Recent Posts
News•Feb 27, 2026
Critical Flaws Exposed Gardyn Smart Gardens to Remote Hacking
Security agency CISA disclosed that Gardyn smart indoor hydroponic gardens suffered two critical and two high‑severity vulnerabilities, affecting an estimated 138,000 devices. The critical flaws include a command‑injection bug (CVE‑2025‑29631) and hard‑coded admin credentials (CVE‑2025‑1242) that enable remote, unauthenticated control of the IoT hub. Gardyn has issued firmware and mobile‑app patches for its Home and Studio products, and reports no evidence of in‑the‑wild exploitation or data loss. Researchers warned that attackers could manipulate lighting, watering, and access limited personal data.
By SecurityWeek
News•Feb 26, 2026
Trend Micro Patches Critical Apex One Vulnerabilities
TrendAI, the enterprise arm of Trend Micro, released patches for eight vulnerabilities in its Apex One endpoint security suite. Two critical CVEs (2025‑71210 and 2025‑71211) could let remote attackers upload malicious code and execute commands via the management console, while six high‑severity...
By SecurityWeek
News•Feb 25, 2026
Wynn Resorts Confirms Data Breach After Hackers Remove It From Leak Site
Wynn Resorts confirmed that hackers exfiltrated more than 800,000 employee records, including Social Security numbers, after the data appeared on the ShinyHunters leak site on February 20. The casino operator said the stolen data has been deleted and that no guest...
By SecurityWeek
News•Feb 24, 2026
GitHub Issues Abused in Copilot Attack Leading to Repository Takeover
Security firm Orca disclosed a critical vulnerability in GitHub Codespaces that lets attackers exfiltrate the automatically generated GITHUB_TOKEN and seize full control of a repository. The exploit, dubbed RoguePilot, leverages malicious content hidden in a GitHub issue, symbolic links, and...
By SecurityWeek
News•Feb 24, 2026
Taiwan Security Firm Confirms Flaw Flagged by CISA Likely Exploited by Chinese APTs
TeamT5, a Taiwan‑based cybersecurity firm, confirmed that CVE‑2024‑7694 – a privilege‑escalation flaw allowing malicious file uploads and arbitrary command execution – was likely weaponized by Chinese advanced persistent threat groups Slime57 and Slime62. The vulnerability, patched in August 2024, was exploited...
By SecurityWeek
News•Feb 23, 2026
US Healthcare Diagnostic Firm Says 140,000 Affected by Data Breach
Healthcare diagnostics firm Vikor Scientific, now operating as Vanta Diagnostics, disclosed a data breach affecting nearly 140,000 individuals. The breach was traced to Catalyst RCM, a revenue-cycle‑management vendor, whose compromised credentials allowed the Everest ransomware group to exfiltrate roughly 12 GB...
By SecurityWeek
News•Feb 20, 2026
NIST’s Quantum Breakthrough: Single Photons Produced on a Chip
NIST announced a chip that reliably generates a single photon on demand using quantum‑dot technology. The device achieves near‑perfect efficiency and, when paired with superconducting nanowire single‑photon detectors, can transmit photons up to 600 miles. Mass‑production of the chip is...
By SecurityWeek
News•Feb 17, 2026
API Threats Grow in Scale as AI Expands the Blast Radius
API vulnerabilities accounted for 17% of the 60,000+ flaws disclosed in 2025, and 43% of exploited weaknesses were API‑related, underscoring a growing attack surface. Wallarm’s report highlights a dramatic 270% rise in Model Context Protocol (MCP) flaws between Q2 and...
By SecurityWeek
News•Feb 17, 2026
3 Threat Groups Started Targeting ICS/OT in 2025: Dragos
Dragos’ 2026 Year in Review OT/ICS report adds three new adversaries—Sylvanite, Azurite and Pyroxene—targeting industrial control systems in 2025. Sylvanite acts as a rapid‑exploitation broker, weaponising n‑day flaws within 48 hours and handing access to the Voltzite group across power, oil,...
By SecurityWeek
News•Feb 13, 2026
Dutch Carrier Odido Discloses Data Breach Impacting 6 Million
Dutch mobile carrier Odido announced a data breach that exposed personal information of more than 6 million customers, including names, addresses, phone numbers, email, dates of birth, bank account and passport or driver‑license details. The intrusion occurred on February 7‑8 and targeted...
By SecurityWeek
News•Feb 11, 2026
ICS Patch Tuesday: Vulnerabilities Addressed by Siemens, Schneider, Aveva, Phoenix Contact
Industrial control system vendors Siemens, Schneider Electric, Aveva, and Phoenix Contact released a flurry of Patch Tuesday advisories on February 11, 2026, addressing high‑severity flaws across dozens of OT products. Siemens issued eight advisories covering Desigo CC, Sentron Powermanager, Simcenter Femap, NX, and...
By SecurityWeek
News•Feb 10, 2026
EU Unconditionally Approves Google’s $32B Acquisition of Wiz
The European Commission has given unconditional approval to Google’s $32 billion acquisition of cloud‑security firm Wiz, allowing the deal to close without any remedial conditions. The EU antitrust review concluded that the transaction poses no significant competition risk in the European...
By SecurityWeek
Deals•Jan 30, 2026
Mitsubishi Electric Completes Acquisition of Nozomi Networks
Mitsubishi Electric has completed its acquisition of industrial cybersecurity firm Nozomi Networks, making it a wholly owned subsidiary that will operate independently. The deal value was not disclosed. The acquisition expands Mitsubishi's capabilities in industrial IoT security.
SecurityWeek
Deals•Jan 30, 2026
Aisy Raises $2.3M Seed Round to Transform Vulnerability Management
Aisy, an AI‑assisted vulnerability management startup, announced a $2.3 million seed round led by Osney Capital, Flying Fish Ventures and 6 Degrees Capital, along with other angel investors. The funding will support the launch of its platform that helps security teams prioritize...
SecurityWeek
Deals•Jan 28, 2026
Mesh Security Raises $12M Series A Led by Lobby Capital
Cybersecurity mesh architecture provider Mesh Security announced a $12 million Series A funding round, bringing its total capital raised to over $16 million. The round was led by Lobby Capital with participation from S Ventures and BrightPixel Capital. The capital...
SecurityWeek