OT-Security: Warum der Blick auf Open Source lohnt

Tue Apr 15 2025

Auch im OT-Security-Bereich stellen Open-Source-Lösungen eine kostengünstige Alternative zu kommerziellen Tools dar.

CSO Online

Microsoft’s Recall AI Tool Is Making an Unwelcome Return

Mon Apr 14 2025

Microsoft held off on releasing the privacy-unfriendly feature after a swell of pushback last year. Now it’s trying again, with a few improvements that skeptics say still aren't enough.

Wired

ResolverRAT Campaign Targets Healthcare, Pharma via Phishing and DLL Side-Loading

Mon Apr 14 2025

Cybersecurity researchers have discovered a new, sophisticated remote access trojan called ResolverRAT that has been observed in attacks targeting healthcare and pharmaceutical sectors. "The threat actor leverages fear-based lures delivered via phishing emails, designed to pressure recipients into clicking a malicious link," Morphisec Labs researcher Nadav Lorber said in a report shared with The...

The Hacker News

Kritik an OpenAI: Experten warnen vor verkürzten Sicherheitstests

Mon Apr 14 2025

OpenAI hat offenbar seine Sicherheitstests verkürzt.

CSO Online

Phishing Campaigns Use Real-Time Checks to Validate Victim Emails Before Credential Theft

Mon Apr 14 2025

Cybersecurity researchers are calling attention to a new type of credential phishing scheme that ensures that the stolen information is associated with valid online accounts. The technique has been codenamed precision-validating phishing by Cofense, which it said employs real-time email validation so that only a select set of high-value targets are served the fake login screens. "This tactic not...

The Hacker News

AI hallucinations lead to a new cyber threat: Slopsquatting

Mon Apr 14 2025

Cybersecurity researchers are warning of a new type of supply chain attack, Slopsquatting, induced by a hallucinating generative AI model recommending non-existent dependencies.

CSO Online

⚡ Weekly Recap: Windows 0-Day, VPN Exploits, Weaponized AI, Hijacked Antivirus and More

Mon Apr 14 2025

Attackers aren’t waiting for patches anymore — they are breaking in before defenses are ready. Trusted security tools are being hijacked to deliver malware. Even after a breach is detected and patched, some attackers stay hidden. This week’s events show a hard truth: it’s not enough to react after an attack. You have to assume that any system you trust today could fail tomorrow. In a world...

The Hacker News

Cybersecurity in the AI Era: Evolve Faster Than the Threats or Get Left Behind

Mon Apr 14 2025

AI is changing cybersecurity faster than many defenders realize. Attackers are already using AI to automate reconnaissance, generate sophisticated phishing lures, and exploit vulnerabilities before security teams can react. Meanwhile, defenders are overwhelmed by massive amounts of data and alerts, struggling to process information quickly enough to identify real threats. AI offers a way to...

The Hacker News

Black Basta: The Fallen Ransomware Gang That Lives On

Mon Apr 14 2025

After a series of setbacks, the notorious Black Basta ransomware gang went underground. Researchers are bracing for its probable return in a new form.

Wired

CyberAv3ngers: The Iranian Saboteurs Hacking Water and Gas Systems Worldwide

Mon Apr 14 2025

Despite their hacktivist front, CyberAv3ngers is a rare state-sponsored hacker group bent on putting industrial infrastructure at risk—and has already caused global disruption.

Wired

Smishing Triad: The Scam Group Stealing the World’s Riches

Mon Apr 14 2025

Millions of scam text messages are sent every month. The Chinese cybercriminals behind many of them are expanding their operations—and quickly innovating.

Wired

Gamaredon: The Turncoat Spies Relentlessly Hacking Ukraine

Mon Apr 14 2025

For the past decade, this group of FSB hackers—including “traitor” Ukrainian intelligence officers—has used a grinding barrage of intrusion campaigns to make life hell for their former countrymen and cybersecurity defenders.

Wired

The Most Dangerous Hackers You’ve Never Heard Of

Mon Apr 14 2025

From crypto kingpins to sophisticated scammers, these are the lesser-known hacking groups that should be on your radar.

Wired

Brass Typhoon: The Chinese Hacking Group Lurking in the Shadows

Mon Apr 14 2025

Though less well-known than groups like Volt Typhoon and Salt Typhoon, Brass Typhoon, or APT 41, is an infamous, longtime espionage actor that foreshadowed recent telecom hacks.

Wired

TraderTraitor: The Kings of the Crypto Heist

Mon Apr 14 2025

Allegedly responsible for the theft of $1.5 billion in cryptocurrency from a single exchange, North Korea’s TraderTraitor is one of the most sophisticated cybercrime groups in the world.

Wired

How not to hire a North Korean IT spy

Mon Apr 14 2025

CISOs looking for new IT hires already struggle with talent market shortages and bridging cybersecurity skills gaps.

CSO Online

Pakistan-Linked Hackers Expand Targets in India with CurlBack RAT and Spark RAT

Mon Apr 14 2025

A threat actor with ties to Pakistan has been observed targeting various sectors in India with various remote access trojans like Xeno RAT, Spark RAT, and a previously undocumented malware family called CurlBack RAT. The activity, detected by SEQRITE in December 2024, targeted Indian entities under railway, oil and gas, and external affairs ministries, marking an expansion of the hacking crew's...

The Hacker News

What boards want and don’t want to hear from cybersecurity leaders

Mon Apr 14 2025

Successfully engaging with the board may not make or break a CISO’s career, but it’s becoming an increasingly important skill — particularly as risk-conscious boards seek strategic security insights.

CSO Online

GenAI-Security als Checkliste

Mon Apr 14 2025

Das Open Web Application Security Project (OWASP) gibt Unternehmen eine Checkliste für (mehr) GenAI-Sicherheit an die Hand.

CSO Online

Homeland Security Email Tells a US Citizen to ‘Immediately’ Self-Deport

Sun Apr 13 2025

An email sent by the Department of Homeland Security instructs people in the US on a temporary legal status to leave the country. But who the email actually applies to—and who actually received it—is far from clear.

Wired

China Secretly (and Weirdly) Admits It Hacked US Infrastructure

Sat Apr 12 2025

Plus: The Department of Homeland Security begins surveilling immigrants' social media, President Donald Trump targets former CISA director who refuted his claims of 2020 election fraud, and more.

Wired

Fortinet Warns Attackers Retain FortiGate Access Post-Patching via SSL-VPN Symlink Exploit

Fri Apr 11 2025

Fortinet has revealed that threat actors have found a way to maintain read-only access to vulnerable FortiGate devices even after the initial access vector used to breach the devices was patched. The attackers are believed to have leveraged known and now-patched security flaws, including, but not limited to, CVE-2022-42475, CVE-2023-27997, and CVE-2024-21762. "A threat actor used a known...

The Hacker News

Passwörter deutscher Politiker im Darknet aufgetaucht

Fri Apr 11 2025

Forscher haben Zugangsdaten von 241 deutschen Landtagsabgeordneten im Darknet entdeckt.

CSO Online

Paper Werewolf Deploys PowerModul Implant in Targeted Cyberattacks on Russian Sectors

Fri Apr 11 2025

The threat actor known as Paper Werewolf has been observed exclusively targeting Russian entities with a new implant called PowerModul. The activity, which took place between July and December 2024, singled out organizations in the mass media, telecommunications, construction, government entities, and energy sectors, Kaspersky said in a new report published Thursday. Paper Werewolf, also known...

The Hacker News

OpenAI slammed for putting speed over safety

Fri Apr 11 2025

OpenAI, the AI research powerhouse with popular projects like the GPT series, Codec, DALL-E, and Whisper, might be rushing through its AI deployment without adequate protections.

CSO Online

Initial Access Brokers Shift Tactics, Selling More for Less

Fri Apr 11 2025

What are IABs? Initial Access Brokers (IABs) specialize in gaining unauthorized entry into computer systems and networks, then selling that access to other cybercriminals. This division of labor allows IABs to concentrate on their core expertise: exploiting vulnerabilities through methods like social engineering and brute-force attacks.  By selling access, they significantly mitigate the...

The Hacker News

Sex-Fantasy Chatbots Are Leaking a Constant Stream of Explicit Messages

Fri Apr 11 2025

Some misconfigured AI chatbots are pushing people’s chats to the open web—revealing sexual prompts and conversations that include descriptions of child sexual abuse.

Wired

Palo Alto Networks Warns of Brute-Force Attempts Targeting PAN-OS GlobalProtect Gateways

Fri Apr 11 2025

Palo Alto Networks has revealed that it's observing brute-force login attempts against PAN-OS GlobalProtect gateways, days after threat hunters warned of a surge in suspicious login scanning activity targeting its appliances. "Our teams are observing evidence of activity consistent with password-related attacks, such as brute-force login attempts, which does not indicate exploitation of a...

The Hacker News

SpyNote, BadBazaar, MOONSHINE Malware Target Android and iOS Users via Fake Apps

Fri Apr 11 2025

Cybersecurity researchers have found that threat actors are setting up deceptive websites hosted on newly registered domains to deliver a known Android malware called SpyNote. These bogus websites masquerade as Google Play Store install pages for apps like the Chrome web browser, indicating an attempt to deceive unsuspecting users into installing the malware instead. "The threat actor utilized a...

The Hacker News

You’re always a target, so it pays to review your cybersecurity insurance

Fri Apr 11 2025

Any enterprise that is connected to the internet (so, all of them) is at any given time either the direct target of a cyberattacker or at least perpetually in danger of becoming an inadvertent casualt

CSO Online

OttoKit WordPress Plugin Admin Creation Vulnerability Under Active Exploitation

Fri Apr 11 2025

A newly disclosed high-severity security flaw impacting OttoKit (formerly SureTriggers) has come under active exploitation within a few hours of public disclosure. The vulnerability, tracked as CVE-2025-3102 (CVSS score: 8.1), is an authorization bypass bug that could permit an attacker to create administrator accounts under certain conditions and take control of susceptible websites. "The...

The Hacker News

10 Essentials für die KI-Richtlinie in Unternehmen

Fri Apr 11 2025

Unternehmen müssen laut Experten verstehen, was KI im Kontext des Unternehmens bedeutet, egal ob es um die Einhaltung von Vorschriften oder die Rolle Dritter geht.

CSO Online

Russian Shuckworm APT is back with updated GammaSteel malware

Thu Apr 10 2025

A cyberespionage group of Russian origin that has targeted entities from Ukraine, or from countries that are helping Ukraine, has recently launched an attack against the military of a Western nation u

CSO Online

Oracle admits breach of ‘obsolete servers,’ denies main cloud platform affected

Thu Apr 10 2025

Oracle has continued to downplay a data breach it suffered earlier this year, insisting in an email sent to customers this week that the hack did not involve its core platform, Oracle Cloud Infrastruc

CSO Online

Incomplete Patch in NVIDIA Toolkit Leaves CVE-2024-0132 Open to Container Escapes

Thu Apr 10 2025

Cybersecurity researchers have detailed a case of an incomplete patch for a previously addressed security flaw impacting the NVIDIA Container Toolkit that, if successfully exploited, could put sensitive data at risk. The original vulnerability CVE-2024-0132 (CVSS score: 9.0) is a Time-of-Check Time-of-Use (TOCTOU) vulnerability that could lead to a container escape attack and allow for...

The Hacker News

Hackers target SSRF flaws to steal AWS credentials

Thu Apr 10 2025

In a new campaign, threat actors have been trying to access EC2 Instance Metadata, which consists of sensitive virtual server information like IP address, instance ID, and security credentials by expl

CSO Online

Fortinet embeds AI capabilities across Security Fabric platform

Thu Apr 10 2025

Fortinet has expanded support for AI across its core cybersecurity platform to protect enterprise customers from evolving threats and simplify network and security operations.

CSO Online

Malicious npm Package Targets Atomic Wallet, Exodus Users by Swapping Crypto Addresses

Thu Apr 10 2025

Threat actors are continuing to upload malicious packages to the npm registry so as to tamper with already-installed local versions of legitimate libraries and execute malicious code in what's seen as a sneakier attempt to stage a software supply chain attack. The newly discovered package, named pdf-to-office, masquerades as a utility for converting PDF files to Microsoft Word documents. But, in...

The Hacker News

Ransomware-Attacken stoßen in Windows-Lücke

Thu Apr 10 2025

srcset="https://b2b-contenthub.

CSO Online

CISA under review: Trump memo spurs scrutiny and uncertainty

Thu Apr 10 2025

The Trump administration has issued a directive against Christopher Krebs, the founding director and former head of the Cybersecurity and Infrastructure Security Agency (CISA) for weaponizing and abus

CSO Online

Why Codefinger represents a new stage in the evolution of ransomware

Thu Apr 10 2025

If you didn’t pay much attention to news of the recent Codefinger ransomware attack, it’s probably because ransomware has become so prevalent that major incidents no longer feel notable.

CSO Online

PlayPraetor Reloaded: CTM360 Uncovers a Play Masquerading Party

Thu Apr 10 2025

Overview of the PlayPraetor Masquerading Party Variants CTM360 has now identified a much larger extent of the ongoing Play Praetor campaign. What started with 6000+ URLs of a very specific banking attack has now grown to 16,000+ with multiple variants. This research is ongoing, and much more is expected to be discovered in the coming days.  As before, all the newly discovered play...

The Hacker News

The Identities Behind AI Agents: A Deep Dive Into AI & NHI

Thu Apr 10 2025

AI agents have rapidly evolved from experimental technology to essential business tools. The OWASP framework explicitly recognizes that Non-Human Identities play a key role in agentic AI security. Their analysis highlights how these autonomous software entities can make decisions, chain complex actions together, and operate continuously without human intervention. They're no longer just tools,...

The Hacker News

Gamaredon Uses Infected Removable Drives to Breach Western Military Mission in Ukraine

Thu Apr 10 2025

The Russia-linked threat actor known as Gamaredon (aka Shuckworm) has been attributed to a cyber attack targeting a foreign military mission based in Ukraine with an aim to deliver an updated version of a known malware called GammaSteel. The group targeted the military mission of a Western country, per the Symantec Threat Hunter team, with first signs of the malicious activity detected on...

The Hacker News

Top 16 OffSec, pen-testing, and ethical hacking certifications

Thu Apr 10 2025

Red team careers are in high demand, with companies seeking professionals skilled in penetration testing, offensive security (OffSec), and ethical hacking.

CSO Online

Europol Arrests Five SmokeLoader Clients Linked by Seized Database Evidence

Thu Apr 10 2025

Law enforcement authorities have announced that they tracked down the customers of the SmokeLoader malware and detained at least five individuals. "In a coordinated series of actions, customers of the Smokeloader pay-per-install botnet, operated by the actor known as 'Superstar,' faced consequences such as arrests, house searches, arrest warrants or 'knock and talks,'" Europol said in a...

The Hacker News

Trump revokes security clearances for Chris Krebs, SentinelOne in problematic precedent for security vendors

Thu Apr 10 2025

In an ominous development for the cybersecurity industry, US President Donald Trump revoked the security clearance of former Cybersecurity and Infrastructure Security Agency (CISA) Director Chris Kreb

CSO Online

AkiraBot Targets 420,000 Sites with OpenAI-Generated Spam, Bypassing CAPTCHA Protections

Thu Apr 10 2025

Cybersecurity researchers have disclosed details of an artificial intelligence (AI) powered platform called AkiraBot that's used to spam website chats, comment sections, and contact forms to promote dubious search engine optimization (SEO) services such as Akira and ServicewrapGO. "AkiraBot has targeted more than 400,000 websites and successfully spammed at least 80,000 websites since September...

The Hacker News

Security-KPIs und -KRIs: So messen Sie Cybersicherheit

Thu Apr 10 2025

Cybersicherheit zu messen, ist kein Kinderspiel.

CSO Online

Targeted phishing gets a new hook with real-time email validation

Thu Apr 10 2025

Crooks behind some credential-stealing phishing campaigns are trying to increase their success rate by sophisticated targeting.

CSO Online

Spyware Maker NSO Group Is Paving a Path Back Into Trump’s America

Wed Apr 09 2025

The Israeli spyware maker, still on the US Commerce Department’s “blacklist,” has hired a new lobbying firm with direct ties to the Trump administration, a WIRED investigation has found.

Wired

Google launches unified enterprise security platform, announces AI security agents

Wed Apr 09 2025

Google has launched a new enterprise security platform called Google Unified Security that combines the company’s visibility, threat detection, and incident response capabilities and makes it availabl

CSO Online

Lovable AI Found Most Vulnerable to VibeScamming — Enabling Anyone to Build Live Scam Pages

Wed Apr 09 2025

Lovable, a generative artificial intelligence (AI) powered platform that allows for creating full-stack web applications using text-based prompts, has been found to be the most susceptible to jailbreak attacks, allowing novice and aspiring cybercrooks to set up lookalike credential harvesting pages. "As a purpose-built tool for creating and deploying web apps, its capabilities line up perfectly...

The Hacker News

WK Kellogg informiert über Datendiebstahl

Wed Apr 09 2025

Der für seine Cornflakes bekannte Lebensmittelkonzern WK Kellogg wurde um Daten beraubt.

CSO Online

Operation Endgame follow-up leads to five detentions and interrogations as well as server takedowns

Wed Apr 09 2025

Europol

New TCESB Malware Found in Active Attacks Exploiting ESET Security Scanner

Wed Apr 09 2025

A Chinese-affiliated threat actor known for its cyber-attacks in Asia has been observed exploiting a security flaw in security software from ESET to deliver a previously undocumented malware codenamed TCESB. "Previously unseen in ToddyCat attacks, [TCESB] is designed to stealthily execute payloads in circumvention of protection and monitoring tools installed on the device," Kaspersky said in an...

The Hacker News

Explosive Growth of Non-Human Identities Creating Massive Security Blind Spots

Wed Apr 09 2025

GitGuardian's State of Secrets Sprawl report for 2025 reveals the alarming scale of secrets exposure in modern software environments. Driving this is the rapid growth of non-human identities (NHIs), which have been outnumbering human users for years. We need to get ahead of it and prepare security measures and governance for these machine identities as they continue to be deployed, creating an...

The Hacker News

PipeMagic Trojan Exploits Windows Zero-Day Vulnerability to Deploy Ransomware

Wed Apr 09 2025

Microsoft has revealed that a now-patched security flaw impacting the Windows Common Log File System (CLFS) was exploited as a zero-day in ransomware attacks aimed at a small number of targets. "The targets include organizations in the information technology (IT) and real estate sectors of the United States, the financial sector in Venezuela, a Spanish software company, and the retail sector in...

The Hacker News

CISA Warns of CentreStack's Hard-Coded MachineKey Vulnerability Enabling RCE Attacks

Wed Apr 09 2025

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a critical security flaw impacting Gladinet CentreStack to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. The vulnerability, tracked as CVE-2025-30406 (CVSS score: 9.0), concerns a case of a hard-coded cryptographic key that could be abused to achieve remote...

The Hacker News

Microsoft Patches 125 Flaws Including Actively Exploited Windows CLFS Vulnerability

Wed Apr 09 2025

Microsoft has released security fixes to address a massive set of 125 flaws affecting its software products, including one vulnerability that it said has been actively exploited in the wild. Of the 125 vulnerabilities, 11 are rated Critical, 112 are rated Important, and two are rated Low in severity. Forty-nine of these vulnerabilities are classified as privilege escalation, 34 as remote code...

The Hacker News

Is HR running your employee security training? Here’s why that’s not always the best idea

Wed Apr 09 2025

In today’s fast-changing threat landscape, relying solely on human resources to deliver employee security training can leave an enterprise vulnerable.

CSO Online

Lessons learned about cyber resilience from a visit to Ukraine

Wed Apr 09 2025

During a visit to the recent Kyiv International Cyber Resilience Forum 2025 in Ukraine, I encountered a recurring theme across a plethora of speakers: always be flexible and keep your options open and

CSO Online

9 unverzichtbare Open Source Security Tools

Wed Apr 09 2025

Diese Open-Source-Tools adressieren spezifische Security-Probleme – mit minimalem Footprint.

CSO Online

Adobe Patches 11 Critical ColdFusion Flaws Amid 30 Total Vulnerabilities Discovered

Wed Apr 09 2025

Adobe has released security updates to fix a fresh set of security flaws, including multiple critical-severity bugs in ColdFusion versions 2025, 2023 and 2021 that could result in arbitrary file read and code execution. Of the 30 flaws in the product, 11 are rated Critical in severity - CVE-2025-24446 (CVSS score: 9.1) - An improper input validation vulnerability that could result in an...

The Hacker News

US bank regulator’s email system breached

Wed Apr 09 2025

A cyber intrusion at the US Office of the Comptroller of the Currency (OCC) is “massively serious” and comes at a time when “the good work done to improve cybersecurity in the US is under extraordinar

CSO Online

April Patch Tuesday news: Windows zero day being exploited, ‘big vulnerability’ in 2 SAP apps

Tue Apr 08 2025

A threat actor is exploiting a zero-day elevation of privileges vulnerability in the Windows Common Log File System to deploy ransomware, one of a number of critical holes Microsoft plugged today as p

CSO Online

Fortinet Urges FortiSwitch Upgrades to Patch Critical Admin Password Change Flaw

Tue Apr 08 2025

Fortinet has released security updates to address a critical security flaw impacting FortiSwitch that could permit an attacker to make unauthorized password changes. The vulnerability, tracked as CVE-2024-48887, carries a CVSS score of 9.3 out of a maximum of 10.0. "An unverified password change vulnerability [CWE-620] in FortiSwitch GUI may allow a remote unauthenticated attacker to modify...

The Hacker News

Amazon EC2 SSM Agent Flaw Patched After Privilege Escalation via Path Traversal

Tue Apr 08 2025

Cybersecurity researchers have disclosed details of a now-patched security flaw in the Amazon EC2 Simple Systems Manager (SSM) Agent that, if successfully exploited, could permit an attacker to achieve privilege escalation and code execution. The vulnerability could permit an attacker to create directories in unintended locations on the filesystem, execute arbitrary scripts with root privileges,...

The Hacker News

Cryptocurrency Miner and Clipper Malware Spread via SourceForge Cracked Software Listings

Tue Apr 08 2025

Threat actors have been observed distributing malicious payloads such as cryptocurrency miner and clipper malware via SourceForge, a popular software hosting service, under the guise of cracked versions of legitimate applications like Microsoft Office. "One such project, officepackage, on the main website sourceforge.net, appears harmless enough, containing Microsoft Office add-ins copied from a...

The Hacker News

Ransomware-Attacke auf Europcar

Tue Apr 08 2025

Europcar hat einen Cyberangriff mit Datendiebstahl erlitten.

CSO Online

Chinese ToddyCat abuses ESET antivirus bug for malicious activities

Tue Apr 08 2025

China-backed APT group ToddyCat has been found exploiting a medium-severity vulnerability in ESET antivirus software to sneak malicious code onto vulnerable systems.

CSO Online

Agentic AI in the SOC - Dawn of Autonomous Alert Triage

Tue Apr 08 2025

Security Operations Centers (SOCs) today face unprecedented alert volumes and increasingly sophisticated threats. Triaging and investigating these alerts are costly, cumbersome, and increases analyst fatigue, burnout, and attrition. While artificial intelligence has emerged as a go-to solution, the term “AI” often blurs crucial distinctions. Not all AI is built equal, especially in the SOC. Many...

The Hacker News

UAC-0226 Deploys GIFTEDCROOK Stealer via Malicious Excel Files Targeting Ukraine

Tue Apr 08 2025

The Computer Emergency Response Team of Ukraine (CERT-UA) has revealed a new set of cyber attacks targeting Ukrainian institutions with information-stealing malware. The activity is aimed at military formations, law enforcement agencies, and local self-government bodies, particularly those located near Ukraine's eastern border, the agency said. The attacks involve distributing phishing emails...

The Hacker News

CISA Adds CrushFTP Vulnerability to KEV Catalog Following Confirmed Active Exploitation

Tue Apr 08 2025

A recently disclosed critical security flaw impacting CrushFTP has been added by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to its Known Exploited Vulnerabilities (KEV) catalog after reports emerged of active exploitation in the wild. The vulnerability is a case of authentication bypass that could permit an unauthenticated attacker to take over susceptible instances. It has...

The Hacker News