Security
2445 tech articles in this category
-
Cybersecurity threats are becoming more sophisticated, more automated, and more intelligent, as well as harder to detect. At the same time the enterprise attack surface CISOs are tasked to defend continues to expand. That’s the reality security chiefs face in 2026 — a reality that has CISOs reordering their priorities for the year ahead. Preparing for and defending against AI-enabled attacks is high on CISOs’ to-do list this year. As is securing their organization’s own AI deployment
- 0 comments
- 55 views
-
Softwareentwicklung und Autoproduktion haben mehr gemein, als man denkt. Lesen Sie, was Sie zum Thema Software Bill of Materials (SBOM) wissen sollten. Foto: Ju1978 – shutterstock.com Eine Software Bill of Materials ist ein detaillierter Leitfaden, der unter anderem Aufschluss über die Komponenten Ihrer Software gibt. Als eine Art Stückliste hilft eine SBOM Anbietern und Käufern gleichermaßen, den Überblick über die Komponenten zu behalten und die Sicherheit der Softwarelieferkette zu verbesse
- 0 comments
- 357 views
-
The Iranian threat actor known as MuddyWater has been attributed to a spear-phishing campaign targeting diplomatic, maritime, financial, and telecom entities in the Middle East with a Rust-based implant codenamed RustyWater. "The campaign uses icon spoofing and malicious Word documents to deliver Rust based implants capable of asynchronous C2, anti-analysis, registry persistence, and modularView the full article
- 0 comments
- 59 views
-
Europol on Friday announced the arrest of 34 individuals in Spain who are alleged to be part of an international criminal organization called Black Axe. As part of an operation conducted by the Spanish National Police, in coordination with the Bavarian State Criminal Police Office and Europol, 28 arrests were made in Seville, along with three others in Madrid, two in Málaga, and one in BarcelonaView the full article
- 0 comments
- 358 views
-
Security company Trend Micro has been compelled to issue a patch for its own Apex Central software management tool after vulnerability management platform Tenable identified several security flaws. The bugs affect all versions of Apex Central (on-premises) earlier than build 7190. In a security bulletin, Trend Micro said of the most severe flaw, rated 9.8, “A LoadLibraryEX vulnerability in Trend Micro Apex Central could allow an unauthenticated remote attacker to load an attacker-control
- 0 comments
- 68 views
-
In 2026, incident response (IR) will continue its shift away from traditional malware-centric investigations toward identity-driven intrusions, abuse of trusted cloud services, and low-signal, high-impact activity that blends seamlessly into normal business operations. Rather than relying on technical exploits, threat actors are prioritizing legitimate access, persistence, and operational efficiency, enabling them to evade users, security controls, and automated detection. View the full artic
- 0 comments
- 77 views
-
Researchers have found new ways to turn ChatGPT into a data exfiltration tool and even use it as a persistent backdoor. The new ZombieAgent techniques, which have been patched by OpenAI, fed hidden prompts through connected applications such as email and cloud storage to send data back to attackers in ways invisible to users. Giving AI chatbots access to tools and external data sources to turn them into autonomous agents is among the biggest trends in AI right now. But security experts have
- 0 comments
- 61 views
-
Chinese-speaking threat actors are suspected to have leveraged a compromised SonicWall VPN appliance as an initial access vector to deploy a VMware ESXi exploit that may have been developed as far back as February 2024. Cybersecurity firm Huntress, which observed the activity in December 2025 and stopped it before it could progress to the final stage, said it may have resulted in a ransomwareView the full article
- 0 comments
- 59 views
-
As AI becomes embedded in security operations, many IT and security managers are starting the year with AI already active in their SOC workflows. That’s a positive step — but it also changes what “operational hygiene” looks like. AI doesn’t fail loudly when something is wrong. It fails quietly. That’s why the first week of the year is an ideal time to validate how AI is actually behaving inside the SOC — not in theory, but in daily operations. This isn’t about tuning models or adding
- 0 comments
- 63 views
-
Russian state-sponsored threat actors have been linked to a fresh set of credential harvesting attacks targeting individuals associated with a Turkish energy and nuclear research agency, as well as staff affiliated with a European think tank and organizations in North Macedonia and Uzbekistan. The activity has been attributed to APT28 (aka BlueDelta), which was attributed to a "sustained"View the full article
- 0 comments
- 49 views
-
jittawit21 – shutterstock.com Forscher des Security-Anbieters Cyera haben eine schwerwiegende Schwachstelle in der Workflow-Automatisierungsplattform n8n entdeckt. Sie ermöglicht es Angreifern, beliebigen Code auszuführen. Auf diese Weise könnten sie die vollständige Kontrolle über die betroffene Umgebung übernehmen, so die Experten. Schwerwiegende Folgen Laut Forschungsbericht sind davon 100.000 Server betroffen. Die Sicherheitslücke wird mit dem höchsten CVSS-Wert von 10,0 eingestu
- 0 comments
- 172 views
-
CrowdStrike will pay $740 million to acquire identity security startup SGNL, adding real-time authorization capabilities that grant and revoke access based on current risk conditions rather than static permissions. The deal, expected to close in CrowdStrike’s fiscal first quarter ending April 30, will be paid mostly in cash with some stock subject to vesting, CrowdStrike said in a statement. SGNL’s technology sits between identity providers and resources, evaluating access requests using
- 0 comments
- 86 views
-
A max-severity remote code execution (RCE) flaw in HPE’s OneView management platform has been flagged by the Cybersecurity & Infrastructure Security Agency (CISA) for active exploitation. The flaw, tracked as CVE-2025-37164, has been added to CISA’s Known Exploited Vulnerability (KEV) Catalog, days after the company disclosed it with a fix. “The CVE-2025-37164 OneView vulnerability is severe because it allows unauthenticated remote code execution through a publicly reachable REST API end
- 0 comments
- 55 views
-
As organizations plan for 2026, cybersecurity predictions are everywhere. Yet many strategies are still shaped by headlines and speculation rather than evidence. The real challenge isn’t a lack of forecasts—it’s identifying which predictions reflect real, emerging risks and which can safely be ignored. An upcoming webinar hosted by Bitdefender aims to cut through the noise with a data-drivenView the full article
- 0 comments
- 56 views
-
Trend Micro has released security updates to address multiple security vulnerabilities impacting on-premise versions of Apex Central for Windows, including a critical bug that could result in arbitrary code execution. The vulnerability, tracked as CVE-2025-69258, carries a CVSS score of 9.8 out of a maximum of 10.0. The vulnerability has been described as a case of remote code executionView the full article
- 0 comments
- 68 views
-
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday said it's retiring 10 emergency directives (Eds) that were issued between 2019 and 2024. The list of the directives now considered closed is as follows - ED 19-01: Mitigate DNS Infrastructure Tampering ED 20-02: Mitigate Windows Vulnerabilities from January 2020 Patch Tuesday ED 20-03: Mitigate Windows DNS ServerView the full article
- 0 comments
- 53 views
-
Event Date: 10 January 2026 Venue: T-Hub, Hyderabad AI CyberCon Summit 2026 is India’s leading summit on Artificial Intelligence, Cybersecurity, Fraud Prevention, Digital Trust & Compliance, bringing together: CXOs, CISOs, CTOs AI Innovators & Cybersecurity Leaders Fintech & Enterprise Tech Professionals Policymakers & Government Representatives 500+ Industry Decision Makers The summit will feature: -High-impact keynotes & panel discussions -Live cyberattack simulat
- 0 comments
- 68 views
-
Mangkorn Danggura – shutterstock.com Etliche Einrichtungen der kritischen Infrastruktur in Deutschland kommunizieren mit ungeschützter Funktechnik. Der Digitalfunk zahlreicher Haftanstalten, Flughäfen und Energieversorger lässt sich mit geringem technischen Aufwand auch aus der Ferne abhören, weil die Betreiber auf die Verschlüsselung ihrer Netze verzichten, wie die “Wirtschaftswoche” berichtet. Die AG Kritis, eine anerkannte unabhängige Arbeitsgruppe von Fachleuten für den Schutz kritis
- 0 comments
- 177 views
-
Mangkorn Danggura – shutterstock.com Etliche Einrichtungen der kritischen Infrastruktur in Deutschland kommunizieren mit ungeschützter Funktechnik. Der Digitalfunk zahlreicher Haftanstalten, Flughäfen und Energieversorger lässt sich mit geringem technischen Aufwand auch aus der Ferne abhören, weil die Betreiber auf die Verschlüsselung ihrer Netze verzichten, wie die “Wirtschaftswoche” berichtet. Die AG Kritis, eine anerkannte unabhängige Arbeitsgruppe von Fachleuten für den Schutz kritis
- 0 comments
- 170 views
-
Jamie Norton’s parents gave him a computer as a child that he played and tinkered with while growing up. When he went to university, he studied IT and accounting “just as a bit of a side note, really.” This was right around when the internet was emerging, and he started to play with Unix and other operating systems with software development as his background. When he left university, he didn’t know what he was going to pursue in tech, but the Dotcom boom presented a range of technology oppor
- 0 comments
- 54 views
-
The U.S. Federal Bureau of Investigation (FBI) on Thursday released an advisory warning of North Korean state-sponsored threat actors leveraging malicious QR codes in spear-phishing campaigns targeting entities in the country. "As of 2025, Kimsuky actors have targeted think tanks, academic institutions, and both U.S. and foreign government entities with embedded malicious Quick Response (QR)View the full article
- 0 comments
- 92 views
-
Despite all the warnings, and constant news of devastating cyberattacks, enterprise users are still cutting corners when it comes to identity and access management (IAM). Nearly two-thirds (63%) of cybersecurity leaders admit their employees continue to bypass security controls so they can work faster, according to new research by security company CyberArk. Furthermore, enterprises are struggling to establish access policies for emerging AI agents and other agentic tools. This seems to s
- 0 comments
- 58 views
-
Lesen Sie, welche Cybersecurity-Zertifizierungen Ihrer Karriere als CISO einen Schub geben. Foto: Elnur – shutterstock.com Zertifizierungen in der Cybersicherheit können das vorhandene Fachwissen hervorheben, die Glaubwürdigkeit erhöhen und Aufstiegsmöglichkeiten eröffnen. Zudem sorgen Cybersecurity-Zertifikate dafür, dass leitende Cybersicherheitsfachkräfte über die sich entwickelnden Bedrohungen auf dem Laufenden bleiben. Darüber hinaus erleichtern sie die Vernetzung und stellen Fähigkeiten i
- 0 comments
- 57 views
-
The latest flaw in Cisco Systems Identity Services Engine (ISE), which could expose sensitive information to an attacker, requires rotation of credentials as well as installation of a patch to correct, says an expert. Cisco ISE is a network access control platform that enforces access policy and manages endpoints. There have been more critical holes in Cisco products, acknowledged Paddy Harrington, a senior analyst at Forrester Research, and this one does need a threat actor with adminis
- 0 comments
- 56 views
-
Our first story of 2026 revealed how a destructive new botnet called Kimwolf has infected more than two million devices by mass-compromising a vast number of unofficial Android TV streaming boxes. Today, we’ll dig through digital clues left behind by the hackers, network operators and services that appear to have benefitted from Kimwolf’s spread. On Dec. 17, 2025, the Chinese security firm XLab published a deep dive on Kimwolf, which forces infected devices to participate in distributed denial-
- 0 comments
- 89 views
-
In my long career of safeguarding digital assets, I’ve seen technology shifts come and go, but nothing compares to the disruptive force of AI and large language models (LLMs). AI is quite literally a double-edged sword when it comes to cybersecurity. The same capabilities that allow us to automate threat detection and write secure code faster are being weaponized by adversaries to create a new generation of cyberthreats. For any CISO or security leader, our primary focus must shift; we are no lo
- 0 comments
- 66 views
-
Cybersecurity researchers have disclosed details of a new campaign that uses WhatsApp as a distribution vector for a Windows banking trojan called Astaroth in attacks targeting Brazil. The campaign has been codenamed Boto Cor-de-Rosa by Acronis Threat Research Unit. "The malware retrieves the victim's WhatsApp contact list and automatically sends malicious messages to each contact to furtherView the full article
- 0 comments
- 58 views
-
A China-nexus threat actor known as UAT-7290 has been attributed to espionage-focused intrusions against entities in South Asia and Southeastern Europe. The activity cluster, which has been active since at least 2022, primarily focuses on extensive technical reconnaissance of target organizations before initiating attacks, ultimately leading to the deployment of malware families such as RushDropView the full article
- 0 comments
- 64 views
-
Edge computing is no longer a futuristic concept; it’s a reality shaping mission-critical operations across defense, utilities and public safety. Rugged IoT devices, engineered to withstand extreme conditions, are the backbone of this transformation. They enable real-time decision-making in environments where traditional IT infrastructure cannot survive. But this progress comes with risk. These devices often operate outside secure perimeters, in disconnected environments and under physical s
- 0 comments
- 66 views
-
batjaket – shutterstock.com Das Threat Intelligence Team von Microsoft hat kürzlich festgestellt, dass Angreifer zunehmend komplexe E-Mail-Weiterleitungen und falsch konfigurierte Domain-Spoofing-Schutzmaßnahmen ausnutzen. Dabei lassen sie ihre Phishing-Nachrichten so aussehen, als würden sie von den angegriffenen Organisationen selbst stammen. In den Angriffskampagnen werden Konfigurationslücken missbraucht. Das gilt insbesondere für solche bei MX-DNS-Einträgen (Mail Exchanger), die nic
- 0 comments
- 181 views
-
batjaket – shutterstock.com Das Threat Intelligence Team von Microsoft hat kürzlich festgestellt, dass Angreifer zunehmend komplexe E-Mail-Weiterleitungen und falsch konfigurierte Domain-Spoofing-Schutzmaßnahmen ausnutzen. Dabei lassen sie ihre Phishing-Nachrichten so aussehen, als würden sie von den angegriffenen Organisationen selbst stammen. In den Angriffskampagnen werden Konfigurationslücken missbraucht. Das gilt insbesondere für solche bei MX-DNS-Einträgen (Mail Exchanger), die nic
- 0 comments
- 174 views
-
The internet never stays quiet. Every week, new hacks, scams, and security problems show up somewhere. This week’s stories show how fast attackers change their tricks, how small mistakes turn into big risks, and how the same old tools keep finding new ways to break in. Read on to catch up before the next wave hits. Honeypot Traps Hackers Hackers Fall forView the full article
- 0 comments
- 53 views
-
Chainguard, the trusted source for open source, has a unique view into how modern organizations actually consume open source software and where they run into risk and operational burdens. Across a growing customer base and an extensive catalog of over 1800 container image projects, 148,000 versions, 290,000 images, and 100,000 language libraries, and almost half a billion builds, they can seeView the full article
- 0 comments
- 61 views
-
ImageFlow – shutterstock.com Seit Anfang Dezember gilt die EU-Sicherheitsrichtline NIS2 auch in Deutschland. Rund 29.500 Unternehmen sind dadurch verpflichtet, sich als NIS-2-Einrichtungen zu registrieren und dem Bundesamt für Sicherheit in der Informationstechnik (BSI) erhebliche Sicherheitsvorfälle zu melden. Vor diesem Hintergrund hat das BSI ein neues Portal entwickelt, das gebündelte Informationen und Hilfestellungen bietet. BSI-Portal soll Austausch erleichtern Das BSI-Portal b
- 0 comments
- 49 views
-
A now-fixed critical flaw in the jsPDF library could enable attackers to extract sensitive files from enterprise servers and embed them directly into generated PDF documents. Tracked as CVE-2025-68428, the flaw affects unpatched Node.js deployments of jsPDF, where untrusted input is passed to file-handling APIs without proper validation. According to an Endor Labs analysis, the issue enables path traversal and local file inclusion, allowing an attacker to read arbitrary files from the un
- 0 comments
- 71 views
-
Cisco has released updates to address a medium-severity security flaw in Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) with a public proof-of-concept (PoC) exploit. The vulnerability, tracked as CVE-2026-20029 (CVSS score: 4.9), resides in the licensing feature and could allow an authenticated, remote attacker with administrative privileges to gain access toView the full article
- 0 comments
- 56 views
-
Cybersecurity researchers have discovered three malicious npm packages that are designed to deliver a previously undocumented malware called NodeCordRAT. The names of the packages, all of which were taken down as of November 2025, are listed below. They were uploaded by a user named "wenmoonx." bitcoin-main-lib (2,300 Downloads) bitcoin-lib-js (193 Downloads) bip40 (970 Downloads) "TheView the full article
- 0 comments
- 44 views
-
Cybersecurity researchers have disclosed details of multiple critical-severity security flaws affecting Coolify, an open-source, self-hosting platform, that could result in authentication bypass and remote code execution. The list of vulnerabilities is as follows - CVE-2025-66209 (CVSS score: 10.0) - A command injection vulnerability in the database backup functionality allows any authenticatedView the full article
- 0 comments
- 51 views
-
Attacks against AI systems and infrastructure are beginning to take shape in real-world instances, and security experts expect the number of these attack types will rise in coming years. In a rush to realize the benefits of AI, most organizations have played it fast and loose on security hardening when rolling out AI tools and use cases. As a result, experts also warn that many organizations aren’t prepared to detect, deflect, or respond to such attacks. “Most are aware of the possibility of
- 0 comments
- 64 views
-
Artificial intelligence (AI) company OpenAI on Wednesday announced the launch of ChatGPT Health, a dedicated space that allows users to have conversations with the chatbot about their health. To that end, the sandboxed experience offers users the optional ability to securely connect medical records and wellness apps, including Apple Health, Function, MyFitnessPal, Weight Watchers, AllTrails,View the full article
- 0 comments
- 56 views
-
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added two security flaws impacting Microsoft Office and Hewlett Packard Enterprise (HPE) OneView to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerabilities are listed below - CVE-2009-0556 (CVSS score: 8.8) - A code injection vulnerability in Microsoft OfficeView the full article
- 0 comments
- 54 views
-
SuPatMaN – shutterstock.com Das Jahr 2025 war für viele CISOs herausfordernd. Anfang des Jahres wurden mit dem Digital Operational Resilience Act (DORA) alle Finanzunternehmen dazu verpflichtet, ihre Cybersicherheit zu erhöhen. Zudem mussten sich in diesem Jahr zahlreiche Unternehmen mit der NIS2-Umsetzung auseinandersetzen. Vor welchen Schwierigkeiten stehen CISOs im Jahr 2026? Herausforderungen 2026 Nach Meinung von Raphael Reiß, CISO der Vaillant Group, wird das Thema Compliance a
- 0 comments
- 100 views
-
Veeam says that four vulnerabilities could allow a person with certain oversight roles for its flagship Backup & Replication suite to do serious damage to – but not destroy – a backup database. The company has already issued a patch for the bugs, which, it says, should be applied immediately. The worst of the vulnerabilities, CVE-2025-59470, carries a criticality score of 9 and would allow a threat actor “to do something nefarious,” said Rick Vanover, Veeam’s vice-president of produ
- 0 comments
- 48 views
-
Researchers have released details about a critical vulnerability that was silently patched in n8n, a platform used by many companies to build LLM-powered agents and automated workflows. The flaw can allow unauthenticated attackers to completely take over local n8n deployments, execute commands on the underlying system, and extract sensitive corporate data workflows typically have access to. “The blast radius of a compromised n8n is massive,” researchers from data security company Cyera, who
- 0 comments
- 71 views
-
A cybercrime gang known as Black Cat has been attributed to a search engine optimization (SEO) poisoning campaign that employs fraudulent sites advertising popular software to trick users into downloading a backdoor capable of stealing sensitive data. According to a report published by the National Computer Network Emergency Response Technical Team/Coordination Center of China (CNCERT/CC) andView the full article
- 0 comments
- 50 views
-
Der Schweregrad des Bugs in Open WebUI wird als hoch eingestuft. Wirestock Creators- shutterstock.com Sicherheitsforschende von Cato Networks haben eine Schwachstelle in Open WebUI, einem selbstgehosteten Enterprise Interface für Large Language Models (LLM), entdeckt. Diese soll es externen Modell-Servern, die über das Feature „Direct Connections“ eingebunden sind, ermöglichen, Schadcode einzuschleusen und KI-Workloads zu übernehmen. Das Problem, gekennzeichnet als CVE-2025-64496, beruh
- 0 comments
- 57 views
-
Der Schweregrad des Bugs in Open WebUI wird als hoch eingestuft. Wirestock Creators- shutterstock.com Sicherheitsforschende von Cato Networks haben eine Schwachstelle in Open WebUI, einem selbstgehosteten Enterprise Interface für Large Language Models (LLM), entdeckt. Diese soll es externen Modell-Servern, die über das Feature „Direct Connections“ eingebunden sind, ermöglichen, Schadcode einzuschleusen und KI-Workloads zu übernehmen. Das Problem, gekennzeichnet als CVE-2025-64496, beruh
- 0 comments
- 61 views
-
Suttipun – shutterstock.com Sicherheitsexperten haben kürzlich festgestellt, dass die Ransomware-Gruppe Jolly Scorpius ihren RaaS-(Ransomware as a Service)-Dienst Ransomhouse massiv verbessert hat. Wie das Threat-Intelligence-Team von Palo Alto Networks berichtet, nutzt die Gruppe jetzt ein fortschrittliches duales Verschlüsselungssystem. Die Angriffe basieren auf einer aktualisierten Version des Verschlüsselungs-Trojaner mit dem Codenamen „Mario“. Der Trojaner verwendet dabei nicht nur
- 0 comments
- 47 views
-
Suttipun – shutterstock.com Sicherheitsexperten haben kürzlich festgestellt, dass die Ransomware-Gruppe Jolly Scorpius ihren RaaS-(Ransomware as a Service)-Dienst Ransomhouse massiv verbessert hat. Wie das Threat-Intelligence-Team von Palo Alto Networks berichtet, nutzt die Gruppe jetzt ein fortschrittliches duales Verschlüsselungssystem. Die Angriffe basieren auf einer aktualisierten Version des Verschlüsselungs-Trojaner mit dem Codenamen „Mario“. Der Trojaner verwendet dabei nicht nur
- 0 comments
- 47 views
-
Suttipun – shutterstock.com Sicherheitsexperten haben kürzlich festgestellt, dass die Ransomware-Gruppe Jolly Scorpius ihren RaaS-(Ransomware as a Service)-Dienst Ransomhouse massiv verbessert hat. Wie das Threat-Intelligence-Team von Palo Alto Networks berichtet, nutzt die Gruppe jetzt ein fortschrittliches duales Verschlüsselungssystem. Die Angriffe basieren auf einer aktualisierten Version des Verschlüsselungs-Trojaner mit dem Codenamen „Mario“. Der Trojaner verwendet dabei nicht nur
- 0 comments
- 48 views
-
Suttipun – shutterstock.com Sicherheitsexperten haben kürzlich festgestellt, dass die Ransomware-Gruppe Jolly Scorpius ihren RaaS-(Ransomware as a Service)-Dienst Ransomhouse massiv verbessert hat. Wie das Threat-Intelligence-Team von Palo Alto Networks berichtet, nutzt die Gruppe jetzt ein fortschrittliches duales Verschlüsselungssystem. Die Angriffe basieren auf einer aktualisierten Version des Verschlüsselungs-Trojaner mit dem Codenamen „Mario“. Der Trojaner verwendet dabei nicht nur
- 0 comments
- 50 views
-
The more organizations lean on artificial intelligence (AI), spread workloads across different environments, and tie systems together, the harder it becomes for traditional security practices to present a complete picture of what’s going on. The result is a growing number of blind spots – hidden misconfigurations, inconsistent controls, and unpredictable behaviors across systems and AI agents – that can introduce significant risk long before a red flag appears in tooling. How can CSOs and ot
- 0 comments
- 51 views
-
Cybersecurity researchers have disclosed details of yet another maximum-severity security flaw in n8n, a popular workflow automation platform, that allows an unauthenticated remote attacker to gain complete control over susceptible instances. The vulnerability, tracked as CVE-2026-21858 (CVSS score: 10.0), has been codenamed Ni8mare by Cyera Research Labs. Security researcher Dor Attias has beenView the full article
- 0 comments
- 50 views
-
Security teams are still catching malware. The problem is what they're not catching. More attacks today don't arrive as files. They don't drop binaries. They don't trigger classic alerts. Instead, they run quietly through tools that already exist inside the environment — scripts, remote access, browsers, and developer workflows. That shift is creating a blind spot. Join us for a deep-diveView the full article
- 0 comments
- 51 views
-
Microsoft’s Threat Intelligence team has disclosed that threat actors are increasingly exploiting complex email routing and misconfigured domain spoof protection to make phishing messages appear as if they were sent from inside the organizations they’re targeting. These campaigns are relying on configuration gaps, specifically scenarios where mail exchanger (MX) DNS records don’t point directly to Microsoft 365 and where Domain-based Message Authentication, Reporting & Conformance (DMARC
- 0 comments
- 50 views
-
Open-source workflow automation platform n8n has warned of a maximum-severity security flaw that, if successfully exploited, could result in authenticated remote code execution (RCE). The vulnerability, which has been assigned the CVE identifier CVE-2026-21877, is rated 10.0 on the CVSS scoring system. "Under certain conditions, an authenticated user may be able to cause untrusted code to beView the full article
- 0 comments
- 49 views
-
Non-human employees are becoming the future of cybersecurity, and enterprises need to prepare accordingly. As organizations scale Artificial Intelligence (AI) and cloud automation, there is exponential growth in Non-Human Identities (NHIs), including bots, AI agents, service accounts and automation scripts. In fact, 51% of respondents in ConductorOne’s 2025 Future of Identity Security ReportView the full article
- 0 comments
- 52 views
-
Veeam has released security updates to address multiple flaws in its Backup & Replication software, including a "critical" issue that could result in remote code execution (RCE). The vulnerability, tracked as CVE-2025-59470, carries a CVSS score of 9.0. "This vulnerability allows a Backup or Tape Operator to perform remote code execution (RCE) as the postgres user by sending a maliciousView the full article
- 0 comments
- 51 views
-
Threat actors engaging in phishing attacks are exploiting routing scenarios and misconfigured spoof protections to impersonate organizations' domains and distribute emails that appear as if they have been sent internally. "Threat actors have leveraged this vector to deliver a wide variety of phishing messages related to various phishing-as-a-service (PhaaS) platforms such as Tycoon 2FA," theView the full article
- 0 comments
- 44 views
-
Cybersecurity leaders have a lot to consider when trying to keep their organizations safe. But some things stand out more than others — or might be under the radar. As a new year dawns, here are some things CISOs should avoid falling short on in 2026. Get complacent about identity controls in the face of rising AI agents The deployment of AI agents is growing rapidly, as enterprises look to take advantage of the automation and efficiency they offer. The global AI agents market size w
- 0 comments
- 59 views
-
Researchers have developed a tool that they say can make stolen high-value proprietary data used in AI systems useless, a solution that CSOs may have to adopt to protect their sophisticated large language models (LLMs). The technique, created by researchers from universities in China and Singapore, is to inject plausible but false data into what’s known as a knowledge graph (KG) created by an AI operator. A knowledge graph holds the proprietary data used by the LLM. Injecting poisoned or
- 0 comments
- 60 views
-
A newly discovered critical security flaw in legacy D-Link DSL gateway routers has come under active exploitation in the wild. The vulnerability, tracked as CVE-2026-0625 (CVSS score: 9.3), concerns a case of command injection in the "dnscfg.cgi" endpoint that arises as a result of improper sanitization of user-supplied DNS configuration parameters. "An unauthenticated remote attacker can injectView the full article
- 0 comments
- 53 views
-
Gorodenkoff – shutterstock.com Cyberangriffe fordern nicht nur CISOs in punkto Prävention und Krisenbewältigung heraus. Auch die Unternehmenskommunikation ist mit im Boot. Sie ist verantwortlich für den Krisenkommunikationsplan, den sie mit dem CISO entwickelt und bei Cybersicherheitsvorfällen umsetzt. Eine gute Krisenprävention hat aus der Perspektive der Kommunikation drei Elemente und beginnt nicht erst dann, wenn die Krise eingetreten ist. Die folgenden Maßnahmen sollten grundsätzlic
- 0 comments
- 172 views
-
Dudarau Dzmitry | shutterstock.com Wenn es um Security-Budgets geht, dreht sich ein Großteil der (Online-)Diskussionen darum, wie man das “Board” für sich gewinnt und Investitionen rechtfertigt. Einige Ansätze basieren auf spezifischen Finanzmodellen und zielen darauf ab, den Return on Investment (ROI) zu rechtfertigen. Andere konzentrieren sich eher darauf, Risiken zu quantifizieren und deren Minderung nachzuweisen. Gemein ist ihnen allen, das sie datengestützt funktionieren und auf rationa
- 0 comments
- 52 views
-
Dudarau Dzmitry | shutterstock.com Wenn es um Security-Budgets geht, dreht sich ein Großteil der (Online-)Diskussionen darum, wie man das “Board” für sich gewinnt und Investitionen rechtfertigt. Einige Ansätze basieren auf spezifischen Finanzmodellen und zielen darauf ab, den Return on Investment (ROI) zu rechtfertigen. Andere konzentrieren sich eher darauf, Risiken zu quantifizieren und deren Minderung nachzuweisen. Gemein ist ihnen allen, das sie datengestützt funktionieren und auf rationa
- 0 comments
- 49 views
-
View the full article
- 0 comments
- 50 views
-
Most SOC teams don’t struggle to detect threats. They struggle to decide what matters first. Alerts arrive constantly, often with limited context and varying quality. Analysts are expected to interpret them quickly, accurately, and consistently - even as environments change and queues grow. Triage becomes less about analysis and more about managing pressure. This is where AI begins to matter, not as a replacement for analysts, but as a way to restore structure to the triage process. View t
- 0 comments
- 66 views
-
Cybersecurity researchers have discovered two new malicious extensions on the Chrome Web Store that are designed to exfiltrate OpenAI ChatGPT and DeepSeek conversations alongside browsing data to servers under the attackers' control. The names of the extensions, which collectively have over 900,000 users, are below - Chat GPT for Chrome with GPT-5, Claude Sonnet & DeepSeek AI (ID:View the full article
- 0 comments
- 51 views
-
The CERT Coordination Center (CERT/CC) has disclosed details of an unpatched security flaw impacting TOTOLINK EX200 wireless range extender that could allow a remote authenticated attacker to gain full control of the device. The flaw, CVE-2025-65606 (CVSS score: N/A), has been characterized as a flaw in the firmware-upload error-handling logic, which could cause the device to inadvertently startView the full article
- 0 comments
- 51 views
-
Source: Securonix Cybersecurity researchers have disclosed details of a new campaign dubbed PHALT#BLYX that has leveraged ClickFix-style lures to display fixes for fake blue screen of death (BSoD) errors in attacks targeting the European hospitality sector. The end goal of the multi-stage campaign is to deliver a remote access trojan known as DCRat, according to cybersecurity company Securonix.View the full article
- 0 comments
- 48 views
-
The Invisible Half of the Identity Universe Identity used to live in one place - an LDAP directory, an HR system, a single IAM portal. Not anymore. Today, identity is fragmented across SaaS, on-prem, IaaS, PaaS, home-grown, and shadow applications. Each of these environments carries its own accounts, permissions, and authentication flows. Traditional IAM and IGA tools govern only the nearlyView the full article
- 0 comments
- 59 views
-
Popular artificial intelligence (AI)-powered Microsoft Visual Studio Code (VS Code) forks such as Cursor, Windsurf, Google Antigravity, and Trae have been found to recommend extensions that are non-existent in the Open VSX registry, potentially opening the door to supply chain risks when bad actors publish malicious packages under those names. The problem, according to Koi, is that theseView the full article
- 0 comments
- 57 views
-
Security researchers have flagged a high-severity flaw in Open WebUI, a self-hosted enterprise interface for large language models, that allows external model servers connected via its Direct Connections feature to inject malicious code and hijack AI workloads. The issue, tracked as CVE-2025-64496, stems from unsafe handling of server-sent events (SSE), enabling account takeover and, in some cases, with extended permissions, remote code execution (RCE) on backend servers. According to C
- 0 comments
- 60 views
-
Longtime security chief George Gerchow had sought top-notch security engineers and developers to build his team. Gerchow considered these workers “superstars” — and they proved him right in many ways. They were ambitious go-getters “who came in and absolutely killed it. They’d do a great job, but then they’d move on.” Gerchow discovered that a collection of such superstars didn’t create a high-performing team, which he defines as one that works well together to protect the company, leans
- 0 comments
- 61 views
-
A new critical security vulnerability has been disclosed in n8n, an open-source workflow automation platform, that could enable an authenticated attacker to execute arbitrary system commands on the underlying host. The vulnerability, tracked as CVE-2025-68668, is rated 9.9 on the CVSS scoring system. It has been described as a case of a protection mechanism failure. It affects n8n versions fromView the full article
- 0 comments
- 57 views
-
Users of the "@adonisjs/bodyparser" npm package are being advised to update to the latest version following the disclosure of a critical security vulnerability that, if successfully exploited, could allow a remote attacker to write arbitrary files on the server. Tracked as CVE-2026-21440 (CVSS score: 9.2), the flaw has been described as a path traversal issue affecting the AdonisJS multipartView the full article
- 0 comments
- 53 views
-
In today’s hyperconnected digital landscape, distributed denial-of-service (DDoS) attacks have evolved into sophisticated, multivector threats capable of crippling even the most resilient infrastructures. While content delivery network (CDN)-based DDoS protection offers scalable mitigation for volumetric attacks, it’s not a silver bullet. To truly safeguard critical services and maintain operational continuity, organizations must adopt a multilayered defense strategy—and that’s where NETSCOUT Ar
- 0 comments
- 62 views
-
When we think about cybersecurity, most of us picture alarms going off, software scanning for viruses, and firewalls keeping the bad guys out. Detection and response are the heavy lifters in any modern security strategy, and rightfully so. They help us spot threats, shut them down quickly, and get back to business. But here’s the catch: Focusing only on detection and response is like driving a car while looking only in the rearview mirror. You might see problems when they’ve already happened
- 0 comments
- 66 views
-
Distributed denial-of-service (DDoS) attacks come in many shapes and sizes, as do the myths surrounding them. These myths can center on motivations, DDoS attack vectors and techniques, mitigation strategies, and more. DDoS myths are also sometimes more dangerous than the attacks themselves because the misconceptions can leave organizations vulnerable to other types of cyberattacks, misguide mitigation strategies, or cause teams to miss attacks altogether. Let’s look at five of the top myths rega
- 0 comments
- 62 views
-
The Russia-aligned threat actor known as UAC-0184 has been observed targeting Ukrainian military and government entities by leveraging the Viber messaging platform to deliver malicious ZIP archives. "This organization has continued to conduct high-intensity intelligence gathering activities against Ukrainian military and government departments in 2025," the 360 Threat Intelligence Center said inView the full article
- 0 comments
- 55 views
-
Bleeping Computer reports that hackers are exploiting an old vulnerability in FortiOS that can be used to get around the two-factor authentication (2FA) requirement. The vulnerability, designated CVE-2020-12812, was patched back in July 2020, but five and a half years later, there are still at least 10,000 firewalls that have not been updated. To be on the safe side, all users of FortiOS and Fortigate are therefore urged to install the latest updates as soon as possible. This news
- 0 comments
- 53 views
-
As cyber threats become more frequent and more complex, they’re causing visible, measurable damage to organizations’ reputations and bottom lines. But the damage doesn’t end there. Breaches — or at least the threat of them — are impacting the mental health of companies’ IT and security workforces. According to new data, IT and security workers are facing nothing less than a mental health crisis in the workforce. Object First’s recent survey of 500 IT and security professionals revealed that
- 0 comments
- 51 views
-
Taiwan’s National Security Agency states that the number of Chinese cyberattacks against the country’s critical infrastructure increased by 6% in 2025, averaging 2.6 million attacks per day, Reuters reports. The attacks mainly targeted the energy sector, hospitals, banks and emergency services, and many of them were reportedly coordinated with Chinese military exercises and political events. For example, when the President and Vice President of Taiwan were giving speeches or attending intern
- 0 comments
- 55 views
-
France and Malaysia have launched investigations against Elon Musk’s AI chatbot Grok, after it generated sexualized deepfakes of women and minors, Techcrunch reports. India has also demanded that X restrict Grok’s ability to generate “obscene, pornographic or pedophilic” images within 72 hours, or risk losing its legal protection against user-generated content. Grok, developed by Musk’s company xAI and hosted on the X (formerly Twitter) platform, has published a message in which it “apol
- 0 comments
- 52 views
-
The botnet known as Kimwolf has infected more than 2 million Android devices by tunneling through residential proxy networks, according to findings from Synthient. "Key actors involved in the Kimwolf botnet are observed monetizing the botnet through app installs, selling residential proxy bandwidth, and selling its DDoS functionality," the company said in an analysis published last week. KimwolfView the full article
- 0 comments
- 58 views
-
You don’t lose most cyber battles to code. You lose them to culture: A rushed approval. A silent near-miss. A leader who shrugs at weak signals. Tools don’t fix that. People do, when they understand risk, own it and act with discipline under pressure. That is what the Organizational Risk Culture Standard (ORCS) gives you: A way to turn good intentions into daily behavior that defends trust. Cyber threats move fast. Your policies don’t. You work in VUCAD conditions: volatile, uncertain, c
- 0 comments
- 52 views
-
The year opened without a reset. The same pressure carried over, and in some places it tightened. Systems people assume are boring or stable are showing up in the wrong places. Attacks moved quietly, reused familiar paths, and kept working longer than anyone wants to admit. This week’s stories share one pattern. Nothing flashy. No single moment. Just steady abuse of trust — updates, extensions,View the full article
- 0 comments
- 103 views
-
Cybersecurity firm Resecurity says it deliberately lured threat actors linked to Scattered Lapsus$ Hunters (SLH) alliance into a honeypot, after the group claimed that it had hacked the company and stolen internal and client data. “Understanding that the actor is conducting reconnaissance, our team has set up a honey pot account,” Resecurity said in a blog post, indicating prior knowledge of threat actor probing. “This led to a successful login by the threat actor to one of the emulated appl
- 0 comments
- 56 views
-
Featuring: Cybersecurity is being reshaped by forces that extend beyond individual threats or tools. As organizations operate across cloud infrastructure, distributed endpoints, and complex supply chains, security has shifted from a collection of point solutions to a question of architecture, trust, and execution speed. This report examines how core areas of cybersecurity are evolving inView the full article
- 0 comments
- 95 views
-
Ilya Lichtenstein, who was sentenced to prison last year for money laundering charges in connection with his role in the massive hack of cryptocurrency exchange Bitfinex in 2016, said he has been released early. In a post shared on X last week, the 38-year-old announced his release, crediting U.S. President Donald Trump's First Step Act. According to the Federal Bureau of Prisons' inmate locatorView the full article
- 0 comments
- 47 views
-
Cybersecurity researchers have disclosed details of a new Python-based information stealer called VVS Stealer (also styled as VVS $tealer) that's capable of harvesting Discord credentials and tokens. The stealer is said to have been on sale on Telegram as far back as April 2025, according to a report from Palo Alto Networks Unit 42. "VVS stealer's code is obfuscated by Pyarmor," researchersView the full article
- 0 comments
- 52 views
-
As the AI-hype dust settles, CISOs have a lot to focus on 2026. From ongoing struggles such as ensuring teams are not burning out to current and future concerns, which includes finding effective business cases for AI, focusing on spotting a breach before it happens to planning for looming fear of breaking quantum encryption, CISOs from different industries share what is top of their agenda for 2026. 1. Prioritize resilience over reactive security Emphasis on resilience and architectural
- 0 comments
- 57 views
-
PeachShutterStock | shutterstock.com Im Kern der Enterprise Security steht die Zerreißprobe zwischen Benutzerkomfort und Security-Anforderungen. Dabei handelt es sich um einen Balanceakt, der regelmäßig auf Authentifizierungsebene ausgetragen wird und sich direkt auf das Onboarding- und Anmeldeerlebnis auswirkt. Geht es darum diesen Konflikt aufzulösen, steht Federated Identity an vorderster Front: Sie kann eine gute User Experience bieten, ohne dabei das Sicherheitsniveau zu beeinträchtigen
- 0 comments
- 61 views
-
DC Studio | shutterstock.com Konfigurationsfehler in der Cloud, die Unternehmensdaten gefährden, sind nicht unbedingt etwas Neues – eher im Gegenteil. Umso schlimmer, dass Unternehmen ihre Cloud-Ressourcen immer noch nicht durchgängig absichern. Zumindest legt das ein aktueller Report nahe. Dafür hat der Cloud-Sicherheitsanbieter Qualys 101 Cybersecurity- und IT-Profis befragt, zu deren Aufgaben es gehört, Cloud-Umgebungen abzusichern. Demnach: haben 28 Prozent der Befragten im vergange
- 0 comments
- 104 views
-
DC Studio | shutterstock.com Konfigurationsfehler in der Cloud, die Unternehmensdaten gefährden, sind nicht unbedingt etwas Neues – eher im Gegenteil. Umso schlimmer, dass Unternehmen ihre Cloud-Ressourcen immer noch nicht durchgängig absichern. Zumindest legt das ein aktueller Report nahe. Dafür hat der Cloud-Sicherheitsanbieter Qualys 101 Cybersecurity- und IT-Profis befragt, zu deren Aufgaben es gehört, Cloud-Umgebungen abzusichern. Demnach: haben 28 Prozent der Befragten im vergange
- 0 comments
- 104 views
-
The story you are reading is a series of scoops nestled inside a far more urgent Internet-wide security advisory. The vulnerability at issue has been exploited for months already, and it’s time for a broader awareness of the threat. The short version is that everything you thought you knew about the security of the internal network behind your Internet router probably is now dangerously out of date. The security company Synthient currently sees more than 2 million infected Kimwolf devices distr
- 0 comments
- 96 views
-
The threat actor known as Transparent Tribe has been attributed to a fresh set of attacks targeting Indian governmental, academic, and strategic entities with a remote access trojan (RAT) that grants them persistent control over compromised hosts. "The campaign employs deceptive delivery techniques, including a weaponized Windows shortcut (LNK) file masquerading as a legitimate PDF documentView the full article
- 0 comments
- 56 views
-
Two cybersecurity professionals charged with running a ransomware operation have pleaded guilty to conspiring to obstruct, delay, or affect commerce through extortion. They will be sentenced on March 12, 2026, the US Department of Justice announced this week. Ryan Goldberg and Kevin Martin were charged with using the BlackCat ransomware against multiple victims in the US between April 2023 and December 2023. An unnamed co-consiprator was also listed in the court filings. They were ac
- 0 comments
- 52 views
-
Two cybersecurity professionals charged with running a ransomware operation have pleaded guilty to conspiring to obstruct, delay, or affect commerce through extortion. They will be sentenced on March 12, 2026, the US Department of Justice announced this week. Ryan Goldberg and Kevin Martin were charged with using the BlackCat ransomware against multiple victims in the US between April 2023 and December 2023. An unnamed co-conspirator was also listed in the court filings. They were ac
- 0 comments
- 60 views