Ransomware gangs join ongoing SAP NetWeaver attacks
Ransomware gangs have joined ongoing SAP NetWeaver attacks, exploiting a maximum-severity vulnerability that allows threat actors to gain remote code execution on vulnerable servers.
Cybersecurity incident forces largest US steelmaker to take some operations offline
In an 8-K filing with federal regulators, Nucor said the incident involved “unauthorized third party access to certain information technology systems” but did not explain further.
Australian Human Rights Commission leaks docs to search engines
The Australian Human Rights Commission (AHRC) disclosed a data breach incident where private documents leaked online and were indexed by major search engines.
News alert: INE Security highlights monthly CVE Labs aimed at sharpening real-world defense
Cary, NC, May 14, 2025, CyberNewswire -- INE Security, a global leader in hands-on cybersecurity training and certifications, today highlighted how ongoing real-world practice with the latest CVEs (Common Vulnerabilities and Exposures) is essential for transforming security teams from reactive to proactive defenders. With over 26,000 new CVEs documented in the past year, security teams
Upcoming Speaking Engagements - Schneier on Security
This is a current list of where and when I am scheduled to speak: I’m speaking (remotely) at the Sektor 3.0 Festival in Warsaw, Poland, May 21-22, 2025. The list is maintained on this page.
Microsoft fixes Linux boot issues on dual-boot Windows systems
​Microsoft has fixed a known issue preventing Linux from booting on dual-boot systems with Secure Boot enabled after installing the August 2024 Windows security updates.
Congress faces pressure to renew cyber information-sharing law
The law’s expiration in September could jeopardize a wide range of information-sharing partnerships that have helped catch and thwart cyberattacks in the U.S.
Focused Phishing: Attack Targets Victims With Trusted Sites and Live Validation
New phishing tactics are abusing trusted domains, real CAPTCHAs, and server-side email validation to selectively target victims with customized fake login pages. Keep Aware's latest research breaks down the full attack chain and how these zero-day phish operate.
Russian military cadet reportedly arrested for selling hacking tool to FSB agent
A Russian military cadet reportedly developed an algorithm that could bypass the protective infrastructure of law enforcement software and gain access to restricted data.
Fashion giant Dior discloses cyberattack, warns of data breach
House of Dior, the French luxury fashion brand commonly referred to as Dior, has disclosed a cybersecurity incident that has exposed customer information.
ISO 42001 Requirements Explained: Achieve Compliance | CSA
ISO 42001 mandates numerous requirements for the establishment, operation, monitoring, maintenance, and improvement of an organization’s AI management system.
Microsoft on Tuesday released software updates to fix at least 70 vulnerabilities in Windows and related products, including five zero-day flaws that are already seeing active exploitation. Adding to the sense of urgency with this month's patch batch from Redmond…