---

NASCAR Confirms Personal Information Stolen in Ransomware Attack

NASCAR says names, Social Security numbers, and other personal information was stolen in an April 2025 ransomware attack. The post NASCAR Confirms Personal Information Stolen in Ransomware Attack appeared first on SecurityWeek.

---

Root Evidence Launches With $12.5 Million in Seed Funding

Root Evidence is developing fully integrated vulnerability scanning and attack surface management technology. The post Root Evidence Launches With $12.5 Million in Seed Funding appeared first on SecurityWeek.

---

Scattered Spider Targeting VMware vSphere Environments

The financially motivated group is pivoting from Active Directory to VMware vSphere environments, deploying ransomware from the hypervisor. The post Scattered Spider Targeting VMware vSphere Environments appeared first on SecurityWeek.

---

Allianz Life Data Breach Impacts Most of 1.4 Million US Customers

Allianz subsidiary said the information of customers, financial professionals and employees was compromised as a result of a hack. The post Allianz Life Data Breach Impacts Most of 1.4 Million US Customers appeared first on SecurityWeek.

---

BlackSuit Ransomware Group Transitioning to ‘Chaos’ Amid Leak Site Seizure

The emerging Chaos ransomware appears to be a rebranding of BlackSuit, which had its leak site seized by law enforcement. The post BlackSuit Ransomware Group Transitioning to ‘Chaos’ Amid Leak Site Seizure appeared first on SecurityWeek.

---

Flaw Allowing Website Takeover Found in WordPress Plugin With 400k Installations

The Post SMTP email delivery WordPress plugin is affected by a critical vulnerability and half of websites using it remain unpatched. The post Flaw Allowing Website Takeover Found in WordPress Plugin With 400k Installations appeared first on ...

---

Your supply chain security strategy might be missing the biggest risk

Third-party involvement in data breaches has doubled this year from 15 percent to nearly 30 percent. In response, many organizations have sharpened their focus on third-party risk management, carefully vetting the security practices of their ...

---

The legal minefield of hacking back

In this Help Net Security interview, Gonçalo Magalhães, Head of Security at Immunefi, discusses the legal and ethical implications of hacking back in cross-border cyber incidents. He warns that offensive cyber actions risk violating ...

---

Vulnhuntr: Open-source tool to identify remotely exploitable vulnerabilities

Vulnhuntr is an open-source tool that finds remotely exploitable vulnerabilities. It uses LLMs and static code analysis to trace how data moves through an application, from user input to server output. This helps it spot complex, multi-step ...

---

Review: LLM Engineer’s Handbook

For all the excitement around LLMs, practical, engineering-focused guidance remains surprisingly hard to find. LLM Engineer’s Handbook aims to fill that gap. About the authors Paul Iusztin is a Senior AI Engineer and founder of Decoding ML, a ...

---

How to fight document fraud with the latest tech tools

In this Help Net Security video, Thomas Berndorfer, CEO of Connecting Software, explores cutting-edge technologies designed to detect and prevent document forgery and digital fraud. He presents four key approaches to verifying document ...

---

Week in review: Microsoft SharePoint servers under attack, landing your first cybersecurity job

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Microsoft pins on-prem SharePoint attacks on Chinese threat actors As Microsoft continues to update its customer guidance for protecting on-prem ...

---

Capture Exclusive sAST Through AirSwap's Launch Event

Your roadmap to secureing sAST efficiently and enjoy top-tier returns.Continue reading on Medium »

---

Guide: Grab sAST During the Upcoming Reward Cascade

Step-by-step directions to claim sAST through this reward cascade.Continue reading on Medium »

---

Deploying Gen AI Guardrails for Compliance, Security and Trust

Explore AI guardrails for generative AI. The post Deploying Gen AI Guardrails for Compliance, Security and Trust appeared first on Security Boulevard.

---

Intruder Open Sources Tool for Testing API Security

Intruder this week made available an open-source tool that scans application programming interfaces (APIs) for broken authorization vulnerabilities. The post Intruder Open Sources Tool for Testing API Security appeared first on Security Boulevard.

---

In Other News: $30k Google Cloud Build Flaw, Louis Vuitton Breach Update, Attack Surface Growth

Noteworthy stories that might have slipped under the radar: Google Cloud Build vulnerability earns researcher big bounty, more countries hit by Louis Vuitton data breach, organizations’ attack surface is increasing.  The post In Other News: ...

---

U.S. Woman Sentenced to 8.5 Years for Role in North Korean Worker Scam

Christina Marie Chapman, an Arizona resident, was sentenced to 8.5 years in prison for her role in a wide-ranging North Korean IT worker scam that sent $17 million to the outlaw country. Chapman ran a laptop farm from her home, validated stolen ...

---

Lean & Mean: Practicing Peak Source Code Security for Bootstrapped Startups

This post was originally shared with us by CloudanixContinue reading on Medium »

---

Mitel Patches Critical Flaw in Enterprise Communication Platform

An authentication bypass vulnerability in Mitel MiVoice MX-ONE could allow attackers to access user or admin accounts on the system. The post Mitel Patches Critical Flaw in Enterprise Communication Platform appeared first on SecurityWeek.