Security
2445 tech articles in this category
-
Plugging the React2Shell vulnerability in the open source React server and Next.js in IT environments has just become even more urgent with reports that exploits are already in the wild. Researchers at Greynoise said today they are seeing “opportunistic, largely automated exploitation attempts” trying to take advantage of the unsafe deserialization vulnerability in React Server Components (RSC). There’s an early focus on attacking just this vulnerability, the report adds, “but we’ve alre
- 0 comments
- 81 views
-
The Signalgate scandal that enveloped US Secretary of Defense Pete Hegseth in March appears to be symptomatic of a wider lax attitude towards the use of non-approved messaging apps by officials and employees, a Senate Committee has concluded. In March, the US Senate Committee on Armed Services set out to examine issues raised by the Signalgate incident: the need to clarify the existing rules on using “non-controlled” apps, and looking at whether Defense Secretary Hegseth adhered to them in h
- 0 comments
- 65 views
-
Chinese state-sponsored threat actors are backdooring VMware vCenter and VMware ESXi servers with a malware program written in Go, allowing them to maintain long-term persistence in victim networks. According to a joint report by the US Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), and Canadian Centre for Cyber Security (Cyber Centre) organizations from the government services and facilities and IT sectors have been the primary targets. The malware
- 0 comments
- 64 views
-
Cybereason is continuing to investigate. Check the Cybereason blog for additional updates. KEY TAKEAWAYS Critical vulnerability discovered on December 3, 2025 in React that could allow for unauthenticated remote code execution. Cybereason experts have dubbed this vulnerability as trivial to exploit. Issue allows the server to incorrectly trust user-supplied identifiers and fails to verify. Initial working proof of concept is public and attributed to Chinese t
- 0 comments
- 60 views
-
A new agentic browser attack targeting Perplexity's Comet browser that's capable of turning a seemingly innocuous email into a destructive action that wipes a user's entire Google Drive contents, findings from Straiker STAR Labs show. The zero-click Google Drive Wiper technique hinges on connecting the browser to services like Gmail and Google Drive to automate routine tasks by granting themView the full article
- 0 comments
- 61 views
-
A critical security flaw has been disclosed in Apache Tika that could result in an XML external entity (XXE) injection attack. The vulnerability, tracked as CVE-2025-66516, is rated 10.0 on the CVSS scoring scale, indicating maximum severity. "Critical XXE in Apache Tika tika-core (1.13-3.2.1), tika-pdf-module (2.0.0-3.2.1) and tika-parsers (1.13-1.28.5) modules on all platforms allows anView the full article
- 0 comments
- 64 views
-
The shift from perimeter-based security to zero trust is now indispensable for combating modern threats. The obsolete “castle-and-moat” model, granting implicit trust to any device or user inside the network, collapsed with the rise of cloud, remote work and BYOD. Attackers now bypass traditional controls by targeting identity, exploiting AI-driven phishing, supply chain intrusions and advanced session hijacking. The browser is at this frontline, serving as the universal access point for Saa
- 0 comments
- 75 views
-
The AI rush is repeating a familiar mistake. Early in my career, a risk executive I worked with used to say, “You didn’t invite me to drink the beer; now you want me to pay the bill?” whenever problems came up because a project moved ahead without enough oversight. If someone tried to avoid explaining the details, he’d add, “I don’t know if you’re showing me the monster’s head or just its toe.” Since 2011, I’ve watched new products, business services and innovations launch without enough sec
- 0 comments
- 66 views
-
AI agents embedded in CI/CD pipelines can be tricked into executing high-privilege commands hidden in crafted GitHub issues or pull request texts. Researchers at Aikido Security have traced the problem back to workflows that pair GitHub Actions or GitLab CI/CD with AI tools such as Gemini CLI, Claude Code Actions, OpenAI Codex Actions or GitHub AI Inference. They found that unsupervised user-supplied strings such as issue bodies, pull request descriptions, or commit messages, could be fed st
- 0 comments
- 66 views
-
Two hacking groups with ties to China have been observed weaponizing the newly disclosed security flaw in React Server Components (RSC) within hours of it becoming public knowledge. The vulnerability in question is CVE-2025-55182 (CVSS score: 10.0), aka React2Shell, which allows unauthenticated remote code execution. It has been addressed in React versions 19.0.1, 19.1.2, and 19.2.1. AccordingView the full article
- 0 comments
- 68 views
-
Andrey_Popov – shutterstock.com Einer aktuellen Studie des Security-Anbieters Sophos zufolge schneidet die Fertigungsindustrie beim Schutz vor Ransomware besser ab. Im Vergleich zu früheren Studienergebnissen sind viele Produktionsunternehmen inzwischen in der Lage, Ransomware-Attacken zu stoppen, bevor Daten verschlüsselt werden. Sinkende Verschlüsselungsraten So führten laut der aktuellen Untersuchung lediglich 40 Prozent der Cyberangriffe zu einer Datenverschlüsselung. Laut Sophos
- 0 comments
- 606 views
-
Andrey_Popov – shutterstock.com Einer aktuellen Studie des Security-Anbieters Sophos zufolge schneidet die Fertigungsindustrie beim Schutz vor Ransomware besser ab. Im Vergleich zu früheren Studienergebnissen sind viele Produktionsunternehmen inzwischen in der Lage, Ransomware-Attacken zu stoppen, bevor Daten verschlüsselt werden. Sinkende Verschlüsselungsraten So führten laut der aktuellen Untersuchung lediglich 40 Prozent der Cyberangriffe zu einer Datenverschlüsselung. Laut Sophos
- 0 comments
- 643 views
-
A human rights lawyer from Pakistan's Balochistan province received a suspicious link on WhatsApp from an unknown number, marking the first time a civil society member in the country was targeted by Intellexa's Predator spyware, Amnesty International said in a report. The link, the non-profit organization said, is a "Predator attack attempt based on the technical behaviour of the infectionView the full article
- 0 comments
- 84 views
-
Most MSPs and MSSPs know how to deliver effective security. The challenge is helping prospects understand why it matters in business terms. Too often, sales conversations stall because prospects are overwhelmed, skeptical, or tired of fear-based messaging. That’s why we created ”Getting to Yes”: An Anti-Sales Guide for MSPs. This guide helps service providers transform resistance into trust andView the full article
- 0 comments
- 62 views
-
Cloudflare’s network suffered a brief but widespread outage Friday, after an update to its Web Application Firewall to mitigate a vulnerability in React Server Components went wrong. At 9:09 a.m. UTC, the company reported that it was investigating issues with the Cloudflare Dashboard and related APIs, warning that customers might see requests fail or errors displayed. Just 10 minutes later, it had deployed a fix — but not before a flood of reports of problems with Cloudflare and its cust
- 0 comments
- 64 views
-
Cloudflare’s network suffered a brief but widespread outage Friday, after an update to its Web Application Firewall to mitigate a vulnerability in React Server Components went wrong. At 9:09 a.m. UTC, the company reported that it was investigating issues with the Cloudflare Dashboard and related APIs, warning that customers might see requests fail or errors displayed. Just 10 minutes later, it had deployed a fix — but not before a flood of reports of problems with Cloudflare and its cust
- 0 comments
- 64 views
-
MiniStocker – shutterstock.com Die Werbung mit Promis für ein “geheimes Finanzprodukt” war gefälscht, Anleger verloren ihr Geld: Mutmaßliche Internet-Kriminelle sollen deutschlandweit mindestens 120 Menschen um einen Gesamtbetrag von mehr als 1,3 Millionen Euro gebracht haben. Die Ermittler gehen aber von einer hohen Dunkelziffer aus. Die international agierenden Tatverdächtigen könnten einen hohen dreistelligen Millionenbetrag erbeutet haben, wie Bayerns Spezialstaatsanwaltschaft für Cyberk
- 0 comments
- 618 views
-
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday released details of a backdoor named BRICKSTORM that has been put to use by state-sponsored threat actors from the People's Republic of China (PRC) to maintain long-term persistence on compromised systems. "BRICKSTORM is a sophisticated backdoor for VMware vSphere and Windows environments," the agency said. "View the full article
- 0 comments
- 63 views
-
The zero trust approach cybersecurity access control is more than 15 years old but organizations continue to struggle with its implementation due in large part to fragmented tooling and legacy infrastructure. A recent report from Accenture paints a picture of widespread industry struggles in rolling out zero trust technologies, a perspective in line with the experiences of experts and security practitioners quizzed on the topic by CSO. Zero trust networking involves applying a security f
- 0 comments
- 71 views
-
The zero trust approach cybersecurity access control is more than 15 years old but organizations continue to struggle with its implementation due in large part to fragmented tooling and legacy infrastructure. A recent report from Accenture paints a picture of widespread industry struggles in rolling out zero trust technologies, a perspective in line with the experiences of experts and security practitioners quizzed on the topic by CSO. Zero trust networking involves applying a security f
- 0 comments
- 59 views
-
Phishing has surged 400% year-over-year, highlighting need for real-time visibility into identity exposures. SpyCloud, the leader in identity threat protection, today released new data showing a sharp rise in phishing attacks that disproportionately target corporate users. The company tracked a 400% year-over-year increase in successfully phished identities, with nearly 40% of the 28+ million recaptured phished records containing a business email address – compared to just 11.5% in recapture
- 0 comments
- 68 views
-
A command injection vulnerability in Array Networks AG Series secure access gateways has been exploited in the wild since August 2025, according to an alert issued by JPCERT/CC this week. The vulnerability, which does not have a CVE identifier, was addressed by the company on May 11, 2025. It's rooted in Array's DesktopDirect, a remote desktop access solution that allows users to securely accessView the full article
- 0 comments
- 64 views
-
eamesBot – shutterstock.com Eine der Hauptaufgaben von CISOs besteht darin, nicht mehr die „Abteilung des Neins“ zu sein. Sie müssen Wege finden, die schnelle Bereitstellung von Produkten und Dienstleistungen für das Unternehmen zu ermöglichen, ohne gleichzeitig neue Risiken einzuführen. Das ist, kurz gesagt, das Paradoxon. In einem Umfeld, in dem Produktteams ständig neue Technologien testen und Updates in Rekordgeschwindigkeit bereitstellen müssen, können traditionelle Audits am Ende d
- 0 comments
- 636 views
-
eamesBot – shutterstock.com Eine der Hauptaufgaben von CISOs besteht darin, nicht mehr die „Abteilung des Neins“ zu sein. Sie müssen Wege finden, die schnelle Bereitstellung von Produkten und Dienstleistungen für das Unternehmen zu ermöglichen, ohne gleichzeitig neue Risiken einzuführen. Das ist, kurz gesagt, das Paradoxon. In einem Umfeld, in dem Produktteams ständig neue Technologien testen und Updates in Rekordgeschwindigkeit bereitstellen müssen, können traditionelle Audits am Ende d
- 0 comments
- 604 views
-
A prolonged lack of management of valid authentication keys for signed access tokens issued to authenticators is believed to be the root cause of over 30 million accounts being exposed externally by ecommerce giant Coupang. Ongoing analysis suggests that these keys could have been exploited even after the responsible employee left the company. On Nov. 29, Coupang released a statement confirming the unauthorized exposure of personal information from approximately 4,500 accounts on Nov. 18. Th
- 0 comments
- 73 views
-
An individual or group is doing new probing of content delivery networks (CDNs), an effort that CSOs, CIOs and network administrators should worry about if they use CDNs instead of web application firewalls to protect websites. That’s the conclusion of Johannes Ullrich, dean of research at the SANS Institute, who this week said his organization’s honeypots last month detected a curious amount of traffic with server requests that include CDN-related headers. Perhaps, he said, someone is
- 0 comments
- 71 views
-
China-based phishing groups blamed for non-stop scam SMS messages about a supposed wayward package or unpaid toll fee are promoting a new offering, just in time for the holiday shopping season: Phishing kits for mass-creating fake but convincing e-commerce websites that convert customer payment card data into mobile wallets from Apple and Google. Experts say these same phishing groups also are now using SMS lures that promise unclaimed tax refunds and mobile rewards points. Over the past week,
- 0 comments
- 62 views
-
The security of operational technology (OT) in critical infrastructure has been a recurring theme for years, but this week the US National Security Agency (NSA) and its global partners added a new concern to the mix: how the increasing use of AI in OT risks making things worse. The scope of these concerns, and guidance for addressing them, is outlined in the Principles for the Secure Integration of Artificial Intelligence in Operational Technology, authored by the NSA in conjunction with the
- 0 comments
- 84 views
-
The threat actor known as Silver Fox has been spotted orchestrating a false flag operation to mimic a Russian threat group in attacks targeting organizations in China. The search engine optimization (SEO) poisoning campaign leverages Microsoft Teams lures to trick unsuspecting users into downloading a malicious setup file that leads to the deployment of ValleyRAT (Winos 4.0), a known malwareView the full article
- 0 comments
- 61 views
-
The problem: Static intelligence in a dynamic world Every CISO knows the fatigue that comes with modern threat intelligence. Dozens of vendor feeds pour in daily — STIX packages, IP blocklists, domain indicators, malware hashes — all claiming to help your organization stay one step ahead. Yet most threat feeds still behave like spreadsheets of badness. They tell you what to watch for, but not why it matters or how it moves through your environment. The result is a paradox of abundanc
- 0 comments
- 71 views
-
A longstanding problem with the way Windows handles LNK shortcut files, which attackers have been abusing for years to hide malicious commands in plain sight, may finally have been fixed, with more than one patch now available to users. The problem was that threat actors could mask a harmful payload in the Target field of an LNK file downloaded from the internet, adding whitespace padding so the payload was hidden from anyone inspecting the field. Microsoft has been reluctant to classify
- 0 comments
- 72 views
-
Mer_Studio – shutterstock.com Das Unternehmen Momberger – Lack & Technik warnt seine Kunden aktuell vor einem Sicherheitsvorfall. Wie die Oberhessische Zeitung berichtet, werden seit Montag (1. Dezember) betrügerische E-Mails im Namen des Unternehmens versendet. Die gefälschten Nachrichten fordern die Empfänger dazu auf, angeblich offene Rechnungen zu begleichen. “Diese Nachricht stammt nicht vom Unternehmen. Es handelt sich eindeutig um eine Fälschung, ausgelöst durch einen unbefugt
- 0 comments
- 61 views
-
Think your Wi-Fi is safe? Your coding tools? Or even your favorite financial apps? This week proves again how hackers, companies, and governments are all locked in a nonstop race to outsmart each other. Here’s a quick rundown of the latest cyber stories that show how fast the game keeps changing. DeFi exploit drains funds Critical yETH Exploit Used to Steal $9MView the full article
- 0 comments
- 63 views
-
As 2025 draws to a close, security professionals face a sobering realization: the traditional playbook for web security has become dangerously obsolete. AI-powered attacks, evolving injection techniques, and supply chain compromises affecting hundreds of thousands of websites forced a fundamental rethink of defensive strategies. Here are the five threats that reshaped web security this year, andView the full article
- 0 comments
- 65 views
-
Cybercriminals associated with a financially motivated group known as GoldFactory have been observed staging a fresh round of attacks targeting mobile users in Indonesia, Thailand, and Vietnam by impersonating government services. The activity, observed since October 2024, involves distributing modified banking applications that act as a conduit for Android malware, Group-IB said in a technicalView the full article
- 0 comments
- 64 views
-
Between 95 and 99% of the world’s data traffic travels through submarine cables. An extensive network of more than 1.3 million kilometers, which travels across the seas and oceans, from shore to shore. According to TeleGeography, there are 650 of these infrastructures in operation or in the pipeline, mainly operated by private companies. Whether we can connect to the internet, back up our computer files, make a bank transaction with our cell phone or communicate with other people depends to a la
- 0 comments
- 69 views
-
KI ist nicht nur ein Tool für Hacker, sondern kann auch selbst zur Gefahr werden. inray27 – Shutterstock.com In der Welt der Cybersicherheit gibt es ein grundlegendes Prinzip, das auf den ersten Blick widersprüchlich klingen mag: „Wir hacken, bevor Cyberkriminelle die Gelegenheit dazu bekommen.“ Um dies umzusetzen und Produktionsstraßen oder Maschinen zu schützen, setzen Unternehmen wie Siemens auf zwei zentrale Disziplinen, die sich in ihrer Zielsetzung unterscheiden: Offensive Securi
- 0 comments
- 72 views
-
KI ist nicht nur ein Tool für Hacker, sondern kann auch selbst zur Gefahr werden. inray27 – Shutterstock.com In der Welt der Cybersicherheit gibt es ein grundlegendes Prinzip, das auf den ersten Blick widersprüchlich klingen mag: „Wir hacken, bevor Cyberkriminelle die Gelegenheit dazu bekommen.“ Um dies umzusetzen und Produktionsstraßen oder Maschinen zu schützen, setzen Unternehmen wie Siemens auf zwei zentrale Disziplinen, die sich in ihrer Zielsetzung unterscheiden: Offensive Securi
- 0 comments
- 73 views
-
Developers using the React 19 library for building application interfaces are urged to immediately upgrade to the latest version because of a critical vulnerability that can be easily exploited by an attacker to remotely run their own code. Researchers at Wiz said Wednesday that a vulnerability in the React Server Components (RSC) Flight protocol affects the React 19 ecosystem, as well as frameworks that implement it. In particular, that means Next.js, a popular full stack development framew
- 0 comments
- 77 views
-
In a new example of how AI tools expand the attack surface of development machines, researchers found a serious remote code execution flaw in OpenAI’s Codex CLI, one of the most popular LLM-powered coding agents. “This vulnerability enables silent, repeatable remote code execution in any environment where developers run codex against a repository,” researchers from security firm CheckPoint, who found the flaw, said in their report. “By abusing project-local config loading, an attacker who ca
- 0 comments
- 76 views
-
Becoming an AI-ready SOC doesn’t happen all at once. It’s a progression—one that moves from understanding AI maturity, to assessing your operations, to measuring readiness, and finally, to operationalizing AI in ways that enhance detection, response, and analyst performance. Below is a condensed roadmap that brings the entire series together. Each stage links to the deeper technical breakdown for teams that want to go further. View the full article
- 0 comments
- 57 views
-
A maximum-severity security flaw has been disclosed in React Server Components (RSC) that, if successfully exploited, could result in remote code execution. The vulnerability, tracked as CVE-2025-55182, carries a CVSS score of 10.0. It allows "unauthenticated remote code execution by exploiting a flaw in how React decodes payloads sent to React Server Function endpoints," the React Team said inView the full article
- 0 comments
- 69 views
-
Microsoft has silently plugged a security flaw that has been exploited by several threat actors since 2017 as part of the company's November 2025 Patch Tuesday updates, according to ACROS Security's 0patch. The vulnerability in question is CVE-2025-9491 (CVSS score: 7.8/7.0), which has been described as a Windows Shortcut (LNK) file UI misinterpretation vulnerability that could lead to remoteView the full article
- 0 comments
- 66 views
-
A critical security flaw impacting a WordPress plugin known as King Addons for Elementor has come under active exploitation in the wild. The vulnerability, CVE-2025-8489 (CVSS score: 9.8), is a case of privilege escalation that allows unauthenticated attackers to grant themselves administrative privileges by simply specifying the administrator user role during registration. It affects versionsView the full article
- 0 comments
- 65 views
-
Some 2FA-phishing attacks are becoming significantly harder to spot as threat actors blend two previously distinct phishing-as-a-service (PhaaS) kits: Salty2FA and Tycoon2FA, into a single hybrid strain. Researchers at Any.Run warn that the hybrid is already bypassing detection rules tuned to either kit alone. Alerts that once reliably caught Salty2FA or Tycoon2FA activity are now going quiet, leaving security teams blind to MFA-bypass attacks that previously triggered obvious signatures.
- 0 comments
- 71 views
-
The threat actor known as Water Saci is actively evolving its tactics, switching to a sophisticated, highly layered infection chain that uses HTML Application (HTA) files and PDFs to propagate a worm that deploys a banking trojan via WhatsApp in attacks targeting users in Brazil. The latest wave is characterized by the attackers shifting from PowerShell to a Python-based variant that spreads theView the full article
- 0 comments
- 72 views
-
Poetry can be a perplexing art form for humans to decipher at times, and apparently AI is being tripped up by it too. Researchers from Icaro Lab (part of the ethical AI company DexAI), Sapienza University of Rome, and Sant’Anna School of Advanced Studies have found that, when delivered a poetic prompt, AI will break its guardrails and explain how to produce, say, weapons-grade plutonium or remote access trojans (RATs). The researchers used what they call “adversarial poetry” across 25 fr
- 0 comments
- 82 views
-
Ascannio – shutterstock.com Forscher des Security-Anbieters Koi haben eine Cyberbande namens „ShadyPanda“ dabei ertappt, wie sie vertrauenswürdige Browser-Erweiterungen für ihre Angriffe missbraucht haben. Ziel der Angreifer war es, Browsing-Daten zu sammeln, Suchergebnisse und den Datenverkehr zu manipulieren sowie eine Backdoor zu installieren. Laut Forschungsbericht wurden insgesamt 4,3 Millionen Browser-Instanzen infiziert. „Das Risiko für Unternehmen ist erheblich, wenn sich einer d
- 0 comments
- 630 views
-
Ascannio – shutterstock.com Forscher des Security-Anbieters Koi haben eine Cyberbande namens „ShadyPanda“ dabei ertappt, wie sie vertrauenswürdige Browser-Erweiterungen für ihre Angriffe missbraucht haben. Ziel der Angreifer war es, Browsing-Daten zu sammeln, Suchergebnisse und den Datenverkehr zu manipulieren sowie eine Backdoor zu installieren. Laut Forschungsbericht wurden insgesamt 4,3 Millionen Browser-Instanzen infiziert. „Das Risiko für Unternehmen ist erheblich, wenn sich einer d
- 0 comments
- 660 views
-
Remember when phishing emails were easy to spot? Bad grammar, weird formatting, and requests from a "Prince" in a distant country? Those days are over. Today, a 16-year-old with zero coding skills and a $200 allowance can launch a campaign that rivals state-sponsored hackers. They don't need to be smart; they just need to subscribe to the right AI tool. We are witnessing the industrialization ofView the full article
- 0 comments
- 108 views
-
Cyber protection grew more complex in 2025 as more threat actors turned to artificial intelligence (AI) to increase their speed, scale, and precision. These autonomous ransomware, phishing, and data exfiltration attacks outpaced legacy tools and exploited gaps between security and backup solutions. In 2026, organizations will have to evolve just as quickly, using AI and automation to unify their prevention, detection, response, and recovery strategies. 2287651215 shutterstock/Gorodenkoff
- 0 comments
- 85 views
-
Most people know the story of Paul Bunyan. A giant lumberjack, a trusted axe, and a challenge from a machine that promised to outpace him. Paul doubled down on his old way of working, swung harder, and still lost by a quarter inch. His mistake was not losing the contest. His mistake was assuming that effort alone could outmatch a new kind of tool. Security professionals are facing a similarView the full article
- 0 comments
- 69 views
-
Three critical security flaws have been disclosed in an open-source utility called Picklescan that could allow malicious actors to execute arbitrary code by loading untrusted PyTorch models, effectively bypassing the tool's protections. Picklescan, developed and maintained by Matthieu Maitre (@mmaitre314), is a security scanner that's designed to parse Python pickle files and detect suspiciousView the full article
- 0 comments
- 67 views
-
Cybersecurity researchers have discovered a malicious Rust package that's capable of targeting Windows, macOS, and Linux systems, and features malicious functionality to stealthily execute on developer machines by masquerading as an Ethereum Virtual Machine (EVM) unit helper tool. The Rust crate, named "evm-units," was uploaded to crates.io in mid-April 2025 by a user named "ablerust,"View the full article
- 0 comments
- 71 views
-
Summit Art Creations – shutterstock.com Fake-Shops, Datendiebstahl, gefälschte Angebote auf Social-Media-Plattformen – vier von zehn Befragten halten es für sehr wahrscheinlich (9 Prozent) oder wahrscheinlich (32 Prozent), Opfer eines Betrugs oder eines Betrugsversuchs über das Internet zu werden. Doch nur etwas mehr als die Hälfte (54 Prozent) der 1.057 für den Bundesverband deutscher Banken (BdB) zum Thema Cybersicherheit befragten Erwachsenen informieren sich regelmäßig oder zumindes
- 0 comments
- 653 views
-
For years, organizations used SSL/TLS certificates with long lifespans, reviewing and renewing them only occasionally. That is about to change. On 15 March 2026, the maximum lifespan of a TLS certificate will be cut from 398 days to 200 days. Then, a year later, the limit will drop again to 100 days, and by 2029 it’ll fall to just 47 days. This shift, meant to increase security, began with a proposal from Apple, which was approved in April 2025 by the CA/Browser Forum, a consortium of certif
- 0 comments
- 78 views
-
Julien Tromeur | shutterstock.com Weil sich Generative-AI-Lösungen branchenübergreifend verbreiten, wächst das Sicherheitsbedürfnis der Anwender. Diesem gerecht zu werden, ist vor allem deshalb eine Challenge, weil die Technologie enormen Einfluss auf die IT-Infrastruktur und die Unternehmensdaten nimmt. Und weil kriminelle Cyberakteure längst erkannt haben, welches Potenzial für sie in diesem Umstand schlummert. Gefragt sind deshalb neue, breit gefächerte Schutz- und Notfallmaßnahmen un
- 0 comments
- 697 views
-
Julien Tromeur | shutterstock.com Weil sich Generative-AI-Lösungen branchenübergreifend verbreiten, wächst das Sicherheitsbedürfnis der Anwender. Diesem gerecht zu werden, ist vor allem deshalb eine Challenge, weil die Technologie enormen Einfluss auf die IT-Infrastruktur und die Unternehmensdaten nimmt. Und weil kriminelle Cyberakteure längst erkannt haben, welches Potenzial für sie in diesem Umstand schlummert. Gefragt sind deshalb neue, breit gefächerte Schutz- und Notfallmaßnahmen un
- 0 comments
- 754 views
-
India's Department of Telecommunications (DoT) has issued directions to app-based communication service providers to ensure that the platforms cannot be used without an active SIM card linked to the user's mobile number. To that end, messaging apps like WhatsApp, Telegram, Snapchat, Arattai, Sharechat, Josh, JioChat, and Signal that use an Indian mobile number for uniquely identifying theirView the full article
- 0 comments
- 107 views
-
A sprawling surveillance campaign targeting Google Chrome and Microsoft Edge users is just the latest evolution of a seven-year-long project to distribute malicious browser extensions. By targeting trusted browser extensions and weaponizing them only after they had passed initial acceptance checks and gained a broad following, sometimes over years, a group that Koi has labelled “ShadyPanda” has infected 4.3 million browser instances to harvest browsing data, hijack search results, manipulate
- 0 comments
- 68 views
-
A joint investigation led by Mauro Eldritch, founder of BCA LTD, conducted together with threat-intel initiative NorthScan and ANY.RUN, a solution for interactive malware analysis and threat intelligence, has uncovered one of North Korea’s most persistent infiltration schemes: a network of remote IT workers tied to Lazarus Group’s Famous Chollima division. For the first time, researchers managedView the full article
- 0 comments
- 54 views
-
The supply chain campaign known as GlassWorm has once again reared its head, infiltrating both Microsoft Visual Studio Marketplace and Open VSX with 24 extensions impersonating popular developer tools and frameworks like Flutter, React, Tailwind, Vim, and Vue. GlassWorm was first documented in October 2025, detailing its use of the Solana blockchain for command-and-control (C2) and harvest npm,View the full article
- 0 comments
- 64 views
-
With submissions showcasing advances in automation, inclusion, workforce development, and real-world resilience, this year’s programme highlights the multifaceted role of today’s CSO. As threats evolve and organizational complexity grows, the CSO is now a strategist, communicator, technologist, and cultural leader. A panel of expert judges reviewed an exceptional set of candidates, ultimately selecting winners whose work demonstrates measurable impact, strategic clarity, and a commitment to
- 0 comments
- 69 views
-
Cybersecurity researchers have disclosed details of an npm package that attempts to influence artificial intelligence (AI)-driven security scanners. The package in question is eslint-plugin-unicorn-ts-2, which masquerades as a TypeScript extension of the popular ESLint plugin. It was uploaded to the registry by a user named "hamburgerisland" in February 2024. The package has been downloadedView the full article
- 0 comments
- 59 views
-
Israeli entities spanning academia, engineering, local government, manufacturing, technology, transportation, and utilities sectors have emerged as the target of a new set of attacks undertaken by Iranian nation-state actors that have delivered a previously undocumented backdoor called MuddyViper. The activity has been attributed by ESET to a hacking group known as MuddyWater (aka MangoView the full article
- 0 comments
- 63 views
-
While most cybersecurity companies pour resources into AI models, massive compute, hoovering up all the data, and enhanced analytics to detect and prevent threats, Frenetik, a Maryland cyber startup, is betting on something simpler: making sure attackers don’t know what defenders know. The company emerged today with a fundamentally different approach using novel cyber deception and a newly issued U.S. patent to back it. “The industry has turned cybersecurity into a compute and analysis w
- 0 comments
- 65 views
-
The 2025 State of AI Data Security Report reveals a widening contradiction in enterprise security: AI adoption is nearly universal, yet oversight remains limited. Eighty-three percent of organizations already use AI in daily operations, but only 13 percent say they have strong visibility into how these systems handle sensitive data. Produced by Cybersecurity Insiders with research support from Cyera Research Labs, the study reflects responses from 921 cybersecurity and IT professionals acros
- 0 comments
- 82 views
-
Vulnerability management is a core component of every cybersecurity strategy. However, businesses often use thousands of software without realising it (when was the last time you checked?), and keeping track of all the vulnerability alerts, notifications, and updates can be a burden on resources and often leads to missed vulnerabilities. Taking into account that nearly 10% ofView the full article
- 0 comments
- 62 views
-
Vaillant Group Der Energiesektor gerät zunehmend in den Fokus von Cyberkriminellen. Aus Sicht von Experten und des Bundesamtes für Sicherheit in der Informationstechnik (BSI) muss der Schutz in diesem Bereich massiv erhöht werden. Wie beurteilen Sie die aktuelle Lage in Deutschland? Reiß: Die geopolitischen Spannungen, die wir aktuell sehen, führen zu einer erhöhten Bedrohungslage. Das betrifft natürlich auch die Heizungsbranche, in der Vaillant tätig ist und die das Grundbedürfnis aller
- 0 comments
- 67 views
-
Google on Monday released monthly security updates for the Android operating system, including two vulnerabilities that it said have been exploited in the wild. The patch addresses a total of 107 security flaws spanning different components, including Framework, System, Kernel, as well as those from Arm, Imagination Technologies, MediaTek, Qualcomm, and Unison. The two high-severity shortcomingsView the full article
- 0 comments
- 64 views
-
Adversaries are hijacking AI technology for their own purposes, generating deepfakes, creating clever phishing lures, and launching novel types of advanced attacks. They are also targeting AI systems with prompt injection attacks aimed at tricking models into revealing sensitive data. And users are leaking sensitive data through the unauthorized or careless use of AI. CISOs who don’t respond to these threats with their own AI-powered defenses are putting their organizations at risk. Acco
- 0 comments
- 62 views
-
India's telecommunications ministry has ordered major mobile device manufacturers to preload a government-backed cybersecurity app named Sanchar Saathi on all new phones within 90 days. According to a report from Reuters, the app cannot be deleted or disabled from users' devices. Sanchar Saathi, available on the web and via mobile apps for Android and iOS, allows users to report suspected fraud,View the full article
- 0 comments
- 65 views
-
A threat actor known as ShadyPanda has been linked to a seven-year-long browser extension campaign that has amassed over 4.3 million installations over time. Five of these extensions started off as legitimate programs before malicious changes were introduced in mid-2024, according to a report from Koi Security, attracting 300,000 installs. These extensions have since been taken down. "TheseView the full article
- 0 comments
- 70 views
-
When it comes to cybersecurity, visibility is everything. Without it, even the most advanced tools can’t help teams detect, investigate, or respond effectively to threats lurking in their networks. That’s why we’re proud to announce that NETSCOUT’s Omnis Cyber Intelligence has been named “Overall Network Security Solution of the Year” in the ninth annual CyberSecurity Breakthrough Awards. This recognition honors the most innovative companies and technologies shaping the future of cybersecuri
- 0 comments
- 85 views
-
Zero-day attacks have become a significant concern in the realm of cybersecurity, posing a formidable challenge to individuals and organizations alike. These attacks exploit vulnerabilities that are unknown to the software vendor, leaving systems exposed to potential breaches. As cyberthreats evolve, understanding zero-day attacks and implementing effective protection strategies is crucial for maintaining security. Understanding zero-day attacks What is a zero-day vulnerability, exploit,
- 0 comments
- 78 views
-
For years, the security industry has been captivated by the promises of new acronyms: EDR, XDR, CDR. Each wave has promised broader coverage, better detection, and faster responses. And although each of these tools provides value, recent research from Enterprise Strategy Group (ESG) reveals something the industry conversation often overlooks: When real threats emerge, organizations still turn first to the network. According to ESG, 53% of organizations rely on network visibility and telemetr
- 0 comments
- 83 views
-
Microsoft has given system administrators until 2034 to stop using WINS (Windows Internet Name Service) NetBIOS name resolution technology in their networks — but even nine years may not be enough notice for some: WINS is very much still in use, supporting a niche range of difficult-to-replace legacy systems. WINS dates from Windows NT in 1994 and has long since been displaced by the more modern Domain Name System (DNS). It was deprecated in 2021 to coincide with the appearance of Windows Se
- 0 comments
- 80 views
-
Zu Weihnachten die Rechner der Verwandtschaft auf Botnet-Aktivitäten überprüfen – der kostenlose GreyNoise IP Check machts möglich. Jaiz Anuar – Shutterstock.com Hacks greifen immer stärker Unternehmen an, weil die Beute in Form von Lösegeld und Daten dort aussichtreicher ist als bei Privatpersonen. Das bedeutet jedoch nicht, dass eine Einzelperson kein lohnendes Opfer ist. Im Gegenteil – Computer von Individuen zu infizieren kann sich für Kriminelle auszahlen, insbesondere wenn sie Botnetze
- 0 comments
- 653 views
-
Zu Weihnachten die Rechner der Verwandtschaft auf Botnet-Aktivitäten überprüfen – der kostenlose GreyNoise IP Check machts möglich. Jaiz Anuar – Shutterstock.com Hacks greifen immer stärker Unternehmen an, weil die Beute in Form von Lösegeld und Daten dort aussichtreicher ist als bei Privatpersonen. Das bedeutet jedoch nicht, dass eine Einzelperson kein lohnendes Opfer ist. Im Gegenteil – Computer von Individuen zu infizieren kann sich für Kriminelle auszahlen, insbesondere wenn sie Botnetze
- 0 comments
- 682 views
-
Researchers at Socket have uncovered more details of a sophisticated software supply-chain operation linked to the Contagious Interview campaign attacking developers who rely on packages from NPM. They report finding a “full stack” operation behind the attacks, where code hosting, package distribution, staging servers and command-and control (C2) infrastructure are orchestrated much like a legitimate software development and delivery pipeline — and offer honest developers fresh advice on pro
- 0 comments
- 68 views
-
We can keep it real here. One of the main jobs CISOs have is to stop being the “Department of No.” We have to figure out how to enable the rapid delivery of products and services for the business without introducing risks to the same business. That’s the paradox in a nutshell. In an environment where product teams must constantly test new technologies and ship updates at record speed, traditional end-of-line audits wouldn’t keep up. Security has to move upstream. It must be built into everyd
- 0 comments
- 61 views
-
Hackers aren’t kicking down the door anymore. They just use the same tools we use every day — code packages, cloud accounts, email, chat, phones, and “trusted” partners — and turn them against us. One bad download can leak your keys. One weak vendor can expose many customers at once. One guest invite, one link on a phone, one bug in a common tool, and suddenly your mail, chats, repos, andView the full article
- 0 comments
- 660 views
-
The AI browser wars are coming to a desktop near you, and you need to start worrying about their security challenges. For the last two decades, whether you used Chrome, Edge, or Firefox, the fundamental paradigm remained the same: a passive window through which a human user viewed and interacted with the internet. That era is over. We are currently witnessing a shift that renders the oldView the full article
- 0 comments
- 66 views
-
A new Android malware named Albiriox has been advertised under a malware-as-a-service (MaaS) model to offer a "full spectrum" of features to facilitate on-device fraud (ODF), screen manipulation, and real-time interaction with infected devices. The malware embeds a hard-coded list comprising over 400 applications spanning banking, financial technology, payment processors, cryptocurrencyView the full article
- 0 comments
- 62 views
-
The threat actor known as Tomiris has been attributed to attacks targeting foreign ministries, intergovernmental organizations, and government entities in Russia with an aim to establish remote access and deploy additional tools. "These attacks highlight a notable shift in Tomiris's tactics, namely the increased use of implants that leverage public services (e.g., Telegram and Discord) asView the full article
- 0 comments
- 67 views
-
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has updated its Known Exploited Vulnerabilities (KEV) catalog to include a security flaw impacting OpenPLC ScadaBR, citing evidence of active exploitation. The vulnerability in question is CVE-2021-26829 (CVSS score: 5.4), a cross-site scripting (XSS) flaw that affects Windows and Linux versions of the software viaView the full article
- 0 comments
- 68 views
-
Cybersecurity researchers have discovered vulnerable code in legacy Python packages that could potentially pave the way for a supply chain compromise on the Python Package Index (PyPI) via a domain takeover attack. Software supply chain security company ReversingLabs said it found the "vulnerability" in bootstrap files provided by a build and deployment automation tool named "zc.buildout." "TheView the full article
- 0 comments
- 68 views
-
The North Korean threat actors behind the Contagious Interview campaign have continued to flood the npm registry with 197 more malicious packages since last month. According to Socket, these packages have been downloaded over 31,000 times, and are designed to deliver a variant of OtterCookie that brings together the features of BeaverTail and prior versions of OtterCookie. Some of theView the full article
- 0 comments
- 74 views
-
As IT environments become increasingly distributed and organizations adopt hybrid and remote work at scale, traditional perimeter-based security models and on-premises Privileged Access Management (PAM) solutions no longer suffice. IT administrators, contractors and third-party vendors now require secure access to critical systems from any location and on any device, without compromisingView the full article
- 0 comments
- 75 views
-
Cybersecurity researchers have shed light on a cross-tenant blind spot that allows attackers to bypass Microsoft Defender for Office 365 protections via the guest access feature in Teams. "When users operate as guests in another tenant, their protections are determined entirely by that hosting environment, not by their home organization," Ontinue security researcher Rhys Downing said in a reportView the full article
- 0 comments
- 73 views
-
The threat actor known as Bloody Wolf has been attributed to a cyber attack campaign that has targeted Kyrgyzstan since at least June 2025 with the goal of delivering NetSupport RAT. As of October 2025, the activity has expanded to also single out Uzbekistan, Group-IB researchers Amirbek Kurbanov and Volen Kayo said in a report published in collaboration with Ukuk, a state enterprise under theView the full article
- 0 comments
- 68 views
-
Microsoft has announced plans to improve the security of Entra ID authentication by blocking unauthorized script injection attacks starting a year from now. The update to its Content Security Policy (CSP) aims to enhance the Entra ID sign-in experience at "login.microsoftonline[.]com" by only letting scripts from trusted Microsoft domains run. "This update strengthens security and adds an extraView the full article
- 0 comments
- 65 views
-
If you're using community tools like Chocolatey or Winget to keep systems updated, you're not alone. These platforms are fast, flexible, and easy to work with—making them favorites for IT teams. But there’s a catch... The very tools that make your job easier might also be the reason your systems are at risk. These tools are run by the community. That means anyone can add or update packages. SomeView the full article
- 0 comments
- 72 views
-
Hackers have been busy again this week. From fake voice calls and AI-powered malware to huge money-laundering busts and new scams, there’s a lot happening in the cyber world. Criminals are getting creative — using smart tricks to steal data, sound real, and hide in plain sight. But they’re not the only ones moving fast. Governments and security teams are fighting back, shutting down fakeView the full article
- 0 comments
- 73 views
-
Gainsight has disclosed that the recent suspicious activity targeting its applications has affected more customers than previously thought. The company said Salesforce initially provided a list of 3 impacted customers and that it has "expanded to a larger list" as of November 21, 2025. It did not reveal the exact number of customers who were impacted, but its CEO, Chuck Ganapathi, said "weView the full article
- 0 comments
- 64 views
-
The second wave of the Shai-Hulud supply chain attack has spilled over to the Maven ecosystem after compromising more than 830 packages in the npm registry. The Socket Research Team said it identified a Maven Central package named org.mvnpm:posthog-node:4.18.1 that embeds the same two components associated with Sha1-Hulud: the "setup_bun.js" loader and the main payload "bun_environment.js." TheView the full article
- 0 comments
- 74 views
-
A prolific cybercriminal group that calls itself “Scattered LAPSUS$ Hunters” has dominated headlines this year by regularly stealing data from and publicly mass extorting dozens of major corporations. But the tables seem to have turned somewhat for “Rey,” the moniker chosen by the technical operator and public face of the hacker group: Earlier this week, Rey confirmed his real life identity and agreed to an interview after KrebsOnSecurity tracked him down and contacted his father. Scattered LAP
- 0 comments
- 81 views
-
South Korea's financial sector has been targeted by what has been described as a sophisticated supply chain attack that led to the deployment of Qilin ransomware. "This operation combined the capabilities of a major Ransomware-as-a-Service (RaaS) group, Qilin, with potential involvement from North Korean state-affiliated actors (Moonstone Sleet), leveraging Managed Service Provider (MSP)View the full article
- 0 comments
- 63 views
-
Enterprises today are expected to have at least 6-8 detection tools, as detection is considered a standard investment and the first line of defense. Yet security leaders struggle to justify dedicating resources further down the alert lifecycle to their superiors. As a result, most organizations' security investments are asymmetrical, robust detection tools paired with an under-resourced SOC,View the full article
- 0 comments
- 66 views