Chainguard has raised $636 million in the past six months alone for its software supply chain security solutions.
The post Chainguard Raises $280 Million in Growth Funding appeared first on SecurityWeek.
Massive China-Linked Smishing Campaign Leveraged 194,000 Domains
The malicious Smishing Triad domains were used to collect sensitive information, including Social Security numbers.
The post Massive China-Linked Smishing Campaign Leveraged 194,000 Domains appeared first on SecurityWeek.
New Firefox Extensions Required to Disclose Data Collection Practices
All new extensions will be required to declare their data collection practices in their manifest file using a specific key.
The post New Firefox Extensions Required to Disclose Data Collection Practices appeared first on SecurityWeek.
Year-Old WordPress Plugin Flaws Exploited to Hack Websites
Roughly 9 million exploit attempts were observed this month as mass exploitation of the critical vulnerabilities recommenced.
The post Year-Old WordPress Plugin Flaws Exploited to Hack Websites appeared first on SecurityWeek.
Ransomware Payments Dropped in Q3 2025: Analysis
Coveware has attributed the drop to large enterprises increasingly refusing to pay up and smaller amounts paid by mid-market firms.
The post Ransomware Payments Dropped in Q3 2025: Analysis appeared first on SecurityWeek.
Chrome Zero-Day Exploitation Linked to Hacking Team Spyware
The threat actor behind Operation ForumTroll used the same toolset typically employed in Dante spyware attacks.
The post Chrome Zero-Day Exploitation Linked to Hacking Team Spyware appeared first on SecurityWeek.
$1M WhatsApp Hack Flops: Only Low-Risk Bugs Disclosed to Meta After Pwn2Own Withdrawal
WhatsApp told SecurityWeek that the two low-impact vulnerabilities cannot be used for arbitrary code execution.
The post $1M WhatsApp Hack Flops: Only Low-Risk Bugs Disclosed to Meta After Pwn2Own Withdrawal appeared first on SecurityWeek.
ChatGPT Atlas’ Omnibox Is Vulnerable to Jailbreaks
Researchers have discovered that a prompt can be disguised as an url, and accepted by Atlas as an url in the omnibox.
The post ChatGPT Atlas’ Omnibox Is Vulnerable to Jailbreaks appeared first on SecurityWeek.
Critical Windows Server WSUS Vulnerability Exploited in the Wild
CVE-2025-59287 allows a remote, unauthenticated attacker to execute arbitrary code and a PoC exploit is available.
The post Critical Windows Server WSUS Vulnerability Exploited in the Wild appeared first on SecurityWeek.
Hackers Target Perplexity Comet Browser Users
Shortly after the browser was launched, numerous fraudulent domains and fake applications were discovered.
The post Hackers Target Perplexity Comet Browser Users appeared first on SecurityWeek.
