heise alerts
heise security
watchguard blog
Discover Your Network’s Blind Spots Before It’s Too Late
Find out how to eliminate blind spots on your network, reduce false positives, and anticipate threats with comprehensive visibility.
WatchGuard Recognized at the 2026 Cybersecurity Excellence Awards
WatchGuard Technologies wins Best Cybersecurity Company at the 2026 Cybersecurity Excellence Awards, honoring its innovation and industry leadership.
Grow Your MSP Faster with NDR: Join Our Upcoming Webinar
Join our webinar to learn how NDR helps MSPs detect hidden threats, enhance security services, and unlock new growth opportunities.
The Case for an Independent MFA Layer in Microsoft Environments
Identity became a single point of failure for most SMBs. External MFA gives MSPs back control and a service worth offering.
Phishing-Resistant MFA: Why Passkeys Are the Next Step
Advanced phishing now bypasses traditional MFA. Passkeys close that gap. How they work and why regulators and insurers are starting to require them.
30 Years Driving Detection and Response in Hybrid Environments
Discover how network security has evolved over 30 years to protect hybrid environments and mobile users.
watchguard pressreleases
WatchGuard Expands NDR Capabilities, Making Advanced Network Threat Detection Practical for MSPs and Midmarket Organizations
Embedded detection, managed services, and automated response simplify NDR adoption for SMEs and MSPs
WatchGuard Marks 30 Years of Setting the MSP Security Standard
Cybersecurity leader has helped MSPs reduce complexity, scale protection, and profitably grow through every market shift
Over 1500% Increase in New, Unique Malware Highlights Growing Security Complexity, according to WatchGuard Biannual Threat Report
MSPs must shift from reactive security to proactive threat intelligence and unified protection
WatchGuard Open MDR Gives MSPs a Faster Path to Enterprise-Grade, High-Margin Managed Security Services Across Existing Customer Environments
Open MDR delivers unified visibility and rapid response across WatchGuard and third-party environments, removing the constraints of single-vendor security models and accelerating MSP time to market
WatchGuard Delivers a Simple Path to Modern Zero Trust Security
A decade of zero trust complexity finally simplified through a unified approach built for MSPs and organizations of every size
Strong, Quiet, Predictable. WatchGuard Delivers Total Protection Without Operational Burden in MITRE ER7 Evaluation.
WatchGuard delivers full coverage with almost no noise in MITRE ATT&CK ER7 testing, giving MSPs stronger protection, faster response, and lower operational burden.
csoonline
Im Fokus: IT-Leadership
Hacker zielen auf Exilportal Iranwire
Fahndung nach Cyberkriminellen – 130 Firmen attackiert
Cyberangriff auf die Linke
DDoS-Angriffe haben sich verdoppelt
DDoS-Attacken: Schlag gegen internationale Cyberkriminelle
secplicity
Deepfakes Didn’t Invent Cybercrime, They Just Perfected It
Fraud is nothing new. It is a reality that some people will take advantage of the trusting and even minimally naïve. Last year, in a moment of high stress and low sleep, even I, a 25-year Cyber Security veteran, was duped by a phone call from the “FBI” claiming my involvement in identity theft…
OAuth Phishing, Foreign Router Risks, and the Rise of Identity-Based Cyber Attacks
Most organizations are still focused on stopping attackers at the perimeter. But that’s not how modern attacks are working anymore. In Episode 364 of the 443 Podcast, three stories stood out not as isolated incidents, but as signals of a broader shift in how attackers operate: A potential US ban on…
What Attackers Hope You Miss and How AI Is Making It Worse
In Episode 363 of The 443 Podcast, Corey Nachreiner speaks with Kristen Yang, Cybersecurity Analyst & Investigations Lead, about the threats security teams should be paying closest attention to right now. The conversation reinforces an uncomfortable truth for defenders: many successful attacks still…
Ransomware Tracker (Entry #308): The Green Blood Group
The Green Blood Group was both the group name and the encryptor name of this operation. The group, or threat actor, operated for about a month, between January 2026 and February 2026. Although it's likely operations began shortly before that, possibly towards the end of 2025. During that time, at…
Stryker’s Network Disruption Signals a Dangerous New Phase in Cyber Threats
In Episode 362 on The 443 Podcast , Marc and Corey unpack three stories that point to a hard truth for defenders: cyber threats are becoming more disruptive, more deceptive, and more scalable. From a major attack affecting medical technology giant Stryker, to a once-legitimate Chrome extension…
New BianLian Ransomware Activity Detected: SVG Phishing Campaign Targeting Venezuelan Companies
New BianLian Ransomware Activity Detected: SVG Phishing Campaign Targeting Venezuelan Companies WatchGuard telemetry identified some malicious files being downloaded by victims, and almost all of them originated in Venezuela, indicating a possible malicious campaign targeting companies in this…
thehackernews
U.S. Treasury Lifts Sanctions on Three Individuals Linked to Intellexa and Predator Spyware
The U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) on Tuesday removed three individuals linked to the Intellexa Consortium, the holding company behind a commercial spyware known as Predator , from the specially designated nationals list. The names of the individuals are as follows - Merom Harpaz Andrea Nicola Constantino Hermes Gambazzi Sara Aleksandra Fayssal Hamou Hamou was sanctioned by OFAC in March 2024, and Harpaz and Gambazzi were targeted in September 2024 in connection with developing, operating, and distributing Predator. It's currently not known why they were removed from the list. Harpaz is said to be working as a manager of Intellexa S.A., while Gambazzi was identified as the owner of Thalestris Limited and Intellexa Limited. Thalestris, Treasury Department said, held the distribution rights to the spyware, and processed transactions on behalf of other entities within the Intellexa Consortium. It's also the parent company...
IBM Warns of Critical API Connect Bug Allowing Remote Authentication Bypass
IBM has disclosed details of a critical security flaw in API Connect that could allow attackers to gain remote access to the application. The vulnerability, tracked as CVE-2025-13915 , is rated 9.8 out of a maximum of 10.0 on the CVSS scoring system. It has been described as an authentication bypass flaw. "IBM API Connect could allow a remote attacker to bypass authentication mechanisms and gain unauthorized access to the application," the tech giant said in a bulletin. The shortcoming affects the following versions of IBM API Connect - 10.0.8.0 through 10.0.8.5 10.0.11.0 Customers are advised to follow the steps outlined below - Download the fix from Fix Central Extract the files: Readme.md and ibm-apiconnect-<version>-ifix.13195.tar.gz Apply the fix based on the appropriate API Connect version "Customers unable to install the interim fix should disable self-service sign-up on their Developer Portal if enabled, which will help minimise their exp...
Researchers Spot Modified Shai-Hulud Worm Testing Payload on npm Registry
Cybersecurity researchers have disclosed details of what appears to be a new strain of Shai Hulud on the npm registry with slight modifications from the previous wave observed last month. The npm package that embeds the novel Shai Hulud strain is " @vietmoney/react-big-calendar ," which was uploaded to npm back in March 2021 by a user named "hoquocdat." It was updated for the first time on December 28, 2025, to version 0.26.2. The package has been downloaded 698 times since its initial publication. The latest version has been downloaded 197 times. Aikido, which spotted the package, said it has not spotted any major spread or infections following the release of the package. "This suggests we may have caught the attackers testing their payload," security researcher Charlie Eriksen said . "The differences in the code suggests that this was obfuscated again from the original source, not modified in place. This makes it highly unlikely to be a copy-ca...
Trust Wallet Chrome Extension Hack Drains $8.5M via Shai-Hulud Supply Chain Attack
Trust Wallet on Tuesday revealed that the second iteration of the Shai-Hulud (aka Sha1-Hulud) supply chain outbreak in November 2025 was likely responsible for the hack of its Google Chrome extension, ultimately resulting in the theft of approximately $8.5 million in assets. "Our Developer GitHub secrets were exposed in the attack, which gave the attacker access to our browser extension source code and the Chrome Web Store (CWS) API key," the company said in a post-mortem published Tuesday. "The attacker obtained full CWS API access via the leaked key, allowing builds to be uploaded directly without Trust Wallet's standard release process, which requires internal approval/manual review." Subsequently, the attacker is said to have registered the domain "metrics-trustwallet[.]com" and pushed a trojanized version of the extension with a backdoor that's capable of harvesting users' wallet mnemonic phrases to the sub-domain "api.metrics-...
DarkSpectre Browser Extension Campaigns Exposed After Impacting 8.8 Million Users Worldwide
The threat actor behind two malicious browser extension campaigns, ShadyPanda and GhostPoster , has been attributed to a third attack campaign codenamed DarkSpectre that has impacted 2.2 million users of Google Chrome, Microsoft Edge, and Mozilla Firefox. The activity is assessed to be the work of a Chinese threat actor that Koi Security is tracking under the moniker DarkSpectre . In all, the campaigns have collectively affected over 8.8 million users spanning a period of more than seven years. ShadyPanda was first unmasked by the cybersecurity company earlier this month as targeting all three browser users to facilitate data theft, search query hijacking, and affiliate fraud. It has been found to affect 5.6 million users, including 1.3 newly identified victims stemming from over 100 extensions flagged as connected to the same cluster. This also includes an Edge add-on named "New Tab - Customized Dashboard" that features a logic bomb that waits for three days prior to t...
CSA Issues Alert on Critical SmarterMail Bug Allowing Remote Code Execution
The Cyber Security Agency of Singapore (CSA) has issued a bulletin warning of a maximum-severity security flaw in SmarterTools SmarterMail email software that could be exploited to achieve remote code execution. The vulnerability, tracked as CVE-2025-52691 , carries a CVSS score of 10.0. It relates to a case of arbitrary file upload that could enable code execution without requiring any authentication. "Successful exploitation of the vulnerability could allow an unauthenticated attacker to upload arbitrary files to any location on the mail server, potentially enabling remote code execution," CSA said. Vulnerabilities of this kind allow the upload of dangerous file types that are automatically processed within an application's environment. This could pave the way for code execution if the uploaded file is interpreted and executed as code, as is the case with PHP files. In a hypothetical attack scenario, a bad actor could weaponize this vulnerability to place malici...
borncity
Outlook Classic: E-Mail-senden-Problem behoben
Es gab ein Problem beim Senden von E-Mails in Outlook Classic, wenn ein Postfach in outlook.com verwendet wurde. Dann löste der Vorgang einen NDR-Fehler 0x80070005-0x0004dc-0x000524 aus. Das Problem ist zwischenzeitlich gefixt. Ich habe es im Beitrag Outlook Classic: E-Mail senden scheitert mit 0x80070005-0x0004dc-0x000524 nachgetragen.
Veeam Backup-Problem mit MS 365-Postfächern durch EWS-Umstellung im März 2026
Kurze Information an die Blog-Leserschaft, die Veeam Backup 365 einsetzen. Im November 2025 gab es schon mal Probleme beim Zusammenspiel zwischen Veeam Backup und Postfächern bei Microsoft 365. Nun hat mir ein Leser erneut das Veeam Backup-Problem bei Microsoft 365-Postfächern berichtet. Dieses Mal hat die ab Ende 2026 geplante EWS-Umstellung bei Exchange Online bereits ihre Schatten vorausgeworfen. Microsoft hat seine Code-Änderung am 27. März 2026 ausgerollt, was sich auf Veeam Backup auswirkt und zu Fehlern führt.
Reduzierte Blog-Aktivitäten
Heute und Mittwoch sind die Blog-Aktivitäten reduziert. Erstens sind die Enkel zu Besuch und zweitens hat es mich gesundheitlich etwas gekickt. Letzte Woche habe ich ab Mittwoch bereits mit einer Erkältung stundenweise im Bett verbracht. Das ist zwar wieder gut. Aber seit Ostermontag erdet mich eine Nervenentzündung (wohl als Folge der Erkältung), da ich den linken Arm vor Schmerzen kaum bewegen kann. An tippen ist derzeit kaum zu denken. Derzeit laufen daher nur Beiträge aus der Konserve im Blog ein.
Verbraucherzentrale erstreitet im März 206 drei Urteile gegen die 1N-Telecom GmbH
Ich habe noch eine Information nachzutragen, die mich bereits vor einigen Tagen erreicht hat. Es geht um die 1N Telecom GmbH, die mit "als windig anzusehenden" Geschäftsmethoden für Ärger bei Verbraucherinnen und Verbrauchern gesorgt hat. Die Verbraucherzentral ist es bereits im März 2026 gelungen, gleich drei Urteile zu angeblichen Verträgen der 1N Telecom GmbH zu erringen. In allen drei Fällen wurde die angeblichen Verträgen der 1N Telecom GmbH als unwirksam erklärt. Nachfolgend daher eine kurze Einordnung des Sachverhalts.
Meta pausiert Zusammenarbeit mit Mercor nach Sicherheitsvorfall
Nicht schön: Bei Mercor (stellen Trainingsdaten für LLMs für AI-Anbieter bereit) hat es einen Sicherheitsvorfall gegeben. Meta hat die Zusammenarbeit mit Mercor gestoppt und analysiert den Vorfall bei dem "Datenanbieter". Auch OpenAI untersucht laut Mitteilung den Sicherheitsvorfall.
Synology MailPlus als Exchange-Ersatz
In vielen Organisationen wird auf Microsoft Exchange (On-Premises, oder Exchange Online) zur Verwaltung von Postfächern gesetzt. Vor einiger Zeit hat ein Blog-Leser mich auf eine Alternative hingewiesen, die er bei sich seit längerer Zeit einsetzt. Es geht um MailPlus von Synology, in das man Exchange migrieren und auch das AD übernehmen kann.