heise alerts
heise security
watchguard blog
SMB Cybersecurity Spending Rises: Zero Trust & Secure Access Now Essential
SMBs are boosting cybersecurity spending, treating it as a strategic investment. Zero trust and secure access are key to protecting operations and growth.
Unlock the Power of WatchGuard and HaloPSA Integration: Join Our Webinar
Discover how integrating WatchGuard with HaloPSA helps MSPs streamline security, automate tasks, and improve service delivery in this upcoming webinar.
What MSP Leaders Are Telling Us: Four Strategic Takeaways for the Channel
CRN MSP 500 shows MSPs evolving into security operators, relying on automation and platforms for profitability, while AI drives the next generation of services.
XDR to Eliminate Silos and Strengthen Business Security in 2026
Find out why XDR will no longer be optional in 2026 for unifying security, reducing operational noise, and improving business resilience.
Consolidation: The New Standard for MSP Efficiency
Find out how technology consolidation helps MSPs scale while improving efficiency and increasing margins.
Bell Cyber & WatchGuard Partner to Deliver Enterprise Security for Canadian SMEs
Bell Cyber and WatchGuard partner to provide Canadian SMEs with enterprise-level cybersecurity solutions, strengthening protection against digital threats.
watchguard pressreleases
WatchGuard Marks 30 Years of Setting the MSP Security Standard
Cybersecurity leader has helped MSPs reduce complexity, scale protection, and profitably grow through every market shift
Over 1500% Increase in New, Unique Malware Highlights Growing Security Complexity, according to WatchGuard Biannual Threat Report
MSPs must shift from reactive security to proactive threat intelligence and unified protection
WatchGuard Open MDR Gives MSPs a Faster Path to Enterprise-Grade, High-Margin Managed Security Services Across Existing Customer Environments
Open MDR delivers unified visibility and rapid response across WatchGuard and third-party environments, removing the constraints of single-vendor security models and accelerating MSP time to market
WatchGuard Delivers a Simple Path to Modern Zero Trust Security
A decade of zero trust complexity finally simplified through a unified approach built for MSPs and organizations of every size
Strong, Quiet, Predictable. WatchGuard Delivers Total Protection Without Operational Burden in MITRE ER7 Evaluation.
WatchGuard delivers full coverage with almost no noise in MITRE ATT&CK ER7 testing, giving MSPs stronger protection, faster response, and lower operational burden.
Zero Trust Emerges as Top Growth Opportunity at WatchGuard Partner Roadshow
High partner turnout and strong session engagement signal accelerating demand for advanced security strategies across global MSP market
csoonline
DDoS-Angriffe haben sich verdoppelt
DDoS-Attacken: Schlag gegen internationale Cyberkriminelle
ClickFix treibt neue Infostealer-Kampagnen an
BSI moniert Software-Sicherheit im Gesundheitswesen
Cyber-Attacken fluten Eon-Netz: Angriffe verzehnfacht
"Zombie ZIP": Neue Angriffstechnik täuscht Virenscanner
secplicity
Stryker’s Network Disruption Signals a Dangerous New Phase in Cyber Threats
In Episode 362 on The 443 Podcast , Marc and Corey unpack three stories that point to a hard truth for defenders: cyber threats are becoming more disruptive, more deceptive, and more scalable. From a major attack affecting medical technology giant Stryker, to a once-legitimate Chrome extension…
New BianLian Ransomware Activity Detected: SVG Phishing Campaign Targeting Venezuelan Companies
New BianLian Ransomware Activity Detected: SVG Phishing Campaign Targeting Venezuelan Companies WatchGuard telemetry identified some malicious files being downloaded by victims, and almost all of them originated in Venezuela, indicating a possible malicious campaign targeting companies in this…
The Security Gap That Lets Attackers Walk Right In
If you ask most security-conscious organizations about their priorities, the answers are usually familiar: endpoint detection and response, identity and access management, network segmentation, cloud security, vulnerability management, and more. On paper, many teams know exactly what strong security…
AI-Powered Cyber Attacks Are Rising: What Security Teams Need to Know
The cybersecurity landscape is shifting quickly. In Episode 361 of The443 Podcast, Marc Laliberte and Corey Nachreiner discuss three emerging issues shaping modern security: A critical authentication bypass in a popular JSON Web Token (JWT) library An autonomous AI bot exploiting GitHub repositories…
Cisco SD-WAN 0-Day: What MSPs Should Do Now
Three stories, one theme: control planes, supply chains, and human workflows remain high-leverage targets. This Secplicity blog follows the sequence and details covered by Marc Laliberte and Corey Nachreiner in The443 Podcast Episode 360. 1) Cisco Catalyst SD-WAN 0-Day (CVSS 10): What happened Cisco…
Why CMMC Is Important in 2026: Simplified
Let’s be honest: cybersecurity rules are not exactly thrilling. But if your company supports the U.S. Department of Defense (DoD), CMMC (Cybersecurity Maturity Model Certification) is becoming increasingly difficult to ignore. At its core, CMMC exists for one simple reason: to help ensure sensitive…
thehackernews
U.S. Treasury Lifts Sanctions on Three Individuals Linked to Intellexa and Predator Spyware
The U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) on Tuesday removed three individuals linked to the Intellexa Consortium, the holding company behind a commercial spyware known as Predator , from the specially designated nationals list. The names of the individuals are as follows - Merom Harpaz Andrea Nicola Constantino Hermes Gambazzi Sara Aleksandra Fayssal Hamou Hamou was sanctioned by OFAC in March 2024, and Harpaz and Gambazzi were targeted in September 2024 in connection with developing, operating, and distributing Predator. It's currently not known why they were removed from the list. Harpaz is said to be working as a manager of Intellexa S.A., while Gambazzi was identified as the owner of Thalestris Limited and Intellexa Limited. Thalestris, Treasury Department said, held the distribution rights to the spyware, and processed transactions on behalf of other entities within the Intellexa Consortium. It's also the parent company...
IBM Warns of Critical API Connect Bug Allowing Remote Authentication Bypass
IBM has disclosed details of a critical security flaw in API Connect that could allow attackers to gain remote access to the application. The vulnerability, tracked as CVE-2025-13915 , is rated 9.8 out of a maximum of 10.0 on the CVSS scoring system. It has been described as an authentication bypass flaw. "IBM API Connect could allow a remote attacker to bypass authentication mechanisms and gain unauthorized access to the application," the tech giant said in a bulletin. The shortcoming affects the following versions of IBM API Connect - 10.0.8.0 through 10.0.8.5 10.0.11.0 Customers are advised to follow the steps outlined below - Download the fix from Fix Central Extract the files: Readme.md and ibm-apiconnect-<version>-ifix.13195.tar.gz Apply the fix based on the appropriate API Connect version "Customers unable to install the interim fix should disable self-service sign-up on their Developer Portal if enabled, which will help minimise their exp...
Researchers Spot Modified Shai-Hulud Worm Testing Payload on npm Registry
Cybersecurity researchers have disclosed details of what appears to be a new strain of Shai Hulud on the npm registry with slight modifications from the previous wave observed last month. The npm package that embeds the novel Shai Hulud strain is " @vietmoney/react-big-calendar ," which was uploaded to npm back in March 2021 by a user named "hoquocdat." It was updated for the first time on December 28, 2025, to version 0.26.2. The package has been downloaded 698 times since its initial publication. The latest version has been downloaded 197 times. Aikido, which spotted the package, said it has not spotted any major spread or infections following the release of the package. "This suggests we may have caught the attackers testing their payload," security researcher Charlie Eriksen said . "The differences in the code suggests that this was obfuscated again from the original source, not modified in place. This makes it highly unlikely to be a copy-ca...
Trust Wallet Chrome Extension Hack Drains $8.5M via Shai-Hulud Supply Chain Attack
Trust Wallet on Tuesday revealed that the second iteration of the Shai-Hulud (aka Sha1-Hulud) supply chain outbreak in November 2025 was likely responsible for the hack of its Google Chrome extension, ultimately resulting in the theft of approximately $8.5 million in assets. "Our Developer GitHub secrets were exposed in the attack, which gave the attacker access to our browser extension source code and the Chrome Web Store (CWS) API key," the company said in a post-mortem published Tuesday. "The attacker obtained full CWS API access via the leaked key, allowing builds to be uploaded directly without Trust Wallet's standard release process, which requires internal approval/manual review." Subsequently, the attacker is said to have registered the domain "metrics-trustwallet[.]com" and pushed a trojanized version of the extension with a backdoor that's capable of harvesting users' wallet mnemonic phrases to the sub-domain "api.metrics-...
DarkSpectre Browser Extension Campaigns Exposed After Impacting 8.8 Million Users Worldwide
The threat actor behind two malicious browser extension campaigns, ShadyPanda and GhostPoster , has been attributed to a third attack campaign codenamed DarkSpectre that has impacted 2.2 million users of Google Chrome, Microsoft Edge, and Mozilla Firefox. The activity is assessed to be the work of a Chinese threat actor that Koi Security is tracking under the moniker DarkSpectre . In all, the campaigns have collectively affected over 8.8 million users spanning a period of more than seven years. ShadyPanda was first unmasked by the cybersecurity company earlier this month as targeting all three browser users to facilitate data theft, search query hijacking, and affiliate fraud. It has been found to affect 5.6 million users, including 1.3 newly identified victims stemming from over 100 extensions flagged as connected to the same cluster. This also includes an Edge add-on named "New Tab - Customized Dashboard" that features a logic bomb that waits for three days prior to t...
CSA Issues Alert on Critical SmarterMail Bug Allowing Remote Code Execution
The Cyber Security Agency of Singapore (CSA) has issued a bulletin warning of a maximum-severity security flaw in SmarterTools SmarterMail email software that could be exploited to achieve remote code execution. The vulnerability, tracked as CVE-2025-52691 , carries a CVSS score of 10.0. It relates to a case of arbitrary file upload that could enable code execution without requiring any authentication. "Successful exploitation of the vulnerability could allow an unauthenticated attacker to upload arbitrary files to any location on the mail server, potentially enabling remote code execution," CSA said. Vulnerabilities of this kind allow the upload of dangerous file types that are automatically processed within an application's environment. This could pave the way for code execution if the uploaded file is interpreted and executed as code, as is the case with PHP files. In a hypothetical attack scenario, a bad actor could weaponize this vulnerability to place malici...
borncity
Deutschland macht ODF in souveräner Cloud (Deutschland Stack) zur Pflicht
Der IT-Planungsrat macht gerade "Nägel mit Köpfen" und hat das Open Document Format (ODF) als verbindliches Standardformat für Dokumente innerhalb seiner hoheitlichen digitalen Infrastruktur vorgeschrieben.
Outlook-Probleme (Hänger) unter Windows Server 2025 RDS mit FSLogix?
Mich hat eine Leseranfrage eines Administrators erreicht, der unter Windows Server 2025 RDS mit bösen Outlook-Problemen seiner Nutzerschaft kämpft. Outlook bleibt regelmäßig beim Start in bestimmten RDS-Konstellationen hängen (es ist ein Zeitproblem). Es stellt sich die Frage, ob es Einzelfall ist oder ob es mehr Beobachtungen diesbezüglich gibt. Und es gibt die Frage nach der Ursache bzw. Lösung.
Python-Paket mit 96 Millionen Downloads über simplen Befehl infiziert; 500.000 Anmeldedaten abgezogen?
Es gibt mal wieder einen "Lieferkettenangriff" – dieses Mal auf ein (AI) Python-Paket, welches 96 Millionen mal heruntergeladen wurde und entsprechend breit eingesetzt wird. Einem Angreifer ist es gelungen, das Paket zu manipulieren, so dass dieser mit einem simplen pip install-Befehl in der Lage war, alles auf dem Computer des Opfers zu stehlen, was dort an Geheimnissen (SSH-Keys, AWS-Credentials etc.) gespeichert ist. Es ist davon auszugehen, dass eine halbe Million sensitive Zugangsdaten abgeflossen sind.
Chaos Computer Club: Advocado – wenn die Anwaltsplattform "offen steht"
Unschöne Geschichte, die Anwaltsplattform "Advocado" hat zwar einen einschmeichelnden Namen (der mich an eine Frucht erinnert), patz aber bei der Datensicherheit. Der Chaos Computer Club ist, laut einer gestrigen Mitteilung, über ein Debug-Werkzeug der Plattform auf hochgeladene Dokumente und Gesprächsaufzeichnungen gestoßen.
iOS-Geräte durch Exploit-Kit im Risiko; iOS/iPadOS 26.4 freigegeben
Ich fasse mal zwei Meldungen rund im Apples iOS zu einem Sammelbeitrag zusammen. Jemand hat ein Exploit-Kit auf GitHub veröffentlicht, mit dem sich Millionen von iPhones über ältere Sicherheitslücken hacken lassen. Es heißt also nach Möglichkeit iOS updaten. Und Apple hat zum 24. März 2026 ein Update auf iOS 26.4 bzw. iPadOS 26.4 für seine noch unterstützten iPhones und iPads freigegeben.
Windows 11: Out-Band-Update KB5085518 (23.3.2026) fixt Anmeldeprobleme
Microsoft hat bereits zum 23. März 2026 ein Hotfix-Update für Nutzer von Windows 11 Enterprise LTSC 2024 bereitgestellt. Dieses soll Anmeldeprobleme an Microsoft-Konten beheben, welches vom Update KB5079473 vom 10. März 2026 verursacht wurden. Es ist wohl das Hotfix-Pendant zum Out-of-Band-Update KB5085516.