Security
2445 tech articles in this category
-
The U.S. Department of Justice (DoJ) this week announced the indictment of 54 individuals in connection with a multi-million dollar ATM jackpotting scheme. The large-scale conspiracy involved deploying malware named Ploutus to hack into automated teller machines (ATMs) across the U.S. and force them to dispense cash. The indicted members are alleged to be part of Tren de Aragua (TdA, Spanish forView the full article
- 0 comments
- 56 views
-
Researchers have discovered new activity from a threat actor dubbed Prince of Persia that’s believed to be tied to the Iranian government. The group appeared to have gone dormant in 2022 after multiple security companies documented its operations and crippled its command-and-control infrastructure, but new evidence shows the attackers retooled and continued to target new victims under the radar. Prince of Persia, also known as Infy based on the name of its original malware, has been operatin
- 0 comments
- 69 views
-
A suspected Russia-aligned group has been attributed to a phishing campaign that employs device code authentication workflows to steal victims' Microsoft 365 credentials and conduct account takeover attacks. The activity, ongoing since September 2025, is being tracked by Proofpoint under the moniker UNK_AcademicFlare. The attacks involve using compromised email addresses belonging to governmentView the full article
- 0 comments
- 63 views
-
WatchGuard has issued an urgent patch alert for its Firebox firewall appliances after discovering a critical-rated vulnerability that is under exploit by threat actors. Tracked as CVE-2025-14733, with a CVSS score of 9.3, the flaw is an Out-of-bounds Write vulnerability affecting the iked process, a WatchGuard Fireware OS component responsible for the IKEv2 key exchange in IPSec VPNs. According to the WatchGuard advisory, this weakness could “allow a remote unauthenticated attacker to ex
- 0 comments
- 53 views
-
Cybersecurity researchers have disclosed details of a new campaign that has used cracked software distribution sites as a distribution vector for a new version of a modular and stealthy loader known as CountLoader. The campaign "uses CountLoader as the initial tool in a multistage attack for access, evasion, and delivery of additional malware families," Cyderes Howler Cell Threat IntelligenceView the full article
- 0 comments
- 56 views
-
The Trump administration has pursued a staggering range of policy pivots this past year that threaten to weaken the nation’s ability and willingness to address a broad spectrum of technology challenges, from cybersecurity and privacy to countering disinformation, fraud and corruption. These shifts, along with the president’s efforts to restrict free speech and freedom of the press, have come at such a rapid clip that many readers probably aren’t even aware of them all. FREE SPEECH President Tr
- 0 comments
- 54 views
-
Security researchers have flagged a coordinated credential-based campaign targeting VPN authentication endpoints from Cisco and Palo Alto Networks. Over just two days in mid-December, attackers launched large-scale automated login attempts against Cisco’s SSL VPN and Palo Alto Networks’ GlobalProtect services. A GreyNoise analysis noted that the campaign does not exploit software bugs, but instead relies on churning through username and password combos at scale.“Consistent infrastructure
- 0 comments
- 66 views
-
Security researchers have flagged a coordinated credential-based campaign targeting VPN authentication endpoints from Cisco and Palo Alto Networks. Over just two days in mid-December, attackers launched large-scale automated login attempts against Cisco’s SSL VPN and Palo Alto Networks’ GlobalProtect services. A GreyNoise analysis noted that the campaign does not exploit software bugs, but instead relies on churning through username and password combos at scale.“Consistent infrastructure
- 0 comments
- 66 views
-
WatchGuard has released fixes to address a critical security flaw in Fireware OS that it said has been exploited in real-world attacks. Tracked as CVE-2025-14733 (CVSS score: 9.3), the vulnerability has been described as a case of out-of-bounds write affecting the iked process that could allow a remote unauthenticated attacker to execute arbitrary code. "This vulnerability affects both theView the full article
- 0 comments
- 56 views
-
JarTee – shutterstock.com Cisco Talos hat kürzlich eine Cyberkampagne entdeckt, die auf Ciscos AsyncOS-Software für Secure Email Gateway, Secure Email und Web Manager abzielt. Die Kampagne soll mindestens seit Ende November laufen. Ein Patch ist derzeit noch nicht verfügbar, so der Netzwerkriese. Umfang des Risikos Laut Cisco betrifft die Schwachstelle Systeme, auf denen die Spam-Quarantäne-Funktion aktiviert ist. Security-Experten zufolge verringert dies allerdings nicht unbedingt d
- 0 comments
- 393 views
-
Authorities in Nigeria have announced the arrest of three "high-profile internet fraud suspects" who are alleged to have been involved in phishing attacks targeting major corporations, including the main developer behind the RaccoonO365 phishing-as-a-service (PhaaS) scheme. The Nigeria Police Force National Cybercrime Centre (NPF–NCCC) said investigations conducted in collaboration withView the full article
- 0 comments
- 54 views
-
Certain motherboard models from vendors like ASRock, ASUSTeK Computer, GIGABYTE, and MSI are affected by a security vulnerability that leaves them susceptible to early-boot direct memory access (DMA) attacks across architectures that implement a Unified Extensible Firmware Interface (UEFI) and input–output memory management unit (IOMMU). UEFI and IOMMU are designed to enforce a securityView the full article
- 0 comments
- 56 views
-
LLM-powered chatbots have risks that we see playing out in the headlines on a nearly daily basis. But chatbots are limited to answering questions. AI agents, however, access data and tools and carry out tasks, making them infinitely more capable – and more dangerous to enterprises. The OWASP Top 10 for Agentic Applications can help CISOs explain what the issues are to their business counterparts. It can also help CISOs to directly improve agentic AI security, because it comes with threats ta
- 0 comments
- 67 views
-
In einem falschen Security-Mindset gefangen? Foto: Paul Craft – shutterstock.com Dass Jobs im Bereich Cybersecurity ein hohes Burnout-Potenzial aufweisen, ist längst kein Geheimnis mehr: Das Umfeld von Sicherheitsprofis ist vor allem geprägt von dem (gefühlten) Druck, täglich steigenden Anforderungen gerecht werden zu müssen. Dafür sind diverse Gründe ursächlich – in erster Linie aber die Art und Weise, wie über Security gedacht wird. Die gute Nachricht: Wenn Sie ein schädliches Mindset identif
- 0 comments
- 394 views
-
Attackers have upped the ante in their exploits of a recently-disclosed maximum severity vulnerability in React Server Components (RSC), Next.js, and related frameworks. Financially-motivated attackers have found a way to use the flaw, dubbed React2Shell (CVE-2025-55182), to execute arbitrary code on vulnerable servers through a single malicious HTTP request. This allows them to quickly and easily gain access to a corporate network and deploy ransomware, according to researchers at cybersecu
- 0 comments
- 53 views
-
A maximum severity remote code execution vulnerability in Hewlett Packard Enterprise (HPE) OneView network and systems management suite is “bad” and needs to be patched immediately, says a cybersecurity expert. “Vendors typically downplay the severity of a vulnerability,” says Curtis Dukes, executive VP for security best practices at the Center for Internet Security, “but HPE did not – it’s a 10.” The vulnerability is remotely executable by an unauthenticated user, he added, and it impac
- 0 comments
- 67 views
-
A warning for WhatsApp users: cybercriminals have discovered an alarmingly simple way to access a user’s conversations in real time by manipulating the app’s device pairing or linking routine. Termed ‘GhostPairing’ by researchers at security company Gen Digital (owner of Norton, Avast, Avira, and AVG), no passwords or account details are needed to execute the attack, which was recently detected in Czechia. All the attacker has to do is persuade a user to click on a malicious link sent to
- 0 comments
- 68 views
-
A warning for WhatsApp users: cybercriminals have discovered an alarmingly simple way to access a user’s conversations in real time by manipulating the app’s device pairing or linking routine. Termed ‘GhostPairing’ by researchers at security company Gen Digital (owner of Norton, Avast, Avira, and AVG), no passwords or account details are needed to execute the attack, which was recently detected in Czechia. All the attacker has to do is persuade a user to click on a malicious link sent to
- 0 comments
- 79 views
-
A previously undocumented China-aligned threat cluster dubbed LongNosedGoblin has been attributed to a series of cyber attacks targeting governmental entities in Southeast Asia and Japan. The end goal of these attacks is cyber espionage, Slovak cybersecurity company ESET said in a report published today. The threat activity cluster has been assessed to be active since at least September 2023. "View the full article
- 0 comments
- 59 views
-
Ask any chief information security officer (CISO) what keeps them up at night and you’ll likely get a familiar list of persistent threats: ransomware, AI-enabled nation-state actors and in-the-wild exploitation of vulnerabilities hiding in an ever-expanding digital footprint. For years, the role has been defined by a state of constant vigilance, a reactive posture against an unending siege. In nearly every conversation I now have with CISOs, I ask them what they would do if they could reclai
- 0 comments
- 58 views
-
Hewlett Packard Enterprise (HPE) has resolved a maximum-severity security flaw in OneView Software that, if successfully exploited, could result in remote code execution. The critical vulnerability, assigned the CVE identifier CVE-2025-37164, carries a CVSS score of 10.0. HPE OneView is an IT infrastructure management software that streamlines IT operations and controls all systems via aView the full article
- 0 comments
- 55 views
-
giragraphic – shutterstock.com Cybernews berichtete kürzlich, dass Forscher auf eine ungesicherte MongoDB-Datenbank mit 16 Terabyte Umfang gestoßen sind. Demnach waren dadurch rund 4,3 Milliarden personen- und berufsbezogene Datensätze offengelegt. Welche Informationen befinden sich in den Datensätzen? Das Forscherteam fand insgesamt neun Datenbank-Sammlungen. Mindestens drei dieser Sammlungen enthielten personenbezogene Daten. Dazu zählen: vollständige Namen, E-Mail-Adresse
- 0 comments
- 658 views
-
giragraphic – shutterstock.com Cybernews berichtete kürzlich, dass Forscher auf eine ungesicherte MongoDB-Datenbank mit 16 Terabyte Umfang gestoßen sind. Demnach waren dadurch rund 4,3 Milliarden personen- und berufsbezogene Datensätze offengelegt. Welche Informationen befinden sich in den Datensätzen? Das Forscherteam fand insgesamt neun Datenbank-Sammlungen. Mindestens drei dieser Sammlungen enthielten personenbezogene Daten. Dazu zählen: vollständige Namen, E-Mail-Adresse
- 0 comments
- 394 views
-
This week’s ThreatsDay Bulletin tracks how attackers keep reshaping old tools and finding new angles in familiar systems. Small changes in tactics are stacking up fast, and each one hints at where the next big breach could come from. From shifting infrastructures to clever social hooks, the week’s activity shows just how fluid the threat landscape has become. Here’s the full rundown of whatView the full article
- 0 comments
- 58 views
-
Threat actors with ties to the Democratic People's Republic of Korea (DPRK or North Korea) have been instrumental in driving a surge in global cryptocurrency theft in 2025, accounting for at least $2.02 billion out of more than $3.4 billion stolen from January through early December. The figure represents a 51% increase year-over-year and $681 million more than 2024, when the threat actors stoleView the full article
- 0 comments
- 59 views
-
Human-in-the-loop (HITL) safeguards that AI agents rely on can be subverted, allowing attackers to weaponize them to run malicious code, new research from CheckMarx shows. HITL dialogs are a safety backstop (a final “are you sure?”) that the agents run before executing sensitive actions like running code, modifying files, or touching system resources. Checkmarx researchers described it as an HITL dialog forging technique they’re calling Lies-in-the-Loop (LITL), where malicious instructio
- 0 comments
- 98 views
-
Within the past year, artificial intelligence copilots and agents have quietly permeated the SaaS applications businesses use every day. Tools like Zoom, Slack, Microsoft 365, Salesforce, and ServiceNow now come with built-in AI assistants or agent-like features. Virtually every major SaaS vendor has rushed to embed AI into their offerings. The result is an explosion of AI capabilities acrossView the full article
- 0 comments
- 59 views
-
Cisco has warned that a China-linked hacking group is actively exploiting a previously unknown vulnerability in its Secure Email appliances to gain persistent access, forcing affected organizations to consider disruptive rebuilds of critical security infrastructure while patches remain unavailable. Cisco Talos said the campaign has been active since at least late November, raising concerns for security leaders about unseen compromise and how far incident response efforts may need to extend b
- 0 comments
- 65 views
-
Cisco has warned that a China-linked hacking group is actively exploiting a previously unknown vulnerability in its Secure Email appliances to gain persistent access, forcing affected organizations to consider disruptive rebuilds of critical security infrastructure while patches remain unavailable. Cisco Talos said the campaign has been active since at least late November, raising concerns for security leaders about unseen compromise and how far incident response efforts may need to extend b
- 0 comments
- 66 views
-
PHOTOCREO Michal Bednarek – shutterstock.com Die Grünen sehen sich durch die jüngsten Erkenntnisse über russische Einflussoperationen im Bundestagswahlkampf in ihrer Einschätzung bestärkt, dass die aktuellen Maßnahmen zum Schutz der parlamentarischen Demokratie nicht ausreichen. “Dass unsere Demokratie und ihre Institutionen zunehmend hybriden Angriffen autoritärer Regime ausgesetzt sind, kann spätestens seit den jüngsten und deutlichen Warnungen der Spitzen unserer Nachrichtendienste und de
- 0 comments
- 612 views
-
PHOTOCREO Michal Bednarek – shutterstock.com Die Grünen sehen sich durch die jüngsten Erkenntnisse über russische Einflussoperationen im Bundestagswahlkampf in ihrer Einschätzung bestärkt, dass die aktuellen Maßnahmen zum Schutz der parlamentarischen Demokratie nicht ausreichen. “Dass unsere Demokratie und ihre Institutionen zunehmend hybriden Angriffen autoritärer Regime ausgesetzt sind, kann spätestens seit den jüngsten und deutlichen Warnungen der Spitzen unserer Nachrichtendienste und de
- 0 comments
- 632 views
-
The North Korean threat actor known as Kimsuky has been linked to a new campaign that distributes a new variant of Android malware called DocSwap via QR codes hosted on phishing sites mimicking Seoul-based logistics firm CJ Logistics (formerly CJ Korea Express). "The threat actor leveraged QR codes and notification pop-ups to lure victims into installing and executing the malware on their mobileView the full article
- 0 comments
- 61 views
-
Smaller firms are far less likely than multinationals to protect their CISOs from personal liability for security breaches, according to a study by RSAC. Experts quizzed by CSO said the finding was concerning because without protection CISOs face legal and financial risk tied to decisions made in their role. The vast majority (88%) of CISOs from Fortune 1000 firms are legally indemnified by their companies, but this figure drops to just 53% for CISOs from organizations with 500 or more e
- 0 comments
- 80 views
-
Workshop | May 19 | Vilnius, Lithuania Conference | May 20-22 | Vilnius, Lithuania CyberWiseCon Europe 2026 Returns to Vilnius — Your Front Line for Cyber Defense Four Days of Cybersecurity Insights, Hands-On Learning & Global Security Community | May 19–22, 2026 Cyber threats are growing more advanced every day and so must the defenders. CyberWiseCon Europe 2026, taking place May 19–22 in Vilnius, Lithuania, is the premier event for security professionals, researchers, ethical hackers,
- 0 comments
- 192 views
-
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a critical flaw impacting ASUS Live Update to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerability, tracked as CVE-2025-59374 (CVSS score: 9.3), has been described as an "embedded malicious code vulnerability" introduced by means of a supply chain compromiseView the full article
- 0 comments
- 57 views
-
Cisco has alerted users to a maximum-severity zero-day flaw in Cisco AsyncOS software that has been actively exploited by a China-nexus advanced persistent threat (APT) actor codenamed UAT-9686 in attacks targeting Cisco Secure Email Gateway and Cisco Secure Email and Web Manager. The networking equipment major said it became aware of the intrusion campaign on December 10, 2025, and that itView the full article
- 0 comments
- 55 views
-
A recent attack on a French ferry, in which an attacker reportedly plugged a tiny computer called a Raspberry Pi into the network in an attempt to break into the vessel’s operations, offers an important lesson for enterprise CISOs: one analyst estimated that half of all enterprises would likely be compromised by the same attack on their physical environment. The ferry was “immobilized Saturday in the southern French port of Sète as it prepared to sail to Algeria” because of the attack attemp
- 0 comments
- 76 views
-
A recent attack on a French ferry, in which an attacker reportedly plugged a tiny computer called a Raspberry Pi into the network in an attempt to break into the vessel’s operations, offers an important lesson for enterprise CISOs: one analyst estimated that half of all enterprises would likely be compromised by the same attack on their physical environment. The ferry was “immobilized Saturday in the southern French port of Sète as it prepared to sail to Algeria” because of the attack attemp
- 0 comments
- 81 views
-
A recent attack on a ferry, in which an attacker reportedly plugged a tiny computer called a Raspberry Pi into the network in an attempt to break into the vessel’s operations, offers an important lesson for enterprise CISOs: one analyst estimated that half of all enterprises would likely be compromised by the same attack on their physical environment. The ferry was “immobilized Saturday in the southern French port of Sète as it prepared to sail to Algeria” because of the attack attempt, acco
- 0 comments
- 66 views
-
Kiklas | shutterstock.com Mitte Dezember wurde eine Fähre in Besitz der Mediterranean Shipping Company über Stunden in einem französischen Hafen festgesetzt, wie Bloomberg berichtete. Der Grund: Es bestand der Verdacht, dass russische Cyberkriminelle versucht haben, das Netzwerk des Schiffs zu hacken – mit einem Raspberry Pi. Dieser war demnach mit einem Mobilfunkmodem gekoppelt, das den Fernzugriff auf das interne Computernetzwerk der Fähre und externe Verbindungen ermöglichen sollte. D
- 0 comments
- 356 views
-
A warning from Microsoft that a Windows patch issued last week may cause the Message Queuing (MSMQ) function in the operating system to malfunction could be behind multiple reports of internet of things (IoT) applications failing. David Shipley, head of Canadian security awareness training provider Beauceron Security, says he saw a query on a Microsoft learning forum today asking if the MSMQ problem is behind the failure of a firm’s point of sale system to issue sales receipts. Another p
- 0 comments
- 58 views
-
A Chinese-linked threat group identified as “Ink Dragon” is targeting common weaknesses in Internet Information Services (IIS) servers to build a global espionage network that is difficult to track or disrupt, security vendor Check Point has reported. Also nicknamed “Earth Alux,” (Trend Mico) and “REF7707” (Elastic Security Labs), the group’s activities date back to early 2023, at which time it targeted governments in Southeast Asia and South America. This has since expanded to target Europe
- 0 comments
- 57 views
-
SonicWall has rolled out fixes to address a security flaw in Secure Mobile Access (SMA) 100 series appliances that it said has been actively exploited in the wild. The vulnerability, tracked as CVE-2025-40602 (CVSS score: 6.6), concerns a case of local privilege escalation that arises as a result of insufficient authorization in the appliance management console (AMC). It affects the followingView the full article
- 0 comments
- 56 views
-
A new distributed denial-of-service (DDoS) botnet known as Kimwolf has enlisted a massive army of no less than 1.8 million infected devices comprising Android-based TVs, set-top boxes, and tablets, and may be associated with another botnet known as AISURU, according to findings from QiAnXin XLab. "Kimwolf is a botnet compiled using the NDK [Native Development Kit]," the company said in a reportView the full article
- 0 comments
- 59 views
-
The Russian state-sponsored threat actor known as APT28 has been attributed to what has been described as a "sustained" credential-harvesting campaign targeting users of UKR[.]net, a webmail and news service popular in Ukraine. The activity, observed by Recorded Future's Insikt Group between June 2024 and April 2025, builds upon prior findings from the cybersecurity company in May 2024 thatView the full article
- 0 comments
- 51 views
-
The threat actor linked to Operation ForumTroll has been attributed to a fresh set of phishing attacks targeting individuals within Russia, according to Kaspersky. The Russian cybersecurity vendor said it detected the new activity in October 2025. The origins of the threat actor are presently unknown. "While the spring cyberattacks focused on organizations, the fall campaign honed in onView the full article
- 0 comments
- 54 views
-
JumpCloud’s Remote Assist for Windows agent contained a critical local privilege escalation flaw, allowing full system compromise. Disclosed by XM Cyber, the vulnerability stems from insecure file operations during uninstall or update flows that execute with Windows NT AUTHORITY\SYSTEM privileges. The bug could allow a low-privileged local user to elevate themselves to full system control or induce denial-of-service conditions on corporate machines. JumpCloud’s agent is widely used in en
- 0 comments
- 56 views
-
Modern security teams often feel like they’re driving through fog with failing headlights. Threats accelerate, alerts multiply, and SOCs struggle to understand which dangers matter right now for their business. Breaking out of reactive defense is no longer optional. It’s the difference between preventing incidents and cleaning up after them. Below is the path from reactive firefighting to aView the full article
- 0 comments
- 60 views
-
The threat actor known as Jewelbug has been increasingly focusing on government targets in Europe since July 2025, even as it continues to attack entities located in Southeast Asia and South America. Check Point Research is tracking the cluster under the name Ink Dragon. It's also referenced by the broader cybersecurity community under the names CL-STA-0049, Earth Alux, and REF7707. TheView the full article
- 0 comments
- 53 views
-
Evgeny_V – shutterstock.com Das Team von Amazon Threat Intelligence stellte fest, dass eine vom russischen Staat geförderte Cyberspionagegruppe vermehrt Energieunternehmen und Anbieter kritischer Infrastrukturen (KRITIS) ins Visier genommen hat. Die Gruppe ist demnach seit mindestens 2021 aktiv und hat es vor allem auf Fehlkonfigurationen von Geräten abgesehen. Die Angreifer nutzen aber auch bekannte Schwachstellen wie CVE-2022-26318 in WatchGuard Firebox- und XTM-Geräten, CVE-2021-26084
- 0 comments
- 65 views
-
Evgeny_V – shutterstock.com Das Team von Amazon Threat Intelligence stellte fest, dass eine vom russischen Staat geförderte Cyberspionagegruppe vermehrt Energieunternehmen und Anbieter kritischer Infrastrukturen (KRITIS) ins Visier genommen hat. Die Gruppe ist demnach seit mindestens 2021 aktiv und hat es vor allem auf Fehlkonfigurationen von Geräten abgesehen. Die Angreifer nutzen aber auch bekannte Schwachstellen wie CVE-2022-26318 in WatchGuard Firebox- und XTM-Geräten, CVE-2021-26084
- 0 comments
- 60 views
-
Sandwish Studio – shutterstock.com Jemand ruft an, die Nummer ist im eigenen Adressbuch nicht eingespeichert. Egal, man geht mal dran – und lässt sich von einem Unbekannten in ein Gespräch verwickeln. Das ist meistens keine gute Idee. Der sogenannte Call Check der Deutschen Telekom soll ab sofort automatisch alle Kundinnen und Kunden vor möglicherweise betrügerischen Anrufen schützen. Wenn jemand im Telekom-Netz von einer inländischen oder ausländischen Nummer angerufen wird, die in eine
- 0 comments
- 53 views
-
Sandwish Studio – shutterstock.com Jemand ruft an, die Nummer ist im eigenen Adressbuch nicht eingespeichert. Egal, man geht mal dran – und lässt sich von einem Unbekannten in ein Gespräch verwickeln. Das ist meistens keine gute Idee. Der sogenannte Call Check der Deutschen Telekom soll ab sofort automatisch alle Kundinnen und Kunden vor möglicherweise betrügerischen Anrufen schützen. Wenn jemand im Telekom-Netz von einer inländischen oder ausländischen Nummer angerufen wird, die in eine
- 0 comments
- 60 views
-
A new campaign named GhostPoster has leveraged logo files associated with 17 Mozilla Firefox browser add-ons to embed malicious JavaScript code designed to hijack affiliate links, inject tracking code, and commit click and ad fraud. The extensions have been collectively downloaded over 50,000 times, according to Koi Security, which discovered the campaign. The add-ons are no longer available.View the full article
- 0 comments
- 55 views
-
Cloud access security brokers (CASBs) explained As the name suggests, a cloud access security broker (CASB) manages access between enterprise endpoints and cloud resources from a security perspective. CASBs can be deployed on-premises or in the cloud; as a hardware appliance or software-only, as a proxy, reverse proxy, or through specific APIs. Enterprises have untold numbers of endpoints, both managed (corporate-owned devices) and unmanaged (devices owned by employees or third-party con
- 0 comments
- 164 views
-
A US Securities and Exchange Commission committee has recommended a new rule that would mandate companies to analyze and report all AI efforts — including decisions to not use AI for some purposes. Attorneys who have studied the proposal note that the AI rule — just like the SEC’s cybersecurity rule from about two years ago — won’t technically require anything to be reported that wouldn’t have already required reporting. The new rule refers only to material AI efforts and ever since the cre
- 0 comments
- 78 views
-
Übermäßig komplexe, unnötige oder unsinnige Sicherheitsmaßnahmen können Mitarbeiter nachhaltig frustrieren. Das schafft neue Risiken. Foto: vchal | shutterstock.com Je mehr Zwang besteht, Systeme und Daten zu schützen, desto besser ist es um die Security bestellt. So zumindest die Annahme einiger Unternehmen. Eine unzureichende User Experience ist in diesem Zusammenhang noch das geringste Übel. Im schlimmsten Fall werden übermäßig komplexe Sicherheitsmaßnahmen von den Mitarbeitern schlicht umga
- 0 comments
- 623 views
-
Threat actors aren’t wasting time taking advantage of newly-revealed vulnerabilities in Fortinet device authentication. Researchers at Arctic Wolf said they are seeing malicious single sign on (SSO) attempts trying to leverage the holes in FortiGate next generation firewalls since Fortinet alerted admins about the vulnerabilities on December 9. “We have seen tens of intrusions since December 12, 2025,” a spokesperson for Arctic Wolf Labs told CSO. “So far, the pattern of activity has app
- 0 comments
- 88 views
-
A Russian state-sponsored cyberespionage group has been targeting energy companies and critical infrastructure providers by exploiting misconfigurations in network-edge devices. The group has been operating since at least 2021 and has exploited device misconfigurations before but also known vulnerabilities such as CVE-2022-26318 in WatchGuard Firebox and XTM appliances, CVE-2021-26084 and CVE-2023-22518 in Confluence or CVE-2023-2753 in Veeam Backup. However, according to telemetry colle
- 0 comments
- 53 views
-
Flawless detection and protection against the industry’s most rigorous adversary emulation, proving Cybereason’s real-world effectiveness View the full article
- 0 comments
- 95 views
-
Given the facts about the importance of Artificial Intelligence, for several months, I have been delving into this topic, but with caution, seeking to understand the key point of how we can protect applications based on Gen AI. We are living in times when AI has been the central theme in all areas that can provide benefits to organizations and end users. In addition to adding benefits to protection and anticipation in detecting cyber threats, whether with threat intelligence, incident respon
- 0 comments
- 56 views
-
An ongoing campaign has been observed targeting Amazon Web Services (AWS) customers using compromised Identity and Access Management (IAM) credentials to enable cryptocurrency mining. The activity, first detected by Amazon's GuardDuty managed threat detection service and its automated security monitoring systems on November 2, 2025, employs never-before-seen persistence techniques to hamperView the full article
- 0 comments
- 55 views
-
Cybersecurity researchers have discovered a new malicious NuGet package that typosquats and impersonates the popular .NET tracing library and its author to sneak in a cryptocurrency wallet stealer. The malicious package, named "Tracer.Fody.NLog," remained on the repository for nearly six years. It was published by a user named "csnemess" on February 26, 2020. It masquerades as "Tracer.Fody,"View the full article
- 0 comments
- 55 views
-
Lina Chekhovich – shutterstock.com Forscher des Security-Anbieters Koi haben herausgefunden, dass Urban VPN Proxy, eine weit verbreitete kostenlose VPN-Erweiterung für Browser, vollständige KI-Chat-Konversationen aus den Browsern der Benutzer sammelt und exportiert. Für Unternehmen, in denen Mitarbeiter regelmäßig interne Kontexte, Code-Schnipsel, Kundendaten oder Forschungsnotizen in KI-Tools einfügen, birgt diese Funktion eine Gefahr für Datendiebstahl. Der Exfiltrationskanal liegt in
- 0 comments
- 51 views
-
Lina Chekhovich – shutterstock.com Forscher des Security-Anbieters Koi haben herausgefunden, dass Urban VPN Proxy, eine weit verbreitete kostenlose VPN-Erweiterung für Browser, vollständige KI-Chat-Konversationen aus den Browsern der Benutzer sammelt und exportiert. Für Unternehmen, in denen Mitarbeiter regelmäßig interne Kontexte, Code-Schnipsel, Kundendaten oder Forschungsnotizen in KI-Tools einfügen, birgt diese Funktion eine Gefahr für Datendiebstahl. Der Exfiltrationskanal liegt in
- 0 comments
- 49 views
-
Direct navigation — the act of visiting a website by manually typing a domain name in a web browser — has never been riskier: A new study finds the vast majority of “parked” domains — mostly expired or dormant domain names, or common misspellings of popular websites — are now configured to redirect visitors to sites that foist scams and malware. A lookalike domain to the FBI Internet Crime Complaint Center website, returned a non-threatening parking page (left) whereas a mobile user was instant
- 0 comments
- 74 views
-
“You should fly. It’s safer.” It’s a fact. The odds are in your favor when compared to auto travel. It’s not even close, we often remind the flight-fearing traveler. Yet two of the smartest people I have known refuse to fly despite agreeing with this statistic. I think of them every time I board a flight. It was no different when I returned from vacation on a JetBlue flight that retraced some of the northbound path taken by a JetBlue flight some weeks earlier. The flight in questi
- 0 comments
- 83 views
-
Amazon's threat intelligence team has disclosed details of a "years-long" Russian state-sponsored campaign that targeted Western critical infrastructure between 2021 and 2025. Targets of the campaign included energy sector organizations across Western nations, critical infrastructure providers in North America and Europe, and entities with cloud-hosted network infrastructure. The activity hasView the full article
- 0 comments
- 52 views
-
Matthias Wehnert – shutterstock.com Der zeitweise flächendeckende Ausfall des Computernetzwerks des Bundestags war nicht die Folge eines Hackerangriffs. “Auslöser war eine Überlastungssituation zwischen den beiden Rechenzentren der Bundestagsverwaltung”, heißt es in einem Schreiben an die Abgeordneten und die IT-Verantwortlichen der Fraktionen. “Es handelt sich um ein technisches Problem, sodass aktuell ein Cyberangriff als Ursache ausgeschlossen werden kann.” Keine Erkenntnisse zu einem
- 0 comments
- 57 views
-
Matthias Wehnert – shutterstock.com Der zeitweise flächendeckende Ausfall des Computernetzwerks des Bundestags war nicht die Folge eines Hackerangriffs. “Auslöser war eine Überlastungssituation zwischen den beiden Rechenzentren der Bundestagsverwaltung”, heißt es in einem Schreiben an die Abgeordneten und die IT-Verantwortlichen der Fraktionen. “Es handelt sich um ein technisches Problem, sodass aktuell ein Cyberangriff als Ursache ausgeschlossen werden kann.” Keine Erkenntnisse zu einem
- 0 comments
- 60 views
-
Security researchers have found that Urban VPN Proxy, a widely used free browser VPN extension with millions of installs, has been collecting and exporting full AI chat conversations from users’ browsers. For organizations where employees routinely paste internal context, code snippets, customer details, or investigative notes into AI tools, the behavior represents a direct data-exfiltration channel operating entirely outside traditional enterprise security controls. The issue is not lim
- 0 comments
- 68 views
-
AI-assisted coding and AI app generation platforms have created an unprecedented surge in software development. Companies are now facing rapid growth in both the number of applications and the pace of change within those applications. Security and privacy teams are under significant pressure as the surface area they must cover is expanding quickly while their staffing levels remain largelyView the full article
- 0 comments
- 54 views
-
Threat actors have begun to exploit two newly disclosed security flaws in Fortinet FortiGate devices, less than a week after public disclosure. Cybersecurity company Arctic Wolf said it observed active intrusions involving malicious single sign-on (SSO) logins on FortiGate appliances on December 12, 2025. The attacks exploit two critical authentication bypasses (CVE-2025-59718 and CVE-2025-59719View the full article
- 0 comments
- 58 views
-
The security vulnerability known as React2Shell is being exploited by threat actors to deliver malware families like KSwapDoor and ZnDoor, according to findings from Palo Alto Networks Unit 42 and NTT Security. "KSwapDoor is a professionally engineered remote access tool designed with stealth in mind," Justin Moore, senior manager of threat intel research at Palo Alto Networks Unit 42, said in aView the full article
- 0 comments
- 63 views
-
Ransomware attacks continue to plague organizations, and they’re getting ever more sophisticated via tactics such as double- and multi-extortion and the use of artificial intelligence to create more refined attacks, and the growth of the ransomware-as-a-service model. CISOs and CSOs need to make it a priority to create a playbook for their organizations to better defend against such attacks. It’s clear that ransomware remains a big cybersecurity threat. Security firm CrowdStrike, in its
- 0 comments
- 76 views
-
Ransomware attacks continue to plague organizations, and they’re getting ever more sophisticated via tactics such as double- and multi-extortion and the use of artificial intelligence to create more refined attacks, and the growth of the ransomware-as-a-service model. CISOs and CSOs need to make it a priority to create a playbook for their organizations to better defend against such attacks. It’s clear that ransomware remains a big cybersecurity threat. Security firm CrowdStrike, in its
- 0 comments
- 55 views
-
Google has announced that it's discontinuing its dark web report tool in February 2026, less than two years after it was launched as a way for users to monitor if their personal information is found on the dark web. To that end, scans for new dark web breaches will be stopped on January 15, 2026, and the feature will cease to exist effective February 16, 2026. "While the report offered generalView the full article
- 0 comments
- 56 views
-
A Google Chrome extension with a "Featured" badge and six million users has been observed silently gathering every prompt entered by users into artificial intelligence (AI)-powered chatbots like OpenAI ChatGPT, Anthropic Claude, Microsoft Copilot, DeepSeek, Google Gemini, xAI Grok, Meta AI, and Perplexity. The extension in question is Urban VPN Proxy, which has a 4.7 rating on the Google ChromeView the full article
- 0 comments
- 66 views
-
At one global manufacturing client, an AI model flagged a potential breach pattern that turned out to be normal behavior from a test server. The system wasn’t wrong — but the humans stopped questioning it. It took a single analyst with strong data storytelling skills to realize the oversight and prevent a full production shutdown. That’s what separates automation from understanding. The shift no security leader can ignore When I began advising CISOs and cybersecurity leaders in critical
- 0 comments
- 99 views
-
Multiple security vulnerabilities have been disclosed in the open-source private branch exchange (PBX) platform FreePBX, including a critical flaw that could result in an authentication bypass under certain configurations. The shortcomings, discovered by Horizon3.ai and reported to the project maintainers on September 15, 2025, are listed below - CVE-2025-61675 (CVSS score: 8.6) - NumerousView the full article
- 0 comments
- 58 views
-
Who is Danny – shutterstock.com Auf seiner Webseite informiert das Versicherungsunternehmen Ideal aktuell über einen Cyberangriff. Die Systeme seien vorsorglich vom Netz genommen worden und der Geschäftsbetrieb würde nur noch eingeschränkt funktionieren, heißt es. Die zur Versicherungsgruppe gehörende Ahorn AG ist demnach ebenfalls von dem IT-Ausfall betroffen. Hingegen blieb das Tochterunternehmen myLife Lebensversicherung verschont. Offenbar kein Missbrauch von Kundendaten „Uns
- 0 comments
- 57 views
-
A single vessel called the Orange Star docks at Port Elizabeth in New Jersey, carrying 38,848 cubic meters of orange juice concentrate. One ship, arriving weekly, supplies orange juice used by all of the city’s major retailers. If Port Elizabeth’s systems went down tomorrow due to a cyber attack, 46 million consumers within the four-hour trucking radius would feel the impact within days. The threat is real. The recent government shutdown furloughed CISA and FEMA staff at a critical time of e
- 0 comments
- 84 views
-
If you use a smartphone, browse the web, or unzip files on your computer, you are in the crosshairs this week. Hackers are currently exploiting critical flaws in the daily software we all rely on—and in some cases, they started attacking before a fix was even ready. Below, we list the urgent updates you need to install right now to stop these active threats. ⚡ Threat of the Week Apple andView the full article
- 0 comments
- 328 views
-
In early December 2025, security researchers exposed a cybercrime campaign that had quietly hijacked popular Chrome and Edge browser extensions on a massive scale. A threat group dubbed ShadyPanda spent seven years playing the long game, publishing or acquiring harmless extensions, letting them run clean for years to build trust and gain millions of installs, then suddenly flipping them intoView the full article
- 0 comments
- 57 views
-
CISA is sounding the alarm over a critical vulnerability in GeoServer that is being actively exploited in the wild, ordering federal agencies to patch immediately. The flaw, tracked as CVE-2025-58360, is an unauthenticated XML External Entity (XXE) vulnerability affecting GeoServer versions 2.26.1 and earlier. When exploited, the bug lets attackers retrieve arbitrary files from vulnerable servers, allowing data theft, denial-of-service attacks, or server-side request forgery (SSRF) that can
- 0 comments
- 69 views
-
bluestork – shutterstock.com Cyberangriffe beschränken sich heutzutage nicht auf bestimmte Unternehmen, Produkte oder Dienstleistungen – sie finden dort statt, wo die Schwachstellen sind. Zudem werden die Attacken mit Hilfe von KI-Tools immer ausgefeilter. Vor diesem Hintergrund hat Microsoft seinen neuen Security-Ansatz „In Scope by Default“ auf der Black Hat Europe angekündigt. Demnach kommt künftig jede „kritische Schwachstelle“ mit „nachweisbaren Auswirkungen“ auf die Online-Dienste
- 0 comments
- 64 views
-
bluestork – shutterstock.com Cyberangriffe beschränken sich heutzutage nicht auf bestimmte Unternehmen, Produkte oder Dienstleistungen – sie finden dort statt, wo die Schwachstellen sind. Zudem werden die Attacken mit Hilfe von KI-Tools immer ausgefeilter. Vor diesem Hintergrund hat Microsoft seinen neuen Security-Ansatz „In Scope by Default“ auf der Black Hat Europe angekündigt. Demnach kommt künftig jede „kritische Schwachstelle“ mit „nachweisbaren Auswirkungen“ auf die Online-Dienste
- 0 comments
- 57 views
-
Cybersecurity researchers have disclosed details of an active phishing campaign that's targeting a wide range of sectors in Russia with phishing emails that deliver Phantom Stealer via malicious ISO optical disc images. The activity, codenamed Operation MoneyMount-ISO by Seqrite Labs, has primarily singled out finance and accounting entities, with those in the procurement, legal, payrollView the full article
- 0 comments
- 81 views
-
Over the last 12 months, security teams continued to walk a tightrope between moving fast to adopt new technologies and facing escalating threats fuelled mostly by the rise of AI. As the year comes to a close, CISOs reflect on some of the takeaways that have shaped the security landscape in 2025. 1. AI gave defenders more muscle power If 2024 was the year AI crept into cybersecurity, 2025 was the year it took over, with Smartsheet CISO Ravi Soin describing the technology as being “transf
- 0 comments
- 71 views
-
The pro-Russian hacktivist group known as CyberVolk (aka GLORIAMIST) has resurfaced with a new ransomware-as-a-service (RaaS) offering called VolkLocker that suffers from implementation lapses in test artifacts, allowing users to decrypt files without paying an extortion fee. According to SentinelOne, VolkLocker (aka CyberVolk 2.x) emerged in August 2025 and is capable of targeting both WindowsView the full article
- 0 comments
- 59 views
-
ArtemisDiana | shutterstock.com Manuelles, siloartiges Management ist in der modernen IT-Welt unangebracht. Erst recht im Bereich der IT-Sicherheit: Der Umfang von modernem Enterprise Computing und State-of-the-Art-Application-Stack-Architekturen erfordern Sicherheits-Tools, die: Einblicke in den Sicherheitsstatus von IT-Komponenten ermöglichen, Bedrohungen in Echtzeit erkennen, und Aspekte der Bedrohungsabwehr automatisieren. Diese Anforderungen haben zum Aufkommen von
- 0 comments
- 95 views
-
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added a high-severity flaw impacting Sierra Wireless AirLink ALEOS routers to its Known Exploited Vulnerabilities (KEV) catalog, following reports of active exploitation in the wild. CVE-2018-4063 (CVSS score: 8.8/9.9) refers to an unrestricted file upload vulnerability that could be exploited to achieve remote codeView the full article
- 0 comments
- 67 views
-
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added a high-severity flaw impacting Sierra Wireless AirLink ALEOS routers to its Known Exploited Vulnerabilities (KEV) catalog, following reports of active exploitation in the wild. CVE-2018-4063 (CVSS score: 8.8/9.9) refers to an unrestricted file upload vulnerability that could be exploited to achieve remote codeView the full article
- 0 comments
- 62 views
-
Apple on Friday released security updates for iOS, iPadOS, macOS, tvOS, watchOS, visionOS, and its Safari web browser to address two security flaws that it said have been exploited in the wild, one of which is the same flaw that was patched by Google in Chrome earlier this week. The vulnerabilities are listed below - CVE-2025-43529 (CVSS score: N/A) - A use-after-free vulnerability in WebKitView the full article
- 0 comments
- 78 views
-
Apple on Friday released security updates for iOS, iPadOS, macOS, tvOS, watchOS, visionOS, and its Safari web browser to address two security flaws that it said have been exploited in the wild, one of which is the same flaw that was patched by Google in Chrome earlier this week. The vulnerabilities are listed below - CVE-2025-43529 (CVSS score: N/A) - A use-after-free vulnerability in WebKitView the full article
- 0 comments
- 54 views
-
Today’s AI-enabled attackers are agnostic: They’re not limiting themselves to specific companies, products, or services — they’re going where the vulnerabilities are. To meet them on this ground, Microsoft is pivoting its cybersecurity strategy to what it calls ‘In Scope by Default.’ Now, any “critical vulnerability” with a “demonstrable impact” on Microsoft’s online services is eligible for a bounty award. This applies to code owned and managed by Microsoft, as well as to anything delivered
- 0 comments
- 95 views
-
Home Depot exposed access to internal systems for a year, TechCrunch reports. According to security researcher Ben Zimmermann, a Home Depot employee published a private GitHub access token sometime in early 2024, likely by mistake. Zimmerman told TechCrunch that when he tested the token, it granted access to private Home Depot repos on GitHub, with write permissions, as well as access to the company’s cloud infrastructure, including order fulfillment and inventory management systems.
- 0 comments
- 66 views
-
Cybersecurity researchers are calling attention to a new campaign that's leveraging GitHub-hosted Python repositories to distribute a previously undocumented JavaScript-based Remote Access Trojan (RAT) dubbed PyStoreRAT. "These repositories, often themed as development utilities or OSINT tools, contain only a few lines of code responsible for silently downloading a remote HTA file and executingView the full article
- 0 comments
- 55 views
-
Cybersecurity researchers are calling attention to a new campaign that's leveraging GitHub-hosted Python repositories to distribute a previously undocumented JavaScript-based Remote Access Trojan (RAT) dubbed PyStoreRAT. "These repositories, often themed as development utilities or OSINT tools, contain only a few lines of code responsible for silently downloading a remote HTA file and executingView the full article
- 0 comments
- 58 views