PayPal blamed an application error for the exposure of customer personal information for nearly 6 months.
The flaw tracked as CVE-2026-2329 can be exploited without authentication for remote code execution with root privileges.
NIST’s single photon chip will likely make QKD an option for a wider range of companies.
Developers must view AI as a collaborator to be closely monitored, rather than an autonomous entity to be unleashed. Without such a mindset, crippling tech debt is inevitable.
Security failures don’t always start with attackers, sometimes they start with missing truth.
Living off the AI isn’t a hypothetical but a natural continuation of the tradecraft we’ve all been defending against, now mapped onto assistants, agents, and MCP.
The fastest way to squander the promise of AI is to mistake automation for assurance, and novelty for resilience.
To all those who are fighting the good fight in the world of cyber, keep collaborating to ensure our world never succumbs to the chaos of the Upside Down.
Attendees will walk away with guidance for how to build robust identity defenses, unify them under a consistent security model, and ensure business operations move quickly without compromise.
RegisterSecurityWeek’s 2026 Ransomware Summit will discuss a roadmap for defending the enterprise, from mitigating root causes to mastering recovery, giving security teams the critical insights needed to navigate and neutralize today’s ransomware extortion threats.
Register
SecurityWeek’s 2026 Ransomware Summit is a must-attend event for cybersecurity professionals as ransomware attacks continue to hit big-name victims across industries with ruthless efficiency.
[February 25, 2026 | Virtual]
SecurityWeek’s 2026 Supply Chain Security Summit is where top security experts unpack the complexity of modern software supply chain threats and proven strategies to mitigate risk.
[March 18, 2026 | Virtual]
SecurityWeek’s 2026 ICS Lockdown is an online extension of the ICS Cybersecurity Conference and will dive deep into the world of industrial cybersecurity to help those charged with protecting OT environments.
[April 29, 2026 | Virtual]
SecurityWeek’s 2026 Threat Detection & IR Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and more.
[May 20, 2026 | Virtual]
-
Patched in December 2025, the exploited flaw leads to XSS attacks via the animate tags in SVG documents. (February 23, 2026)
-
The flaw tracked as CVE-2026-2329 can be exploited without authentication for remote code execution with root privileges. (February 21, 2026)
-
CISA has updated its KEV entry for CVE-2026-1731 to alert organizations of exploitation in ransomware attacks. (February 20, 2026)
-
Security researchers have seen the vulnerabilities being exploited to deliver shells, conduct reconnaissance, and download malware. (February 19, 2026)
-
Oleksandr Didenko sold the stolen identities of US citizens, allowing North Koreans to get hired using freelance work platforms. (February 23, 2026)
-
Catalin Dragomir admitted in a US court to selling access to an Oregon state government office’s network. (February 23, 2026)
-
Other noteworthy stories that might have slipped under the radar: Axonius lays off employees, Abu Dhabi conference data leak, HackerOne addresses AI concerns. (February 20, 2026)
-
The FBI has confirmed that the Ploutus malware, which has been around for over a decade, is still being used in the wild. (February 20, 2026)
