📰 Security News Dashboard

Heise_alerts

Heise_security

Watchguard_blog

Watchguard_pressreleases

Csoonline

Secplicity

17.10.2025 00:00

A new ransomware operation known as Kyber has emerged. Their first and current only posted victim is L3Harris, a major defense contractor in the United States. The operators have provided a timer that ends around 6 PM EST on Sunday, October 19. The group claims to have stolen over 300 GB of data


16.10.2025 00:00

The first samples of the new(ish) White Lock ransomware began emerging towards the end of September. The earliest compilation time stamp of the four samples currently on MalwareBazaar, Triage, and VirusTotal is September 29, 2025. It has all the hallmarks of traditional crypto-ransomware: kills anti


16.10.2025 00:00

Entry: https://www.watchguard.com/wgrd-security-hub/ransomware-tracker/dan0n The dAn0n Hacker Group, or dAn0n, was first observed in the Spring of 2024. They posted their first victim on their simultaneous dark web and clear net data leak site on March 26. The dAn0n group is often lumped in with


01.10.2025 00:00

The past 18 months have been shaped by a surge in brute-force attacks and critical vulnerabilities (CVEs) targeting VPNs, authentication services, privilege elevation, and denial of service across the network security landscape. This timeline outlines key advisories and CVEs beginning with Cisco


19.09.2025 00:00

Cyberattacks have become the new normal, but 2025 has been particularly brutal for UK businesses. We’re not even through the year, and already four major incidents have shaken industries, disrupted communities, and forced us to think harder about how we deal with cyber threats. Here’s what’s


18.09.2025 00:00

The UK has taken one of the most decisive steps yet in the global fight against ransomware. Following a summer of attacks that disrupted healthcare, retail, and legal services, the government has confirmed that a targeted ban on ransom payments and a universal reporting requirement will become law


Thehackernews

30.11.2025 00:00

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has updated its Known Exploited Vulnerabilities ( KEV ) catalog to include a security flaw impacting OpenPLC ScadaBR, citing evidence of active exploitation. The vulnerability in question is CVE-2021-26829 (CVSS score: 5.4), a cross-site scripting (XSS) flaw that affects Windows and Linux versions of the software via system_settings.shtm. It impacts the following versions - OpenPLC ScadaBR through 1.12.4 on Windows OpenPLC ScadaBR through 0.9.1 on Linux The addition of the security defect to the KEV catalog comes a little over a month after Forescout said it caught a pro-Russian hacktivist group known as TwoNet targeting its honeypot in September 2025, mistaking it for a water treatment facility.  In the compromise aimed at the decoy plant, the threat actor is said to have moved from initial access to disruptive action in about 26 hours, using default credentials to obtain initial access, followed by carr...

28.11.2025 00:00

Cybersecurity researchers have shed light on a cross-tenant blind spot that allows attackers to bypass Microsoft Defender for Office 365 protections via the guest access feature in Teams. "When users operate as guests in another tenant, their protections are determined entirely by that hosting environment, not by their home organization," Ontinue security researcher Rhys Downing said in a report. "These advancements increase collaboration opportunities, but they also widen the responsibility for ensuring those external environments are trustworthy and properly secured." The development comes as Microsoft has begun rolling out a new feature in Teams that allows users to chat with anyone via email, including those who don't use the enterprise communications platform, starting this month. The change is expected to be globally available by January 2026. "The recipient will receive an email invitation to join the chat session as a guest, enabling seamles...

28.11.2025 00:00

As IT environments become increasingly distributed and organizations adopt hybrid and remote work at scale, traditional perimeter-based security models and on-premises Privileged Access Management (PAM) solutions no longer suffice. IT administrators, contractors and third-party vendors now require secure access to critical systems from any location and on any device, without compromising compliance or increasing security risks. To keep up with modern demands, many organizations are turning to Remote Privileged Access Management (RPAM) for a cloud-based approach to securing privileged access that extends protection beyond on-prem environments to wherever privileged users connect. Continue reading to learn more about RPAM, how it differs from traditional PAM and why RPAM adoption is growing across all industries. What is RPAM? Remote Privileged Access Management (RPAM) allows organizations to securely monitor and manage privileged access for remote and third-party users. Unlike trad...

28.11.2025 00:00

Cybersecurity researchers have discovered vulnerable code in legacy Python packages that could potentially pave the way for a supply chain compromise on the Python Package Index (PyPI) via a domain takeover attack. Software supply chain security company ReversingLabs said it found the "vulnerability" in bootstrap files provided by a build and deployment automation tool named "zc.buildout." "The scripts automate the process of downloading, building, and installing the required libraries and tools," security researcher Vladimir Pezo said . "Specifically, when the bootstrap script is executed, it fetches and executes an installation script for the package Distribute from python-distribute[.]org – a legacy domain that is now available for sale in the premium price range while being managed to drive ad revenue." The PyPI packages that include a bootstrap script that accesses the domain in question include tornado, pypiserver, slapos.core, roman, x...

28.11.2025 00:00

The North Korean threat actors behind the Contagious Interview campaign have continued to flood the npm registry with 197 more malicious packages since last month . According to Socket , these packages have been downloaded over 31,000 times, and are designed to deliver a variant of OtterCookie that brings together the features of BeaverTail and prior versions of OtterCookie. Some of the identified "loader" packages are listed below - bcryptjs-node cross-sessions json-oauth node-tailwind react-adparser session-keeper tailwind-magic tailwindcss-forms webpack-loadcss The malware, once launched, attempts to evade sandboxes and virtual machines, profiles the machine, and then establishes a command-and-control (C2) channel to provide the attackers with a remote shell, along with capabilities to steal clipboard contents, log keystrokes, capture screenshots, and gather browser credentials, documents, cryptocurrency wallet data, and seed phrases. It's worth notin...

27.11.2025 00:00

The threat actor known as Bloody Wolf has been attributed to a cyber attack campaign that has targeted Kyrgyzstan since at least June 2025 with the goal of delivering NetSupport RAT. As of October 2025, the activity has expanded to also single out Uzbekistan, Group-IB researchers Amirbek Kurbanov and Volen Kayo said in a report published in collaboration with Ukuk, a state enterprise under the Prosecutor General's office of the Kyrgyz Republic. The attacks have targeted finance, government, and information technology (IT) sectors. "Those threat actors would impersonate the [Kyrgyzstan's] Ministry of Justice through official looking PDF documents and domain names, which in turn hosted malicious Java Archive (JAR) files designed to deploy the NetSupport RAT," the Singapore-headquartered company said . "This combination of social engineering and accessible tooling allows Bloody Wolf to remain effective while keeping a low operational profile." Bloody Wol...

Borncity

30.11.2025 00:00

Die EU-Regularien wie NIS-2, AI-Act etc. sind von Unternehmen im Hinblick auf Cybersicherheit umzusetzen. Dabei stellt sich die große Frage nach der VerhĂ€ltnismĂ€ĂŸigkeit bestimmter Fragen. Das Institut der deutschen Wirtschaft Köln e.V. und die IW Consult GmbH haben in einer Studie die Auswirkungen von KI-Verordnung, NIS-2-Richtlinie und Cyber Resilience Act auf KMUs untersucht.

30.11.2025 00:00

Die Microsofts Update Health Tools (KB4023057) – Deutsch "IntegritĂ€tstools – Windows Update Service-Komponenten" war in der Version 1.0 angreifbar und ermöglichte Remote Code Execution-Angriffe. In der Version 1.1 sind zumindest Systeme fĂŒr den EU-Bereich geschĂŒtzt, wenn ich es richtig interpretiere. Die Schwachstellen sind nun beseitigt.

30.11.2025 00:00

Cloud-Anbieter wie AWS, Microsoft oder Google verwenden die Open Source-Software Fluent Bit zur Erfassung von Telemetriedaten (Monitoring). Gleich fĂŒnf Schwachstellen in dieser Software hĂ€tten die Remote-Übernahme von Containern, die auf den entsprechenden Cloud-Instanzen gehostet wurden, ermöglichet. Nutzer sollten die Software dringend aktualisieren.

30.11.2025 00:00

"Leben ist VerĂ€nderung, aber am besten bleibt es, wie es ist". Mit dieser Erkenntnis möchte ich die Leserschaft ĂŒber den EigentĂŒmerwechsel (das ist die VerĂ€nderung) der Domain borncity.com informieren. Aber fĂŒr die Leserschaft dieses IT-Blogs bleibt auf absehbare Zeit alles, wie es ist. Ich bleibe an Bord und werde den Blog weiter, wie bisher, betreiben.

29.11.2025 00:00

Ich stelle mal eine Beobachtung aus der Leserschaft hier als Artikel in den Blog, in der Hoffnung, auf weitere RĂŒckmeldungen. Die Frage richtet sich an Nutzer von Windows 11-Systemen und lautet, ob seit "einigen Tagen" plötzlich vermehrt AbstĂŒrze (Desktop eingefroren, schwarzer Desktop-Hintergrund etc.) beobachtet wurden.