ISO und ISMS: Darum gehen Security-Zertifizierungen schief

Tue Mar 24 2026

Mit einer ISO 27001-Zertifizierung weisen Unternehmen nach, dass sie ein wirksames Informationssicherheits-Managementsystems (ISMS) betreiben.

CSO Online

Palo Alto updates security platform to discover AI agents

Tue Mar 24 2026

As CISOs worry about AI agent sprawl, Palo Alto Networks has announced an update to its Prisma AIRS security platform and enterprise browser to include the ability to discover AI agents, models, and c

CSO Online

A Mysterious Numbers Station Is Broadcasting Through the Iran War

Mon Mar 23 2026

First heard as US and Israeli strikes on Iran began, the shortwave broadcast has since been traced to a US military base in Germany—but its purpose and its operator remain unclear.

Wired

North Korean Hackers Abuse VS Code Auto-Run Tasks to Deploy StoatWaffle Malware

Mon Mar 23 2026

The North Korean threat actors behind the Contagious Interview campaign, also tracked as WaterPlum, have been attributed to a malware family tracked as StoatWaffle that's distributed via malicious Microsoft Visual Studio Code (VS Code) projects. The use of VS Code "tasks.json" to distribute malware is a relatively new tactic adopted by the threat actor since December 2025, with the attacks...

The Hacker News

Faster attacks and ‘recovery denial’ ransomware reshape threat landscape

Mon Mar 23 2026

Mandiant’s M-Trends 2026 report, released today at the RSA Conference, shows that attackers are moving faster, operating more collaboratively, and increasingly focusing on the systems organizations re

CSO Online

⚡ Weekly Recap: CI/CD Backdoor, FBI Buys Location Data, WhatsApp Ditches Numbers & More

Mon Mar 23 2026

Another week, another reminder that the internet is still a mess. Systems people thought were secure are being broken in simple ways, showing many still ignore basic advisories. This edition covers a mix of issues: supply chain attacks hitting CI/CD setups, long-abused IoT devices being shut down, and exploits moving quickly from disclosure to real attacks. There are also new malware tricks...

The Hacker News

We Found Eight Attack Vectors Inside AWS Bedrock. Here's What Attackers Can Do with Them

Mon Mar 23 2026

AWS Bedrock is Amazon's platform for building AI-powered applications. It gives developers access to foundation models and the tools to connect those models directly to enterprise data and systems. That connectivity is what makes it powerful – but it’s also what makes Bedrock a target. When an AI agent can query your Salesforce instance, trigger a Lambda function, or pull from a SharePoint...

The Hacker News

Chrome ABE bypass discovered: New VoidStealer malware steals passwords and cookies

Mon Mar 23 2026

A new infostealer is bypassing Chrome’s Application-Bound Encryption (ABE), using a debugger-based technique researchers say hasn’t been seen in the wild before.

CSO Online

Microsoft Warns IRS Phishing Hits 29,000 Users, Deploys RMM Malware

Mon Mar 23 2026

Microsoft has warned of fresh campaigns that are capitalizing on the upcoming tax season in the U.S. to harvest credentials and deliver malware. The email campaigns take advantage of the urgency and time-sensitive nature of emails to send phishing messages masquerading as refund notices, payroll forms, filing reminders, and requests from tax professionals to deceive recipients into opening...

The Hacker News

Hassan Took a Bike Ride. Now He's One of the Thousands Missing in Gaza

Mon Mar 23 2026

In a place denied access to basic forensic technology—and where people disappear into Israeli detention—the fate of thousands remains unknown. One of them is an autistic teenager.

Wired

What Happens When You Can’t Get a Death Certificate in Gaza

Mon Mar 23 2026

For families of the missing, systemic obstacles to identifying remains and locating people in Israeli detention has created a kind of social and legal purgatory.

Wired

Behavioral XDR and threat intel nab North Korean fake IT worker within 10 days of hire

Mon Mar 23 2026

The North Korea fake IT worker scheme has become a pernicious threat across several industries.

CSO Online

Why US companies must be ready for quantum by 2030: A practical roadmap

Mon Mar 23 2026

Last year, I asked a room of infrastructure, identity and application leaders a simple question: “Where in our environment do we rely on RSA or elliptic curve cryptography?” The first answers were the

CSO Online

Trivy Hack Spreads Infostealer via Docker, Triggers Worm and Kubernetes Wiper

Mon Mar 23 2026

Cybersecurity researchers have uncovered malicious artifacts distributed via Docker Hub following the Trivy supply chain attack, highlighting the widening blast radius across developer environments. The last known clean release of Trivy on Docker Hub is 0.69.3. The malicious versions 0.69.4, 0.69.5, and 0.69.6 have since been removed from the container image library. "New image tags 0.69.5 and...

The Hacker News

The insider threat rises again

Mon Mar 23 2026

Insider threats are coming back in a consequential way.

CSO Online

Hackers Exploit CVE-2025-32975 (CVSS 10.0) to Hijack Unpatched Quest KACE SMA Systems

Mon Mar 23 2026

Threat actors are suspected to be exploiting a maximum-severity security flaw impacting Quest KACE Systems Management Appliance (SMA), according to Arctic Wolf. The cybersecurity company said it observed malicious activity starting the week of March 9, 2026, in customer environments that's consistent with the exploitation of CVE-2025-32975 on unpatched SMA systems exposed to the internet. It's...

The Hacker News

FBI Warns Russian Hackers Target Signal, WhatsApp in Mass Phishing Attacks

Sat Mar 21 2026

Threat actors affiliated with Russian Intelligence Services are conducting phishing campaigns to compromise commercial messaging applications (CMAs) like WhatsApp and Signal to seize control of accounts belonging to individuals with high intelligence value, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI) said Friday. "The campaign...

The Hacker News

Cyberattack on a Car Breathalyzer Firm Leaves Drivers Stuck

Sat Mar 21 2026

Plus: The FBI admits it’s buying phone data to track Americans, Iranian hackers disrupt medical care at Maryland hospitals, and more.

Wired

Oracle Patches Critical CVE-2026-21992 Enabling Unauthenticated RCE in Identity Manager

Sat Mar 21 2026

Oracle has released security updates to address a critical security flaw impacting Identity Manager and Web Services Manager that could be exploited to achieve remote code execution. The vulnerability, tracked as CVE-2026-21992, carries a CVSS score of 9.8 out of a maximum of 10.0. "This vulnerability is remotely exploitable without authentication," Oracle said in an advisory. "If successfully...

The Hacker News

Trivy Supply Chain Attack Triggers Self-Spreading CanisterWorm Across 47 npm Packages

Sat Mar 21 2026

The threat actors behind the supply chain attack targeting the popular Trivy scanner are suspected to be conducting follow-on attacks that have led to the compromise of a large number of npm packages with a previously undocumented self-propagating worm dubbed CanisterWorm. The name is a reference to the fact that the malware uses an ICP canister, which denotes a tamperproof smart contract on...

The Hacker News

CISA Flags Apple, Craft CMS, Laravel Bugs in KEV, Orders Patching by April 3, 2026

Sat Mar 21 2026

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added five security flaws impacting Apple, Craft CMS, and Laravel Livewire to its Known Exploited Vulnerabilities (KEV) catalog, urging federal agencies to patch them by April 3, 2026. The vulnerabilities that have come under exploitation are listed below - CVE-2025-31277 (CVSS score: 8.8) - A vulnerability in Apple...

The Hacker News

Trivy vulnerability scanner backdoored with credential stealer in supply chain attack

Sat Mar 21 2026

Attackers have compromised the widely used open-source Trivy vulnerability scanner, injecting credential-stealing malware into official releases and GitHub Actions used by thousands of CI/CD workflows.

CSO Online

A Top Democrat Is Urging Colleagues to Support Trump’s Spy Machine

Fri Mar 20 2026

Congressman Jim Himes claims a sweeping surveillance authority should stay intact because he hasn't seen abuses by Kash Patel's FBI, according to internal messaging obtained by WIRED.

Wired

Water utilities strengthen cybersecurity through cooperation

Fri Mar 20 2026

Water utilities are finding that letting information flow can flush out cybersecurity problems.

CSO Online

Trivy Security Scanner GitHub Actions Breached, 75 Tags Hijacked to Steal CI/CD Secrets

Fri Mar 20 2026

Trivy, a popular open-source vulnerability scanner maintained by Aqua Security, was compromised a second time within the span of a month to deliver malware capable of stealing sensitive CI/CD secrets. The latest incident impacted GitHub Actions "aquasecurity/trivy-action" and "aquasecurity/setup-trivy," which are used to scan Docker container images for vulnerabilities and set up GitHub Actions...

The Hacker News

Stop using AI to submit bug reports, says Google

Fri Mar 20 2026

Google will no longer accept AI-generated submissions to a program it funded to find bugs in open-source software.

CSO Online

Critical Langflow Flaw CVE-2026-33017 Triggers Attacks within 20 Hours of Disclosure

Fri Mar 20 2026

A critical security flaw impacting Langflow has come under active exploitation within 20 hours of public disclosure, highlighting the speed at which threat actors weaponize newly published vulnerabilities. The security defect, tracked as CVE-2026-33017 (CVSS score: 9.3), is a case of missing authentication combined with code injection that could result in remote code execution. "The POST /api/v1...

The Hacker News

DDoS-Attacken: Schlag gegen internationale Cyberkriminelle

Fri Mar 20 2026

DDos bleibt ein Evergreen unter den Security-Bedrohungen.

CSO Online

Google Adds 24-Hour Wait for Unverified App Sideloading to Reduce Malware and Scams

Fri Mar 20 2026

Google on Thursday announced a new "advanced flow" for Android sideloading that requires a mandatory 24-hour wait period to install apps from unverified developers in an attempt to balance openness with safety. The new changes come against the backdrop of a developer verification mandate the tech giant announced last year that requires all Android apps to be registered by verified developers to...

The Hacker News

The Importance of Behavioral Analytics in AI-Enabled Cyber Attacks

Fri Mar 20 2026

Artificial Intelligence (AI) is changing how individuals and organizations conduct many activities, including how cybercriminals carry out phishing attacks and iterate on malware. Now, cybercriminals are using AI to generate personalized phishing emails, deepfakes and malware that evade traditional detection by impersonating normal user activity and bypassing legacy security models. As a result,...

The Hacker News

The Danger Behind Meta Killing End-to-End Encryption for Instagram DMs

Fri Mar 20 2026

Meta blamed users for not opting into the privacy-protecting feature. Experts fear the move could be the first major domino to fall for end-to-end encryption tech worldwide.

Wired

Magento PolyShell Flaw Enables Unauthenticated Uploads, RCE and Account Takeover

Fri Mar 20 2026

Sansec is warning of a critical security flaw in Magento's REST API that could allow unauthenticated attackers to upload arbitrary executables and achieve code execution and account takeover. The vulnerability has been codenamed PolyShell by Sansec owing to the fact that the attack hinges on disguising malicious code as an image. There is no evidence that the shortcoming has been exploited in...

The Hacker News

The espionage reality: Your infrastructure is already in the collection path

Fri Mar 20 2026

Threat actors have always sought advantage over their targets.

CSO Online

DoJ Disrupts 3 Million-Device IoT Botnets Behind Record 31.4 Tbps Global DDoS Attacks

Fri Mar 20 2026

The U.S. Department of Justice (DoJ) on Thursday announced the disruption of command-and-control (C2) infrastructure used by several Internet of Things (IoT) botnets like AISURU, Kimwolf, JackSkid, and Mossad as part of a court-authorized law enforcement operation. The effort also saw authorities from Canada and Germany targeting the operators behind these botnets, with a number of private...

The Hacker News

Apple Warns Older iPhones Vulnerable to Coruna, DarkSword Exploit Kit Attacks

Fri Mar 20 2026

Apple is urging users who are still running an outdated version of iOS to update their iPhones to secure against web-based attacks carried out via powerful exploit kits like Coruna and DarkSword. These attacks employ malicious web content to target out-of-date versions of iOS, triggering an infection chain that leads to the theft of sensitive data. "For example, if you're using an older...

The Hacker News

Die besten IAM-Tools

Fri Mar 20 2026

Identity & Access Management ist für sicherheitsbewusste Unternehmen im Zero-Trust-Zeitalter Pflicht.

CSO Online

US Takes Down Botnets Used in Record-Breaking Cyberattacks

Fri Mar 20 2026

The Aisuru, Kimwolf, JackSkid, and Mossad botnets had infected more than 3 million devices in total, many inside home networks, according to the US Justice Department.

Wired

CISA urges IT to harden endpoint management systems after cyberattack by pro-Iranian group

Thu Mar 19 2026

The US is urging infosec leaders to harden their endpoint management system configurations after last week’s hack of American medical supplies provider Stryker by pro-Iranian threat actor Handala.

CSO Online

That cheap KVM device could expose your network to remote compromise

Thu Mar 19 2026

Researchers have found nine vulnerabilities in four popular low-cost KVM-over-IP devices, ranging from unauthenticated command injection to weak authentication defenses and insecure firmware updates.

CSO Online

Speagle Malware Hijacks Cobra DocGuard to Steal Data via Compromised Servers

Thu Mar 19 2026

Cybersecurity researchers have flagged a new malware dubbed Speagle that hijacks the functionality and infrastructure of a legitimate program called Cobra DocGuard. "Speagle is designed to surreptitiously harvest sensitive information from infected computers and transmit it to a Cobra DocGuard server that has been compromised by the attackers, masking the data exfiltration process as legitimate...

The Hacker News

54 EDR Killers Use BYOVD to Exploit 35 Signed Vulnerable Drivers and Disable Security

Thu Mar 19 2026

A new analysis of endpoint detection and response (EDR) killers has revealed that 54 of them leverage a technique known as bring your own vulnerable driver (BYOVD) by abusing a total of 35 vulnerable drivers. EDR killer programs have been a common presence in ransomware intrusions as they offer a way for affiliates to neutralize security software before deploying file-encrypting malware. This...

The Hacker News

Ransomware group exploited Cisco firewall vulnerability as a zero day, weeks before a patch appeared

Thu Mar 19 2026

One of the world’s most active ransomware groups, Interlock, started exploiting a critical-rated Cisco firewall vulnerability as a zero day weeks before it was patched in early March, Amazon has revea

CSO Online

Beijing wants its own quantum-resistant encryption standards rather than adopt NIST’s

Thu Mar 19 2026

China is reportedly planning to develop its own national post-quantum cryptography standards within the next three years, even as most of the world has already begun migrating to those finalized by th

CSO Online

Telnet vulnerability opens door to remote code execution as root

Thu Mar 19 2026

A critical Telnet vulnerability with a CVSS rating of 9.

CSO Online

ThreatsDay Bulletin: FortiGate RaaS, Citrix Exploits, MCP Abuse, LiveChat Phish & More

Thu Mar 19 2026

ThreatsDay Bulletin is back on The Hacker News, and this week feels off in a familiar way. Nothing loud, nothing breaking everything at once. Just a lot of small things that shouldn’t work anymore but still do. Some of it looks simple, almost sloppy, until you see how well it lands. Other bits feel a little too practical, like they’re already closer to real-world use than anyone...

The Hacker News

Signal’s Creator Is Helping Encrypt Meta AI

Thu Mar 19 2026

Moxie Marlinspike says the technology powering his encrypted AI chatbot, Confer, will be integrated into Meta AI. The move could help protect the AI conversations of millions of people.

Wired

New Perseus Android Banking Malware Monitors Notes Apps to Extract Sensitive Data

Thu Mar 19 2026

Cybersecurity researchers have disclosed a new Android malware family called Perseus that's being actively distributed in the wild with an aim to conduct device takeover (DTO) and financial fraud. Perseus is built upon the foundations of Cerberus and Phoenix, at the same time evolving into a "more flexible and capable platform" for compromising Android devices through dropper apps distributed...

The Hacker News

How Ceros Gives Security Teams Visibility and Control in Claude Code

Thu Mar 19 2026

Security teams have spent years building identity and access controls for human users and service accounts. But a new category of actor has quietly entered most enterprise environments, and it operates entirely outside those controls. Claude Code, Anthropic's AI coding agent, is now running across engineering organizations at scale. It reads files, executes shell commands, calls external APIs,...

The Hacker News

The multi-billion dollar mistake: Why cloud misconfigurations are your biggest security threat

Thu Mar 19 2026

Last year, most businesses faced a cloud security incident.

CSO Online

5 key priorities for your RSAC 2026 agenda

Thu Mar 19 2026

RSA Conference 2026 arrives at a significant inflection point for the cybersecurity industry — one that will see its more than 43,000 attendees and 600-plus exhibitors navigating an agenda that has fu

CSO Online

DarkSword iOS Exploit Kit Uses 6 Flaws, 3 Zero-Days for Full Device Takeover

Thu Mar 19 2026

A new exploit kit for Apple iOS devices designed to steal sensitive data from is being wielded by multiple threat actors since at least November 2025, according to reports from Google Threat Intelligence Group (GTIG), iVerify, and Lookout. According to GTIG, multiple commercial surveillance vendors and suspected state-sponsored actors have utilized the full-chain exploit kit, codenamed DarkSword...

The Hacker News

Your MFA isn’t broken — it’s being bypassed, and your employees can’t tell the difference

Thu Mar 19 2026

Multi-factor authentication was supposed to be the solution.

CSO Online

Anthropic ban heralds new era of supply chain risk — with no clear playbook

Thu Mar 19 2026

The Trump administration’s decision to ban AI company Anthropic from Pentagon assets and other government systems as a “supply chain risk” could force CISOs into a position few have faced before: prep

CSO Online

CISA Warns of Zimbra, SharePoint Flaw Exploits; Cisco Zero-Day Hit in Ransomware Attacks

Thu Mar 19 2026

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has urged government agencies to apply patches for two security flaws impacting Synacor Zimbra Collaboration Suite (ZCS) and Microsoft Office SharePoint, stating they have been actively exploited in the wild. The vulnerabilities in question are as follows - CVE-2025-66376 (CVSS score: 7.2) - A stored cross-site scripting...

The Hacker News

Cloud Access Security Broker – ein Kaufratgeber

Thu Mar 19 2026

Lesen Sie, worauf es bei der Wahl eines Cloud Access Security Broker ankommt – und welche Anbieter was genau zu bieten haben.

CSO Online

OFAC Sanctions DPRK IT Worker Network Funding WMD Programs Through Fake Remote Jobs

Wed Mar 18 2026

The U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) has sanctioned six individuals and two entities for their involvement in the Democratic People's Republic of Korea (DPRK) information technology (IT) worker scheme with an aim to defraud U.S. businesses and generate illicit revenue for the regime to fund its weapons of mass destruction (WMD) programs. "The North Korean...

The Hacker News

Interlock Ransomware Exploits Cisco FMC Zero-Day CVE-2026-20131 for Root Access

Wed Mar 18 2026

Amazon Threat Intelligence is warning of an active Interlock ransomware campaign that's exploiting a recently disclosed critical security flaw in Cisco Secure Firewall Management Center (FMC) Software. The vulnerability in question is CVE-2026-20131 (CVSS score: 10.0), a case of insecure deserialization of user-supplied Java byte stream, which could allow an unauthenticated, remote attacker to...

The Hacker News

Hundreds of Millions of iPhones Can Be Hacked With a New Tool Found in the Wild

Wed Mar 18 2026

A powerful iPhone-hacking technique known as DarkSword has been discovered in use by Russian hackers. It can take over devices running iOS 18 that simply visit infected websites.

Wired

Critical Unpatched Telnetd Flaw (CVE-2026-32746) Enables Unauthenticated Root RCE

Wed Mar 18 2026

Cybersecurity researchers have disclosed a critical security flaw impacting the GNU InetUtils telnet daemon (telnetd) that could be exploited by an unauthenticated remote attacker to execute arbitrary code with elevated privileges. The vulnerability, tracked as CVE-2026-32746, carries a CVSS score of 9.8 out of 10.0. It has been described as a case of out-of-bounds write in the LINEMODE Set...

The Hacker News

Reco targets AI agent blind spots with new security capability

Wed Mar 18 2026

SaaS security platform Reco has decided to address the “agent sprawl” challenge from the increased adoption of AI-driven tools by enterprises.

CSO Online

Claude Code Security and Magecart: Getting the Threat Model Right

Wed Mar 18 2026

When a Magecart payload hides inside the EXIF data of a dynamically loaded third-party favicon, no repository scanner will catch it – because the malicious code never actually touches your repo. As teams adopt Claude Code Security for static analysis, this is the exact technical boundary where AI code scanning stops and client-side runtime execution begins. A detailed analysis of where Claude...

The Hacker News

9 Critical IP KVM Flaws Enable Unauthenticated Root Access Across Four Vendors

Wed Mar 18 2026

Cybersecurity researchers have warned about the risks posed by low-cost IP KVM (Keyboard, Video, Mouse over Internet Protocol) devices, which can grant attackers extensive control over compromised hosts. The nine vulnerabilities, discovered by Eclypsium, span four different products from GL-iNet Comet RM-1, Angeet/Yeeso ES3 KVM, Sipeed NanoKVM, and JetKVM. The most severe of them allow...

The Hacker News

BSI moniert Software-Sicherheit im Gesundheitswesen

Wed Mar 18 2026

Schwachstellen bei Praxisverwaltungssystemen hätten zu Cyberangriffen führen können.

CSO Online

Product Walkthrough: How Mesh CSMA Reveals and Breaks Attack Paths to Crown Jewels

Wed Mar 18 2026

Security teams today are not short on tools or data. They are overwhelmed by both.  Yet within the terabytes of alerts, exposures, and misconfigurations – security teams still struggle to understand context:  Q: Which exposures, misconfigurations, and vulnerabilities chain together to create viable attack paths to crown jewels? Even the most mature security teams can’t answer that...

The Hacker News

Join Our Next Livestream: The War Machine

Wed Mar 18 2026

On March 26, a panel of WIRED experts will dissect the defense tech industry’s impact on modern warfare. Submit your questions now.

Wired

Can you prove the person on the other side is real?

Wed Mar 18 2026

In my role, I spend a lot of time thinking about what “trust” means when money, grief and identity collide.

CSO Online