10 essenzielle Maßnahmen für physische Sicherheit

Thu Mar 26 2026

Wenn physische Security nur immer so simpel umzusetzen wäre… Foto: Leremy | shutterstock.

CSO Online

New critical Citrix NetScaler hole of similar severity to CitrixBleed2, says expert

Wed Mar 25 2026

A new critical vulnerability that is similar to the widely-exploited CitrixBleed and CitrixBleed2 holes should be patched in NetScaler devices immediately, say experts.

CSO Online

Chained vulnerabilities in Cisco Catalyst switches could induce denial-of-service

Wed Mar 25 2026

Cisco’s widely deployed Catalyst 9300 Series enterprise switches have four security vulnerabilities, two of which could be chained to cause a denial-of-service outage, infrastructure security company

CSO Online

LeakBase Admin Arrested in Russia Over Massive Stolen Credential Marketplace

Wed Mar 25 2026

The alleged administrator of the LeakBase cybercrime forum has been arrested by Russian law enforcement authorities, state media reported Thursday. According to TASS and MVD Media, a news website linked to the Russian Interior Ministry, the suspect is a resident of the city of Taganrog. The suspect is said to have been detained for creating and managing a criminal site that allowed stolen...

The Hacker News

GlassWorm Malware Uses Solana Dead Drops to Deliver RAT and Steal Browser, Crypto Data

Wed Mar 25 2026

Cybersecurity researchers have flagged a new evolution of the GlassWorm campaign that delivers a multi-stage framework capable of comprehensive data theft and installing a remote access trojan (RAT), which deploys an information-stealing Google Chrome extension masquerading as an offline version of Google Docs. "It logs keystrokes, dumps cookies and session tokens, captures screenshots, and...

The Hacker News

When Satellite Data Becomes a Weapon

Wed Mar 25 2026

As war reshapes the Gulf, the satellite infrastructure the world relies on to see conflict clearly is being delayed, spoofed, and privately controlled—and nobody is sure who is responsible.

Wired

Trivy supply chain breach compromises over 1,000 SaaS environments, Lapsus$ joins the extortion wave

Wed Mar 25 2026

What started as a supply chain attack on Trivy, a widely used security scanner, has become a Lapsus$-linked extortion campaign, with more than 1,000 enterprise SaaS environments already compromised.

CSO Online

The Kill Chain Is Obsolete When Your AI Agent Is the Threat

Wed Mar 25 2026

In September 2025, Anthropic disclosed that a state-sponsored threat actor used an AI coding agent to execute an autonomous cyber espionage campaign against 30 global targets. The AI handled 80-90% of tactical operations on its own, performing reconnaissance, writing exploit code, and attempting lateral movement at machine speed. This incident is worrying, but there's a scenario that should...

The Hacker News

Russian Hacker Sentenced to 2 Years for TA551 Botnet-Driven Ransomware Attacks

Wed Mar 25 2026

The U.S. Department of Justice (DoJ) said a Russian national has been sentenced to two years in prison for managing a botnet that was used to launch ransomware attacks against U.S. companies. Ilya Angelov, 40, of Tolyatti, Russia, was also fined $100,000. Angelov, who went by the online aliases "milan" and "okart," is said to have co-managed a Russia-based cybercriminal group known as TA551 (aka...

The Hacker News

Device Code Phishing Hits 340+ Microsoft 365 Orgs Across Five Countries via OAuth Abuse

Wed Mar 25 2026

Cybersecurity researchers are calling attention to an active device code phishing campaign that's targeting Microsoft 365 identities across more than 340 organizations in the U.S., Canada, Australia, New Zealand, and Germany. The activity, per Huntress, was first spotted on February 19, 2026, with subsequent cases appearing at an accelerated pace since then. Notably, the campaign leverages...

The Hacker News

PyPI warns developers after LiteLLM malware found stealing cloud and CI/CD credentials

Wed Mar 25 2026

PyPI is warning of possible credential theft from AI applications and developer pipelines after two malicious versions of the widely used Python middleware for large language models, LiteLLM, were bri

CSO Online

6 key trends reshaping the IAM market

Wed Mar 25 2026

The identity and access management (IAM) market has shifted its focus from traditional “login and MFA” mechanisms toward treating identity as a security control plane.

CSO Online

AI is breaking traditional security models — Here’s where they fail first

Wed Mar 25 2026

Traditionally, enterprise security operating models operated a fixed and regular cycle: Findings surfaced through periodic scans, security teams triaged results and remediation followed through ticket

CSO Online

Iranians Don’t Have a Missile Alert System, So Volunteers Built Their Own Warning Map

Wed Mar 25 2026

The crowdsourced website and app Mahsa Alert provides citizens in Iran with crucial information amid the country’s ongoing war with the US and Israel—and an internet blackout.

Wired

FCC Bans New Foreign-Made Routers Over Supply Chain and Cyber Risk Concerns

Wed Mar 25 2026

The U.S. Federal Communications Commission (FCC) said on Monday that it was banning the import of new, foreign-made consumer routers, citing "unacceptable" risks to cyber and national security. The action was designed to safeguard Americans and the underlying communications networks the country relies on, FCC Chairman Brendan Carr said in a post on X. The development means that new models of...

The Hacker News

Empathie trifft IT-Sicherheit: Der Weg zu gelebter Compliance

Wed Mar 25 2026

CISOs sollten Sicherheitsrichtlinien mit Blick auf die Belegschaft gestalten.

CSO Online

TeamPCP Backdoors LiteLLM Versions 1.82.7–1.82.8 via Trivy CI/CD Compromise

Tue Mar 24 2026

TeamPCP, the threat actor behind the recent compromises of Trivy and KICS, has now compromised a popular Python package named litellm, pushing two malicious versions containing a credential harvester, a Kubernetes lateral movement toolkit, and a persistent backdoor. Multiple security vendors, including Endor Labs and JFrog, revealed that litellm versions 1.82.7 and 1.82.8 were published on March...

The Hacker News

Tax Search Ads Deliver ScreenConnect Malware Using Huawei Driver to Disable EDR

Tue Mar 24 2026

A large-scale malvertising campaign active since January 2026 has been observed targeting U.S.-based individuals searching for tax-related documents to serve rogue installers for ConnectWise ScreenConnect that drop a tool named HwAudKiller to blind security programs using the bring your own vulnerable driver (BYOVD) technique. "The campaign abuses Google Ads to serve rogue ScreenConnect (...

The Hacker News

5 Learnings from the First-Ever Gartner Market Guide for Guardian Agents

Tue Mar 24 2026

On February 25, 2026, Gartner published its inaugural Market Guide for Guardian Agents, marking an important milestone for this emerging category. For those unfamiliar with the various Gartner report types, “a Market Guide defines a market and explains what clients can expect it to do in the short term. With the focus on early, more chaotic markets, a Market Guide does not rate or position...

The Hacker News

Hackers Use Fake Resumes to Steal Enterprise Credentials and Deploy Crypto Miner

Tue Mar 24 2026

An ongoing phishing campaign is targeting French-speaking corporate environments with fake resumes that lead to the deployment of cryptocurrency miners and information stealers. "The campaign uses highly obfuscated VBScript files disguised as resume/CV documents, delivered through phishing emails," Securonix researchers Shikha Sangwan, Akshay Gaikwad, and Aaron Beardslee said in a report shared...

The Hacker News

DDoS-Angriffe haben sich verdoppelt

Tue Mar 24 2026

srcset="https://b2b-contenthub.

CSO Online

HP launches TPM Guard to help defeat physical TPM attacks

Tue Mar 24 2026

The Trusted Platform Module (TPM), developed by the Trusted Computing Group (TCG), is a mandatory security component in any computer running Windows 11.

CSO Online

The Hidden Cost of Cybersecurity Specialization: Losing Foundational Skills

Tue Mar 24 2026

Cybersecurity has changed fast. Roles are more specialized, and tooling is more advanced. On paper, this should make organizations more secure. But in practice, many teams struggle with the same basic problems they faced years ago: unclear risk priorities, misaligned tooling decisions, and difficulty explaining security issues in terms the business understands. These challenges do not...

The Hacker News

Ghost Campaign Uses 7 npm Packages to Steal Crypto Wallets and Credentials

Tue Mar 24 2026

Cybersecurity researchers have uncovered a new set of malicious npm packages that are designed to steal cryptocurrency wallets and sensitive data. The activity is being tracked by ReversingLabs as the Ghost campaign. The list of identified packages, all published by a user named mikilanjillo, is below - react-performance-suite react-state-optimizer-core react-fast-utilsa ai-fast-auto-trader...

The Hacker News

New ‘StoatWaffle’ malware auto‑executes attacks on developers

Tue Mar 24 2026

A newly disclosed malware strain dubbed “StoatWaffle” is giving fresh teeth to the notorious, developer-targeting “Contagious Interview” threat campaign.

CSO Online

TeamPCP Hacks Checkmarx GitHub Actions Using Stolen CI Credentials

Tue Mar 24 2026

Two more GitHub Actions workflows have become the latest to be compromised by credential-stealing malware by a threat actor known as TeamPCP, the cloud-native cybercriminal operation also behind the Trivy supply chain attack. The workflows, both maintained by the supply chain security company Checkmarx, are listed below - checkmarx/ast-github-action checkmarx/kics-github-action Cloud security...

The Hacker News

‘Get Down! Get Down! They’re Gonna See Us!’: Six Months of Hiding From ICE

Tue Mar 24 2026

A family in Chicago has been terrified to leave their apartment. Agents could be anywhere.

Wired

Your Body Is Betraying Your Right to Privacy

Tue Mar 24 2026

Attachment to smart devices and biometric surveillance leaves Americans more vulnerable to police searches than ever. Left unchecked it will only get worse.

Wired

Autonomous AI adoption is on the rise, but it’s risky

Tue Mar 24 2026

Two AI releases early this year are prompting users to give up control and let autonomous agentic tools complete tasks on their behalf.

CSO Online

Streamline physical security to enable data center growth in the era of AI

Tue Mar 24 2026

AI is the new space race for data centers, and consistency at speed is the rocket fuel that colocation and hyperscale providers need to reach orbit.

CSO Online

ICE Is Paying Salaries and More for This Town’s Entire Police Force

Tue Mar 24 2026

Under a Homeland Security program, police departments around the US are signing up to assist in immigration enforcement. The cops of Carroll, New Hampshire, are going all in—and they’re likely not alone.

Wired

Why CISOs should embrace AI honeypots

Tue Mar 24 2026

The nightmare begins with our protagonist trying to find a way inside to get to the firm’s files, but every door is bolted shut.

CSO Online

U.S. Sentences Russian Hacker to 6.75 Years for Role in $9M Ransomware Damage

Tue Mar 24 2026

A 26-year-old Russian citizen has been sentenced in the U.S. to 6.75 years (81 months) in prison for his role in assisting major cybercrime groups, including the Yanluowang ransomware crew, in conducting numerous attacks against U.S. companies and other organizations. According to the U.S. Department of Justice (DoJ), Aleksei Olegovich Volkov facilitated dozens of ransomware attacks across the...

The Hacker News

Citrix Urges Patching Critical NetScaler Flaw Allowing Unauthenticated Data Leaks

Tue Mar 24 2026

Citrix has released security updates to address two vulnerabilities in NetScaler ADC and NetScaler Gateway, including a critical flaw that could be exploited to leak sensitive data from the application. The vulnerabilities are listed below - CVE-2026-3055 (CVSS score: 9.3) - Insufficient input validation leading to memory overread CVE-2026-4368 (CVSS score: 7.7) - Race condition leading to user...

The Hacker News

ISO und ISMS: Darum gehen Security-Zertifizierungen schief

Tue Mar 24 2026

Mit einer ISO 27001-Zertifizierung weisen Unternehmen nach, dass sie ein wirksames Informationssicherheits-Managementsystems (ISMS) betreiben.

CSO Online

Palo Alto updates security platform to discover AI agents

Tue Mar 24 2026

As CISOs worry about AI agent sprawl, Palo Alto Networks has announced an update to its Prisma AIRS security platform and enterprise browser to include the ability to discover AI agents, models, and c

CSO Online

A Mysterious Numbers Station Is Broadcasting Through the Iran War

Mon Mar 23 2026

First heard as US and Israeli strikes on Iran began, the shortwave broadcast has since been traced to a US military base in Germany—but its purpose and its operator remain unclear.

Wired

North Korean Hackers Abuse VS Code Auto-Run Tasks to Deploy StoatWaffle Malware

Mon Mar 23 2026

The North Korean threat actors behind the Contagious Interview campaign, also tracked as WaterPlum, have been attributed to a malware family tracked as StoatWaffle that's distributed via malicious Microsoft Visual Studio Code (VS Code) projects. The use of VS Code "tasks.json" to distribute malware is a relatively new tactic adopted by the threat actor since December 2025, with the attacks...

The Hacker News

Faster attacks and ‘recovery denial’ ransomware reshape threat landscape

Mon Mar 23 2026

Mandiant’s M-Trends 2026 report, released today at the RSA Conference, shows that attackers are moving faster, operating more collaboratively, and increasingly focusing on the systems organizations re

CSO Online

⚡ Weekly Recap: CI/CD Backdoor, FBI Buys Location Data, WhatsApp Ditches Numbers & More

Mon Mar 23 2026

Another week, another reminder that the internet is still a mess. Systems people thought were secure are being broken in simple ways, showing many still ignore basic advisories. This edition covers a mix of issues: supply chain attacks hitting CI/CD setups, long-abused IoT devices being shut down, and exploits moving quickly from disclosure to real attacks. There are also new malware tricks...

The Hacker News

We Found Eight Attack Vectors Inside AWS Bedrock. Here's What Attackers Can Do with Them

Mon Mar 23 2026

AWS Bedrock is Amazon's platform for building AI-powered applications. It gives developers access to foundation models and the tools to connect those models directly to enterprise data and systems. That connectivity is what makes it powerful – but it’s also what makes Bedrock a target. When an AI agent can query your Salesforce instance, trigger a Lambda function, or pull from a SharePoint...

The Hacker News

Chrome ABE bypass discovered: New VoidStealer malware steals passwords and cookies

Mon Mar 23 2026

A new infostealer is bypassing Chrome’s Application-Bound Encryption (ABE), using a debugger-based technique researchers say hasn’t been seen in the wild before.

CSO Online

Microsoft Warns IRS Phishing Hits 29,000 Users, Deploys RMM Malware

Mon Mar 23 2026

Microsoft has warned of fresh campaigns that are capitalizing on the upcoming tax season in the U.S. to harvest credentials and deliver malware. The email campaigns take advantage of the urgency and time-sensitive nature of emails to send phishing messages masquerading as refund notices, payroll forms, filing reminders, and requests from tax professionals to deceive recipients into opening...

The Hacker News

What Happens When You Can’t Get a Death Certificate in Gaza

Mon Mar 23 2026

For families of the missing, systemic obstacles to identifying remains and locating people in Israeli detention has created a kind of social and legal purgatory.

Wired

Hassan Took a Bike Ride. Now He’s One of the Thousands Missing in Gaza

Mon Mar 23 2026

In a place denied access to basic forensic technology—and where people disappear into Israeli detention—the fate of thousands remains unknown. One of them is an autistic teenager.

Wired

Behavioral XDR and threat intel nab North Korean fake IT worker within 10 days of hire

Mon Mar 23 2026

The North Korea fake IT worker scheme has become a pernicious threat across several industries.

CSO Online

Why US companies must be ready for quantum by 2030: A practical roadmap

Mon Mar 23 2026

Last year, I asked a room of infrastructure, identity and application leaders a simple question: “Where in our environment do we rely on RSA or elliptic curve cryptography?” The first answers were the

CSO Online

Trivy Hack Spreads Infostealer via Docker, Triggers Worm and Kubernetes Wiper

Mon Mar 23 2026

Cybersecurity researchers have uncovered malicious artifacts distributed via Docker Hub following the Trivy supply chain attack, highlighting the widening blast radius across developer environments. The last known clean release of Trivy on Docker Hub is 0.69.3. The malicious versions 0.69.4, 0.69.5, and 0.69.6 have since been removed from the container image library. "New image tags 0.69.5 and...

The Hacker News

The insider threat rises again

Mon Mar 23 2026

Insider threats are coming back in a consequential way.

CSO Online

Hackers Exploit CVE-2025-32975 (CVSS 10.0) to Hijack Unpatched Quest KACE SMA Systems

Mon Mar 23 2026

Threat actors are suspected to be exploiting a maximum-severity security flaw impacting Quest KACE Systems Management Appliance (SMA), according to Arctic Wolf. The cybersecurity company said it observed malicious activity starting the week of March 9, 2026, in customer environments that's consistent with the exploitation of CVE-2025-32975 on unpatched SMA systems exposed to the internet. It's...

The Hacker News

FBI Warns Russian Hackers Target Signal, WhatsApp in Mass Phishing Attacks

Sat Mar 21 2026

Threat actors affiliated with Russian Intelligence Services are conducting phishing campaigns to compromise commercial messaging applications (CMAs) like WhatsApp and Signal to seize control of accounts belonging to individuals with high intelligence value, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI) said Friday. "The campaign...

The Hacker News

Cyberattack on a Car Breathalyzer Firm Leaves Drivers Stuck

Sat Mar 21 2026

Plus: The FBI admits it’s buying phone data to track Americans, Iranian hackers disrupt medical care at Maryland hospitals, and more.

Wired

Oracle Patches Critical CVE-2026-21992 Enabling Unauthenticated RCE in Identity Manager

Sat Mar 21 2026

Oracle has released security updates to address a critical security flaw impacting Identity Manager and Web Services Manager that could be exploited to achieve remote code execution. The vulnerability, tracked as CVE-2026-21992, carries a CVSS score of 9.8 out of a maximum of 10.0. "This vulnerability is remotely exploitable without authentication," Oracle said in an advisory. "If successfully...

The Hacker News

CISA Flags Apple, Craft CMS, Laravel Bugs in KEV, Orders Patching by April 3, 2026

Sat Mar 21 2026

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added five security flaws impacting Apple, Craft CMS, and Laravel Livewire to its Known Exploited Vulnerabilities (KEV) catalog, urging federal agencies to patch them by April 3, 2026. The vulnerabilities that have come under exploitation are listed below - CVE-2025-31277 (CVSS score: 8.8) - A vulnerability in Apple...

The Hacker News

Trivy Supply Chain Attack Triggers Self-Spreading CanisterWorm Across 47 npm Packages

Sat Mar 21 2026

The threat actors behind the supply chain attack targeting the popular Trivy scanner are suspected to be conducting follow-on attacks that have led to the compromise of a large number of npm packages with a previously undocumented self-propagating worm dubbed CanisterWorm. The name is a reference to the fact that the malware uses an ICP canister, which denotes a tamperproof smart contract on...

The Hacker News

Trivy vulnerability scanner backdoored with credential stealer in supply chain attack

Sat Mar 21 2026

Attackers have compromised the widely used open-source Trivy vulnerability scanner, injecting credential-stealing malware into official releases and GitHub Actions used by thousands of CI/CD workflows.

CSO Online

A Top Democrat Is Urging Colleagues to Support Trump’s Spy Machine

Fri Mar 20 2026

Congressman Jim Himes claims a sweeping surveillance authority should stay intact because he hasn't seen abuses by Kash Patel's FBI, according to internal messaging obtained by WIRED.

Wired

Water utilities strengthen cybersecurity through cooperation

Fri Mar 20 2026

Water utilities are finding that letting information flow can flush out cybersecurity problems.

CSO Online

Trivy Security Scanner GitHub Actions Breached, 75 Tags Hijacked to Steal CI/CD Secrets

Fri Mar 20 2026

Trivy, a popular open-source vulnerability scanner maintained by Aqua Security, was compromised a second time within the span of a month to deliver malware capable of stealing sensitive CI/CD secrets. The latest incident impacted GitHub Actions "aquasecurity/trivy-action" and "aquasecurity/setup-trivy," which are used to scan Docker container images for vulnerabilities and set up GitHub Actions...

The Hacker News

Stop using AI to submit bug reports, says Google

Fri Mar 20 2026

Google will no longer accept AI-generated submissions to a program it funded to find bugs in open-source software.

CSO Online

Critical Langflow Flaw CVE-2026-33017 Triggers Attacks within 20 Hours of Disclosure

Fri Mar 20 2026

A critical security flaw impacting Langflow has come under active exploitation within 20 hours of public disclosure, highlighting the speed at which threat actors weaponize newly published vulnerabilities. The security defect, tracked as CVE-2026-33017 (CVSS score: 9.3), is a case of missing authentication combined with code injection that could result in remote code execution. "The POST /api/v1...

The Hacker News

DDoS-Attacken: Schlag gegen internationale Cyberkriminelle

Fri Mar 20 2026

DDos bleibt ein Evergreen unter den Security-Bedrohungen.

CSO Online

Google Adds 24-Hour Wait for Unverified App Sideloading to Reduce Malware and Scams

Fri Mar 20 2026

Google on Thursday announced a new "advanced flow" for Android sideloading that requires a mandatory 24-hour wait period to install apps from unverified developers in an attempt to balance openness with safety. The new changes come against the backdrop of a developer verification mandate the tech giant announced last year that requires all Android apps to be registered by verified developers to...

The Hacker News

The Danger Behind Meta Killing End-to-End Encryption for Instagram DMs

Fri Mar 20 2026

Meta blamed users for not opting into the privacy-protecting feature. Experts fear the move could be the first major domino to fall for end-to-end encryption tech worldwide.

Wired

The Importance of Behavioral Analytics in AI-Enabled Cyber Attacks

Fri Mar 20 2026

Artificial Intelligence (AI) is changing how individuals and organizations conduct many activities, including how cybercriminals carry out phishing attacks and iterate on malware. Now, cybercriminals are using AI to generate personalized phishing emails, deepfakes and malware that evade traditional detection by impersonating normal user activity and bypassing legacy security models. As a result,...

The Hacker News

Magento PolyShell Flaw Enables Unauthenticated Uploads, RCE and Account Takeover

Fri Mar 20 2026

Sansec is warning of a critical security flaw in Magento's REST API that could allow unauthenticated attackers to upload arbitrary executables and achieve code execution and account takeover. The vulnerability has been codenamed PolyShell by Sansec owing to the fact that the attack hinges on disguising malicious code as an image. There is no evidence that the shortcoming has been exploited in...

The Hacker News

The espionage reality: Your infrastructure is already in the collection path

Fri Mar 20 2026

Threat actors have always sought advantage over their targets.

CSO Online

DoJ Disrupts 3 Million-Device IoT Botnets Behind Record 31.4 Tbps Global DDoS Attacks

Fri Mar 20 2026

The U.S. Department of Justice (DoJ) on Thursday announced the disruption of command-and-control (C2) infrastructure used by several Internet of Things (IoT) botnets like AISURU, Kimwolf, JackSkid, and Mossad as part of a court-authorized law enforcement operation. The effort also saw authorities from Canada and Germany targeting the operators behind these botnets, with a number of private...

The Hacker News

Apple Warns Older iPhones Vulnerable to Coruna, DarkSword Exploit Kit Attacks

Fri Mar 20 2026

Apple is urging users who are still running an outdated version of iOS to update their iPhones to secure against web-based attacks carried out via powerful exploit kits like Coruna and DarkSword. These attacks employ malicious web content to target out-of-date versions of iOS, triggering an infection chain that leads to the theft of sensitive data. "For example, if you're using an older...

The Hacker News

Die besten IAM-Tools

Fri Mar 20 2026

Identity & Access Management ist für sicherheitsbewusste Unternehmen im Zero-Trust-Zeitalter Pflicht.

CSO Online