injection via Comments appeared first on SecurityWeek.
Sweden Blames Pro-Russian Group for Cyberattack Last Year on Its Energy Infrastructure
In what was Sweden’s first public mention of the attack, the country’s minister for civil defense said it targeted a heating plant in western Sweden.
The post Sweden Blames Pro-Russian Group for Cyberattack Last Year on Its Energy Infrastructure appeared first on SecurityWeek.
Exploited Vulnerability Exposes Nginx Servers to Hacking
Hackers are exploiting CVE-2026-33032, a critical remote takeover vulnerability in the Nginx UI management tool.
The post Exploited Vulnerability Exposes Nginx Servers to Hacking appeared first on SecurityWeek.
Capsule Security Emerges From Stealth With $7 Million in Funding
The Israeli startup aims to secure AI agents at runtime, continuously monitoring their behavior to prevent unsafe actions.
The post Capsule Security Emerges From Stealth With $7 Million in Funding appeared first on SecurityWeek.
‘By Design’ Flaw in MCP Could Enable Widespread AI Supply Chain Attacks
Researchers warn that a flaw in Anthropic’s Model Context Protocol allows unsanitized commands to execute silently, enabling full system compromise across widely used AI environments.
The post ‘By Design’ Flaw in MCP Could Enable Widespread AI Supply Chain Attacks appeared first on SecurityWeek.
100 Chrome Extensions Steal User Data, Create Backdoor
Published through five accounts, the extensions appear part of a coordinated campaign based on shared C&C infrastructure.
The post 100 Chrome Extensions Steal User Data, Create Backdoor appeared first on SecurityWeek.
CISO Conversations: Ross McKerchar, CISO at Sophos
Sophos’ Ross McKerchar discusses leadership at scale, retaining talent, defending against AI-enabled threats, and the industry’s growing trust problem.
The post CISO Conversations: Ross McKerchar, CISO at Sophos appeared first on SecurityWeek.
