Security News Feed

Sicherheitsupdate: Veeam Backup & Replication unter Linux und Windows angreifbar

Warnung vor Malware aufgrund von Lieferkettenangriffen

IBM-Software wie HTTP Server ist für DoS- und Schadcode-Attacken anfällig

Notepad++: Lücken erlauben Einschleusen von Schadcode und Befehlen

7-Zip: Hochriskante Lücke erlaubt Einschleusen von Schadcode

Fehler in Docker Model Runner erlaubt Sandboxausbruch unter macOS

„868-BACK“ angespielt: Digitales Brettspiel zum Selberhacken

Sicherheitsupdate: Veeam Backup & Replication unter Linux und Windows angreifbar

IBM und Red Hat: 5 Milliarden Dollar für sicherere Open-Source-Software

XPipe 23.0: Mehr Sicherheit für Remote-Zugänge

iX-Workshop: Active Directory hacken und schützen

Warnung vor gefälschten FIFA-Webseiten vor der Fußball-WM 2026

Cybersecurity Operations Are Entering the AI-Native Era

Explore how AI-driven, agentic attacks are overwhelming traditional security operations and why cybersecurity must evolve toward AI-native defense.

85% of Attacks Leverage RDP for Lateral Movement

Discover why lateral movement is hard to detect and how to catch it before it’s too late.

The MSP Evolution: From IT Support to Cybersecurity Leadership

WatchGuard’s latest report reveals how MSPs are evolving into strategic cybersecurity partners focused on AI, resilience, and measurable outcomes.

Why Patch Management Matters for MSPs: Security, Scalability, and Profitability

Modern patch management helps MSPs reduce risk, scale operations, and deliver more consistent, profitable services.

Cybersecurity in 2026: Why the Risk Is Bigger Than Ever

Cybersecurity now affects every organization. In 2026, cyberattacks spread faster, hit harder, and impact businesses of all sizes.

Meet Rai: AI That Runs More of the Security Work

MSPs juggle more clients, tools, and demands. Rai, WatchGuard’s AI digital worker, streamlines operations so teams save time and deliver more value.

SMBs Hit a Cybersecurity Breaking Point as 91% Fear AI-Driven Attacks, Driving Shift to MSP-Led Security Models, WatchGuard Finds

New global research shows internal teams can’t keep pace, fueling demand for always-on, outcome-driven security services

WatchGuard Introduces Rai: The Agentic AI Digital Workforce Designed Specifically for MSPs

Shift from Assistive AI to Autonomous Execution to Unlock Scalable, Profitable Growth

WatchGuard Acquires Perimeters.io to Scale Cloud Security for MSPs

Introduces WatchGuard Cloud Detection and Response, extending protection beyond endpoints and networks

WatchGuard and Halo Announce Partnership to Deliver MSP Automation from Alert to Invoice

Integration embeds WatchGuard security operations inside HaloPSA, streamlining ticketing, provisioning, and billing workflows for MSPs

WatchGuard Disrupts Endpoint Pricing to Give MSPs Competitive Edge

Enterprise-grade product features, combined with agile and aggressive licensing model, offer MSPs maximum agility in competitive Endpoint Detection and Response (EDR) market

WatchGuard Expands NDR Capabilities, Making Advanced Network Threat Detection Practical for MSPs and Midmarket Organizations

Embedded detection, managed services, and automated response simplify NDR adoption for SMEs and MSPs

Schwachstellen managen: Die besten Vulnerability-Management-Tools

Security-Infotainment: Die besten Hacker-Dokus

Der Kaufratgeber für Breach & Attack Simulation Tools

Google entdeckt erstmals KI-basierten Zero-Day-Exploit

Cybersicherheitsvorschriften: So erfüllen Sie Ihre Compliance-Anforderungen

Customer Identity & Access Management: Die besten CIAM-Tools

Grandoreiro Banking Trojan Targets Europe and Latin America

WatchGuard telemetry identified a campaign associated to Grandoreiro that uses the DLL Side-Loading technique abusing four different softwares, targeting banks in Portugal. Also, it was identified cases of a known campaign that uses a malicious VBS to deliver the malware, targeting companies in…

Grandoreiro Malware Campaign Targets Europe and Latin America

WatchGuard telemetry identified a campaign associated to Grandoreiro that uses the DLL Side-Loading technique abusing four different softwares, targeting banks in Portugal. Also, it was identified cases of a known campaign that uses a malicious VBS to deliver the malware, targeting companies in…

Long Weekend Cybersecurity Checklist

Long weekends are good for people. They're also useful for attackers. That's not fearmongering. It's an operational reality. Threat actors understand how businesses work. They know when staffing is lighter, when response times may be slower, and when IT and security teams are more likely to be…

The IDE Is the New Domain Admin: How Developer Environments Became Ground Zero

I remember my first real dev setup. A beige tower, a copy of Turbo C++, and a dial-up connection that screamed like a fax machine having an existential crisis. The workstation was an island. What lived on it stayed on it. The biggest security risk was a floppy disk from a friend, and even then, you…

Ransomware Tracker (Entry #338): Sorry Worm

On April 27, 2026, a ransomware written in Golang was submitted to VirusTotal that appended the '.sorry' string to the encrypted filenames. Upon initial review, this was not the same as the 2018 Sorry ransomware, which was built using the open-source HiddenTear encryptor. This was novel, and that…

Cybercrime Has Entered the Physical Supply Chain

Cybercrime no longer stays neatly contained behind a screen. In Episode 369 of The 443 Podcast, Marc Laliberte and Corey Nachreiner unpack three recent threat stories that show how digital compromise can ripple outward into software supply chains, ransomware recovery, and even stolen freight…

U.S. Treasury Lifts Sanctions on Three Individuals Linked to Intellexa and Predator Spyware

The U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) on Tuesday removed three individuals linked to the Intellexa Consortium, the holding company behind a commercial spyware known as Predator , from the specially designated nationals list. The names of the individuals are as follows - Merom Harpaz Andrea Nicola Constantino Hermes Gambazzi Sara Aleksandra Fayssal Hamou Hamou was sanctioned by OFAC in March 2024, and Harpaz and Gambazzi were targeted in September 2024 in connection with developing, operating, and distributing Predator. It's currently not known why they were removed from the list. Harpaz is said to be working as a manager of Intellexa S.A., while Gambazzi was identified as the owner of Thalestris Limited and Intellexa Limited. Thalestris, Treasury Department said, held the distribution rights to the spyware, and processed transactions on behalf of other entities within the Intellexa Consortium. It's also the parent company...

IBM Warns of Critical API Connect Bug Allowing Remote Authentication Bypass

IBM has disclosed details of a critical security flaw in API Connect that could allow attackers to gain remote access to the application. The vulnerability, tracked as CVE-2025-13915 , is rated 9.8 out of a maximum of 10.0 on the CVSS scoring system. It has been described as an authentication bypass flaw. "IBM API Connect could allow a remote attacker to bypass authentication mechanisms and gain unauthorized access to the application," the tech giant said in a bulletin. The shortcoming affects the following versions of IBM API Connect - 10.0.8.0 through 10.0.8.5 10.0.11.0 Customers are advised to follow the steps outlined below - Download the fix from Fix Central Extract the files: Readme.md and ibm-apiconnect-<version>-ifix.13195.tar.gz Apply the fix based on the appropriate API Connect version "Customers unable to install the interim fix should disable self-service sign-up on their Developer Portal if enabled, which will help minimise their exp...

Researchers Spot Modified Shai-Hulud Worm Testing Payload on npm Registry

Cybersecurity researchers have disclosed details of what appears to be a new strain of Shai Hulud on the npm registry with slight modifications from the previous wave observed last month. The npm package that embeds the novel Shai Hulud strain is " @vietmoney/react-big-calendar ," which was uploaded to npm back in March 2021 by a user named "hoquocdat." It was updated for the first time on December 28, 2025, to version 0.26.2. The package has been downloaded 698 times since its initial publication. The latest version has been downloaded 197 times. Aikido, which spotted the package, said it has not spotted any major spread or infections following the release of the package. "This suggests we may have caught the attackers testing their payload," security researcher Charlie Eriksen said . "The differences in the code suggests that this was obfuscated again from the original source, not modified in place. This makes it highly unlikely to be a copy-ca...

Trust Wallet Chrome Extension Hack Drains $8.5M via Shai-Hulud Supply Chain Attack

Trust Wallet on Tuesday revealed that the second iteration of the Shai-Hulud (aka Sha1-Hulud) supply chain outbreak in November 2025 was likely responsible for the hack of its Google Chrome extension, ultimately resulting in the theft of approximately $8.5 million in assets. "Our Developer GitHub secrets were exposed in the attack, which gave the attacker access to our browser extension source code and the Chrome Web Store (CWS) API key," the company said in a post-mortem published Tuesday. "The attacker obtained full CWS API access via the leaked key, allowing builds to be uploaded directly without Trust Wallet's standard release process, which requires internal approval/manual review." Subsequently, the attacker is said to have registered the domain "metrics-trustwallet[.]com" and pushed a trojanized version of the extension with a backdoor that's capable of harvesting users' wallet mnemonic phrases to the sub-domain "api.metrics-...

DarkSpectre Browser Extension Campaigns Exposed After Impacting 8.8 Million Users Worldwide

The threat actor behind two malicious browser extension campaigns, ShadyPanda and GhostPoster , has been attributed to a third attack campaign codenamed DarkSpectre that has impacted 2.2 million users of Google Chrome, Microsoft Edge, and Mozilla Firefox. The activity is assessed to be the work of a Chinese threat actor that Koi Security is tracking under the moniker DarkSpectre . In all, the campaigns have collectively affected over 8.8 million users spanning a period of more than seven years. ShadyPanda was first unmasked by the cybersecurity company earlier this month as targeting all three browser users to facilitate data theft, search query hijacking, and affiliate fraud. It has been found to affect 5.6 million users, including 1.3 newly identified victims stemming from over 100 extensions flagged as connected to the same cluster. This also includes an Edge add-on named "New Tab - Customized Dashboard" that features a logic bomb that waits for three days prior to t...

CSA Issues Alert on Critical SmarterMail Bug Allowing Remote Code Execution

The Cyber Security Agency of Singapore (CSA) has issued a bulletin warning of a maximum-severity security flaw in SmarterTools SmarterMail email software that could be exploited to achieve remote code execution. The vulnerability, tracked as CVE-2025-52691 , carries a CVSS score of 10.0. It relates to a case of arbitrary file upload that could enable code execution without requiring any authentication. "Successful exploitation of the vulnerability could allow an unauthenticated attacker to upload arbitrary files to any location on the mail server, potentially enabling remote code execution," CSA said. Vulnerabilities of this kind allow the upload of dangerous file types that are automatically processed within an application's environment. This could pave the way for code execution if the uploaded file is interpreted and executed as code, as is the case with PHP files. In a hypothetical attack scenario, a bad actor could weaponize this vulnerability to place malici...

Fluch der Cloud: 400.000 Wetterstationen in Frankreich tot

Momentan können wir in Westeuropa ja sommerliche Temperaturen genießen. In Frankreich ist es in einigen Landesteilen sogar arg heiß. Und nun kommt noch ein Sommerthema für einige Franzosen hinzu. Nein, nicht Strommangel durch stillgelegte AKWs, weil die nicht genügend Kühlwasser bekommen. Nein, in Frankreich sind so um die 400.000 Wetterstationen plötzlich tot. Warum? Weil der Hersteller diese an die Cloud angebunden hat, und die benötigten Dienste wegen eines Bankrotts zeitweise abgeschaltet wurden.

VMware Sicherheitsupdates für ESXi 8.0U3j & VSA 8.0U3j

VMware by Broadcom hat gerade Sicherheitsupdates für seine Produkte ESXi 8.0U3j sowie VSA 8.0U3J (vSphere Storage Appliance) veröffentlicht. Danke an Blog-Leser Stefan K. für den Hinweis.

F5 warnt vor Ausnutzung der NGINX-Schwachstelle (CVE-2026-42945)

Im Mai 2026 wurde eine kritische Schwachstelle CVE-2026-42945 in der Software NGINX (Web-Server etc.) öffentlich. Die Software ist in vielen Paketen enthalten und es gibt Angriffe auf ungepatchte Instanzen. F5 warnt nun seine Nutzer vor der Schwachstelle in NGINX Plus und NGINX, und ruft zum Patchen auf.

Rückzieher: Microsoft 365-Deal in Bayern wohl gescheitert

Das Vorhaben der bayerischen Landesregierung, die Verwaltung auf Microsoft 365 umzustellen und dazu Lizenzen zu bündeln, ist nach heftigen Diskussionen als gescheitert anzusehen. Bayern entwickelt seine eigene Lösung.

Nightmare Eclipse auf GitLab gebannt; Microsoft nimmt Stellung

Ein Sicherheitsforscher mit dem Alias Nightmare Eclipse (oder Chaotic Eclipse) veröffentlichte in den letzten 2 Monaten mehrere 0-Day-Schwachstellen mit Exploits. Nachdem das GitHub-Konto des Sicherheitsforschers deaktiviert wurde, zog er zu GitLab um. Das Konto wurde nun auch deaktiviert. Microsoft hat sich zudem nun zum Fall geäußert, und gießt in meinen Augen weiter Öl ins Feuer. Security by Obscurity scheint die Devise, so mein Eindruck.

Notepad++: Schwere Sicherheitslücken ermöglichen Code-Ausführung

Es gibt mal wieder eine Warnung vor schweren Sicherheitslücken im beliebten Windows-Editor Notepad++. Es sind gleich drei Schwachstellen, die geschlossen wurden. Zwei dieser Schwachstellen ermöglichen die Ausführung von beliebigem Code auf dem Computer des Opfers.