Empathie trifft IT-Sicherheit: Der Weg zu gelebter Compliance

Wed Mar 25 2026

CISOs sollten Sicherheitsrichtlinien mit Blick auf die Belegschaft gestalten.

CSO Online

TeamPCP Backdoors LiteLLM Versions 1.82.7–1.82.8 Likely via Trivy CI/CD Compromise

Tue Mar 24 2026

TeamPCP, the threat actor behind the recent compromises of Trivy and KICS, has now compromised a popular Python package named litellm, pushing two malicious versions containing a credential harvester, a Kubernetes lateral movement toolkit, and a persistent backdoor. Multiple security vendors, including Endor Labs and JFrog, revealed that litellm versions 1.82.7 and 1.82.8 were published on...

The Hacker News

Tax Search Ads Deliver ScreenConnect Malware Using Huawei Driver to Disable EDR

Tue Mar 24 2026

A large-scale malvertising campaign active since January 2026 has been observed targeting U.S.-based individuals searching for tax-related documents to serve rogue installers for ConnectWise ScreenConnect that drop a tool named HwAudKiller to blind security programs using the bring your own vulnerable driver (BYOVD) technique. "The campaign abuses Google Ads to serve rogue ScreenConnect (...

The Hacker News

5 Learnings from the First-Ever Gartner Market Guide for Guardian Agents

Tue Mar 24 2026

On February 25, 2026, Gartner published its inaugural Market Guide for Guardian Agents, marking an important milestone for this emerging category. For those unfamiliar with the various Gartner report types, “a Market Guide defines a market and explains what clients can expect it to do in the short term. With the focus on early, more chaotic markets, a Market Guide does not rate or position...

The Hacker News

Hackers Use Fake Resumes to Steal Enterprise Credentials and Deploy Crypto Miner

Tue Mar 24 2026

An ongoing phishing campaign is targeting French-speaking corporate environments with fake resumes that lead to the deployment of cryptocurrency miners and information stealers. "The campaign uses highly obfuscated VBScript files disguised as resume/CV documents, delivered through phishing emails," Securonix researchers Shikha Sangwan, Akshay Gaikwad, and Aaron Beardslee said in a report shared...

The Hacker News

DDoS-Angriffe haben sich verdoppelt

Tue Mar 24 2026

srcset="https://b2b-contenthub.

CSO Online

HP launches TPM Guard to help defeat physical TPM attacks

Tue Mar 24 2026

The Trusted Platform Module (TPM), developed by the Trusted Computing Group (TCG), is a mandatory security component in any computer running Windows 11.

CSO Online

The Hidden Cost of Cybersecurity Specialization: Losing Foundational Skills

Tue Mar 24 2026

Cybersecurity has changed fast. Roles are more specialized, and tooling is more advanced. On paper, this should make organizations more secure. But in practice, many teams struggle with the same basic problems they faced years ago: unclear risk priorities, misaligned tooling decisions, and difficulty explaining security issues in terms the business understands. These challenges do not...

The Hacker News

Ghost Campaign Uses 7 npm Packages to Steal Crypto Wallets and Credentials

Tue Mar 24 2026

Cybersecurity researchers have uncovered a new set of malicious npm packages that are designed to steal cryptocurrency wallets and sensitive data. The activity is being tracked by ReversingLabs as the Ghost campaign. The list of identified packages, all published by a user named mikilanjillo, is below - react-performance-suite react-state-optimizer-core react-fast-utilsa ai-fast-auto-trader...

The Hacker News

New ‘StoatWaffle’ malware auto‑executes attacks on developers

Tue Mar 24 2026

A newly disclosed malware strain dubbed “StoatWaffle” is giving fresh teeth to the notorious, developer-targeting “Contagious Interview” threat campaign.

CSO Online

TeamPCP Hacks Checkmarx GitHub Actions Using Stolen CI Credentials

Tue Mar 24 2026

Two more GitHub Actions workflows have become the latest to be compromised by credential-stealing malware by a threat actor known as TeamPCP, the cloud-native cybercriminal operation also behind the Trivy supply chain attack. The workflows, both maintained by the supply chain security company Checkmarx, are listed below - checkmarx/ast-github-action checkmarx/kics-github-action Cloud security...

The Hacker News

‘Get Down! Get Down! They’re Gonna See Us!’: Six Months of Hiding From ICE

Tue Mar 24 2026

A family in Chicago has been terrified to leave their apartment. Agents could be anywhere.

Wired

Your Body Is Betraying Your Right to Privacy

Tue Mar 24 2026

Attachment to smart devices and biometric surveillance leaves Americans more vulnerable to police searches than ever. Left unchecked it will only get worse.

Wired

Autonomous AI adoption is on the rise, but it’s risky

Tue Mar 24 2026

Two AI releases early this year are prompting users to give up control and let autonomous agentic tools complete tasks on their behalf.

CSO Online

Streamline physical security to enable data center growth in the era of AI

Tue Mar 24 2026

AI is the new space race for data centers, and consistency at speed is the rocket fuel that colocation and hyperscale providers need to reach orbit.

CSO Online

ICE Is Paying Salaries and More for This Town’s Entire Police Force

Tue Mar 24 2026

Under a Homeland Security program, police departments around the US are signing up to assist in immigration enforcement. The cops of Carroll, New Hampshire, are going all in—and they’re likely not alone.

Wired

Why CISOs should embrace AI honeypots

Tue Mar 24 2026

The nightmare begins with our protagonist trying to find a way inside to get to the firm’s files, but every door is bolted shut.

CSO Online

U.S. Sentences Russian Hacker to 6.75 Years for Role in $9M Ransomware Damage

Tue Mar 24 2026

A 26-year-old Russian citizen has been sentenced in the U.S. to 6.75 years (81 months) in prison for his role in assisting major cybercrime groups, including the Yanluowang ransomware crew, in conducting numerous attacks against U.S. companies and other organizations. According to the U.S. Department of Justice (DoJ), Aleksei Olegovich Volkov facilitated dozens of ransomware attacks across the...

The Hacker News

Citrix Urges Patching Critical NetScaler Flaw Allowing Unauthenticated Data Leaks

Tue Mar 24 2026

Citrix has released security updates to address two vulnerabilities in NetScaler ADC and NetScaler Gateway, including a critical flaw that could be exploited to leak sensitive data from the application. The vulnerabilities are listed below - CVE-2026-3055 (CVSS score: 9.3) - Insufficient input validation leading to memory overread CVE-2026-4368 (CVSS score: 7.7) - Race condition leading to user...

The Hacker News

ISO und ISMS: Darum gehen Security-Zertifizierungen schief

Tue Mar 24 2026

Mit einer ISO 27001-Zertifizierung weisen Unternehmen nach, dass sie ein wirksames Informationssicherheits-Managementsystems (ISMS) betreiben.

CSO Online

Palo Alto updates security platform to discover AI agents

Tue Mar 24 2026

As CISOs worry about AI agent sprawl, Palo Alto Networks has announced an update to its Prisma AIRS security platform and enterprise browser to include the ability to discover AI agents, models, and c

CSO Online

A Mysterious Numbers Station Is Broadcasting Through the Iran War

Mon Mar 23 2026

First heard as US and Israeli strikes on Iran began, the shortwave broadcast has since been traced to a US military base in Germany—but its purpose and its operator remain unclear.

Wired

North Korean Hackers Abuse VS Code Auto-Run Tasks to Deploy StoatWaffle Malware

Mon Mar 23 2026

The North Korean threat actors behind the Contagious Interview campaign, also tracked as WaterPlum, have been attributed to a malware family tracked as StoatWaffle that's distributed via malicious Microsoft Visual Studio Code (VS Code) projects. The use of VS Code "tasks.json" to distribute malware is a relatively new tactic adopted by the threat actor since December 2025, with the attacks...

The Hacker News

Faster attacks and ‘recovery denial’ ransomware reshape threat landscape

Mon Mar 23 2026

Mandiant’s M-Trends 2026 report, released today at the RSA Conference, shows that attackers are moving faster, operating more collaboratively, and increasingly focusing on the systems organizations re

CSO Online

⚡ Weekly Recap: CI/CD Backdoor, FBI Buys Location Data, WhatsApp Ditches Numbers & More

Mon Mar 23 2026

Another week, another reminder that the internet is still a mess. Systems people thought were secure are being broken in simple ways, showing many still ignore basic advisories. This edition covers a mix of issues: supply chain attacks hitting CI/CD setups, long-abused IoT devices being shut down, and exploits moving quickly from disclosure to real attacks. There are also new malware tricks...

The Hacker News

We Found Eight Attack Vectors Inside AWS Bedrock. Here's What Attackers Can Do with Them

Mon Mar 23 2026

AWS Bedrock is Amazon's platform for building AI-powered applications. It gives developers access to foundation models and the tools to connect those models directly to enterprise data and systems. That connectivity is what makes it powerful – but it’s also what makes Bedrock a target. When an AI agent can query your Salesforce instance, trigger a Lambda function, or pull from a SharePoint...

The Hacker News

Chrome ABE bypass discovered: New VoidStealer malware steals passwords and cookies

Mon Mar 23 2026

A new infostealer is bypassing Chrome’s Application-Bound Encryption (ABE), using a debugger-based technique researchers say hasn’t been seen in the wild before.

CSO Online

Microsoft Warns IRS Phishing Hits 29,000 Users, Deploys RMM Malware

Mon Mar 23 2026

Microsoft has warned of fresh campaigns that are capitalizing on the upcoming tax season in the U.S. to harvest credentials and deliver malware. The email campaigns take advantage of the urgency and time-sensitive nature of emails to send phishing messages masquerading as refund notices, payroll forms, filing reminders, and requests from tax professionals to deceive recipients into opening...

The Hacker News

Hassan Took a Bike Ride. Now He's One of the Thousands Missing in Gaza

Mon Mar 23 2026

In a place denied access to basic forensic technology—and where people disappear into Israeli detention—the fate of thousands remains unknown. One of them is an autistic teenager.

Wired

What Happens When You Can’t Get a Death Certificate in Gaza

Mon Mar 23 2026

For families of the missing, systemic obstacles to identifying remains and locating people in Israeli detention has created a kind of social and legal purgatory.

Wired

Behavioral XDR and threat intel nab North Korean fake IT worker within 10 days of hire

Mon Mar 23 2026

The North Korea fake IT worker scheme has become a pernicious threat across several industries.

CSO Online

Why US companies must be ready for quantum by 2030: A practical roadmap

Mon Mar 23 2026

Last year, I asked a room of infrastructure, identity and application leaders a simple question: “Where in our environment do we rely on RSA or elliptic curve cryptography?” The first answers were the

CSO Online

Trivy Hack Spreads Infostealer via Docker, Triggers Worm and Kubernetes Wiper

Mon Mar 23 2026

Cybersecurity researchers have uncovered malicious artifacts distributed via Docker Hub following the Trivy supply chain attack, highlighting the widening blast radius across developer environments. The last known clean release of Trivy on Docker Hub is 0.69.3. The malicious versions 0.69.4, 0.69.5, and 0.69.6 have since been removed from the container image library. "New image tags 0.69.5 and...

The Hacker News

The insider threat rises again

Mon Mar 23 2026

Insider threats are coming back in a consequential way.

CSO Online

Hackers Exploit CVE-2025-32975 (CVSS 10.0) to Hijack Unpatched Quest KACE SMA Systems

Mon Mar 23 2026

Threat actors are suspected to be exploiting a maximum-severity security flaw impacting Quest KACE Systems Management Appliance (SMA), according to Arctic Wolf. The cybersecurity company said it observed malicious activity starting the week of March 9, 2026, in customer environments that's consistent with the exploitation of CVE-2025-32975 on unpatched SMA systems exposed to the internet. It's...

The Hacker News

FBI Warns Russian Hackers Target Signal, WhatsApp in Mass Phishing Attacks

Sat Mar 21 2026

Threat actors affiliated with Russian Intelligence Services are conducting phishing campaigns to compromise commercial messaging applications (CMAs) like WhatsApp and Signal to seize control of accounts belonging to individuals with high intelligence value, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI) said Friday. "The campaign...

The Hacker News

Cyberattack on a Car Breathalyzer Firm Leaves Drivers Stuck

Sat Mar 21 2026

Plus: The FBI admits it’s buying phone data to track Americans, Iranian hackers disrupt medical care at Maryland hospitals, and more.

Wired

Oracle Patches Critical CVE-2026-21992 Enabling Unauthenticated RCE in Identity Manager

Sat Mar 21 2026

Oracle has released security updates to address a critical security flaw impacting Identity Manager and Web Services Manager that could be exploited to achieve remote code execution. The vulnerability, tracked as CVE-2026-21992, carries a CVSS score of 9.8 out of a maximum of 10.0. "This vulnerability is remotely exploitable without authentication," Oracle said in an advisory. "If successfully...

The Hacker News

CISA Flags Apple, Craft CMS, Laravel Bugs in KEV, Orders Patching by April 3, 2026

Sat Mar 21 2026

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added five security flaws impacting Apple, Craft CMS, and Laravel Livewire to its Known Exploited Vulnerabilities (KEV) catalog, urging federal agencies to patch them by April 3, 2026. The vulnerabilities that have come under exploitation are listed below - CVE-2025-31277 (CVSS score: 8.8) - A vulnerability in Apple...

The Hacker News

Trivy Supply Chain Attack Triggers Self-Spreading CanisterWorm Across 47 npm Packages

Sat Mar 21 2026

The threat actors behind the supply chain attack targeting the popular Trivy scanner are suspected to be conducting follow-on attacks that have led to the compromise of a large number of npm packages with a previously undocumented self-propagating worm dubbed CanisterWorm. The name is a reference to the fact that the malware uses an ICP canister, which denotes a tamperproof smart contract on...

The Hacker News

Trivy vulnerability scanner backdoored with credential stealer in supply chain attack

Sat Mar 21 2026

Attackers have compromised the widely used open-source Trivy vulnerability scanner, injecting credential-stealing malware into official releases and GitHub Actions used by thousands of CI/CD workflows.

CSO Online

A Top Democrat Is Urging Colleagues to Support Trump’s Spy Machine

Fri Mar 20 2026

Congressman Jim Himes claims a sweeping surveillance authority should stay intact because he hasn't seen abuses by Kash Patel's FBI, according to internal messaging obtained by WIRED.

Wired

Water utilities strengthen cybersecurity through cooperation

Fri Mar 20 2026

Water utilities are finding that letting information flow can flush out cybersecurity problems.

CSO Online

Trivy Security Scanner GitHub Actions Breached, 75 Tags Hijacked to Steal CI/CD Secrets

Fri Mar 20 2026

Trivy, a popular open-source vulnerability scanner maintained by Aqua Security, was compromised a second time within the span of a month to deliver malware capable of stealing sensitive CI/CD secrets. The latest incident impacted GitHub Actions "aquasecurity/trivy-action" and "aquasecurity/setup-trivy," which are used to scan Docker container images for vulnerabilities and set up GitHub Actions...

The Hacker News

Stop using AI to submit bug reports, says Google

Fri Mar 20 2026

Google will no longer accept AI-generated submissions to a program it funded to find bugs in open-source software.

CSO Online

Critical Langflow Flaw CVE-2026-33017 Triggers Attacks within 20 Hours of Disclosure

Fri Mar 20 2026

A critical security flaw impacting Langflow has come under active exploitation within 20 hours of public disclosure, highlighting the speed at which threat actors weaponize newly published vulnerabilities. The security defect, tracked as CVE-2026-33017 (CVSS score: 9.3), is a case of missing authentication combined with code injection that could result in remote code execution. "The POST /api/v1...

The Hacker News

DDoS-Attacken: Schlag gegen internationale Cyberkriminelle

Fri Mar 20 2026

DDos bleibt ein Evergreen unter den Security-Bedrohungen.

CSO Online

Google Adds 24-Hour Wait for Unverified App Sideloading to Reduce Malware and Scams

Fri Mar 20 2026

Google on Thursday announced a new "advanced flow" for Android sideloading that requires a mandatory 24-hour wait period to install apps from unverified developers in an attempt to balance openness with safety. The new changes come against the backdrop of a developer verification mandate the tech giant announced last year that requires all Android apps to be registered by verified developers to...

The Hacker News

The Importance of Behavioral Analytics in AI-Enabled Cyber Attacks

Fri Mar 20 2026

Artificial Intelligence (AI) is changing how individuals and organizations conduct many activities, including how cybercriminals carry out phishing attacks and iterate on malware. Now, cybercriminals are using AI to generate personalized phishing emails, deepfakes and malware that evade traditional detection by impersonating normal user activity and bypassing legacy security models. As a result,...

The Hacker News

The Danger Behind Meta Killing End-to-End Encryption for Instagram DMs

Fri Mar 20 2026

Meta blamed users for not opting into the privacy-protecting feature. Experts fear the move could be the first major domino to fall for end-to-end encryption tech worldwide.

Wired

Magento PolyShell Flaw Enables Unauthenticated Uploads, RCE and Account Takeover

Fri Mar 20 2026

Sansec is warning of a critical security flaw in Magento's REST API that could allow unauthenticated attackers to upload arbitrary executables and achieve code execution and account takeover. The vulnerability has been codenamed PolyShell by Sansec owing to the fact that the attack hinges on disguising malicious code as an image. There is no evidence that the shortcoming has been exploited in...

The Hacker News

The espionage reality: Your infrastructure is already in the collection path

Fri Mar 20 2026

Threat actors have always sought advantage over their targets.

CSO Online

DoJ Disrupts 3 Million-Device IoT Botnets Behind Record 31.4 Tbps Global DDoS Attacks

Fri Mar 20 2026

The U.S. Department of Justice (DoJ) on Thursday announced the disruption of command-and-control (C2) infrastructure used by several Internet of Things (IoT) botnets like AISURU, Kimwolf, JackSkid, and Mossad as part of a court-authorized law enforcement operation. The effort also saw authorities from Canada and Germany targeting the operators behind these botnets, with a number of private...

The Hacker News

Apple Warns Older iPhones Vulnerable to Coruna, DarkSword Exploit Kit Attacks

Fri Mar 20 2026

Apple is urging users who are still running an outdated version of iOS to update their iPhones to secure against web-based attacks carried out via powerful exploit kits like Coruna and DarkSword. These attacks employ malicious web content to target out-of-date versions of iOS, triggering an infection chain that leads to the theft of sensitive data. "For example, if you're using an older...

The Hacker News

Die besten IAM-Tools

Fri Mar 20 2026

Identity & Access Management ist für sicherheitsbewusste Unternehmen im Zero-Trust-Zeitalter Pflicht.

CSO Online

US Takes Down Botnets Used in Record-Breaking Cyberattacks

Fri Mar 20 2026

The Aisuru, Kimwolf, JackSkid, and Mossad botnets had infected more than 3 million devices in total, many inside home networks, according to the US Justice Department.

Wired

CISA urges IT to harden endpoint management systems after cyberattack by pro-Iranian group

Thu Mar 19 2026

The US is urging infosec leaders to harden their endpoint management system configurations after last week’s hack of American medical supplies provider Stryker by pro-Iranian threat actor Handala.

CSO Online

That cheap KVM device could expose your network to remote compromise

Thu Mar 19 2026

Researchers have found nine vulnerabilities in four popular low-cost KVM-over-IP devices, ranging from unauthenticated command injection to weak authentication defenses and insecure firmware updates.

CSO Online

Speagle Malware Hijacks Cobra DocGuard to Steal Data via Compromised Servers

Thu Mar 19 2026

Cybersecurity researchers have flagged a new malware dubbed Speagle that hijacks the functionality and infrastructure of a legitimate program called Cobra DocGuard. "Speagle is designed to surreptitiously harvest sensitive information from infected computers and transmit it to a Cobra DocGuard server that has been compromised by the attackers, masking the data exfiltration process as legitimate...

The Hacker News

54 EDR Killers Use BYOVD to Exploit 35 Signed Vulnerable Drivers and Disable Security

Thu Mar 19 2026

A new analysis of endpoint detection and response (EDR) killers has revealed that 54 of them leverage a technique known as bring your own vulnerable driver (BYOVD) by abusing a total of 35 vulnerable drivers. EDR killer programs have been a common presence in ransomware intrusions as they offer a way for affiliates to neutralize security software before deploying file-encrypting malware. This...

The Hacker News

Ransomware group exploited Cisco firewall vulnerability as a zero day, weeks before a patch appeared

Thu Mar 19 2026

One of the world’s most active ransomware groups, Interlock, started exploiting a critical-rated Cisco firewall vulnerability as a zero day weeks before it was patched in early March, Amazon has revea

CSO Online

Beijing wants its own quantum-resistant encryption standards rather than adopt NIST’s

Thu Mar 19 2026

China is reportedly planning to develop its own national post-quantum cryptography standards within the next three years, even as most of the world has already begun migrating to those finalized by th

CSO Online

Telnet vulnerability opens door to remote code execution as root

Thu Mar 19 2026

A critical Telnet vulnerability with a CVSS rating of 9.

CSO Online

ThreatsDay Bulletin: FortiGate RaaS, Citrix Exploits, MCP Abuse, LiveChat Phish & More

Thu Mar 19 2026

ThreatsDay Bulletin is back on The Hacker News, and this week feels off in a familiar way. Nothing loud, nothing breaking everything at once. Just a lot of small things that shouldn’t work anymore but still do. Some of it looks simple, almost sloppy, until you see how well it lands. Other bits feel a little too practical, like they’re already closer to real-world use than anyone...

The Hacker News

Signal’s Creator Is Helping Encrypt Meta AI

Thu Mar 19 2026

Moxie Marlinspike says the technology powering his encrypted AI chatbot, Confer, will be integrated into Meta AI. The move could help protect the AI conversations of millions of people.

Wired

New Perseus Android Banking Malware Monitors Notes Apps to Extract Sensitive Data

Thu Mar 19 2026

Cybersecurity researchers have disclosed a new Android malware family called Perseus that's being actively distributed in the wild with an aim to conduct device takeover (DTO) and financial fraud. Perseus is built upon the foundations of Cerberus and Phoenix, at the same time evolving into a "more flexible and capable platform" for compromising Android devices through dropper apps distributed...

The Hacker News

How Ceros Gives Security Teams Visibility and Control in Claude Code

Thu Mar 19 2026

Security teams have spent years building identity and access controls for human users and service accounts. But a new category of actor has quietly entered most enterprise environments, and it operates entirely outside those controls. Claude Code, Anthropic's AI coding agent, is now running across engineering organizations at scale. It reads files, executes shell commands, calls external APIs,...

The Hacker News

5 key priorities for your RSAC 2026 agenda

Thu Mar 19 2026

RSA Conference 2026 arrives at a significant inflection point for the cybersecurity industry — one that will see its more than 43,000 attendees and 600-plus exhibitors navigating an agenda that has fu

CSO Online

The multi-billion dollar mistake: Why cloud misconfigurations are your biggest security threat

Thu Mar 19 2026

Last year, most businesses faced a cloud security incident.

CSO Online