heise alerts
7-Zip: Update stopft Codeschmuggel-Lücke
Full Disclosure als Notwehr: Der Cursor Zero Day
heise security
watchguard blog
Beyond Security: How Complexity is Pushing Companies to the Brink
Cybersecurity is becoming a continuous, complex challenge. MSPs help scale operations, 24/7 monitoring, and response.
Why Now Is the Time to Replace Your VPN
Identity-based secure access replaces VPNs with Zero Trust, reducing risk, simplifying operations, and securing hybrid work through continuous verification.
Cut Through the Noise: Learn How to Spot the Threats That Matter
Discover how MDR and endpoint security help cut alert fatigue, improve threat detection, and enable faster response to today's stealthiest attacks.
Why Human Behavior Has Become Cybersecurity's Fastest-Changing Attack Surface
2026 Cyber Hygiene report: Cyber risk now hinges on employee behavior. Secure, low-friction tools and human risk metrics are key to reducing modern threats.
AI Innovation Challenge: Help Shape the Future of Cybersecurity
WatchGuard's $10M AI Challenge funds MSP ideas with up to $100K each, with a VIP trip to Impact North America for the Grand Prize winner.
The Future of Secure Remote Access Starts with Zero Trust
Discover why Zero Trust is replacing traditional VPNs and how continuous verification helps secure remote access in today's hybrid work environments.
watchguard pressreleases
Employees Drive Rising Cybersecurity Risk As Shadow AI and Unsafe Work Habits Surge, WatchGuard Global Survey Finds
New Research Highlights Growing Visibility Gap Between Employee Behavior and Organizational Security Controls.
WatchGuard Launches AI Innovation Challenge, Inviting MSPs to Help Shape the Future of AI-Powered Cybersecurity
Part of WatchGuard's $10M AI investment, the challenge will fund selected MSP ideas with up to $100,000 each, and one Grand Prize winner earns an exclusive VIP trip to WatchGuard Impact North America.
WatchGuard Appoints Vincent Hwang as Chief Product Officer to Accelerate Platform Strategy and AI-Driven Innovation
Former Fortinet, Cisco, and Bitdefender leader brings proven track record in scaling cybersecurity platforms, strengthening partner-driven growth, and shaping category-defining product narratives.
WatchGuard Named a Champion in the Omdia Global Cybersecurity MSP Ecosystems Leadership Matrix for Fourth Consecutive Year
Recognition highlights WatchGuard’s continued innovation in helping MSPs scale through its Unified Security Platform®, agentic AI, and expanded cloud security capabilities
WatchGuard Launches New High-Performance Firebox Appliances to Secure Modern Enterprise Networks
New Firebox appliances deliver ultra-high-speed security performance, enterprise resiliency, and simplified operations for MSPs, Campus, and distributed enterprise environments
SMBs Hit a Cybersecurity Breaking Point as 91% Fear AI-Driven Attacks, Driving Shift to MSP-Led Security Models, WatchGuard Finds
New global research shows internal teams can’t keep pace, fueling demand for always-on, outcome-driven security services
csoonline
Schwachstellen managen: Die besten Vulnerability-Management-Tools
Security-Infotainment: Die besten Hacker-Dokus
Der Kaufratgeber für Breach & Attack Simulation Tools
Google entdeckt erstmals KI-basierten Zero-Day-Exploit
Cybersicherheitsvorschriften: So erfüllen Sie Ihre Compliance-Anforderungen
Customer Identity & Access Management: Die besten CIAM-Tools
secplicity
Ransomware Tracker (Entry #356): JADEPUFFER
JADEPUFFER is the name of the agentic threat actor (ATA) that exploited a vulnerability in an Internet-facing Langflow instance ( CVE-2025-3248) and, without human intervention, gained persistence, enumerated a victim's systems, and deployed ransomware across the network. It was first reported on…
CISA Incident Lessons, Amazon Q Flaw, and Giga Wiper
In Episode 378 of The 443 Security Simplified, Marc Laliberte and Corey Nachreiner examine lessons from a recent CISA security incident, a vulnerability affecting the Amazon Q Developer extension for Visual Studio Code, and Microsoft research into a destructive malware platform known as Giga Wiper…
The Spec Is Back, But Nobody Told Security
What happens when AI makes Waterfall agile? A few weeks ago, I was sitting with one of our engineering VPs while he walked me through his workflow in Cursor. Before writing a single line of code, he spent a meaningful amount of time using Cursor to craft a feature specification, a detailed natural…
Why CVE Grading Still Matters for Vulnerability Management
Vulnerability management has never been just about finding flaws. It is about understanding which flaws matter most, which ones attackers are likely to exploit, and which ones security teams need to prioritize before they become a real business risk. That is why CVEs, CVSS scores, and vulnerability…
TimbreStealer Malware Targets Mexico Companies with Advanced Evasion Techniques
WatchGuard telemetry identified a campaign associated to TimbreStealer, which is known to target companies based in Mexico. Some behaviors are similar to a previous campaign documented by Cisco Talos in 2024, which has sophisticated techniques to evade detection and difficult analysis. One more new…
NoisyS0cks: Undocumented SOCKS5 Pivot Framework Giving Ransomware Affiliates a Foothold Inside Networks
The WatchGuard Attestation Team has uncovered an undocumented pivot framework written in Golang that opens a Smux-multiplexed SOCKS5-style pivot channel on each compromised host using one of two interchangeable transports: KCP-over-UDP with DTLS obfuscation or Noise-over-TCP with TLS obfuscation…
thehackernews
U.S. Treasury Lifts Sanctions on Three Individuals Linked to Intellexa and Predator Spyware
The U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) on Tuesday removed three individuals linked to the Intellexa Consortium, the holding company behind a commercial spyware known as Predator , from the specially designated nationals list. The names of the individuals are as follows - Merom Harpaz Andrea Nicola Constantino Hermes Gambazzi Sara Aleksandra Fayssal Hamou Hamou was sanctioned by OFAC in March 2024, and Harpaz and Gambazzi were targeted in September 2024 in connection with developing, operating, and distributing Predator. It's currently not known why they were removed from the list. Harpaz is said to be working as a manager of Intellexa S.A., while Gambazzi was identified as the owner of Thalestris Limited and Intellexa Limited. Thalestris, Treasury Department said, held the distribution rights to the spyware, and processed transactions on behalf of other entities within the Intellexa Consortium. It's also the parent company...
IBM Warns of Critical API Connect Bug Allowing Remote Authentication Bypass
IBM has disclosed details of a critical security flaw in API Connect that could allow attackers to gain remote access to the application. The vulnerability, tracked as CVE-2025-13915 , is rated 9.8 out of a maximum of 10.0 on the CVSS scoring system. It has been described as an authentication bypass flaw. "IBM API Connect could allow a remote attacker to bypass authentication mechanisms and gain unauthorized access to the application," the tech giant said in a bulletin. The shortcoming affects the following versions of IBM API Connect - 10.0.8.0 through 10.0.8.5 10.0.11.0 Customers are advised to follow the steps outlined below - Download the fix from Fix Central Extract the files: Readme.md and ibm-apiconnect-<version>-ifix.13195.tar.gz Apply the fix based on the appropriate API Connect version "Customers unable to install the interim fix should disable self-service sign-up on their Developer Portal if enabled, which will help minimise their exp...
Researchers Spot Modified Shai-Hulud Worm Testing Payload on npm Registry
Cybersecurity researchers have disclosed details of what appears to be a new strain of Shai Hulud on the npm registry with slight modifications from the previous wave observed last month. The npm package that embeds the novel Shai Hulud strain is " @vietmoney/react-big-calendar ," which was uploaded to npm back in March 2021 by a user named "hoquocdat." It was updated for the first time on December 28, 2025, to version 0.26.2. The package has been downloaded 698 times since its initial publication. The latest version has been downloaded 197 times. Aikido, which spotted the package, said it has not spotted any major spread or infections following the release of the package. "This suggests we may have caught the attackers testing their payload," security researcher Charlie Eriksen said . "The differences in the code suggests that this was obfuscated again from the original source, not modified in place. This makes it highly unlikely to be a copy-ca...
Trust Wallet Chrome Extension Hack Drains $8.5M via Shai-Hulud Supply Chain Attack
Trust Wallet on Tuesday revealed that the second iteration of the Shai-Hulud (aka Sha1-Hulud) supply chain outbreak in November 2025 was likely responsible for the hack of its Google Chrome extension, ultimately resulting in the theft of approximately $8.5 million in assets. "Our Developer GitHub secrets were exposed in the attack, which gave the attacker access to our browser extension source code and the Chrome Web Store (CWS) API key," the company said in a post-mortem published Tuesday. "The attacker obtained full CWS API access via the leaked key, allowing builds to be uploaded directly without Trust Wallet's standard release process, which requires internal approval/manual review." Subsequently, the attacker is said to have registered the domain "metrics-trustwallet[.]com" and pushed a trojanized version of the extension with a backdoor that's capable of harvesting users' wallet mnemonic phrases to the sub-domain "api.metrics-...
DarkSpectre Browser Extension Campaigns Exposed After Impacting 8.8 Million Users Worldwide
The threat actor behind two malicious browser extension campaigns, ShadyPanda and GhostPoster , has been attributed to a third attack campaign codenamed DarkSpectre that has impacted 2.2 million users of Google Chrome, Microsoft Edge, and Mozilla Firefox. The activity is assessed to be the work of a Chinese threat actor that Koi Security is tracking under the moniker DarkSpectre . In all, the campaigns have collectively affected over 8.8 million users spanning a period of more than seven years. ShadyPanda was first unmasked by the cybersecurity company earlier this month as targeting all three browser users to facilitate data theft, search query hijacking, and affiliate fraud. It has been found to affect 5.6 million users, including 1.3 newly identified victims stemming from over 100 extensions flagged as connected to the same cluster. This also includes an Edge add-on named "New Tab - Customized Dashboard" that features a logic bomb that waits for three days prior to t...
CSA Issues Alert on Critical SmarterMail Bug Allowing Remote Code Execution
The Cyber Security Agency of Singapore (CSA) has issued a bulletin warning of a maximum-severity security flaw in SmarterTools SmarterMail email software that could be exploited to achieve remote code execution. The vulnerability, tracked as CVE-2025-52691 , carries a CVSS score of 10.0. It relates to a case of arbitrary file upload that could enable code execution without requiring any authentication. "Successful exploitation of the vulnerability could allow an unauthenticated attacker to upload arbitrary files to any location on the mail server, potentially enabling remote code execution," CSA said. Vulnerabilities of this kind allow the upload of dangerous file types that are automatically processed within an application's environment. This could pave the way for code execution if the uploaded file is interpreted and executed as code, as is the case with PHP files. In a hypothetical attack scenario, a bad actor could weaponize this vulnerability to place malici...
borncity
Windows Papierkorb-Bug mit Juli 2026-Update behoben
Mit dem Sicherheitsupdate für Windows vom 9. Juni 2026 hat sich ein Bug in das Betriebssystem eingeschlichen, der sich beim Löschen von Dateien auswirkt. Ich hatte im Blog berichtet und Microsoft hat den Bug bestätigt. Nun hat Microsoft diesen Fehler mit den Sicherheitsupdates für Windows beseitigt und dies in einem Supportbeitrag bestätigt.
Windows Hello for Business: Ergebnisse der BSI-Untersuchung
Microsoft unterstützt in Windows eine Benutzeranmeldung für den Unternehmenseinsatz über "Windows Hello for Business". Das Bundesamt für Sicherheit in der Informationstechnik (BSI) hat "Windows Hello for Business" genauer unter die Lupe genommen und verrät, wo die Schwächen dieses Konzepts liegen bzw. wo die Grenzen sind.
Windows-Clients: WSUS-Reporting-Probleme nach Updates vom 14. Juli 2026
Die zum 14. Juli 2026, am Patchday für Windows 10 / 11 freigegebenen kumulativen Updates sollen Bugs und Sicherheitslücken auf noch unterstützten Client-Betriebssystem-Versionen beheben. Installierte Updates führen aber dazu, dass das Reporting beim Windows Server Update Services (WSUS) nicht mehr funktioniert. Hängt mit CVE-2025-59287 zusammen, weshalb eine Funktion im WSUS temporär deaktiviert wurde.
Windows-Update-Fehler wegen RSAT-Tools (2026)
Blog-Leser Martin F. hat mich in einer E-Mail auf ein Problem aufmerksam gemacht, in welches er bereits im Juni 2026 bei der Windows-Update-Installation gelaufen ist. Auf einigen Clients schlug die Update-Installation aus "unerfindlichen Gründen" fehl. Nach einer Analyse stellte sich heraus, dass die RSAT-Tools wohl der Verursacher sind. Ich nehme die Information mal kurz auf, vielleicht hilft es Betroffenen.
Amazon Web Services (AWS) "dreht bei den Kosten durch" (Bug)
Am heutigen 17. Juli 2026 hat der eine oder andere Kunde von Amazon Web Services (AWS) womöglich den "Schock fürs Leben" bekommen. Ein Bug führte dazu, dass Kosten in Höhe von Hunderttausenden an Euro bzw. Dollar auf AWS-Konten aufgebucht wurden. AWS arbeitet derzeit daran, diesen Fehler zu beheben. Von AWS-Kunden sind keine Maßnahmen erforderlich sind.
Patchday: Microsoft Office Updates (14. Juli 2026)
Am 14. Juli 2026 (zweiter Dienstag im Monat, Microsoft Patchday) hat Microsoft mehrere sicherheitsrelevante Updates für Microsoft Office veröffentlicht. Im Juli 2026 wurden auch Sicherheitsupdates für Microsoft Office 2016 veröffentlicht, obwohl diese Version aus dem Support gefallen ist. Hier eine Kurzübersicht, was ich gefunden habe.