SecurityWeek Briefing.

"Vulnerability exploitation probability metric proposed by NIST, CISA researchers."

Views expressed in this cybersecurity, cyber crime update are those of the reporters and correspondents.  Accessed on 20 May 2025, 1322 UTC.

Content and Source:  "SecurityWeek Briefing."

Email subscription via https://feedly.com.

 https://feedly.com/i/subscription/feed%2Fhttp%3A%2F%2Ffeeds.feedburner.com%2FSecurityweek

Please check email link or scroll down to read your selections.  Thanks for joining us today.

Russ Roberts (https://www.hawaiicybersecurityjournal.net).

SecurityWeek

87K followers43 articles per week

#security#tech

109

Today

Vulnerability Exploitation Probability Metric Proposed by NIST, CISA Researchers

by Eduard Kovacs / 40min

The Likely Exploited Vulnerabilities (LEV) equations can help augment KEV- and EPSS-based remediation prioritization. The post appeared first on SecurityWeek .

Event Preview: 2025 Threat Detection & Incident Response (Virtual) Summit

by SecurityWeek News / 47min

SecurityWeek’s 2025 Threat Detection & Incident Response (TDIR) Summit takes place as a virtual summit on Wednesday, May 21st. The post appeared first on SecurityWeek .

TrustCloud Raises $15 Million for Security Assurance Platform

by Ionut Arghire / 47min

AI-native security assurance firm TrustCloud has raised $15 million in a strategic funding round led by ServiceNow Ventures. The post appeared first on SecurityWeek .

CloudSEK Raises $19 Million for Threat Intelligence Platform

CloudSEK raises 19M for cybersecurity

•

by Ionut Arghire / 2h

Threat protection and intelligence firm CloudSEK raises $19 million in funding from new and existing investors. The post appeared first on SecurityWeek .

O2 Service Vulnerability Exposed User Location

O2 UK VoLTE location leak fixed

•

by Ionut Arghire / 3h

A vulnerability in O2’s implementation of the IMS standard resulted in user location data being exposed in network responses. The post appeared first on SecurityWeek .

Yesterday

Madhu Gottumukkala Officially Announced as CISA Deputy Director

Madhu Gottumukkala appointed CISA Deputy Director

•

by Eduard Kovacs / 3h

New CISA Deputy Director Madhu Gottumukkala has joined the agency from South Dakota’s Bureau of Information and Technology. The post appeared first on SecurityWeek .

BreachRx Lands $15 Million as Investors Bet on Breach-Workflow Software

BreachRx raises 15M Series A

•

by SecurityWeek News / 17h

San Francisco incident response coordination startup banks $15 million in a Series A funding round led by Ballistic Ventures. The post appeared first on SecurityWeek .

Printer Company Procolored Served Infected Software for Months

6 TTPs

•

by Ionut Arghire / 20h

•

Procolored printers distributed malware software

Procolored’s public website served dozens of software downloads containing information stealer malware and a backdoor. The post appeared first on SecurityWeek .

UK Legal Aid Agency Finds Data Breach Following Cyberattack

Impact (Enterprise TA0040)

•

by Eduard Kovacs / 1d

•

Legal Aid Agency data breach revealed

The UK’s Legal Aid Agency was targeted in a cyberattack in April and it recently determined that hackers have stolen sensitive data. The post appeared first on SecurityWeek .

480,000 Catholic Health Patients Impacted by Serviceaide Data Leak

2 TTPs

•

by Eduard Kovacs / 1d

•

Serviceaide data breach affects 483000 patients

Serviceaide exposed a database containing personal and medical information belonging to Catholic Health patients. The post appeared first on SecurityWeek .

Spiking Neural Networks: Brain-Inspired Chips That Could Keep Your Data Safe

by Kevin Townsend / 1d

Neuromorphic computing is moving from theory to reality, with brain-inspired processors offering real-time intelligence, low power consumption, and built-in privacy—ushering in a new era for edge devices and cybersecurity. The post appeared first on SecurityWeek .

200,000 Harbin Clinic Patients Impacted by NRS Data Breach

3 TTPs

•

by Ionut Arghire / 1d

Harbin Clinic says the information of over 200,000 patients was stolen in a July 2024 data breach at Nationwide Recovery Services. The post appeared first on SecurityWeek .

May 18, 2025

Prison Sentence for Man Involved in SEC X Account Hack

SEC hacker faces two-year sentence

•

by Ionut Arghire / 1d

Eric Council Jr. was sentenced to prison for hacking SEC’s official X account and publishing fraudulent posts increasing Bitcoin value. The post appeared first on SecurityWeek .

Hackers Earn Over $1 Million at Pwn2Own Berlin 2025

Hackers earn 260K at Pwn2Own

•

by Eduard Kovacs / 1d

Pwn2Own participants demonstrated exploits against VMs, AI, browsers, servers, containers, and operating systems. The post appeared first on SecurityWeek .

May 16, 2025

Google Warns UK Retailer Hackers Now Targeting US

2 TTPs

•

by Ionut Arghire / 3d

•

Scattered Spider targets US retailers

Google says the hacking group behind the recent cyberattacks on UK retailers is now shifting focus to the US. The post appeared first on SecurityWeek .

In Other News: Hackers Not Behind Blackout, CISO Docuseries, Dior Data Breach

by SecurityWeek News / 3d

A summary of noteworthy stories that might have slipped under the radar this week. The post appeared first on SecurityWeek .

From 60 to 4,000: NATO’s Locked Shields Reflects Cyber Defense Growth

NATO Locked Shields 2025 cyber exercise

•

by Eduard Kovacs / 4d

The 15th edition of NATO’s Locked Shields cyber defense exercise brought together 4,000 experts from 41 countries. The post appeared first on SecurityWeek .

Russian APT Exploiting Mail Servers Against Government, Defense Organizations

8 TTPs

•

by Ionut Arghire / 4d

Russia-linked APT28 has been exploiting mail server vulnerabilities against government and defense entities since September 2023. The post appeared first on SecurityWeek .

May 15, 2025

FBI Warns of Deepfake Messages Impersonating Senior Officials

FBI warns of AI voice scams

•

by Ionut Arghire / 4d

The FBI says former federal and state government officials are targeted with texts and AI-generated voice messages impersonating senior US officials. The post appeared first on SecurityWeek .

Hackers Win $260,000 on First Day of Pwn2Own Berlin 2025

Hackers earn 260K at Pwn2Own

•

by Eduard Kovacs / 4d

Pwn2Own participants have earned tens of thousands of dollars for Red Hat, Windows, Oracle VirtualBox, Docker Desktop, and AI exploits. The post appeared first on SecurityWeek .

Andrei Tarasov: Inside the Journey of a Russian Hacker on the FBI’s Most Wanted List

by Kevin Townsend / 4d

Once a key figure in the Angler exploit kit underworld, Tarasov’s life has unraveled into detention, paranoia, and an unwanted return to the Russia he publicly despised. The post appeared first on SecurityWeek .

Coinbase Rejects $20M Ransom After Rogue Contractors Bribed to Leak Customer Data

4 TTPs

•

by Ryan Naraine / 4d

•

Coinbase data breach costs up to 400M

Coinbase said a group of rogue contractors were bribed to pull customer data from internal systems, leading to a $20 million ransom demand. The post appeared first on SecurityWeek .

Production at Steelmaker Nucor Disrupted by Cyberattack

Nucor halts production due to cyber incident

•

by Eduard Kovacs / 5d

American steel giant Nucor on Wednesday disclosed a cybersecurity incident that bears the hallmarks of a ransomware attack. The post appeared first on SecurityWeek .

Proofpoint to Acquire Hornetsecurity in Reported $1 Billion Deal

Proofpoint acquires Hornetsecurity Group

•

by Eduard Kovacs / 5d

Enterprise cybersecurity giant Proofpoint is buying Germany-based Microsoft 365 security solutions provider Hornetsecurity. The post appeared first on SecurityWeek .

Chinese Hackers Hit Drone Sector in Supply Chain Attacks

17 TTPs

•

by Ionut Arghire / 5d

•

Earth Ammit disrupts drone supply chains

The China-linked hacking group Earth Ammit has launched multi-wave attacks in Taiwan and South Korea to disrupt the drone sector. The post appeared first on SecurityWeek .

Ransomware Groups, Chinese APTs Exploit Recent SAP NetWeaver Flaws

12 TTPs

•

by Ionut Arghire / 5d

Two ransomware groups and several Chinese APTs have been exploiting two recent SAP NetWeaver vulnerabilities. The post appeared first on SecurityWeek .

May 14, 2025

Canadian Electric Utility Lists Customer Information Stolen by Hackers

2 TTPs

•

by Eduard Kovacs / 5d

•

Cyber attack disrupts Nova Scotia Power

Nova Scotia Power says a wide range of personal and financial information was stolen in the recent cyberattack. The post appeared first on SecurityWeek .

Australian Human Rights Commission Discloses Data Breach

Australian Human Rights Commission data breach

•

by Ionut Arghire / 5d

The Australian Human Rights Commission says data submitted through the complaint form on its website was inadvertently exposed. The post appeared first on SecurityWeek .

Chrome 136 Update Patches Vulnerability With ‘Exploit in the Wild’

CVE-2025-4664

•

by Ionut Arghire / 5d

Google has rolled out a Chrome 136 update that resolves a high-severity vulnerability for which a public exploit exists. The post appeared first on SecurityWeek .

Google Ships Android ‘Advanced Protection’ Mode to Thwart Surveillance Spyware

Android 16 introduces Advanced Protection features

•

by Ryan Naraine / 5d

Google bundles multiple safeguards under a single Android toggle to protect high-risk users from advanced mobile malware implants. The post appeared first on SecurityWeek .

Is AI Use in the Workplace Out of Control?

by Alastair Paterson / 5d

Trying to block AI tools outright is a losing strategy. SaaS and AI are increasingly inseparable, and AI isn’t limited to tools like ChatGPT or Copilot anymore. The post appeared first on SecurityWeek .

Chipmaker Patch Tuesday: Intel, AMD, Arm Respond to New CPU Attacks

6 TTPs

•

by Eduard Kovacs / 5d

•

CVE-2024-45332

Intel, AMD and Arm each published security advisories on Patch Tuesday, including for newly disclosed CPU attacks. The post appeared first on SecurityWeek .

Kosovar Administrator of Cybercrime Marketplace Extradited to US

Kosovo man extradited for cybercrime

•

by Ionut Arghire / 6d

Kosovo citizen Liridon Masurica has appeared in a US court, facing charges for his role in operating the cybercrime marketplace BlackDB.cc. The post appeared first on SecurityWeek .

EU Cybersecurity Agency ENISA Launches European Vulnerability Database

CVE program funding at risk

•

by Eduard Kovacs / 6d

Experts say the European Vulnerability Database, or EUVD, should be a good resource, but only if ENISA manages to maintain it properly. The post appeared first on SecurityWeek .

Vulnerabilities Patched by Juniper, VMware and Zoom

5 TTPs

•

by Ionut Arghire / 6d

Juniper Networks, VMware, and Zoom have announced patches for dozens of vulnerabilities across their products. The post appeared first on SecurityWeek .