Security News Feed

Aktuelle Bedrohungen & Systemstatus auf einen Blick

heise alerts

heise security

watchguard blog

watchguard pressreleases

csoonline

secplicity

23.04. 00:00

A New Windows Zero-Day Lets Attackers Take Full Control

A newly disclosed Windows zero-day, dubbed RedSun, is the latest reminder that attackers do not need to break in if they can simply escalate. Discussed in Episode 367 of The 443 podcast, this vulnerability highlights how trusted system processes can be manipulated to gain full system-level access…

Zum Artikel
15.04. 00:00

Project Glasswing Signals a New Era for AI in Cybersecurity

Artificial intelligence is no longer just a productivity multiplier. It is becoming a force multiplier for cybersecurity, and potentially for cyber risk. In Episode 366 of The 443, Marc Laliberte and Corey Nachreiner discuss three developments that together paint a clear picture of where the…

Zum Artikel
06.04. 00:00

Deepfakes Didn’t Invent Cybercrime, They Just Perfected It

Fraud is nothing new. It is a reality that some people will take advantage of the trusting and even minimally naïve. Last year, in a moment of high stress and low sleep, even I, a 25-year Cyber Security veteran, was duped by a phone call from the “FBI” claiming my involvement in identity theft…

Zum Artikel

thehackernews

31.12. 00:00

U.S. Treasury Lifts Sanctions on Three Individuals Linked to Intellexa and Predator Spyware

The U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) on Tuesday removed three individuals linked to the Intellexa Consortium, the holding company behind a commercial spyware known as Predator , from the specially designated nationals list. The names of the individuals are as follows - Merom Harpaz Andrea Nicola Constantino Hermes Gambazzi Sara Aleksandra Fayssal Hamou Hamou was sanctioned by OFAC in March 2024, and Harpaz and Gambazzi were targeted in September 2024 in connection with developing, operating, and distributing Predator. It's currently not known why they were removed from the list. Harpaz is said to be working as a manager of Intellexa S.A., while Gambazzi was identified as the owner of Thalestris Limited and Intellexa Limited. Thalestris, Treasury Department said, held the distribution rights to the spyware, and processed transactions on behalf of other entities within the Intellexa Consortium. It's also the parent company...

Zum Artikel
31.12. 00:00

IBM Warns of Critical API Connect Bug Allowing Remote Authentication Bypass

IBM has disclosed details of a critical security flaw in API Connect that could allow attackers to gain remote access to the application. The vulnerability, tracked as CVE-2025-13915 , is rated 9.8 out of a maximum of 10.0 on the CVSS scoring system. It has been described as an authentication bypass flaw. "IBM API Connect could allow a remote attacker to bypass authentication mechanisms and gain unauthorized access to the application," the tech giant said in a bulletin. The shortcoming affects the following versions of IBM API Connect - 10.0.8.0 through 10.0.8.5 10.0.11.0 Customers are advised to follow the steps outlined below - Download the fix from Fix Central Extract the files: Readme.md and ibm-apiconnect-<version>-ifix.13195.tar.gz Apply the fix based on the appropriate API Connect version "Customers unable to install the interim fix should disable self-service sign-up on their Developer Portal if enabled, which will help minimise their exp...

Zum Artikel
31.12. 00:00

Researchers Spot Modified Shai-Hulud Worm Testing Payload on npm Registry

Cybersecurity researchers have disclosed details of what appears to be a new strain of Shai Hulud on the npm registry with slight modifications from the previous wave observed last month. The npm package that embeds the novel Shai Hulud strain is " @vietmoney/react-big-calendar ," which was uploaded to npm back in March 2021 by a user named "hoquocdat." It was updated for the first time on December 28, 2025, to version 0.26.2. The package has been downloaded 698 times since its initial publication. The latest version has been downloaded 197 times. Aikido, which spotted the package, said it has not spotted any major spread or infections following the release of the package. "This suggests we may have caught the attackers testing their payload," security researcher Charlie Eriksen said . "The differences in the code suggests that this was obfuscated again from the original source, not modified in place. This makes it highly unlikely to be a copy-ca...

Zum Artikel
31.12. 00:00

Trust Wallet Chrome Extension Hack Drains $8.5M via Shai-Hulud Supply Chain Attack

Trust Wallet on Tuesday revealed that the second iteration of the Shai-Hulud (aka Sha1-Hulud) supply chain outbreak in November 2025 was likely responsible for the hack of its Google Chrome extension, ultimately resulting in the theft of approximately $8.5 million in assets. "Our Developer GitHub secrets were exposed in the attack, which gave the attacker access to our browser extension source code and the Chrome Web Store (CWS) API key," the company said in a post-mortem published Tuesday. "The attacker obtained full CWS API access via the leaked key, allowing builds to be uploaded directly without Trust Wallet's standard release process, which requires internal approval/manual review." Subsequently, the attacker is said to have registered the domain "metrics-trustwallet[.]com" and pushed a trojanized version of the extension with a backdoor that's capable of harvesting users' wallet mnemonic phrases to the sub-domain "api.metrics-...

Zum Artikel
31.12. 00:00

DarkSpectre Browser Extension Campaigns Exposed After Impacting 8.8 Million Users Worldwide

The threat actor behind two malicious browser extension campaigns, ShadyPanda and GhostPoster , has been attributed to a third attack campaign codenamed DarkSpectre that has impacted 2.2 million users of Google Chrome, Microsoft Edge, and Mozilla Firefox. The activity is assessed to be the work of a Chinese threat actor that Koi Security is tracking under the moniker DarkSpectre . In all, the campaigns have collectively affected over 8.8 million users spanning a period of more than seven years. ShadyPanda was first unmasked by the cybersecurity company earlier this month as targeting all three browser users to facilitate data theft, search query hijacking, and affiliate fraud. It has been found to affect 5.6 million users, including 1.3 newly identified victims stemming from over 100 extensions flagged as connected to the same cluster. This also includes an Edge add-on named "New Tab - Customized Dashboard" that features a logic bomb that waits for three days prior to t...

Zum Artikel
30.12. 00:00

CSA Issues Alert on Critical SmarterMail Bug Allowing Remote Code Execution

The Cyber Security Agency of Singapore (CSA) has issued a bulletin warning of a maximum-severity security flaw in SmarterTools SmarterMail email software that could be exploited to achieve remote code execution. The vulnerability, tracked as CVE-2025-52691 , carries a CVSS score of 10.0. It relates to a case of arbitrary file upload that could enable code execution without requiring any authentication. "Successful exploitation of the vulnerability could allow an unauthenticated attacker to upload arbitrary files to any location on the mail server, potentially enabling remote code execution," CSA said. Vulnerabilities of this kind allow the upload of dangerous file types that are automatically processed within an application's environment. This could pave the way for code execution if the uploaded file is interpreted and executed as code, as is the case with PHP files. In a hypothetical attack scenario, a bad actor could weaponize this vulnerability to place malici...

Zum Artikel

borncity

02.05. 00:00

Umstellung der Werbung auf QMN: Mein bisheriges Fazit

Zum 1. Juli 2025 habe ich die Werbung in meinen Nischenblogs unter borncity.eu, und zum 1. Oktober 2026 auch hier im IT-Blog von Google-Werbung auf den Werbeanbieter Quality Media Networks (QMN) umgestellt. Heute ziehe ich ein Fazit und geben einen Rückblick auf sechs Monate Produktivbetrieb mit QMN.

Zum Artikel
02.05. 00:00

Deutsche Autoindustrie: Fast jeder dritte Großarbeitgeber ist für E‑Mail‑Angriffe offen

Eine Analyse des Cybersicherheitsunternehmens Red Sift besagt, dass Deutschlands größtes Unternehmen und die weltweit bekannteste Automobilmarke nach wie vor per E-Mail manipuliert werden kann. Insgesamt verfügen fast 40 % der großen deutschen Unternehmen über keinerlei aktive E-Mail-Sicherheitsmaßnahmen. Das schafft eine breite Angriffsfläche in einer der wirtschaftlich wichtigsten Lieferketten des Landes.

Zum Artikel
02.05. 00:00

Microsoft 365 Copilot App und weitere AI-Funktionen ausgerollt

Kurze Information für Benutzer von Windows 10- und Windows 11-Systemen. Ein Blog-Leser hat mich am 1. Mai 2026 am späten Nachmittag darüber informiert, dass Microsoft plötzlich die Microsoft 365 Copilot-App auf einem Windows-System ausgerollt habe. Dabei wurde die App für alle Nutzer, egal ob angemeldet oder nicht ausgerollt. Microsoft scheint eh Ende April oder zum 1. Mai 2026 einen Schwung AI-Zeugs über die Leute ausgekippt zu haben.

Zum Artikel
02.05. 00:00

Windows Shell-Schwachstelle CVE-2026-32202 wird aktiv angegriffen

Ein gibt eine Warnung der US-Behörde für Cybersicherheit und Infrastruktursicherheit (CISA), dass die Information Disclosure-Schwachstelle CVE-2026-32202 in der Windows Shell nun aktiv angegriffen wird. Angreifer missbrauchen die (im April 2026 geschlossene) Zero-Click-Sicherheitslücke in Windows, um an sensible Daten auf anfälligen Systemen  zu gelangen.

Zum Artikel
01.05. 00:00

Erzeugt der EU-Vorschlag zur Öffnung der Google-Suche ein "Trojanisches Pferd"?

Die EU-Kommission ist gerade dabei, um Google mithilfe des DSA (Digital Service Act) dazu zu zwingen, die Internetsuche per API für Drittanbieter zu öffnen. Gut gedacht, aber schlecht gemacht, das ist der Tenor dessen, was Sicherheitsforscher von diesem Ansatz halten. Durch die Öffnung der Such-API für Drittanbieter erhalten diese Zugriff auf die sensiblen Daten der Suchenden. Ein Datenschutz- und Sicherheits-GAU aller erster Güte, heißt es.

Zum Artikel
01.05. 00:00

Tanz in den Mai, oder Störungsnacht? (Trier, O2, Twitch, Ubuntu.com …)

Aktuell prasseln die Störungsmeldungen bei mir ein. Am Abend des 30. April 2026 wurde ich auf einen Twitch-Ausfall hingewiesen (war nach einer Stunde behoben). Die Webseite der Stadt Trier (trier.de) ist schon seit zwei Tagen immer wieder gestört (DDoS?). Auf Facebook merkte ein Nutzer eine Störung bei O2 an. Und auf BlueSky meldete ein Nutzer, dass die Webseite Ubuntu.com einen Error "503 Service Unavailable" meldet. Sind die Techniker auf "Tanz in den Mai", oder werden gerade zig Server per Copy Fail übernommen?

Zum Artikel