heise alerts
Chrome: Zwei Updates in einer Woche
Angriffe auf Cisco Unified CM beobachtet
heise security
iX-Workshop: Windows Server absichern und härten
Chrome: Zwei Updates in einer Woche
Auslegungssache 162: Aufsichtsbehörde unter Druck
watchguard blog
The MSP’s Invisible Enemy: How to Pinpoint Friction in Cybersecurity
How to identify operational friction in managed security and maintain control and visibility at scale across your MSP environments.
Why AI Is Becoming an Operational Requirement for Security Teams
Organizations have visibility, but not enough capacity to act. The challenge is turning growing security data into fast, scalable decisions.
The End of the VPN: Why Modern Businesses Are Rethinking Remote Access
Discover why organizations are moving beyond VPNs and adopting Zero Trust access. Join our webinar to learn the future of secure connectivity.
The Easiest Security Add of 2026 Is Also the Most Urgent
Discover why CloudDR is the must-have security addition for MSPs in 2026, delivering cloud visibility, identity protection, and proactive threat detection.
The Breaches You Don't See: Why Monitoring External Exposure Prevents Breaches
Cybersecurity often focuses on attacks, but many breaches happen because organizations unintentionally expose systems, applications, or data online.
Automate or Amplify: How to Scale a SOC Without Adding Headcount
Discover how AI in cybersecurity can automate routine SOC tasks and amplify the impact of human analysts in their daily workflows.
watchguard pressreleases
WatchGuard Named a Champion in the Omdia Global Cybersecurity MSP Ecosystems Leadership Matrix for Fourth Consecutive Year
Recognition highlights WatchGuard’s continued innovation in helping MSPs scale through its Unified Security Platform®, agentic AI, and expanded cloud security capabilities
WatchGuard Launches New High-Performance Firebox Appliances to Secure Modern Enterprise Networks
New Firebox appliances deliver ultra-high-speed security performance, enterprise resiliency, and simplified operations for MSPs, Campus, and distributed enterprise environments
SMBs Hit a Cybersecurity Breaking Point as 91% Fear AI-Driven Attacks, Driving Shift to MSP-Led Security Models, WatchGuard Finds
New global research shows internal teams can’t keep pace, fueling demand for always-on, outcome-driven security services
WatchGuard Introduces Rai: The Agentic AI Digital Workforce Designed Specifically for MSPs
Shift from Assistive AI to Autonomous Execution to Unlock Scalable, Profitable Growth
WatchGuard Acquires Perimeters.io to Scale Cloud Security for MSPs
Introduces WatchGuard Cloud Detection and Response, extending protection beyond endpoints and networks
WatchGuard and Halo Announce Partnership to Deliver MSP Automation from Alert to Invoice
Integration embeds WatchGuard security operations inside HaloPSA, streamlining ticketing, provisioning, and billing workflows for MSPs
csoonline
Schwachstellen managen: Die besten Vulnerability-Management-Tools
Security-Infotainment: Die besten Hacker-Dokus
Der Kaufratgeber für Breach & Attack Simulation Tools
Google entdeckt erstmals KI-basierten Zero-Day-Exploit
Cybersicherheitsvorschriften: So erfüllen Sie Ihre Compliance-Anforderungen
Customer Identity & Access Management: Die besten CIAM-Tools
secplicity
Iran-Affiliated Cyber-Espionage Against Global High-Value Organizations
The WatchGuard Geopolitical Cyber Report Iran-Affiliated Cyber-Espionage Against Global High-Value Organizations MuddyWater (Seedworm) DLL Side-Loading Campaign Following the U.S.–Iran–Israel Conflict Geopolitical insight, threat intelligence, and practical cyber-risk guidance for the moments when…
test - Lorem ipsum dolor sit amet
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse…
AI Export Controls, FortiBleed Credentials, and Windows Zero-Days: What Security Teams Should Take Away
Artificial intelligence, exposed edge devices, and vulnerability disclosure are colliding in ways that security teams can no longer treat as separate risks. In Episode 375 of The 443: Security Simplified, WatchGuard’s Marc Laliberte and Corey Nachreiner unpack three timely cybersecurity stories: the…
How MSPs Can Help APAC Businesses Strengthen Cyber Resilience
Cybersecurity across the Asia-Pacific region is becoming more complex, more urgent, and more business-critical. Small and midsized businesses are no longer asking whether they need stronger security. Increasingly, they are asking how quickly they can improve it, how much risk they can realistically…
The Shrinking Exploit Window and What It Means for Cybersecurity Teams
TL;DR The time between vulnerability disclosure and active exploitation is shrinking. In episode 372 of The 443 Security Simplified, WatchGuard’s Marc Laliberte and Adam Winston discuss why the traditional patch window is becoming harder for defenders to rely on. The episode also examines a recent…
DeadLock Ransomware Group Embeds Data Leak Site Within Ransom Note
The DeadLock ransomware operation has existed since mid-2025, with most of the first reported sightings in mid-July, according to ThreatScene. Their report mentioned the group “now conducts double extortion” following a subsequent analysis in September 2025, which revealed newer DeadLock payloads…
thehackernews
U.S. Treasury Lifts Sanctions on Three Individuals Linked to Intellexa and Predator Spyware
The U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) on Tuesday removed three individuals linked to the Intellexa Consortium, the holding company behind a commercial spyware known as Predator , from the specially designated nationals list. The names of the individuals are as follows - Merom Harpaz Andrea Nicola Constantino Hermes Gambazzi Sara Aleksandra Fayssal Hamou Hamou was sanctioned by OFAC in March 2024, and Harpaz and Gambazzi were targeted in September 2024 in connection with developing, operating, and distributing Predator. It's currently not known why they were removed from the list. Harpaz is said to be working as a manager of Intellexa S.A., while Gambazzi was identified as the owner of Thalestris Limited and Intellexa Limited. Thalestris, Treasury Department said, held the distribution rights to the spyware, and processed transactions on behalf of other entities within the Intellexa Consortium. It's also the parent company...
IBM Warns of Critical API Connect Bug Allowing Remote Authentication Bypass
IBM has disclosed details of a critical security flaw in API Connect that could allow attackers to gain remote access to the application. The vulnerability, tracked as CVE-2025-13915 , is rated 9.8 out of a maximum of 10.0 on the CVSS scoring system. It has been described as an authentication bypass flaw. "IBM API Connect could allow a remote attacker to bypass authentication mechanisms and gain unauthorized access to the application," the tech giant said in a bulletin. The shortcoming affects the following versions of IBM API Connect - 10.0.8.0 through 10.0.8.5 10.0.11.0 Customers are advised to follow the steps outlined below - Download the fix from Fix Central Extract the files: Readme.md and ibm-apiconnect-<version>-ifix.13195.tar.gz Apply the fix based on the appropriate API Connect version "Customers unable to install the interim fix should disable self-service sign-up on their Developer Portal if enabled, which will help minimise their exp...
Researchers Spot Modified Shai-Hulud Worm Testing Payload on npm Registry
Cybersecurity researchers have disclosed details of what appears to be a new strain of Shai Hulud on the npm registry with slight modifications from the previous wave observed last month. The npm package that embeds the novel Shai Hulud strain is " @vietmoney/react-big-calendar ," which was uploaded to npm back in March 2021 by a user named "hoquocdat." It was updated for the first time on December 28, 2025, to version 0.26.2. The package has been downloaded 698 times since its initial publication. The latest version has been downloaded 197 times. Aikido, which spotted the package, said it has not spotted any major spread or infections following the release of the package. "This suggests we may have caught the attackers testing their payload," security researcher Charlie Eriksen said . "The differences in the code suggests that this was obfuscated again from the original source, not modified in place. This makes it highly unlikely to be a copy-ca...
Trust Wallet Chrome Extension Hack Drains $8.5M via Shai-Hulud Supply Chain Attack
Trust Wallet on Tuesday revealed that the second iteration of the Shai-Hulud (aka Sha1-Hulud) supply chain outbreak in November 2025 was likely responsible for the hack of its Google Chrome extension, ultimately resulting in the theft of approximately $8.5 million in assets. "Our Developer GitHub secrets were exposed in the attack, which gave the attacker access to our browser extension source code and the Chrome Web Store (CWS) API key," the company said in a post-mortem published Tuesday. "The attacker obtained full CWS API access via the leaked key, allowing builds to be uploaded directly without Trust Wallet's standard release process, which requires internal approval/manual review." Subsequently, the attacker is said to have registered the domain "metrics-trustwallet[.]com" and pushed a trojanized version of the extension with a backdoor that's capable of harvesting users' wallet mnemonic phrases to the sub-domain "api.metrics-...
DarkSpectre Browser Extension Campaigns Exposed After Impacting 8.8 Million Users Worldwide
The threat actor behind two malicious browser extension campaigns, ShadyPanda and GhostPoster , has been attributed to a third attack campaign codenamed DarkSpectre that has impacted 2.2 million users of Google Chrome, Microsoft Edge, and Mozilla Firefox. The activity is assessed to be the work of a Chinese threat actor that Koi Security is tracking under the moniker DarkSpectre . In all, the campaigns have collectively affected over 8.8 million users spanning a period of more than seven years. ShadyPanda was first unmasked by the cybersecurity company earlier this month as targeting all three browser users to facilitate data theft, search query hijacking, and affiliate fraud. It has been found to affect 5.6 million users, including 1.3 newly identified victims stemming from over 100 extensions flagged as connected to the same cluster. This also includes an Edge add-on named "New Tab - Customized Dashboard" that features a logic bomb that waits for three days prior to t...
CSA Issues Alert on Critical SmarterMail Bug Allowing Remote Code Execution
The Cyber Security Agency of Singapore (CSA) has issued a bulletin warning of a maximum-severity security flaw in SmarterTools SmarterMail email software that could be exploited to achieve remote code execution. The vulnerability, tracked as CVE-2025-52691 , carries a CVSS score of 10.0. It relates to a case of arbitrary file upload that could enable code execution without requiring any authentication. "Successful exploitation of the vulnerability could allow an unauthenticated attacker to upload arbitrary files to any location on the mail server, potentially enabling remote code execution," CSA said. Vulnerabilities of this kind allow the upload of dangerous file types that are automatically processed within an application's environment. This could pave the way for code execution if the uploaded file is interpreted and executed as code, as is the case with PHP files. In a hypothetical attack scenario, a bad actor could weaponize this vulnerability to place malici...
borncity
Windows Server 2012 (R2): Azure-Arc enabled ESU-Maschinen machen Rollback
Es gibt Probleme bei der Update-Installation unter Windows Server 2012 (R2), sofern diese über Azure-Arc verwaltet werden. Die im Extended Security Update-Program (ESU) befindlichen Maschinen bekommen zwar weiterhin Sicherheitsupdates. Aber die Installation scheitert und es wird im Anschluss ein Rollback durchgeführt.
Data Loss Prevention: Shadow AI als großes Risiko
Ich habe es ja bereits häufiger in Blog-Beiträgen angesprochen: Datenabflüsse durch wilde KI-Nutzung in Firmen werden uns veritable Sicherheitsvorfälle bescheren. Nun ist mir eine Mitteilung von aDvens, ein Unternehmen für Cybersicherheit, zu gegangen, die genau das bestätigt. Shadow AI wird zum großen Data Loss Prevention-Risiko.
Windows 11: Point-in-time Restore allgemein verfügbar
Noch ein kleiner Nachtrag von dieser Woche. Microsoft hat die als "Point-in-time Restore" bezeichnete Möglichkeit, ein kaputtes Betriebssystem auf einen funktionierenden Zustand zurückzusetzen, allgemein für Windows 11 freigegeben. Klang für mich wie "Systemwiederherstellung", ist aber etwas anderes.
Kompendium-Artikel mit Infos und Tricks?
Von Bolko kam im Sommer 2024 im Diskussionsbereich der Vorschlag: Wie wäre es mit einem oben angepinnten Kompendium-Artikel mit Infos und Tricks zur maximalen Härtung von Windows, der alles zusammenfasst? Da ich die Einträge im Diskussionsbereich immer wieder lösche, packe ich den Text mal hier in einen Blog-Beitrag zur Diskussion.
Windows 10: Microsoft verlängert kostenloses ESU bis Oktober 2027
Gute Nachrichten für Leute, die auf Windows 10 als Betriebssystem geblieben sind. Für Privatpersonen wäre der Extended Security Update Support (ESU) ja zum Oktober 2026 ausgelaufen. Nun hat Microsoft vor einigen Stunden ohne große Ankündigung seinen Supportbeitrag aktualisiert und die Verlängerung der ESU-Unterstützung bis Oktober 2027 bekannt gegeben.
Micron kann sich hohe RAM-Preise für 5 Jahre sichern
Schlechte Nachrichten für Leute, die 2027 auf sinkende Preise für RAM-Bausteine setzen. Der US-Speicherhersteller Micron hat sich in einem vertraglichen Deal mit Kunden das astronomische Preisniveau für RAM-Bausteine über einen Zeitraum von fünf Jahren gesichert.