08.05. 08:40
heise alerts
heise security
watchguard blog
06.05. 00:00
Meet Rai: AI That Runs More of the Security Work
MSPs juggle more clients, tools, and demands. Rai, WatchGuard’s AI digital worker, streamlines operations so teams save time and deliver more value.
06.05. 00:00
Why WatchGuard Acquired Perimeters.io: Making Cloud Security Work for MSPs
MSPs rely on native tools or patchwork solutions for cloud security. CloudDR unifies visibility, detection, and response to manage risk at scale.
01.05. 00:00
NIS2 Fines Are on the Horizon: Why Your Business Can’t Wait
Discover which companies fall under NIS2, the readiness gap, and how to harden your cybersecurity to avoid non-compliance penalties
01.05. 00:00
WatchGuard Leaders Recognized on CRN’s 2026 Women of the Channel List
WatchGuard celebrates Michelle Welch (Power 100) and Karen Ray on CRN’s 2026 Women of the Channel list, recognizing their channel leadership.
29.04. 00:00
From Alerts to Action: Automating MSP Security
Automate MSP security to reduce alerts, streamline operations, and scale efficiently. Register now to turn insights into action and boost performance.
28.04. 00:00
Making an Impact Together: Highlights from WatchGuard IMPACT 2026
Global WatchGuard IMPACT event unites partners across regions to drive growth, innovation, and collaboration through insights, networking, and awards.
watchguard pressreleases
06.05. 00:00
WatchGuard Introduces Rai: The Agentic AI Digital Workforce Designed Specifically for MSPs
Shift from Assistive AI to Autonomous Execution to Unlock Scalable, Profitable Growth
06.05. 00:00
WatchGuard Acquires Perimeters.io to Scale Cloud Security for MSPs
Introduces WatchGuard Cloud Detection and Response, extending protection beyond endpoints and networks
14.04. 00:00
WatchGuard and Halo Announce Partnership to Deliver MSP Automation from Alert to Invoice
Integration embeds WatchGuard security operations inside HaloPSA, streamlining ticketing, provisioning, and billing workflows for MSPs
08.04. 00:00
WatchGuard Disrupts Endpoint Pricing to Give MSPs Competitive Edge
Enterprise-grade product features, combined with agile and aggressive licensing model, offer MSPs maximum agility in competitive Endpoint Detection and Response (EDR) market
26.03. 00:00
WatchGuard Expands NDR Capabilities, Making Advanced Network Threat Detection Practical for MSPs and Midmarket Organizations
Embedded detection, managed services, and automated response simplify NDR adoption for SMEs and MSPs
24.02. 05:10
WatchGuard Marks 30 Years of Setting the MSP Security Standard
Cybersecurity leader has helped MSPs reduce complexity, scale protection, and profitably grow through every market shift
csoonline
04.05. 00:00
Feature
Was ist ein Botnet?
28.04. 00:00
Analyse
EDR-Software – ein Kaufratgeber
20.04. 00:00
News-Analyse
Copilot & Agentforce offen für Prompt-Injection-Tricks
20.04. 00:00
News-Analyse
Claude Mythos – ist der Hype gerechtfertigt?
14.04. 00:00
News
Cyber-Inspekteur: Hybride Attacken nehmen weiter zu
01.04. 00:00
News
Im Fokus: IT-Leadership
secplicity
07.05. 00:00
Cybercrime Has Entered the Physical Supply Chain
Cybercrime no longer stays neatly contained behind a screen. In Episode 369 of The 443 Podcast, Marc Laliberte and Corey Nachreiner unpack three recent threat stories that show how digital compromise can ripple outward into software supply chains, ransomware recovery, and even stolen freight…
30.04. 00:00
The Cybersecurity Reality Facing LATAM SMBs
For many small and midsize businesses across Latin America, cybersecurity is no longer a future concern. It is a present operational risk. Episode 368 of The 443: Security Simplified features WatchGuard’s Marc Laliberte and Corey Nachreiner in conversation with Paul Harris, CEO of BGLA and Futurity…
23.04. 00:00
A New Windows Zero-Day Lets Attackers Take Full Control
A newly disclosed Windows zero-day, dubbed RedSun, is the latest reminder that attackers do not need to break in if they can simply escalate. Discussed in Episode 367 of The 443 podcast, this vulnerability highlights how trusted system processes can be manipulated to gain full system-level access…
20.04. 00:00
FormBook Malware Analysis: Phishing Campaigns Use DLL Side-Loading and Obfuscated JavaScript to Target Businesses
WatchGuard telemetry identified two different phishing campaigns targeting Greek, Spanish, Slovenian, Bosnian and Latin and Central American companies, that use different techniques to delivery FormBook malware. FormBook is a data-stealing malware that targets Windows systems, primarily distributed…
15.04. 00:00
Project Glasswing Signals a New Era for AI in Cybersecurity
Artificial intelligence is no longer just a productivity multiplier. It is becoming a force multiplier for cybersecurity, and potentially for cyber risk. In Episode 366 of The 443, Marc Laliberte and Corey Nachreiner discuss three developments that together paint a clear picture of where the…
13.04. 00:00
Claude Code’s Accidental Source Leak Shows How Fast Attackers Exploit Curiosity
When a high-profile code leak hits the internet, the first reaction is usually fascination. Developers want to inspect it. Researchers want to understand how it works. Security teams want to know whether the exposure creates downstream risk. But threat actors often move faster than all three. That…
thehackernews
31.12. 00:00
U.S. Treasury Lifts Sanctions on Three Individuals Linked to Intellexa and Predator Spyware
The U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) on Tuesday removed three individuals linked to the Intellexa Consortium, the holding company behind a commercial spyware known as Predator , from the specially designated nationals list. The names of the individuals are as follows - Merom Harpaz Andrea Nicola Constantino Hermes Gambazzi Sara Aleksandra Fayssal Hamou Hamou was sanctioned by OFAC in March 2024, and Harpaz and Gambazzi were targeted in September 2024 in connection with developing, operating, and distributing Predator. It's currently not known why they were removed from the list. Harpaz is said to be working as a manager of Intellexa S.A., while Gambazzi was identified as the owner of Thalestris Limited and Intellexa Limited. Thalestris, Treasury Department said, held the distribution rights to the spyware, and processed transactions on behalf of other entities within the Intellexa Consortium. It's also the parent company...
31.12. 00:00
IBM Warns of Critical API Connect Bug Allowing Remote Authentication Bypass
IBM has disclosed details of a critical security flaw in API Connect that could allow attackers to gain remote access to the application. The vulnerability, tracked as CVE-2025-13915 , is rated 9.8 out of a maximum of 10.0 on the CVSS scoring system. It has been described as an authentication bypass flaw. "IBM API Connect could allow a remote attacker to bypass authentication mechanisms and gain unauthorized access to the application," the tech giant said in a bulletin. The shortcoming affects the following versions of IBM API Connect - 10.0.8.0 through 10.0.8.5 10.0.11.0 Customers are advised to follow the steps outlined below - Download the fix from Fix Central Extract the files: Readme.md and ibm-apiconnect-<version>-ifix.13195.tar.gz Apply the fix based on the appropriate API Connect version "Customers unable to install the interim fix should disable self-service sign-up on their Developer Portal if enabled, which will help minimise their exp...
31.12. 00:00
Researchers Spot Modified Shai-Hulud Worm Testing Payload on npm Registry
Cybersecurity researchers have disclosed details of what appears to be a new strain of Shai Hulud on the npm registry with slight modifications from the previous wave observed last month. The npm package that embeds the novel Shai Hulud strain is " @vietmoney/react-big-calendar ," which was uploaded to npm back in March 2021 by a user named "hoquocdat." It was updated for the first time on December 28, 2025, to version 0.26.2. The package has been downloaded 698 times since its initial publication. The latest version has been downloaded 197 times. Aikido, which spotted the package, said it has not spotted any major spread or infections following the release of the package. "This suggests we may have caught the attackers testing their payload," security researcher Charlie Eriksen said . "The differences in the code suggests that this was obfuscated again from the original source, not modified in place. This makes it highly unlikely to be a copy-ca...
31.12. 00:00
Trust Wallet Chrome Extension Hack Drains $8.5M via Shai-Hulud Supply Chain Attack
Trust Wallet on Tuesday revealed that the second iteration of the Shai-Hulud (aka Sha1-Hulud) supply chain outbreak in November 2025 was likely responsible for the hack of its Google Chrome extension, ultimately resulting in the theft of approximately $8.5 million in assets. "Our Developer GitHub secrets were exposed in the attack, which gave the attacker access to our browser extension source code and the Chrome Web Store (CWS) API key," the company said in a post-mortem published Tuesday. "The attacker obtained full CWS API access via the leaked key, allowing builds to be uploaded directly without Trust Wallet's standard release process, which requires internal approval/manual review." Subsequently, the attacker is said to have registered the domain "metrics-trustwallet[.]com" and pushed a trojanized version of the extension with a backdoor that's capable of harvesting users' wallet mnemonic phrases to the sub-domain "api.metrics-...
31.12. 00:00
DarkSpectre Browser Extension Campaigns Exposed After Impacting 8.8 Million Users Worldwide
The threat actor behind two malicious browser extension campaigns, ShadyPanda and GhostPoster , has been attributed to a third attack campaign codenamed DarkSpectre that has impacted 2.2 million users of Google Chrome, Microsoft Edge, and Mozilla Firefox. The activity is assessed to be the work of a Chinese threat actor that Koi Security is tracking under the moniker DarkSpectre . In all, the campaigns have collectively affected over 8.8 million users spanning a period of more than seven years. ShadyPanda was first unmasked by the cybersecurity company earlier this month as targeting all three browser users to facilitate data theft, search query hijacking, and affiliate fraud. It has been found to affect 5.6 million users, including 1.3 newly identified victims stemming from over 100 extensions flagged as connected to the same cluster. This also includes an Edge add-on named "New Tab - Customized Dashboard" that features a logic bomb that waits for three days prior to t...
30.12. 00:00
CSA Issues Alert on Critical SmarterMail Bug Allowing Remote Code Execution
The Cyber Security Agency of Singapore (CSA) has issued a bulletin warning of a maximum-severity security flaw in SmarterTools SmarterMail email software that could be exploited to achieve remote code execution. The vulnerability, tracked as CVE-2025-52691 , carries a CVSS score of 10.0. It relates to a case of arbitrary file upload that could enable code execution without requiring any authentication. "Successful exploitation of the vulnerability could allow an unauthenticated attacker to upload arbitrary files to any location on the mail server, potentially enabling remote code execution," CSA said. Vulnerabilities of this kind allow the upload of dangerous file types that are automatically processed within an application's environment. This could pave the way for code execution if the uploaded file is interpreted and executed as code, as is the case with PHP files. In a hypothetical attack scenario, a bad actor could weaponize this vulnerability to place malici...
borncity
08.05. 00:00
Plattform ClickUp legt Kunden-E-Mails über 465 Tage offen
Noch ein kleines Freitagsthema, was mir bereits seit einigen Tagen untergekommen ist. Die SaaS-Plattform ClickUp hatte ihre Interna nicht wirklich im Griff. Wie sich herausgestellt hat, wurden von ClickUp Kunden-E-Mails über 465 Tage offengelegt. Ich kein wirkliches Problem, 85 % der Fortune-500-US-Unternehmen die die SaaS-Plattform nutzen – "man ist also in guter Gesellschaft".
08.05. 00:00
Instagram DMs ab heute nicht mehr Ende-zu-Ende verschlüsselt
Kurzer Hinweis für Instagram-Nutzer unter der Leserschaft, die auch private Nachrichten auf dieser Plattform getauscht haben. Ab dem heutigen 8. Mai 2026 sind diese privaten Nachrichten nicht mehr privat. Instagram beginnt damit, die Ende-zu-Ende-Verschlüsselung abzuschalten. Damit werden die privaten Nachrichten für Meta lesbar.
08.05. 00:00
Post von der DENIC mit Verifizierungsaufforderung an .de-Domaininhaber
Die DENIC, die die Top Level Domain (TLD) .de verwaltet, verschickt wohl Aufforderungen zur Verifizierung an deutsche Inhaber einer .de-Domain. Das ist kein Fake oder Phishing, sondern eine gesetzliche Auflage, auch wenn es gerade etwas ungünstig kommt.
08.05. 00:00
Windows 11-Clients: Die Gruppenrichtlinien-Editoren gpedit.msc und GPMC sind kaputt
Der Gruppenrichtlinien-Editor auf den Windows-Clients ist "kaputt", macht er doch auf Grund eines Bugs nicht, was ihm vom Administrator aufgetragen wird. Eingetragene Werte werden nicht übernommen, sondern wegen eines Überlauffehlers reduziert und dann gespeichert. Mark Heitbrink hat es im März 2026 an Microsoft gemeldet, ist bisher ohne Reaktion geblieben.
08.05. 00:00
Vodafone: IMAP-System seit Tagen dysfunktional?
Frage an die Leser, die den IMAP-Server von Vodafone zum Mail-Versand verwenden. Stellt ihr in den letzten Tagen da Probleme fest? Ein Leser hat mich am 7. Mai 2026 per Mail kontaktiert und auf arge Probleme mit dem Vodafone IMAP-Server hingewiesen. Im Client werden bei einer IMAP-Anbindung "scheinbar" Ordnerinhalte gelöscht. Bei der Kontrolle im Webmailer sind die Mails aber noch auf dem IMAP-Server vorhanden. Lediglich die IMAP-Anbindung ist gestört und arbeitet wohl fehlerhaft.
07.05. 00:00
Frust mit D-Trust-Zertifikat – eine Nutzererfahrung mit AATL
Wer Zertifikate zum Signieren von E-Mails oder PDF-Dokumenten bezieht, muss ggf. aufpassen, dass er auch die richtigen Zertifikate ordert. Ein Mediziner hat sich im Nachgang zu aktuellen Berichten über zurückgezogene Zertifikate gemeldet und eigene Erfahrungen mit einem D-Trust-Zertifikat berichtet. Er wollte das Zertifikat zum Signieren von E-Mails und PDF-Dokumenten verwenden, stellte aber fest, dass der Adobe Reader D-Trust ablehnt. Ich stelle die Information mal hier im Blog ein, vielleicht verhindert es, dass weitere Leute auf ungeeignete Signatur-Zertifikate hereinfallen. Verbunden ist dies mit der Frage, wie ihr das bei euch löst – oder ist das exotischer Einzelfall und dumm gelaufen?