Security News Feed

Sicherheitslücken: Angreifer können IBM App Connect Enterprise abstürzen lassen

Junos OS Evolved: Update außer der Reihe stopft Codeschmuggel-Lücke

Cisco: Angreifer dringen seit drei Jahren über Sicherheitslücke in Netzwerke ein

Automatisierungs-Tool n8n: Updates stopfen Codeschmuggel-Lecks

Diverse VMware-Produkte über mehrere Sicherheitslücken angreifbar

Malware-Schutz mit kritischen Sicherheitslücken

Anthropic-CEO nennt Vorgehen des Pentagons „vergeltend und strafend"

Nach Bruch mit Anthropic: Pentagon schließt KI-Deal offenbar mit OpenAI

iX-Workshop: GenAI für Security – Auditierbare GRC-Assistenten und SOC-Reporting

Schweiz: Die E-ID kommt später

Bericht: US-Verteidigungsministerium will Chinas Infrastruktur mit KI abklopfen

Virenjagd: VirusTotal flexibler nutzen per Kommandozeile

WatchGuard Wins CRN 5-Star Award for the 10th Year, Celebrating 30 Years

WatchGuard Technologies wins CRN 5-Star Award for the 10th year in the 2026 Partner Program Guide, celebrating 30 years of empowering MSP partners.

Microsoft Defender vs. MDR: What’s Missing?

Microsoft Defender detects threats, but without 24/7 response gaps remain. Learn why MSPs add WatchGuard MDR to turn alerts into fast action.

30 Years of Cybersecurity Leadership. Built For What’s Next.

For 30 years, WatchGuard has evolved with MSPs, adapting to threats, scaling globally, and delivering security built for what’s next.

Key Lessons from the Major Ransomware Attacks in Recent Months

Learn from the ransomware attacks in recent months and find out how to protect your company against advanced threats.

When Detection Isn’t Enough: Why Modern Cybersecurity Demands Real Response

Detection isn’t enough. Learn how to strengthen security with smarter response and automation. Register for the webinar today!

1,500% Surge in New Malware: Why MSPs Must Act Now

WatchGuard Technologies reports a 1,548% malware surge, urging MSPs to adopt proactive, unified defenses against faster-evolving cyber threats.

WatchGuard Marks 30 Years of Setting the MSP Security Standard

Cybersecurity leader has helped MSPs reduce complexity, scale protection, and profitably grow through every market shift

Over 1500% Increase in New, Unique Malware Highlights Growing Security Complexity, according to WatchGuard Biannual Threat Report

MSPs must shift from reactive security to proactive threat intelligence and unified protection

WatchGuard Open MDR Gives MSPs a Faster Path to Enterprise-Grade, High-Margin Managed Security Services Across Existing Customer Environments

Open MDR delivers unified visibility and rapid response across WatchGuard and third-party environments, removing the constraints of single-vendor security models and accelerating MSP time to market

WatchGuard Delivers a Simple Path to Modern Zero Trust Security

A decade of zero trust complexity finally simplified through a unified approach built for MSPs and organizations of every size

Strong, Quiet, Predictable. WatchGuard Delivers Total Protection Without Operational Burden in MITRE ER7 Evaluation.

WatchGuard delivers full coverage with almost no noise in MITRE ATT&CK ER7 testing, giving MSPs stronger protection, faster response, and lower operational burden.

Zero Trust Emerges as Top Growth Opportunity at WatchGuard Partner Roadshow

High partner turnout and strong session engagement signal accelerating demand for advanced security strategies across global MSP market

Hacker kompromittieren immer schneller

Hacker knackt 600 Firewalls in einem Monat – mit KI

Bitcoin-Milliarden von Raubkopie-Portal im Visier der Justiz

Hacker stiehlt Daten von Tausenden RTL-Mitarbeitern

10 Passwordless-Optionen für Unternehmen

Sonderkommission ermittelt zu Cyberangriff auf Kunstsammlungen Dresden

Ongoing Widespread Credential Harvesting Campaign Targets VPN Providers

Introduction At the turn of the year, we were alerted to a doppelganger domain impersonating WatchGuard’s Mobile VPN with SSL, delivering a malicious spoofed client to steal credentials. Navigating directly to the doppelganger domain resulted in a benign informational WatchGuard VPN page. However…

New Kyber Ransomware Posts U.S. Defense Contractor As First Victim

A new ransomware operation known as Kyber has emerged. Their first and current only posted victim is L3Harris, a major defense contractor in the United States. The operators have provided a timer that ends around 6 PM EST on Sunday, October 19. The group claims to have stolen over 300 GB of data…

dAn0n Hacker Group Reemerges as White Lock Ransomware

The first samples of the new(ish) White Lock ransomware began emerging towards the end of September. The earliest compilation time stamp of the four samples currently on MalwareBazaar, Triage, and VirusTotal is September 29, 2025. It has all the hallmarks of traditional crypto-ransomware: kills anti…

Ransomware Tracker (Entry #152): dAn0n

Entry: https://www.watchguard.com/wgrd-security-hub/ransomware-tracker/dan0n The dAn0n Hacker Group, or dAn0n, was first observed in the Spring of 2024. They posted their first victim on their simultaneous dark web and clear net data leak site on March 26. The dAn0n group is often lumped in with…

Global Surge of VPN Exploits: Brute-Force, Blast-RADIUS and Password Spray

The past 18 months have been shaped by a surge in brute-force attacks and critical vulnerabilities (CVEs) targeting VPNs, authentication services, privilege elevation, and denial of service across the network security landscape. This timeline outlines key advisories and CVEs beginning with Cisco…

4 Major UK CyberAttacks and the Year Isn’t Over Yet

Cyberattacks have become the new normal, but 2025 has been particularly brutal for UK businesses. We’re not even through the year, and already four major incidents have shaken industries, disrupted communities, and forced us to think harder about how we deal with cyber threats. Here’s what’s…

U.S. Treasury Lifts Sanctions on Three Individuals Linked to Intellexa and Predator Spyware

The U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) on Tuesday removed three individuals linked to the Intellexa Consortium, the holding company behind a commercial spyware known as Predator , from the specially designated nationals list. The names of the individuals are as follows - Merom Harpaz Andrea Nicola Constantino Hermes Gambazzi Sara Aleksandra Fayssal Hamou Hamou was sanctioned by OFAC in March 2024, and Harpaz and Gambazzi were targeted in September 2024 in connection with developing, operating, and distributing Predator. It's currently not known why they were removed from the list. Harpaz is said to be working as a manager of Intellexa S.A., while Gambazzi was identified as the owner of Thalestris Limited and Intellexa Limited. Thalestris, Treasury Department said, held the distribution rights to the spyware, and processed transactions on behalf of other entities within the Intellexa Consortium. It's also the parent company...

IBM Warns of Critical API Connect Bug Allowing Remote Authentication Bypass

IBM has disclosed details of a critical security flaw in API Connect that could allow attackers to gain remote access to the application. The vulnerability, tracked as CVE-2025-13915 , is rated 9.8 out of a maximum of 10.0 on the CVSS scoring system. It has been described as an authentication bypass flaw. "IBM API Connect could allow a remote attacker to bypass authentication mechanisms and gain unauthorized access to the application," the tech giant said in a bulletin. The shortcoming affects the following versions of IBM API Connect - 10.0.8.0 through 10.0.8.5 10.0.11.0 Customers are advised to follow the steps outlined below - Download the fix from Fix Central Extract the files: Readme.md and ibm-apiconnect-<version>-ifix.13195.tar.gz Apply the fix based on the appropriate API Connect version "Customers unable to install the interim fix should disable self-service sign-up on their Developer Portal if enabled, which will help minimise their exp...

Researchers Spot Modified Shai-Hulud Worm Testing Payload on npm Registry

Cybersecurity researchers have disclosed details of what appears to be a new strain of Shai Hulud on the npm registry with slight modifications from the previous wave observed last month. The npm package that embeds the novel Shai Hulud strain is " @vietmoney/react-big-calendar ," which was uploaded to npm back in March 2021 by a user named "hoquocdat." It was updated for the first time on December 28, 2025, to version 0.26.2. The package has been downloaded 698 times since its initial publication. The latest version has been downloaded 197 times. Aikido, which spotted the package, said it has not spotted any major spread or infections following the release of the package. "This suggests we may have caught the attackers testing their payload," security researcher Charlie Eriksen said . "The differences in the code suggests that this was obfuscated again from the original source, not modified in place. This makes it highly unlikely to be a copy-ca...

Trust Wallet Chrome Extension Hack Drains $8.5M via Shai-Hulud Supply Chain Attack

Trust Wallet on Tuesday revealed that the second iteration of the Shai-Hulud (aka Sha1-Hulud) supply chain outbreak in November 2025 was likely responsible for the hack of its Google Chrome extension, ultimately resulting in the theft of approximately $8.5 million in assets. "Our Developer GitHub secrets were exposed in the attack, which gave the attacker access to our browser extension source code and the Chrome Web Store (CWS) API key," the company said in a post-mortem published Tuesday. "The attacker obtained full CWS API access via the leaked key, allowing builds to be uploaded directly without Trust Wallet's standard release process, which requires internal approval/manual review." Subsequently, the attacker is said to have registered the domain "metrics-trustwallet[.]com" and pushed a trojanized version of the extension with a backdoor that's capable of harvesting users' wallet mnemonic phrases to the sub-domain "api.metrics-...

DarkSpectre Browser Extension Campaigns Exposed After Impacting 8.8 Million Users Worldwide

The threat actor behind two malicious browser extension campaigns, ShadyPanda and GhostPoster , has been attributed to a third attack campaign codenamed DarkSpectre that has impacted 2.2 million users of Google Chrome, Microsoft Edge, and Mozilla Firefox. The activity is assessed to be the work of a Chinese threat actor that Koi Security is tracking under the moniker DarkSpectre . In all, the campaigns have collectively affected over 8.8 million users spanning a period of more than seven years. ShadyPanda was first unmasked by the cybersecurity company earlier this month as targeting all three browser users to facilitate data theft, search query hijacking, and affiliate fraud. It has been found to affect 5.6 million users, including 1.3 newly identified victims stemming from over 100 extensions flagged as connected to the same cluster. This also includes an Edge add-on named "New Tab - Customized Dashboard" that features a logic bomb that waits for three days prior to t...

CSA Issues Alert on Critical SmarterMail Bug Allowing Remote Code Execution

The Cyber Security Agency of Singapore (CSA) has issued a bulletin warning of a maximum-severity security flaw in SmarterTools SmarterMail email software that could be exploited to achieve remote code execution. The vulnerability, tracked as CVE-2025-52691 , carries a CVSS score of 10.0. It relates to a case of arbitrary file upload that could enable code execution without requiring any authentication. "Successful exploitation of the vulnerability could allow an unauthenticated attacker to upload arbitrary files to any location on the mail server, potentially enabling remote code execution," CSA said. Vulnerabilities of this kind allow the upload of dangerous file types that are automatically processed within an application's environment. This could pave the way for code execution if the uploaded file is interpreted and executed as code, as is the case with PHP files. In a hypothetical attack scenario, a bad actor could weaponize this vulnerability to place malici...

Überzählige VMware-Lizenzen verkaufen

Ich hole nochmals ein altes Thema hoch: Es ist zu vermuten, dass Unternehmen über kurz oder lang von VMware by Broadcom zu alternativen Virtualisierungslösungen wechseln. Sofern zu diesem Zeitpunkt noch Lizenzen laufen, besteht die Möglichkeit, diese an Händler für Gebrauchtlizenzen zu verkaufen. Falls das Thema von Interesse ist, ich hatte im November 2025 den Beitrag "Cashback"-Aktion für ehemalige VMware-Kunden des Anbieters Software ReUse mit weiteren Details im Blog. Der kauft und verkauft auch Gebrauchtlizenzen von VMware.

Windows 11 25H2: Autoinstallation von Preview Update KB5077241, Update-GPO von Microsoft verändert?

Kurze Frage an die Blog-Leserschaft, die Windows 11 24H2 oder 25H2 verwendet und die Preview-Updates einspielt. Ein Blog-Leser hat sich die Woche bei mir gemeldet, weil bei ihm diverse, normalerweise optionale Updates automatisch installiert wurden. Bei einer Kontrolle ist ihm aufgefallen, dass der Wert für die Gruppenrichtlinie "Optionale Updates" verändert war. Kurios ist, dass gpedit.msc angibt, dass keine Gruppenrichtlinie konfiguriert sei. Das deutet auf einen Bug hin. Es könnte mit dem Refresh des Windows 11 25H2 Installationsdatenträgers zum 12. Februar 2026 zu tun haben. Würde mich interessieren, ob das noch mehr Leser beobachtet haben.

Anthropic AI bleibt gegenüber dem Pentagon standhaft, Bann durch US-Präsident Trump

Es ist eine Entscheidung des AI-Anbieters Anthropic, die mir letztendlich Respekt abnötigt. Das Unternehmen widersetzte sich der Forderung des Pentagon (neuerdings US-Kriegsministerium), deren AI-Lösung für militärische Zwecke und Massenüberwachung freizugeben, und beugst sich nicht dem ausgesprochenen Ultimatum, obwohl ein 200 Millionen-US-Dollar-Vertrag auf dem Spiel stand. US-Präsident Trump hat nun die Nutzung von Antrophic KI in US-Behörden verboten. Aber Google und OpenAI stützen die Anthropic-Position.

Cybervorfall bei GVV Kommunal (Versicherung); Autohaus nach Cybervorfall pleite

Noch eine kurze Meldung zum Wochenende in Bezug auf Cybervorfälle. Die GVV Kommunal Versicherungen sind wohl Opfer eines Cybervorfalls geworden, bei dem Daten abgeflossen sind.  Vor einigen Wochen hatte ich über einen Cybervorfall auf ein Autohaus berichtet. Nun musste das Unternehmen Insolvenz anmelden.

Meine Pleite mit ZUGFeRD-eRechnungen und der Validierung – Teil 4

Seit Anfang 2026 müssen Unternehmen elektronische Rechnungen (kurz eRechnung) annehmen können. Ich habe diesen Schritt auch für mich umgesetzt und in einer Artikelreihe von Teil 1 bis Teil 3b mit einer vermeintlichen Lösung beschrieben. Im Lauf der letzten Wochen bin ich dann aber mit der Validierung von eRechnungen im ZUGFeRD-Format auf den Bauch gefallen. Ich habe inzwischen zwar eine  funktionierende Lösung, möchte aber nachfolgend in Teil 5 skizzieren, wo es bei der Validierung von eRechnungen scheitert und zu welcher Notlösung ich dann gegriffen habe.

MC1179154: Microsoft Authenticator sperrt sich bei Jailbreak-/Root-Zugriff

Noch ein kurzer Nachtrag für Leute, die den Microsoft Authenticator als App auf einem iPhone oder einem Android-Gerät verwenden. Microsoft hat zum 24. Februar 2026 verlauten lassen, dass man ab Ende Februar 2026 bei Geräten mit Jailbreak (iOS) oder einem Root-Zugriff (Android) die EntraID-Anmeldung erst warnen und dann sperren und die Daten schließlich löschen werde. Diese Umstellung erfolgt schrittweise und soll ab Mitte 2026 abgeschlossen sein.