📰 Security News Dashboard

Heise_alerts

Heise_security

Watchguard_blog

30.10.2025 00:00

Online, you aren’t your story ‒ you’re data: a login, a code, a cookie. MFA proves you’re you in more than one way, closing the gap attackers exploit.

Watchguard_pressreleases

Csoonline

Secplicity

17.10.2025 00:00

A new ransomware operation known as Kyber has emerged. Their first and current only posted victim is L3Harris, a major defense contractor in the United States. The operators have provided a timer that ends around 6 PM EST on Sunday, October 19. The group claims to have stolen over 300 GB of data…

16.10.2025 00:00

The first samples of the new(ish) White Lock ransomware began emerging towards the end of September. The earliest compilation time stamp of the four samples currently on MalwareBazaar, Triage, and VirusTotal is September 29, 2025. It has all the hallmarks of traditional crypto-ransomware: kills anti…

16.10.2025 00:00

Entry: https://www.watchguard.com/wgrd-security-hub/ransomware-tracker/dan0n The dAn0n Hacker Group, or dAn0n, was first observed in the Spring of 2024. They posted their first victim on their simultaneous dark web and clear net data leak site on March 26. The dAn0n group is often lumped in with…

01.10.2025 00:00

The past 18 months have been shaped by a surge in brute-force attacks and critical vulnerabilities (CVEs) targeting VPNs, authentication services, privilege elevation, and denial of service across the network security landscape. This timeline outlines key advisories and CVEs beginning with Cisco…

19.09.2025 00:00

Cyberattacks have become the new normal, but 2025 has been particularly brutal for UK businesses. We’re not even through the year, and already four major incidents have shaken industries, disrupted communities, and forced us to think harder about how we deal with cyber threats. Here’s what’s…

18.09.2025 00:00

The UK has taken one of the most decisive steps yet in the global fight against ransomware. Following a summer of attacks that disrupted healthcare, retail, and legal services, the government has confirmed that a targeted ban on ransom payments and a universal reporting requirement will become law…

Thehackernews

03.11.2025 00:00

The North Korea-linked threat actor known as Kimsuky has distributed a previously undocumented backdoor codenamed HttpTroy as part of a likely spear-phishing attack targeting a single victim in South Korea. Gen Digital, which disclosed details of the activity, did not reveal any details on when the incident occurred, but noted that the phishing email contained a ZIP file ("250908_A_HK이노션_SecuwaySSL VPN Manager U100S 100user_견적서.zip"), which masqueraded as a VPN invoice to distribute malware capable of file transfer, capturing screenshots, and executing arbitrary commands. "The chain has three steps: a small dropper, a loader called MemLoad, and the final backdoor, named 'HttpTroy,'" security researcher Alexandru-Cristian Bardaș said. Present within the ZIP archive is a SCR file of the same name, opening which triggered the execution chain, starting with a Golang binary containing three embedded files, including a decoy PDF document that's displayed...

03.11.2025 00:00

Security Operations Centers (SOC) today are overwhelmed. Analysts handle thousands of alerts every day, spending much time chasing false positives and adjusting detection rules reactively. SOCs often lack the environmental context and relevant threat intelligence needed to quickly verify which alerts are truly malicious. As a result, analysts spend excessive time manually triaging alerts, the majority of which are classified as benign. Addressing the root cause of these blind spots and alert fatigue isn't as simple as implementing more accurate tools. Many of these traditional tools are very accurate, but their fatal flaw is a lack of context and a narrow focus - missing the forest for the trees. Meanwhile, sophisticated attackers exploit exposures invisible to traditional reactive tools, often evading detection using widely-available bypass kits .  While all of these tools are effective in their own right, they often fail because of the reality that attackers don't employ just ...

03.11.2025 00:00

Cybersecurity researchers have shed light on two different Android trojans called BankBot-YNRK and DeliveryRAT that are capable of harvesting sensitive data from compromised devices. According to CYFIRMA, which analyzed three different samples of BankBot-YNRK, the malware incorporates features to sidestep analysis efforts by first checking its running within a virtualized or emulated environment, and then extracting device details such as the manufacturer and model name to ascertain if it's being executed on a real device. BankBot-YNRK also checks if the device is manufactured by Oppo, or is running on ColorOS, a version of the Android operating system that's used on devices made by the Chinese original equipment manufacturer (OEM). "The malware also includes logic to identify specific devices," CYFIRMA said. "It verifies whether the device is a Google Pixel or a Samsung device and checks if its model is included in a predefined list of recognized or suppo...

03.11.2025 00:00

Cyberattacks are getting smarter and harder to stop. This week, hackers used sneaky tools, tricked trusted systems, and quickly took advantage of new security problems—some just hours after being found. No system was fully safe. From spying and fake job scams to strong ransomware and tricky phishing, the attacks came from all sides. Even encrypted backups and secure areas were put to the test. Keep reading for the full list of the biggest cyber news from this week—clearly explained and easy to follow. ⚡ Threat of the Week Motex Lanscope Flaw Exploited to Drop Gokcpdoor — A suspected Chinese cyber espionage actor known as Tick has been attributed to a target campaign that has leveraged a recently disclosed critical security flaw in Motex Lanscope Endpoint Manager (CVE-2025-61932, CVSS score: 9.3) to infiltrate target networks and deploy a backdoor called Gokcpdoor. Sophos, which disclosed details of the activity, said it was "limited to sectors aligned with their intelligence...

03.11.2025 00:00

Bad actors are increasingly training their sights on trucking and logistics companies with an aim to infect them with remote monitoring and management (RMM) software for financial gain and ultimately steal cargo freight. The threat cluster, believed to be active since at least June 2025 according to Proofpoint, is said to be collaborating with organized crime groups to break into entities in the surface transportation industry with the end goal of plundering physical goods. The most targeted commodities of the cyber-enabled heists are food and beverage products. "The stolen cargo most likely is sold online or shipped overseas," researchers Ole Villadsen and Selena Larson said in a report shared with The Hacker News. "In the observed campaigns, threat actors aim to infiltrate companies and use their fraudulent access to bid on real shipments of goods to ultimately steal them." The campaigns share similarities with a previous set of attacks disclosed in Septemb...

03.11.2025 00:00

Cybersecurity researchers have flagged a new malicious extension in the Open VSX registry that harbors a remote access trojan called SleepyDuck . According to Secure Annex's John Tuckner, the extension in question, juan-bianco.solidity-vlang (version 0.0.7), was first published on October 31, 2025, as a completely benign library that was subsequently updated to version 0.0.8 on November 1 to include new malicious capabilities after reaching 14,000 downloads. "The malware includes sandbox evasion techniques and utilizes an Ethereum contract to update its command and control address in case the original address is taken down," Tuckner added . Campaigns distributing rogue extensions targeting Solidity developers have been repeatedly detected across both the Visual Studio Extension Marketplace and Open VSX. In July 2025, Kaspersky disclosed that a Russian developer lost $500,000 in cryptocurrency assets after installing one such extension through Cursor. In the latest...

Borncity

03.11.2025 00:00

Die Tage ist mir ein Hinweis zur Auto-Discovery-Funktion für die Ordneranzeige im Windows Explorer untergekommen. Die Aussage war, dass diese Funktion auch in Windows 11 standardmäßig aktiv sei und die Anzeige ausbremst. Aber man kann diese Auto-Discovery-Funktion versuchsweise mit einem Registrierungseingriff deaktivieren.

03.11.2025 00:00

In Zeiten des AI-Einsatzes von ChatGPT und anderer Lösungen laufen Touristen in ein bisher unbekanntes Problem. Sie werden durch Berichte im Internet zu Fake-Locations gelockt, die gar nicht existieren. Dank KI wurden Berichte und Videos gefälscht. Das könnte ein wachsendes Problem werden.

03.11.2025 00:00

Kleine "what the fuck"-Meldung zum Wochenstart. Klar, mit Werbung kann man Angebote finanzieren – mache ich hier im Blog auch und Microsoft spielt in seinen Produkten ebenfalls Werbung aus. Ob aber Werbung auf dem Touchdisplay eines VW ID.7 sein muss? Oder Werbung auf dem Touchdisplay eines Kühlschranks?

03.11.2025 00:00

Ein Blog-Leser aus dem Raum Trier hat mich per E-Mail informiert (danke dafür), dass die öffentlichen Seiten der Stadt Trier seit dem Wochenende offline seien. Ein massiver DDoS-Angriff hat wohl das betreffende Angebot aus dem Web gefegt, sprich Besucher konnten die Internetseiten wegen Überlastung nicht mehr erreichen.

03.11.2025 00:00

Kleiner Nachtrag von voriger Woche. Bei Ernst & Young (kurz EY) hat es mutmaßlich einen veritablen Datenschutz- und Sicherheitsvorfall gegeben. Sicherheitsforscher sind im Internet auf eine Backup-Datei für einen SQL-Server gestoßen, die unverschlüsselt und ungeschützt erreichbar war. Die über 4 Terabyte große Datei soll zahlreiche sensitive Details der EY-Wirtschaftsprüfer enthalten.