Docker Makes 1,000 Hardened Images Free and Open Source 2025-12-19 at 16:16 By Eduard Kovacs Millions of developers can now use the secure, production-ready images made by Docker. The post Docker Makes 1,000 Hardened Images Free and Open Source appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source
Docker Makes 1,000 Hardened Images Free and Open Source Read More »
$320,000 Paid Out at Zeroday.Cloud for Open Source Software Exploits 2025-12-12 at 09:51 By Eduard Kovacs Participants earned rewards at the hacking competition for Grafana, Linux Kernel, Redis, MariaDB, and PostgreSQL vulnerabilities. The post $320,000 Paid Out at Zeroday.Cloud for Open Source Software Exploits appeared first on SecurityWeek. This article is an excerpt from SecurityWeek
$320,000 Paid Out at Zeroday.Cloud for Open Source Software Exploits Read More »
MITRE Posts Results of 2025 ATT&CK Enterprise Evaluations 2025-12-11 at 16:25 By Eduard Kovacs Eleven companies took part in the evaluations and several have boasted 100% detection and coverage rates. The post MITRE Posts Results of 2025 ATT&CK Enterprise Evaluations appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source
MITRE Posts Results of 2025 ATT&CK Enterprise Evaluations Read More »
CISOs are spending big and still losing ground 2025-12-08 at 07:31 By Anamarija Pogorelec Security leaders are entering another budget cycle with more money to work with, but many still feel no safer. A new benchmark study from Wiz shows a widening gap between investment and impact. Budgets keep rising, cloud programs keep expanding, and
CISOs are spending big and still losing ground Read More »
re:Invent 2025: AWS and Security Vendors Unveil New Products and Capabilities 2025-12-03 at 14:35 By Eduard Kovacs AWS and cybersecurity vendors have made several announcements at the cloud giant’s re:Invent 2025 event. The post re:Invent 2025: AWS and Security Vendors Unveil New Products and Capabilities appeared first on SecurityWeek. This article is an excerpt from
re:Invent 2025: AWS and Security Vendors Unveil New Products and Capabilities Read More »
Fluent Bit Vulnerabilities Expose Cloud Services to Takeover 2025-11-25 at 15:47 By Ionut Arghire Five flaws in the open source tool may lead to path traversal attacks, remote code execution, denial-of-service, and tag manipulation. The post Fluent Bit Vulnerabilities Expose Cloud Services to Takeover appeared first on SecurityWeek. This article is an excerpt from SecurityWeek
Fluent Bit Vulnerabilities Expose Cloud Services to Takeover Read More »
cnspec: Open-source, cloud-native security and policy project 2025-11-24 at 08:32 By Sinisa Markovic cnspec is an open source tool that helps when you are trying to keep a sprawling setup of clouds, containers, APIs and endpoints under control. It checks security and compliance across all of it, which makes it easier to see what needs
cnspec: Open-source, cloud-native security and policy project Read More »
Sweet Security Raises $75 Million for Cloud and AI Security 2025-11-12 at 15:42 By Ionut Arghire The cybersecurity startup will use the investment to accelerate global expansion and product innovation. The post Sweet Security Raises $75 Million for Cloud and AI Security appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original
Sweet Security Raises $75 Million for Cloud and AI Security Read More »
Metrics don’t lie, but they can be misleading when they only tell IT’s side of the story 2025-11-07 at 13:28 By Mirko Zorz In this Help Net Security interview, Rik Mistry, Managing Partner at Interval Group, discusses how to align IT strategy with business goals. He explains how security, governance, and orchestration shape IT operations
Metrics don’t lie, but they can be misleading when they only tell IT’s side of the story Read More »
DOJ Antitrust Review Clears Google’s $32 Billion Acquisition of Wiz 2025-11-07 at 13:16 By Eduard Kovacs Google’s acquisition of Wiz is expected to close in 2026, but there are other reviews that need to be cleared. The post DOJ Antitrust Review Clears Google’s $32 Billion Acquisition of Wiz appeared first on SecurityWeek. This article is
DOJ Antitrust Review Clears Google’s $32 Billion Acquisition of Wiz Read More »
SonicWall cloud backup hack was the work of a state actor 2025-11-06 at 15:30 By Zeljka Zorz Incident responders from Mandiant have wrapped up their investigation into the SonicWall cloud backup service hack, and the verdict is in: the culprit is a state-sponsored threat actor (though the specific nation wasn’t disclosed). “[The incident] was isolated
SonicWall cloud backup hack was the work of a state actor Read More »
Google says 2026 will be the year AI supercharges cybercrime 2025-11-05 at 07:06 By Anamarija Pogorelec Security leaders are staring down a year of major change. In its Cybersecurity Forecast 2026, Google paints a picture of a threat landscape transformed by AI, supercharged cybercrime, and increasingly aggressive nation-state operations. Attackers are moving faster, scaling their
Google says 2026 will be the year AI supercharges cybercrime Read More »
New Attack Targets DDR5 Memory to Steal Keys From Intel and AMD TEEs 2025-10-29 at 10:23 By Eduard Kovacs Intel and AMD have published advisories after academics disclosed details of the new TEE.fail attack method. The post New Attack Targets DDR5 Memory to Steal Keys From Intel and AMD TEEs appeared first on SecurityWeek. This
New Attack Targets DDR5 Memory to Steal Keys From Intel and AMD TEEs Read More »
What Microsoft’s 2025 report reveals about the new rules of engagement in cyberdefense 2025-10-24 at 10:42 By Anamarija Pogorelec Adversaries are using AI to sharpen attacks, automate operations, and challenge long-standing defenses, according to a new Microsoft report. Researchers describe a year in which criminal and state-backed actors blurred the lines between cybercrime, espionage, and
What Microsoft’s 2025 report reveals about the new rules of engagement in cyberdefense Read More »
Attackers target retailers’ gift card systems using cloud-only techniques 2025-10-22 at 17:12 By Zeljka Zorz A newly uncovered attack campaign mounted by suspected Morocco-based attackers has been hitting global retailers and other businesses issuing gift cards. What makes this campaign stand out is how the threat actors avoid typical malware techniques and endpoint hacking and
Attackers target retailers’ gift card systems using cloud-only techniques Read More »
Attackers turn trusted OAuth apps into cloud backdoors 2025-10-22 at 15:43 By Zeljka Zorz Attackers are increasingly abusing internal OAuth-based applications to gain persistent access to cloud environments, Proofpoint researchers warn. These apps often remain unnoticed for quite some time and allow attackers to maintain access to high-privileged accounts even after passwords are reset or
Attackers turn trusted OAuth apps into cloud backdoors Read More »
RMPocalypse: New Attack Breaks AMD Confidential Computing 2025-10-14 at 14:08 By Ionut Arghire A vulnerability in RMP initialization allows the AMD processor’s x86 cores to maliciously control parts of the initial RMP state. The post RMPocalypse: New Attack Breaks AMD Confidential Computing appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original
RMPocalypse: New Attack Breaks AMD Confidential Computing Read More »
Attackers compromised ALL SonicWall firewall configuration backup files 2025-10-09 at 15:41 By Zeljka Zorz The attackers who brute-forced their way into SonicWall’s firewall cloud backup service accessed configuration backup files of all customers who have used the service, SonicWall stated on Wednesday, following the conclusion of a Mandiant-supported investigation into the incident. Early reports suggested
Attackers compromised ALL SonicWall firewall configuration backup files Read More »
Critical Vulnerability Puts 60,000 Redis Servers at Risk of Exploitation 2025-10-07 at 11:32 By Ionut Arghire Authenticated attackers can exploit the security flaw to trigger a use-after-free and potentially execute arbitrary code. The post Critical Vulnerability Puts 60,000 Redis Servers at Risk of Exploitation appeared first on SecurityWeek. This article is an excerpt from SecurityWeek
Critical Vulnerability Puts 60,000 Redis Servers at Risk of Exploitation Read More »
$4.5 Million Offered in New Cloud Hacking Competition 2025-10-06 at 12:53 By Eduard Kovacs Wiz has teamed up with Microsoft, Google and AWS and is inviting cloud security researchers to its Zeroday.Cloud competition. The post $4.5 Million Offered in New Cloud Hacking Competition appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View
$4.5 Million Offered in New Cloud Hacking Competition Read More »