Security
2445 tech articles in this category
-
Two cybersecurity professionals charged with running a ransomware operation have pleaded guilty to conspiring to obstruct, delay, or affect commerce through extortion. They will be sentenced on March 12, 2026, the US Department of Justice announced this week. Ryan Goldberg and Kevin Martin were charged with using the BlackCat ransomware against multiple victims in the US between April 2023 and December 2023. An unnamed co-conspirator was also listed in the court filings. They were ac
- 0 comments
- 51 views
-
Attack Surface Management (ASM) tools promise reduced risk. What they usually deliver is more information. Security teams deploy ASM, asset inventories grow, alerts start flowing, and dashboards fill up. There is visible activity and measurable output. But when leadership asks a simple question, “Is this reducing incidents?” the answer is often unclear. This gap between effort andView the full article
- 0 comments
- 60 views
-
Cybersecurity researchers have disclosed details of a phishing campaign that involves the attackers impersonating legitimate Google-generated messages by abusing Google Cloud's Application Integration service to distribute emails. The activity, Check Point said, takes advantage of the trust associated with Google Cloud infrastructure to send the messages from a legitimate email address ("View the full article
- 0 comments
- 54 views
-
Cybersecurity teams are navigating a shift as skills shortages overtake headcount as the primary concern, according to ISC2’s 2025 Cybersecurity Workforce Study. The research, based on responses from some 16,029 cybersecurity professionals globally, reveals that while budget cuts and layoffs have leveled off after last year’s surge, the pressure on security teams has intensified. ISC2, a nonprofit member organization for cybersecurity professionals, found that cybersecurity workforce budget
- 0 comments
- 68 views
-
PeopleImages.com – Shutterstock.com Generative KI (GenAI) ist zu einem allgegenwärtigen Werkzeug in Unternehmen geworden. Laut einer Umfrage der Boston Consulting Group nutzen 50 Prozent der Unternehmen die Technologie, um Arbeitsabläufe neu zu gestalten. 77 Prozent der Befragten sind überzeugt, dass KI-Agenten in den nächsten drei bis fünf Jahren eine zentrale Rolle für ihre Unternehmensfunktionen spielen werden. CISOs und ihre Sicherheitsteams sind mit der Leistungsfähigkeit künstlich
- 0 comments
- 70 views
-
PeopleImages.com – Shutterstock.com Generative KI (GenAI) ist zu einem allgegenwärtigen Werkzeug in Unternehmen geworden. Laut einer Umfrage der Boston Consulting Group nutzen 50 Prozent der Unternehmen die Technologie, um Arbeitsabläufe neu zu gestalten. 77 Prozent der Befragten sind überzeugt, dass KI-Agenten in den nächsten drei bis fünf Jahren eine zentrale Rolle für ihre Unternehmensfunktionen spielen werden. CISOs und ihre Sicherheitsteams sind mit der Leistungsfähigkeit künstlich
- 0 comments
- 56 views
-
Wirestock Creators – shutterstock.com Drittanbieter-Risikomanagement ist für CISOs und Sicherheitsentscheider eine signifikante Herausforderung. Wird sie nicht (richtig) gestemmt, drohen weitreichende geschäftliche Konsequenzen – bis hin zum Stillstand der Produktion. Das wurde in den vergangenen Monaten von diversen Cyberattacken auf Drittanbieter unterstrichen. Zum Beispiel, als die russische Hackergruppe APT29 (auch bekannt als “Cozy Bear”) im Juni 2024 die kostenlose Remote-Access-So
- 0 comments
- 81 views
-
Wirestock Creators – shutterstock.com Drittanbieter-Risikomanagement ist für CISOs und Sicherheitsentscheider eine signifikante Herausforderung. Wird sie nicht (richtig) gestemmt, drohen weitreichende geschäftliche Konsequenzen – bis hin zum Stillstand der Produktion. Das wurde in den vergangenen Monaten von diversen Cyberattacken auf Drittanbieter unterstrichen. Zum Beispiel, als die russische Hackergruppe APT29 (auch bekannt als “Cozy Bear”) im Juni 2024 die kostenlose Remote-Access-So
- 0 comments
- 66 views
-
The first ThreatsDay Bulletin of 2026 lands on a day that already feels symbolic — new year, new breaches, new tricks. If the past twelve months taught defenders anything, it’s that threat actors don’t pause for holidays or resolutions. They just evolve faster. This week’s round-up shows how subtle shifts in behavior, from code tweaks to job scams, are rewriting what “cybercrime” looks like inView the full article
- 0 comments
- 55 views
-
IT leaders are setting their operations strategies for 2026 with an eye toward agility, flexibility, and tangible business results. Download the January 2026 issue of the Enterprise Spotlight from the editors of CIO, Computerworld, CSO, InfoWorld, and Network World and learn about the trends and technologies that will drive the IT agenda in the year ahead. View the full article
- 0 comments
- 63 views
-
Cybersecurity researchers have disclosed details of a persistent nine-month-long campaign that has targeted Internet of Things (IoT) devices and web applications to enroll them into a botnet known as RondoDox. As of December 2025, the activity has been observed leveraging the recently disclosed React2Shell (CVE-2025-55182, CVSS score: 10.0) flaw as an initial access vector, CloudSEK said in anView the full article
- 0 comments
- 57 views
-
As web browsers evolve into all-purpose platforms, performance and productivity often suffer. Feature overload, excessive background processes, and fragmented workflows can slow down browsing sessions and introduce unnecessary friction, especially for users who rely on the browser as a primary work environment. This article explores how adopting a lightweight, task-focused browser, likeView the full article
- 0 comments
- 55 views
-
IBM is urging customers to quickly patch a critical vulnerability in its API Connect platform that could allow remote attackers to bypass authentication. The company describes API Connect as a full lifecycle application programming interface (API) gateway used “to create, test, manage, secure, analyze, and socialize APIs.” It particularly touts it as a way to “unlock the potential of agentic AI” by providing a central point of control for access to AI services via APIs. The platform als
- 0 comments
- 60 views
-
Trust Wallet on Tuesday revealed that the second iteration of the Shai-Hulud (aka Sha1-Hulud) supply chain outbreak in November 2025 was likely responsible for the hack of its Google Chrome extension, ultimately resulting in the theft of approximately $8.5 million in assets. "Our Developer GitHub secrets were exposed in the attack, which gave the attacker access to our browser extension sourceView the full article
- 0 comments
- 60 views
-
The threat actor behind two malicious browser extension campaigns, ShadyPanda and GhostPoster, has been attributed to a third attack campaign codenamed DarkSpectre that has impacted 2.2 million users of Google Chrome, Microsoft Edge, and Mozilla Firefox. The activity is assessed to be the work of a Chinese threat actor that Koi Security is tracking under the moniker DarkSpectre. In all, theView the full article
- 0 comments
- 64 views
-
IBM has disclosed details of a critical security flaw in API Connect that could allow attackers to gain remote access to the application. The vulnerability, tracked as CVE-2025-13915, is rated 9.8 out of a maximum of 10.0 on the CVSS scoring system. It has been described as an authentication bypass flaw. "IBM API Connect could allow a remote attacker to bypass authentication mechanisms and gainView the full article
- 0 comments
- 56 views
-
Cybersecurity researchers have disclosed details of what appears to be a new strain of Shai Hulud on the npm registry with slight modifications from the previous wave observed last month. The npm package that embeds the novel Shai Hulud strain is "@vietmoney/react-big-calendar," which was uploaded to npm back in March 2021 by a user named "hoquocdat." It was updated for the first time onView the full article
- 0 comments
- 51 views
-
The 2017 Equifax breach was one of biggest security incidents of the 21st century. A textbook data leak case, the breach impacted more than 147 million people, spawning a number of scandals and controversies, with the credit reporting agency being criticized for a range of issues, from a lax security posture to their botched response. The high-profile incident has proved transformational for the company. In the wake of the breach, the multinational company has fortified itself and now even p
- 0 comments
- 72 views
-
The U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) on Tuesday removed three individuals linked to the Intellexa Consortium, the holding company behind a commercial spyware known as Predator, from the specially designated nationals list. The names of the individuals are as follows - Merom Harpaz Andrea Nicola Constantino Hermes Gambazzi Sara Aleksandra Fayssal HamouView the full article
- 0 comments
- 60 views
-
Roman Samborskyi | shutterstock.com Etliche Enterprise-CISOs versuchen schon seit mehr als einer Dekade, Passwörter hinter sich zu lassen. Weil aber diverse Legacy-Systeme ausschließlich auf Kennwörter ausgelegt sind, stoßen sie dabei immer wieder auf technische Hürden. Das spiegelt auch der aktuelle “ID IQ Report 2026” von RSA (Download gegen Daten) wider, für den der Sicherheitsanbieter weltweit 2.000 Security-Experten befragt hat. Demnach haben 90 Prozent der Befragten Probleme mit Passwo
- 0 comments
- 88 views
-
Cybercrime hat sich zur organisierten Industrie mit Arbeitsteilung gewandelt. DC Studio – Shutterstock.com Was einst in Foren mit selbstgeschriebenen Schadcodes begann, hat sich zu einer global vernetzten Untergrundökonomie entwickelt, die in Effizienz, Geschwindigkeit und Skalierung vielen Unternehmen überlegen ist. Hackergruppen arbeiten heute arbeitsteilig, nutzen Vertriebskanäle, betreiben Support, teilen Einnahmen mit Partnern und investieren in Forschung und Entwicklung. Die entsc
- 0 comments
- 56 views
-
Roman Samborskyi | shutterstock.com Etliche Enterprise-CISOs versuchen schon seit mehr als einer Dekade, Passwörter hinter sich zu lassen. Weil aber diverse Legacy-Systeme ausschließlich auf Kennwörter ausgelegt sind, stoßen sie dabei immer wieder auf technische Hürden. Das spiegelt auch der aktuelle “ID IQ Report 2026” von RSA (Download gegen Daten) wider, für den der Sicherheitsanbieter weltweit 2.000 Security-Experten befragt hat. Demnach haben 90 Prozent der Befragten Probleme mit Passwo
- 0 comments
- 87 views
-
Cybercrime hat sich zur organisierten Industrie mit Arbeitsteilung gewandelt. DC Studio – Shutterstock.com Was einst in Foren mit selbstgeschriebenen Schadcodes begann, hat sich zu einer global vernetzten Untergrundökonomie entwickelt, die in Effizienz, Geschwindigkeit und Skalierung vielen Unternehmen überlegen ist. Hackergruppen arbeiten heute arbeitsteilig, nutzen Vertriebskanäle, betreiben Support, teilen Einnahmen mit Partnern und investieren in Forschung und Entwicklung. Die entsc
- 0 comments
- 60 views
-
IT-Security-Verantwortliche sollten die Angriffsfläche permanent analysieren und schützen. Dazu müssen sie stets im Blick haben, welche Assets über das Internet erreichbar sind. Foto: NicoElNino – shutterstock.com Von IoT-Devices über Cloud-basierte Infrastrukturen, Web-Applikationen und Firewalls bis hin zu VPN-Gateways: Die Anzahl unternehmenseigener Assets, die mit dem Internet verbunden sind, steigt exponentiell an. Sie ermöglichen beispielsweise den Zugriff auf Daten, Sensoren, Server
- 0 comments
- 56 views
-
dotshock | shutterstock.com Angenommen, Ihr Unternehmen wird von Cyberkriminellen angegriffen, kommt dabei aber mit einem blauen Auge davon, weil die Attacke zwar spät, aber noch rechtzeitig entdeckt und abgewehrt werden konnte – ohne größeren Business Impact. Jetzt einfach wie bisher weiterzumachen und die Sache zu vergessen, wäre allerdings kontraproduktiv. Schließlich haben die Angreifer einen Weg gefunden, Ihre Systeme zu kompromittieren und dabei Abwehrmaßnahmen zu umgehen. Deshalb
- 0 comments
- 56 views
-
dotshock | shutterstock.com Angenommen, Ihr Unternehmen wird von Cyberkriminellen angegriffen, kommt dabei aber mit einem blauen Auge davon, weil die Attacke zwar spät, aber noch rechtzeitig entdeckt und abgewehrt werden konnte – ohne größeren Business Impact. Jetzt einfach wie bisher weiterzumachen und die Sache zu vergessen, wäre allerdings kontraproduktiv. Schließlich haben die Angreifer einen Weg gefunden, Ihre Systeme zu kompromittieren und dabei Abwehrmaßnahmen zu umgehen. Deshalb
- 0 comments
- 54 views
-
The Cyber Security Agency of Singapore (CSA) has issued a bulletin warning of a maximum-severity security flaw in SmarterTools SmarterMail email software that could be exploited to achieve remote code execution. The vulnerability, tracked as CVE-2025-52691, carries a CVSS score of 10.0. It relates to a case of arbitrary file upload that could enable code execution without requiring anyView the full article
- 0 comments
- 57 views
-
The threat actor known as Silver Fox has turned its focus to India, using income tax-themed lures in phishing campaigns to distribute a modular remote access trojan called ValleyRAT (aka Winos 4.0). "This sophisticated attack leverages a complex kill chain involving DLL hijacking and the modular Valley RAT to ensure persistence," CloudSEK researchers Prajwal Awasthi and Koushik Pal said in anView the full article
- 0 comments
- 59 views
-
Artificial intelligence (AI) is making its way into security operations quickly, but many practitioners are still struggling to turn early experimentation into consistent operational value. This is because SOCs are adopting AI without an intentional approach to operational integration. Some teams treat it as a shortcut for broken processes. Others attempt to apply machine learning to problemsView the full article
- 0 comments
- 54 views
-
The Chinese hacking group known as Mustang Panda has leveraged a previously undocumented kernel-mode rootkit driver to deliver a new variant of backdoor dubbed TONESHELL in a cyber attack detected in mid-2025 targeting an unspecified entity in Asia. The findings come from Kaspersky, which observed the new backdoor variant in cyber espionage campaigns mounted by the hacking group targetingView the full article
- 0 comments
- 59 views
-
Facing ever-mounting cyberthreats, enterprises are increasingly turning to cyber insurance to address the potentially severe financial damage a successful attack can inflict. Unfortunately, cyber insurance presents its own risks, particularly for cybersecurity leaders who tend to pay more attention to evolving threats than insurance fine print. Sharon Polsky, president of the Privacy and Access Council of Canada, an organization dedicated to the development of access-to-information, informat
- 0 comments
- 67 views
-
Every day has the potential to be a bad day for a CSO. However, the second Tuesday of each month – Patch Tuesday – is almost guaranteed to be one of those days, though with any luck it’s merely troublesome, not catastrophic. In 2025, however, some of them gave CSOs heartburn: Microsoft issued mitigations for 1,246 CVEs, including 158 rated critical. Forty-one of them were zero days, and researchers at Tenable estimate that elevation of privilege vulnerabilities accounted for about 38.3% of a
- 0 comments
- 92 views
-
Cybersecurity ist kein Nice-to-have, sondern ein Muss. Dennoch vernachlässigen immer noch zu viele Unternehmen seine Pflege. Summit Art Creations – shutterstock.com Cybersicherheits-Frameworks sind die Richtlinien, mit denen sich Unternehmen vor Cyberangriffen schützen. Ein typisches Framework beschreibt die notwendigen Schritte, um verschiedene Cybersicherheitsrisiken zu adressieren, latente Schwachstellen aufzudecken und die digitale Verteidigung des Unternehmens allgemein zu
- 0 comments
- 99 views
-
Cybersecurity ist kein Nice-to-have, sondern ein Muss. Dennoch vernachlässigen immer noch zu viele Unternehmen seine Pflege. Summit Art Creations – shutterstock.com Cybersicherheits-Frameworks sind die Richtlinien, mit denen sich Unternehmen vor Cyberangriffen schützen. Ein typisches Framework beschreibt die notwendigen Schritte, um verschiedene Cybersicherheitsrisiken zu adressieren, latente Schwachstellen aufzudecken und die digitale Verteidigung des Unternehmens allgemein zu
- 0 comments
- 102 views
-
KrebsOnSecurity.com celebrates its 16th anniversary today! A huge “thank you” to all of our readers — newcomers, long-timers and drive-by critics alike. Your engagement this past year here has been tremendous and truly a salve on a handful of dark days. Happily, comeuppance was a strong theme running through our coverage in 2025, with a primary focus on entities that enabled complex and globally-dispersed cybercrime services. Image: Shutterstock, Younes Stiller Kraske. In May 2024, we scrutini
- 0 comments
- 88 views
-
Anomaly detection has become one of the most discussed and most misunderstood, applications of AI in security operations. In theory, it promises early threat identification and broader coverage beyond static rules. In practice, many SOC teams experience inconsistent results and growing uncertainty. View the full article
- 0 comments
- 56 views
-
Last week’s cyber news in 2025 was not about one big incident. It was about many small cracks opening at the same time. Tools people trust every day behave in unexpected ways. Old flaws resurfaced. New ones were used almost immediately. A common theme ran through it all in 2025. Attackers moved faster than fixes. Access meant for work, updates, or support kept getting abused. And damage did notView the full article
- 0 comments
- 92 views
-
The React 19 library for building application interfaces was hit with a remote code vulnerability, React2Shell, about a month ago. However, as researchers delve deeper into the bug, the larger picture gradually unravels. The vulnerability enables unauthenticated remote code execution through React Server Components, allowing attackers to execute arbitrary code on affected servers via a crafted request. In other words, a foundational web framework feature quietly became an initial access vect
- 0 comments
- 53 views
-
Cybersecurity researchers have disclosed details of what has been described as a "sustained and targeted" spear-phishing campaign that has published over two dozen packages to the npm registry to facilitate credential theft. The activity, which involved uploading 27 npm packages from six different npm aliases, has primarily targeted sales and commercial personnel at criticalView the full article
- 0 comments
- 51 views
-
A recently disclosed security vulnerability in MongoDB has come under active exploitation in the wild, with over 87,000 potentially susceptible instances identified across the world. The vulnerability in question is CVE-2025-14847 (CVSS score: 8.7), which allows an unauthenticated attacker to remotely leak sensitive data from the MongoDB server memory. It has been codenamed MongoBleed. "A flawView the full article
- 0 comments
- 57 views
-
The year of agentic AI came with promises of massive productivity gains for businesses, but the rush to adopt new tools and services also opened new attack paths in enterprise environments. Here are some of the top security risks to the AI ecosystem that were revealed this year by security researchers, either in the wild or as researcher-demonstrated attacks. Shadow AI and vulnerable AI tools Giving free reign to employees to experiment with AI tools to automate business processes mi
- 0 comments
- 62 views
-
In December 2024, the popular Ultralytics AI library was compromised, installing malicious code that hijacked system resources for cryptocurrency mining. In August 2025, malicious Nx packages leaked 2,349 GitHub, cloud, and AI credentials. Throughout 2024, ChatGPT vulnerabilities allowed unauthorized extraction of user data from AI memory. The result: 23.77 million secrets were leaked through AIView the full article
- 0 comments
- 56 views
-
FotoDax | shutterstock.com In der Außenperspektive sollte es für Menschen, die es zum Chief Information Security Officer gebracht haben, eigentlich kein Problem sein, die Branche zu wechseln. In der Realität stellen viele Sicherheitsentscheider allerdings regelmäßig fest, dass das Gegenteil der Fall ist: Wenn man einmal in einer bestimmten Branche tätig ist, gestaltet es sich mitunter schwierig, wieder auszusteigen. Das liegt auch daran, dass Führungskräfte und Personalvermittler oft immer n
- 0 comments
- 110 views
-
A high-severity security flaw has been disclosed in MongoDB that could allow unauthenticated users to read uninitialized heap memory. The vulnerability, tracked as CVE-2025-14847 (CVSS score: 8.7), has been described as a case of improper handling of length parameter inconsistency, which arises when a program fails to appropriately tackle scenarios where a length field is inconsistent with theView the full article
- 0 comments
- 51 views
-
Document database vendor MongoDB has advised customers to update immediately following the discovery of a flaw that could allow unauthenticated users to read uninitialized heap memory. Designated CVE-2025-14847, the bug, mismatched length fields in zlib compressed protocol headers, could allow an attacker to execute arbitrary code and potentially seize control of a device. The flaw affects the following MongoDB and MongoDB Server versions: MongoDB 8.2.0 through 8.2.3 MongoDB 8.0
- 0 comments
- 59 views
-
Trust Wallet is urging users to update its Google Chrome extension to the latest version following what it described as a "security incident" that led to the loss of approximately $7 million. The issue, the multi‑chain, non‑custodial cryptocurrency wallet service said, impacts version 2.68. The extension has about one million users, according to the Chrome Web Store listing. Users are advised toView the full article
- 0 comments
- 56 views
-
A China-linked advanced persistent threat (APT) group has been attributed to a highly-targeted cyber espionage campaign in which the adversary poisoned Domain Name System (DNS) requests to deliver its signature MgBot backdoor in attacks targeting victims in Türkiye, China, and India. The activity, Kaspersky said, was observed between November 2022 and November 2024. It has been linked to aView the full article
- 0 comments
- 71 views
-
A critical security flaw has been disclosed in LangChain Core that could be exploited by an attacker to steal sensitive secrets and even influence large language model (LLM) responses through prompt injection. LangChain Core (i.e., langchain-core) is a core Python package that's part of the LangChain ecosystem, providing the core interfaces and model-agnostic abstractions for buildingView the full article
- 0 comments
- 61 views
-
As cyberattacks grow more sophisticated and AI-powered threats escalate, enterprises are under pressure to evolve beyond traditional perimeter-based network security. Many are turning to Secure Access Service Edge (SASE), a cloud-native framework that converges network and security functions to protect distributed workforces, optimize network performance, and simplify management across multiple tools. SASE platforms typically include SD-WAN, secure web gateway (SWG), firewall as a service (F
- 0 comments
- 71 views
-
ThreatsDay Bulletin: Stealth Loaders, AI Chatbot Flaws AI Exploits, Docker Hack, and 15 More Stories
It’s getting harder to tell where normal tech ends and malicious intent begins. Attackers are no longer just breaking in — they’re blending in, hijacking everyday tools, trusted apps, and even AI assistants. What used to feel like clear-cut “hacker stories” now looks more like a mirror of the systems we all use. This week’s findings show a pattern: precision, patience, and persuasion. TheView the full article- 0 comments
- 63 views
-
The encrypted vault backups stolen from the 2022 LastPass data breach have enabled bad actors to take advantage of weak master passwords to crack them open and drain cryptocurrency assets as recently as late 2025, according to new findings from TRM Labs. The blockchain intelligence firm said evidence points to the involvement of Russian cybercriminal actors in the activity, with one of theView the full article
- 0 comments
- 57 views
-
Fortinet on Wednesday said it observed "recent abuse" of a five-year-old security flaw in FortiOS SSL VPN in the wild under certain configurations. The vulnerability in question is CVE-2020-12812 (CVSS score: 5.2), an improper authentication vulnerability in SSL VPN in FortiOS that could allow a user to log in successfully without being prompted for the second factor of authentication if theView the full article
- 0 comments
- 60 views
-
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a security flaw impacting Digiever DS-2105 Pro network video recorders (NVRs) to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerability, tracked as CVE-2023-52163 (CVSS score: 8.8), relates to a case of command injection that allows post-authentication remote codeView the full article
- 0 comments
- 57 views
-
There are few research institutions in the world with the size and scope of the European Organization for Nuclear Research, CERN. Founded in 1954 by 12 European countries, the European Laboratory for Elementary Particle Physics is located in the Swiss town of Meyrin, in the canton of Geneva, although its facilities extend along the Franco-Swiss border. Among them is the Large Hadron Collider (LHC), the world’s largest particle accelerator. International collaboration is at the core of its origin
- 0 comments
- 59 views
-
Cybersecurity researchers have discovered a new variant of a macOS information stealer called MacSync that's delivered by means of a digitally signed, notarized Swift application masquerading as a messaging app installer to bypass Apple's Gatekeeper checks. "Unlike earlier MacSync Stealer variants that primarily rely on drag-to-terminal or ClickFix-style techniques, this sample adopts a moreView the full article
- 0 comments
- 58 views
-
The fraudulent investment scheme known as Nomani has witnessed an increase by 62%, according to data from ESET, as campaigns distributing the threat have also expanded beyond Facebook to include other social media platforms, such as YouTube. The Slovak cybersecurity company said it blocked over 64,000 unique URLs associated with the threat this year. A majority of the detections originated fromView the full article
- 0 comments
- 55 views
-
Every year, cybercriminals find new ways to steal money and data from businesses. Breaching a business network, extracting sensitive data, and selling it on the dark web has become a reliable payday. But in 2025, the data breaches that affected small and medium-sized businesses (SMBs) challenged our perceived wisdom about exactly which types of businesses cybercriminals are targeting. View the full article
- 0 comments
- 62 views
-
Security professionals hunting PoCs and exploit code on GitHub might soon walk into a trap, as attackers redirect a known RAT toward them. Researchers have uncovered a stealthy campaign in which the Webrat Trojan, known for months to hide inside game cheats and cracked software, is now posing as proof-of-concept exploit repositories on GitHub to trick unsuspecting security researchers. The clever decoy and the unexpected target set the campaign apart from typical malware distribution att
- 0 comments
- 63 views
-
The U.S. Securities and Exchange Commission (SEC) has filed charges against multiple companies for their alleged involvement in an elaborate cryptocurrency scam that swindled more than $14 million from retail investors. The complaint charged crypto asset trading platforms Morocoin Tech Corp., Berge Blockchain Technology Co., Ltd., and Cirkor Inc., as well as investment clubs AI Wealth Inc., LaneView the full article
- 0 comments
- 61 views
-
NIS2 is symbolic of the core problem with European directives and regulations: They generate unnecessary red tape and too rarely have the desired effect. Whether it’s the Supply Chain Act, GDPR impact assessments, or the IT Security Act — the common theme is that companies have to produce mountains of documentation, something that neither increases actual security nor is realistically verifiable. A compliant entity is typically one that can provide comprehensive documentation of all proc
- 0 comments
- 57 views
-
Apple has been fined €98.6 million ($116 million) by Italy's antitrust authority after finding that the company's App Tracking Transparency (ATT) privacy framework restricted App Store competition. The Italian Competition Authority (Autorità Garante della Concorrenza e del Mercato, or AGCM) said the company's "absolute dominant position" in app distribution allowed it to "unilaterally impose"View the full article
- 0 comments
- 93 views
-
ServiceNow on Tuesday announced that it would buy cybersecurity vendor Armis for $7.75 billion in cash. This builds on its December purchase of identity security vendor Vezas, and the closing of its acquisition of AI vendor Moveworks. Analysts and cybersecurity practitioners mostly applauded the move, but cautioned that this could force CIOs and CISOs away from a best-of-breed strategy and into a classic suite approach, where the individual elements may be merely good enough. “This is a
- 0 comments
- 76 views
-
ServiceNow has agreed to buy cybersecurity vendor Armis for $7.75 billion in cash, it announced Tuesday. This builds on its December purchase of identity security vendor Veza, and the closing of its acquisition of AI vendor Moveworks. Analysts and cybersecurity practitioners mostly applauded the move, but cautioned that this could force CIOs and CISOs away from a best-of-breed strategy and into a classic suite approach, where the individual elements may be merely good enough. “This is a
- 0 comments
- 62 views
-
A ransomware expert lauded a recent crackdown on cybercrooks in Africa that resulted in the decryption of six ransomware strains, smashing of links to malicious websites, and hundreds of arrests as major action. “This may not be the same headline as taking down LockBit, but I think it is significant,” said Jon DiMaggio, chief security strategist, Analyst1 and co-author of an upcoming book on chasing ransomware gangs. “Because law enforcement can’t arrest Russian ransomware criminals, it’s sm
- 0 comments
- 51 views
-
Threat detection has always been central to security operations. What has changed is not the goal (identifying malicious activity) but the way SOC teams arrive at confident decisions. View the full article
- 0 comments
- 57 views
-
The MacSync Stealer macOS malware can now infect victims’ computers using what appears to be a legitimate application with minimal user interaction, according to Apple device management and security vendor Jamf. Until now, macOS campaigns needed to persuade users to launch infected applications through relatively intrusive techniques such as ClickFix social engineering or the expert user macOS ‘drag-to-terminal’ routine. MacSync Stealer, by contrast, is downloaded from an ordinary-lookin
- 0 comments
- 50 views
-
The MacSync Stealer macOS malware can now infect victims’ computers using what appears to be a legitimate application with minimal user interaction, according to Apple device management and security vendor Jamf. Until now, macOS campaigns needed to persuade users to launch infected applications through relatively intrusive techniques such as ClickFix social engineering or the expert user macOS ‘drag-to-terminal’ routine. MacSync Stealer, by contrast, is downloaded from an ordinary-lookin
- 0 comments
- 51 views
-
Cybersecurity researchers have discovered two malicious Google Chrome extensions with the same name and published by the same developer that come with capabilities to intercept traffic and capture user credentials. The extensions are advertised as a "multi-location network speed test plug-in" for developers and foreign trade personnel. Both the browser add-ons are available for download as ofView the full article
- 0 comments
- 55 views
-
Amazon’s chief security officer Stephen Schmidt writes that since April 2024, the company has stopped over 1800 job applications suspected of coming from North Korean agents. The number of applications linked to North Korea has also increased by about 27% per quarter in 2025. The purpose of the infiltration is said to be to obtain remote employment with foreign companies, mainly in the United States, and then transfer the income to North Korea’s weapons program. Amazon combines AI-based
- 0 comments
- 56 views
-
France’s postal service, La Poste, has been largely down for over twelve hours following a widespread network failure, reports The Register. All of La Poste’s IT systems are reportedly affected, including the website, the digital document service Digiposte, a digital ID service and the mobile app. It is still possible to handle cases over the counter. La Poste’s bank, Banque Postales, app and online services are also down. Payments and SMS verification should still work. La Poste has
- 0 comments
- 53 views
-
Security firm Proofpoint has discovered that hackers have found a clever way to bypass multi-factor authentication (MFA) and thereby get their hands on accounts belonging to corporate users. In a nutshell, the hackers are using one-time codes from OAuth 2.0, an open standard that is supposed to be used to authenticate smart TVs and the like. Typically, the scammers pretend that a particular device needs a one-time code and get users to type the code into Microsoft’s authentication link.
- 0 comments
- 54 views
-
Outsourcing critical IT and cybersecurity once looked like a shortcut to efficiency. Today, it is a shortcut to systemic fragility. Breaches at one vendor now cascade across hundreds of organizations. A corporate decision framed as a cost-saving measure can trigger risks that extend across industries, even nations. The SolarWinds breach showed how a compromised supplier became a launchpad for global espionage. The MOVEit breach exposed how a single vulnerability could compromise sensitive da
- 0 comments
- 58 views
-
A US federal securities class action lawsuit has alleged that South Korean ecommerce giant Coupang took nearly a month to disclose a massive data breach to regulators, violating SEC rules that require companies to report material cybersecurity incidents within four business days. The lawsuit, filed December 18, came just two days after Coupang finally submitted a Form 8-K disclosure to the Securities and Exchange Commission — 28 days after discovering the breach on November 18. The compl
- 0 comments
- 63 views
-
Security researchers have uncovered a malicious npm package that poses as a legitimate WhatsApp Web API library while quietly stealing messages, credentials, and contact data from developer environments. The package, identified as “lotusbail,” operates as a trojanized wrapper around a genuine WhatsApp client library and had accumulated more than 50k downloads by the time it was flagged by Koi Security. “With over 56000 downloads and functional code that actually works as advertised, it i
- 0 comments
- 61 views
-
A law enforcement operation coordinated by INTERPOL has led to the recovery of $3 million and the arrest of 574 suspects by authorities from 19 countries, amidst a continued crackdown on cybercrime networks in Africa. The coordinated effort, named Operation Sentinel, took place between October 27 and November 27, 2025, and mainly focused on business email compromise (BEC), digital extortion, andView the full article
- 0 comments
- 61 views
-
Passwd is designed specifically for organizations operating within Google Workspace. Rather than competing as a general consumer password manager, its purpose is narrow, and business-focused: secure credential storage, controlled sharing, and seamless Workspace integration. The platform emphasizes practicality over feature overload, aiming to provide a reliable system for teams that already relyView the full article
- 0 comments
- 52 views
-
The U.S. Justice Department (DoJ) on Monday announced the seizure of a web domain and database that it said was used to further a criminal scheme designed to target and defraud Americans by means of bank account takeover fraud. The domain in question, web3adspanels[.]org, was used as a backend web panel to host and manipulate illegally harvested bank login credentials. Users to the website areView the full article
- 0 comments
- 51 views
-
A critical security vulnerability has been disclosed in the n8n workflow automation platform that, if successfully exploited, could result in arbitrary code execution under certain circumstances. The vulnerability, tracked as CVE-2025-68613, carries a CVSS score of 9.9 out of a maximum of 10.0. The package has about 57,000 weekly downloads, according to statistics on npm. "Under certainView the full article
- 0 comments
- 54 views
-
Making the most of agentic AI is a top agenda item for many enterprises the coming year, as business executives are keen to deploy autonomous AI agents to revamp a range of business operations and workflows. The technology is nascent and, as with generative AI rollouts, CIOs are under pressure to move quickly with agentic AI strategies — a potential nightmare in making for CISOs charged with ensuring organizational security in the face of widespread agentic experimentation and deployment.
- 0 comments
- 67 views
-
Making the most of agentic AI is a top agenda item for many enterprises the coming year, as business executives are keen to deploy autonomous AI agents to revamp a range of business operations and workflows. The technology is nascent and, as with generative AI rollouts, CIOs are under pressure to move quickly with agentic AI strategies — a potential nightmare in making for CISOs charged with ensuring organizational security in the face of widespread agentic experimentation and deployment.
- 0 comments
- 62 views
-
The U.S. Federal Communications Commission (FCC) on Monday announced a ban on all drones and critical components made in a foreign country, citing national security concerns. To that end, the agency has added to its Covered List Uncrewed aircraft systems (UAS) and UAS critical components produced in a foreign country, and all communications and video surveillance equipment and services pursuantView the full article
- 0 comments
- 48 views
-
Mit Hilfe von Cyber Risk Assessments können CISOs nicht nur das konkrete Risiko im Unternehmen ermitteln, sondern auch den Erfolg ihrer Arbeit sichtbar machen. Foto: Elnur – shutterstock.com Ab einem gewissen Alter gehen viele Menschen regelmäßig zum Arzt für einen Check-up. Das ist sinnvoll und wird sogar von der Krankenkasse bezahlt. Auf diese Weise können Risiken und Gefahren frühzeitig erkannt und entsprechende Maßnahmen getroffen werden. Genauso verhält es sich in der Cybersicherheit: Reg
- 0 comments
- 58 views
-
Watchara Ritjan – shutterstock.com Immer mehr Unternehmen heben Vertrauen als Unterscheidungsmerkmal für ihr Geschäft hervor. Durch Datenschutzverletzungen, Bedenken hinsichtlich der Produktsicherheit und Unsicherheiten in Bezug auf künstliche Intelligenz hat das Vertrauen der Kunden in den vergangenen Jahren stark gelitten. Wie aus dem Edelman Trust Barometer 2025 hervorgeht, ist das Vertrauen allgemein angeschlagen, insbesondere gegenüber Unternehmen und Führungskräften. Dies könnt
- 0 comments
- 59 views
-
Watchara Ritjan – shutterstock.com Immer mehr Unternehmen heben Vertrauen als Unterscheidungsmerkmal für ihr Geschäft hervor. Durch Datenschutzverletzungen, Bedenken hinsichtlich der Produktsicherheit und Unsicherheiten in Bezug auf künstliche Intelligenz hat das Vertrauen der Kunden in den vergangenen Jahren stark gelitten. Wie aus dem Edelman Trust Barometer 2025 hervorgeht, ist das Vertrauen allgemein angeschlagen, insbesondere gegenüber Unternehmen und Führungskräften. Dies könnt
- 0 comments
- 61 views
-
Fraudsters have started using AI to create fake documents claiming that artworks are genuine or legally owned, the Financial Times reports. According to art insurance brokers at Marsh, chatbots and big language models are being used to forge invoices, appraisal certificates and certificates of authenticity. In other cases, it has not been a case of deliberate fraud, but rather AI hallucinating false references to a work of art, which the owner has taken to be true. False documents are no
- 0 comments
- 49 views
-
Cybersecurity researchers have disclosed details of a new malicious package on the npm repository that works as a fully functional WhatsApp API, but also contains the ability to intercept every message and link the attacker's device to a victim's WhatsApp account. The package, named "lotusbail," has been downloaded over 56,000 times since it was first uploaded to the registry by a user named "View the full article
- 0 comments
- 43 views
-
A collective of pirate activists say they gained access to 256 million rows of metadata and 86 million audio files, equivalent to around 300 terabytes of data, from Spotify, Billboard reports. The metadata, but no audio files, has been made publicly available through the open search engine Anna’s Archive. Anna’s Archive describes the project as an effort to “preserve the knowledge and culture of humanity” by creating a music archive for preservation purposes. Spotify itself has confi
- 0 comments
- 48 views
-
A recent upgrade to the RansomHouse ransomware operation has added new concerns for enterprise defenders, introducing a multi-layered encryption update to the group’s double-extortion RaaS model. Also tracked under the cluster Jolly Scorpius, the ransomware gang has transitioned from a simple, single-phase encryption routine to a multi-layered dual-key encryption architecture that increases the complexity of its extortion operations. Detailed by Palo Alto Networks’ threat intelligence te
- 0 comments
- 57 views
-
Cyber threats last week showed how attackers no longer need big hacks to cause big damage. They’re going after the everyday tools we trust most — firewalls, browser add-ons, and even smart TVs — turning small cracks into serious breaches. The real danger now isn’t just one major attack, but hundreds of quiet ones using the software and devices already inside our networks. Each trusted system canView the full article
- 0 comments
- 58 views
-
As the internet becomes an essential part of daily life, its environmental footprint continues to grow. Data centers, constant connectivity, and resource-heavy browsing habits all contribute to energy consumption and digital waste. While individual users may not see this impact directly, the collective effect of everyday browsing is significant. Choosing a browser designed withView the full article
- 0 comments
- 52 views
-
Cybercriminals and state-sponsored hackers are increasingly exploiting Microsoft’s legitimate OAuth 2.0 device authorization process to hijack enterprise accounts, bypassing multifactor authentication protections and gaining persistent access to sensitive organizational data, a report said. Researchers at Proofpoint tracked multiple threat clusters — both financially motivated and state-aligned — that were using device code phishing techniques to trick users into granting unauthorized access
- 0 comments
- 56 views
-
The US Securities and Exchange Commission’s Nov. 30 decision to dismiss its lawsuit against SolarWinds and its CISO, Tim Brown, was met with immediate and widespread joy across the cybersecurity leadership community. For many CISOs, the dismissal landed not as an abstract legal development, but as something deeply personal. “Thank God,” Gadi Evron, CEO and founder of Knostic and CISO in Residence for AI at the Cloud Security Alliance, said when he learned of the dismissal. “People are feelin
- 0 comments
- 68 views
-
Threat actors have been observed leveraging malicious dropper apps masquerading as legitimate applications to deliver an Android SMS stealer dubbed Wonderland in mobile attacks targeting users in Uzbekistan. "Previously, users received 'pure' Trojan APKs that acted as malware immediately upon installation," Group-IB said in an analysis published last week. "Now, adversaries increasingly deployView the full article
- 0 comments
- 67 views
-
PeopleImages.com – Yuri A – Shutterstock.com Wenn ein Unternehmen einen größeren Ausfall seiner IT-Systeme erlebt – beispielsweise aufgrund eines Cyberangriffs – ist es zu diesem Zeitpunkt nicht mehr voll geschäftsfähig. Deshalb ist ein effektiver Plan zur Reaktion auf Vorfälle (Incident Response, IR) unerlässlich. Es geht jedoch nicht nur darum, die Quelle eines Angriffs zu finden und ihn einzudämmen. Unternehmen müssen auf Widerstandsfähigkeit ausgelegt sein, um auch dann weiterarbeite
- 0 comments
- 107 views
-
abdullah Ghashqeen – Shutterstock Ein turbulentes Jahr 2025 neigt sich dem Ende zu. Es war geprägt von wirtschaftlicher Unsicherheit, geopolitischen Spannungen und dem ungebremsten Siegeszug der Künstlichen Intelligenz. Grund genug für die Redaktion von Computerwoche, CIO und CSO, in der letzten TechTalk-Podcast-Folge des Jahres Bilanz zu ziehen. Im Fokus: Die IT-Tops und -Flops 2025. Kaum ein Thema hat die IT-Welt 2025 so stark dominiert wie KI – mit Licht und Schatten. Einer der größte
- 0 comments
- 57 views
-
abdullah Ghashqeen – Shutterstock Ein turbulentes Jahr 2025 neigt sich dem Ende zu. Es war geprägt von wirtschaftlicher Unsicherheit, geopolitischen Spannungen und dem ungebremsten Siegeszug der Künstlichen Intelligenz. Grund genug für die Redaktion von Computerwoche, CIO und CSO, in der letzten TechTalk-Podcast-Folge des Jahres Bilanz zu ziehen. Im Fokus: Die IT-Tops und -Flops 2025. Kaum ein Thema hat die IT-Welt 2025 so stark dominiert wie KI – mit Licht und Schatten. Einer der größte
- 0 comments
- 51 views
-
abdullah Ghashqeen – Shutterstock Ein turbulentes Jahr 2025 neigt sich dem Ende zu. Es war geprägt von wirtschaftlicher Unsicherheit, geopolitischen Spannungen und dem ungebremsten Siegeszug der Künstlichen Intelligenz. Grund genug für die Redaktion von Computerwoche, CIO und CSO, in der letzten TechTalk-Podcast-Folge des Jahres Bilanz zu ziehen. Im Fokus: Die IT-Tops und -Flops 2025. Kaum ein Thema hat die IT-Welt 2025 so stark dominiert wie KI – mit Licht und Schatten. Einer der größte
- 0 comments
- 54 views
-
abdullah Ghashqeen – Shutterstock Ein turbulentes Jahr 2025 neigt sich dem Ende zu. Es war geprägt von wirtschaftlicher Unsicherheit, geopolitischen Spannungen und dem ungebremsten Siegeszug der Künstlichen Intelligenz. Grund genug für die Redaktion von Computerwoche, CIO und CSO, in der letzten TechTalk-Podcast-Folge des Jahres Bilanz zu ziehen. Im Fokus: Die IT-Tops und -Flops 2025. Kaum ein Thema hat die IT-Welt 2025 so stark dominiert wie KI – mit Licht und Schatten. Einer der größte
- 0 comments
- 52 views
-
Threat hunters have discerned new activity associated with an Iranian threat actor known as Infy (aka Prince of Persia), nearly five years after the hacking group was observed targeting victims in Sweden, the Netherlands, and Turkey. "The scale of Prince of Persia's activity is more significant than we originally anticipated," Tomer Bar, vice president of security research at SafeBreach, saidView the full article
- 0 comments
- 54 views