Die besten XDR-Tools

Fri Apr 03 2026

srcset="https://b2b-contenthub.

CSO Online

Cloudflare’s new CMS is not a WordPress killer, it’s a WordPress alternative

Fri Apr 03 2026

Cloudflare on Wednesday rolled out EmDash, which it described as “the spiritual successor to WordPress.

CSO Online

Cisco fixes critical IMC auth bypass present in many products

Thu Apr 02 2026

Cisco has released patches for a critical vulnerability in its out-of-band management solution, present in many of its servers and appliances.

CSO Online

‘Uncanny Valley’: Iran’s Threats on US Tech, Trump’s Plans for Midterms, and Polymarket’s Pop-up Flop

Thu Apr 02 2026

In this episode, we discuss Iran’s threats to target US tech firms, gear up for the midterm elections, and get a scene report from the Polymarket pop-up bar in DC.

Wired

Hackers Exploit CVE-2025-55182 to Breach 766 Next.js Hosts, Steal Credentials

Thu Apr 02 2026

A large-scale credential harvesting operation has been observed exploiting the React2Shell vulnerability as an initial infection vector to steal database credentials, SSH private keys, Amazon Web Services (AWS) secrets, shell command history, Stripe API keys, and GitHub tokens at scale. Cisco Talos has attributed the operation to a threat cluster it tracks as...

The Hacker News

What Happens When a Nuclear Site Is Hit?

Thu Apr 02 2026

As strikes continue on Iran’s nuclear facilities, the real danger isn’t the explosion, but what happens if critical safety systems fail—and how that risk could spread across the Gulf.

Wired

Cisco Patches 9.8 CVSS IMC and SSM Flaws Allowing Remote System Compromise

Thu Apr 02 2026

Cisco has released updates to address a critical security flaw in the Integrated Management Controller (IMC) that, if successfully exploited, could allow an unauthenticated, remote attacker to bypass authentication and gain access to the system with elevated privileges. The vulnerability, tracked as CVE-2026-20093, carries a CVSS score of 9.8 out of a maximum of 10.0. "This...

The Hacker News

ThreatsDay Bulletin: Pre-Auth Chains, Android Rootkits, CloudTrail Evasion & 10 More Stories

Thu Apr 02 2026

The latest ThreatsDay Bulletin is basically a cheat sheet for everything breaking on the internet right now. No corporate fluff or boring lectures here, just a quick and honest look at the messy reality of keeping systems safe this week. Things are moving fast. The list includes researchers chaining small bugs together to create massive backdoors, old software flaws...

The Hacker News

EvilTokens abuses Microsoft device code flow for account takeovers

Thu Apr 02 2026

A new phishing-as-a-service (PhaaS) campaign is abusing Microsoft’s device code authentication flow to gain unauthorized access to user accounts.

CSO Online

Researchers Uncover Mining Operation Using ISO Lures to Spread RATs and Crypto Miners

Thu Apr 02 2026

A financially motivated operation codenamed REF1695 has been observed leveraging fake installers to deploy remote access trojans (RATs) and cryptocurrency miners since November 2023. "Beyond cryptomining, the threat actor monetizes infections through CPA (Cost Per Action) fraud, directing victims to content locker pages under the guise of software registration," Elastic...

The Hacker News

The State of Trusted Open Source Report

Thu Apr 02 2026

In December 2025, we shared the first-ever The State of Trusted Open Source report, featuring insights from our product data and customer base on open source consumption across our catalog of container image projects, versions, images, language libraries, and builds. These insights shed light on what teams pull, deploy, and maintain day to day, alongside the vulnerabilities and...

The Hacker News

Unmasking the Paramilitary Agents Behind Trump’s Violent Immigration Crackdown

Thu Apr 02 2026

A WIRED analysis of DHS records identified dozens of specialized federal agents who used force against US civilians during the largest known deployment of its kind in US history.

Wired

WhatsApp Alerts 200 Users After Fake iOS App Installed Spyware; Italian Firm Faces Action

Thu Apr 02 2026

Meta-owned messaging platform WhatsApp said it alerted about 200 users who were tricked into installing a bogus version of its iOS app that was infected with spyware. According to reports from Italian newspaper La Repubblica and news agency ANSA, the vast majority of the targets are located in Italy. It's assessed that the threat actors behind the activity used social engineering...

The Hacker News

Cybersecurity in the age of instant software

Thu Apr 02 2026

AI is rapidly changing how software is written, deployed, and used.

CSO Online

Apple Expands iOS 18.7.7 Update to More Devices to Block DarkSword Exploit

Thu Apr 02 2026

Apple on Wednesday expanded the availability of iOS 18.7.7 and iPadOS 18.7.7 to a broader range of devices to protect users from the risk posed by a recently disclosed exploit kit known as DarkSword. "We enabled the availability of iOS 18.7.7 for more devices on April 1, 2026, so users with Automatic Updates turned on can automatically receive important security...

The Hacker News

Tools, um MCP-Server abzusichern

Thu Apr 02 2026

srcset="https://b2b-contenthub.

CSO Online

Vim and GNU Emacs: Claude Code helpfully found zero-day exploits for both

Wed Apr 01 2026

Developers can spend days using fuzzing tools to find security weaknesses in code.

CSO Online

CERT-UA Impersonation Campaign Spread AGEWHEEZE Malware to 1 Million Emails

Wed Apr 01 2026

The Computer Emergency Response Team of Ukraine (CERT-UA) has disclosed details of a new phishing campaign in which the cybersecurity agency itself was impersonated to distribute a remote administration tool known as AGEWHEEZE. As part of the attacks, the threat actors, tracked as UAC-0255, sent emails on March 26 and 27, 2026, posing as CERT-UA to distribute a password-protected ZIP archive...

The Hacker News

Microsoft Warns of WhatsApp-Delivered VBS Malware Hijacking Windows via UAC Bypass

Wed Apr 01 2026

Microsoft is calling attention to a new campaign that has leveraged WhatsApp messages to distribute malicious Visual Basic Script (VBS) files. The activity, beginning in late February 2026, leverages these scripts to initiate a multi-stage infection chain for establishing persistence and enabling remote access. It's currently not known what lures the threat actors use to trick users into...

The Hacker News

Block the Prompt, Not the Work: The End of "Doctor No"

Wed Apr 01 2026

There is a character that keeps appearing in enterprise security departments, and most CISOs know exactly who that is. It doesn’t build. It doesn’t enable. Its entire function is to say "No." No to ChatGPT. No to DeepSeek. No to the file-sharing tool the product team swears by. For years, this looked like security. But in 2026, "Doctor No" is no longer just a management headache &...

The Hacker News

Casbaneiro Phishing Targets Latin America and Europe Using Dynamic PDF Lures

Wed Apr 01 2026

A multi-pronged phishing campaign is targeting Spanish-speaking users in organizations across Latin America and Europe to deliver Windows banking trojans like Casbaneiro (aka Metamorfo) via another malware called Horabot. The activity has been attributed to a Brazilian cybercrime threat actor tracked as Augmented Marauder and Water Saci. The e-crime group was first documented by Trend Micro in...

The Hacker News

New Chrome Zero-Day CVE-2026-5281 Under Active Exploitation — Patch Released

Wed Apr 01 2026

Google on Thursday released security updates for its Chrome web browser to address 21 vulnerabilities, including a zero-day flaw that it said has been exploited in the wild. The high-severity vulnerability, CVE-2026-5281 (CVSS score: N/A), concerns a use-after-free bug in Dawn, an open-source and cross-platform implementation of the WebGPU standard. "Use-after-free in Dawn in Google Chrome prior...

The Hacker News

3 Reasons Attackers Are Using Your Trusted Tools Against You (And Why You Don’t See It Coming)

Wed Apr 01 2026

For years, cybersecurity has followed a familiar model: block malware, stop the attack. Now, attackers are moving on to what’s next. Threat actors now use malware less frequently in favor of what’s already inside your environment, including abusing trusted tools, native binaries, and legitimate admin utilities to move laterally, escalate privileges, and persist without raising alarms. Most...

The Hacker News

Security awareness is not a control: Rethinking human risk in enterprise security

Wed Apr 01 2026

Organizations have been responding to phishing, business email compromise, and credential theft in essentially the same manner for over ten years.

CSO Online

9 ways CISOs can combat AI hallucinations

Wed Apr 01 2026

AI hallucinations are a well-known problem and, when it comes to compliance assessments, these convincing but inaccurate assessments can cause real damage with poor risk assessments, incorrect policy

CSO Online

Google Attributes Axios npm Supply Chain Attack to North Korean Group UNC1069

Wed Apr 01 2026

Google has formally attributed the supply chain compromise of the popular Axios npm package to a financially motivated North Korean threat activity cluster tracked as UNC1069. "We have attributed the attack to a suspected North Korean threat actor we track as UNC1069," John Hultquist, chief analyst at Google Threat Intelligence Group (GTIG), told The Hacker News in a statement. "North Korean...

The Hacker News

Claude Code Source Leaked via npm Packaging Error, Anthropic Confirms

Wed Apr 01 2026

Anthropic on Tuesday confirmed that internal code for its popular artificial intelligence (AI) coding assistant, Claude Code, had been inadvertently released due to a human error. "No sensitive customer data or credentials were involved or exposed," an Anthropic spokesperson said in a statement shared with CNBC News. "This was a release packaging issue caused by human error, not a security...

The Hacker News

Enterprise Spotlight: Setting the 2026 IT agenda

Wed Apr 01 2026

IT leaders are setting their operations strategies for 2026 with an eye toward agility, flexibility, and tangible business results.

CSO Online

Attack Surface Management – ein Kaufratgeber

Wed Apr 01 2026

Mit diesen Attack Surface Management Tools sorgen Sie im Idealfall dafür, dass sich Angreifer gar nicht erst verbeißen.

CSO Online

Anthropic employee error exposes Claude Code source

Wed Apr 01 2026

An Anthropic employee accidentally exposed the entire proprietary source code for its AI programming tool, Claude Code, by including a source map file in a version of the tool posted on Anthropic’s op

CSO Online

Apple Will Push Out Rare ‘Backported’ Patches to Protect iOS 18 Users From DarkSword Hacking Tool

Wed Apr 01 2026

As DarkSword spreads, Apple tells WIRED it will enable iOS 18-specific fixes for millions of iPhone owners who remain on that iOS version rather than force them to update to iOS 26.

Wired

Iran Threatens to Start Attacking Major US Tech Firms on April 1

Tue Mar 31 2026

Tech giants like Apple, Google, and Microsoft are among those on a target list released by Iran’s Islamic Revolutionary Guard Corps.

Wired

Attackers trojanize Axios HTTP library in highest-impact npm supply chain attack

Tue Mar 31 2026

Attackers compromised the npm account of the lead maintainer of Axios, a widely used JavaScript HTTP client library, and used it to publish malicious versions of the package that deployed a cross-plat

CSO Online

5-month-old F5 BIG-IP DoS bug becomes critical RCE exploited in the wild

Tue Mar 31 2026

A vulnerability misclassified five months ago as a denial-of-service issue in F5 BIG-IP Access Policy Manager (APM) turned out to be a critical pre-authentication remote code execution flaw that is no

CSO Online

Android Developer Verification Rollout Begins Ahead of September Enforcement

Tue Mar 31 2026

Google on Monday said it's officially rolling out Android developer verification to all developers to combat the problem of bad actors distributing harmful apps while "hiding behind anonymity." The development comes ahead of a planned verification mandate that goes into effect in Brazil, Indonesia, Singapore, and Thailand this September, before it expands globally next year. As part of this...

The Hacker News

The US Military’s GPS Software Is an $8 Billion Mess

Tue Mar 31 2026

The GPS Next-Generation Operational Control System was due for completion in 2016. Ten years later, the software for controlling the military’s GPS satellites still doesn’t work.

Wired

TrueConf Zero-Day Exploited in Attacks on Southeast Asian Government Networks

Tue Mar 31 2026

A high-severity security flaw in the TrueConf client video conferencing software has been exploited in the wild as a zero-day as part of a campaign targeting government entities in Southeast Asia dubbed TrueChaos. The vulnerability in question is CVE-2026-3502 (CVSS score: 7.8), a lack of integrity check when fetching application update code, allowing an attacker to distribute a tampered update,...

The Hacker News

The Broken System That Keeps Shipping Crews Stranded in the Strait of Hormuz

Tue Mar 31 2026

Vessels are increasingly being abandoned during the war on Iran, revealing a hidden failure in the global systems that keep goods—and people—moving.

Wired

Vertex AI Vulnerability Exposes Google Cloud Data and Private Artifacts

Tue Mar 31 2026

Cybersecurity researchers have disclosed a security "blind spot" in Google Cloud's Vertex AI platform that could allow artificial intelligence (AI) agents to be weaponized by an attacker to gain unauthorized access to sensitive data and compromise an organization's cloud environment. According to Palo Alto Networks Unit 42, the issue relates to how the Vertex AI permission model can be misused...

The Hacker News

OpenAI patches twin leaks as Codex slips and ChatGPT spills

Tue Mar 31 2026

OpenAI has fixed two flaws in its AI stack that could allow AI agents to move sensitive data in unintended ways.

CSO Online

The AI Arms Race – Why Unified Exposure Management Is Becoming a Boardroom Priority

Tue Mar 31 2026

The cybersecurity landscape is accelerating at an unprecedented rate. What is emerging is not simply a rise in the number of vulnerabilities or tools, but a dramatic increase in speed. Speed of attack, speed of exploitation, and speed of change across modern environments. This is the defining challenge of the new era of digital warfare: the weaponization of Artificial Intelligence. Threat actors...

The Hacker News

Silver Fox Expands Asia Cyber Campaign with AtlasCross RAT and Fake Domains

Tue Mar 31 2026

Chinese-speaking users are the target of an active campaign that uses typosquatted domains impersonating trusted software brands to deliver a previously undocumented remote access trojan named AtlasCross RAT. "The operation covers VPN clients, encrypted messengers, video conferencing tools, cryptocurrency trackers, and e-commerce applications, with eleven confirmed delivery domains impersonating...

The Hacker News

8 ways to bolster your security posture on the cheap

Tue Mar 31 2026

As every CISO knows, maintaining a strong cybersecurity posture is costly.

CSO Online

The external pressures redefining cybersecurity risk

Tue Mar 31 2026

Over the last four years, I’ve watched organizations get blindsided by threats that originated in a third-party network.

CSO Online

6 key takeaways from RSA Conference 2026

Tue Mar 31 2026

Writing a conference preview is an act of professional speculation.

CSO Online

Fahndung nach Cyberkriminellen – 130 Firmen attackiert

Tue Mar 31 2026

130 Unternehmen und Institutionen gerieten ins Visier der Hacker.

CSO Online

Axios Supply Chain Attack Pushes Cross-Platform RAT via Compromised npm Account

Tue Mar 31 2026

The popular HTTP client known as Axios has suffered a supply chain attack after two newly published versions of the npm package introduced a malicious dependency that delivers a trojan capable of targeting Windows, macOS, and Linux systems. Versions 1.14.1 and 0.30.4 of Axios have been found to inject "plain-crypto-js" version 4.2.1 as a fake dependency. According to StepSecurity, the two...

The Hacker News

Fortinet hit by another exploited cybersecurity flaw

Mon Mar 30 2026

Yet another critical flaw in a Fortinet product has come to light as attackers continue to target the company, this time by actively exploiting a critical SQL injection vulnerability in the cybersecur

CSO Online

OpenAI Patches ChatGPT Data Exfiltration Flaw and Codex GitHub Token Vulnerability

Mon Mar 30 2026

A previously unknown vulnerability in OpenAI ChatGPT allowed sensitive conversation data to be exfiltrated without user knowledge or consent, according to new findings from Check Point. "A single malicious prompt could turn an otherwise ordinary conversation into a covert exfiltration channel, leaking user messages, uploaded files, and other sensitive content," the cybersecurity company said in...

The Hacker News

DeepLoad Malware Uses ClickFix and WMI Persistence to Steal Browser Credentials

Mon Mar 30 2026

A new campaign has leveraged the ClickFix social engineering tactic as a way to distribute a previously undocumented malware loader referred to as DeepLoad. "It likely uses AI-assisted obfuscation and process injection to evade static scanning, while credential theft starts immediately and captures passwords and sessions even if the primary loader is blocked," ReliaQuest researchers Thassanai...

The Hacker News

⚡ Weekly Recap: Telecom Sleeper Cells, LLM Jailbreaks, Apple Forces U.K. Age Checks and More

Mon Mar 30 2026

Some weeks are loud. This one was quieter but not in a good way. Long-running operations are finally hitting courtrooms, old attack methods are showing up in new places, and research that stopped being theoretical right around the time defenders stopped paying attention. There's a bit of everything this week. Persistence plays, legal wins, influence ops, and at least one thing that looks boring...

The Hacker News

3 SOC Process Fixes That Unlock Tier 1 Productivity

Mon Mar 30 2026

What is really slowing Tier 1 down: the threat itself or the process around it? In many SOCs, the biggest delays do not come from the threat alone. They come from fragmented workflows, manual triage steps, and limited visibility early in the investigation. Fixing those process gaps can help Tier 1 move faster, reduce unnecessary escalations, and improve how the entire SOC responds under pressure...

The Hacker News

Russian CTRL Toolkit Delivered via Malicious LNK Files Hijacks RDP via FRP Tunnels

Mon Mar 30 2026

Cybersecurity researchers have discovered a remote access toolkit of Russian-origin that's distributed via malicious Windows shortcut (LNK) files that are disguised as private key folders. The CTRL toolkit, according to Censys, is custom-built using .NET and includes various executables" to facilitate credential phishing, keylogging, Remote Desktop Protocol (RDP) hijacking, and reverse tunneling...

The Hacker News

LangChain path traversal bug adds to input validation woes in AI pipelines

Mon Mar 30 2026

Security researchers are warning that applications using AI frameworks without proper safeguards can expose sensitive information in basic, yet critical, non-AI ways.

CSO Online

Leak reveals Anthropic’s ‘Mythos,’ a powerful AI model aimed at cybersecurity use cases

Mon Mar 30 2026

Anthropic didn’t intend to introduce Mythos this way.

CSO Online

The State of Secrets Sprawl 2026: 9 Takeaways for CISOs

Mon Mar 30 2026

Secrets sprawl isn't slowing down: in 2025, it accelerated faster than most security teams anticipated. GitGuardian's State of Secrets Sprawl 2026 report analyzed billions of commits across public GitHub and uncovered 29 million new hardcoded secrets in 2025 alone, a 34% increase year over year and the largest single-year jump ever recorded. This year's findings reveal three core trends: AI has...

The Hacker News

APIs are the new perimeter: Here’s how CISOs are securing them

Mon Mar 30 2026

Recent breaches suggest attackers are shifting beyond traditional endpoints to target application programming interfaces (APIs).

CSO Online

Why Kubernetes controllers are the perfect backdoor

Mon Mar 30 2026

In my years securing cloud-native environments, I’ve noticed a recurring blind spot.

CSO Online

Three China-Linked Clusters Target Southeast Asian Government in 2025 Cyber Campaign

Mon Mar 30 2026

Three threat activity clusters aligned with China have targeted a government organization in Southeast Asia as part of what has been described as a "complex and well-resourced operation." The campaigns have led to the deployment of various malware families, including HIUPAN (aka USBFect, MISTCLOAK, or U2DiskWatch), PUBLOAD, EggStremeFuel (aka RawCookie), EggStremeLoader (aka Gorem RAT), MASOL...

The Hacker News

Data Security Posture Management: Die besten DSPM-Tools

Mon Mar 30 2026

Data Security Posture Management erfordert nicht nur die richtigen Tools, sondern auch eine entsprechende Vorbereitung.

CSO Online

Iran-Linked Hackers Breach FBI Director’s Personal Email, Hit Stryker With Wiper Attack

Sat Mar 28 2026

Threat actors with ties to Iran successfully broke into the personal email account of Kash Patel, the director of the U.S. Federal Bureau of Investigation (FBI), and leaked a cache of photos and other documents to the internet. Handala Hack Team, which carried out the breach, said on its website that Patel "will now find his name among the list of successfully hacked victims." In a statement...

The Hacker News

Citrix NetScaler Under Active Recon for CVE-2026-3055 (CVSS 9.3) Memory Overread Bug

Sat Mar 28 2026

A recently disclosed critical security flaw impacting Citrix NetScaler ADC and NetScaler Gateway is witnessing active reconnaissance activity, according to Defused Cyber and watchTowr. The vulnerability, CVE-2026-3055 (CVSS score: 9.3), refers to a case of insufficient input validation leading to memory overread, which an attacker could exploit to leak potentially sensitive information. Per...

The Hacker News

CISA Adds CVE-2025-53521 to KEV After Active F5 BIG-IP APM Exploitation

Sat Mar 28 2026

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added a critical security flaw impacting F5 BIG-IP Access Policy Manager (APM) to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerability in question is CVE-2025-53521 (CVSS v4 score: 9.3), which could allow a threat actor to achieve remote code execution. "When a...

The Hacker News

TA446 Deploys DarkSword iOS Exploit Kit in Targeted Spear-Phishing Campaign

Sat Mar 28 2026

Proofpoint has disclosed details of a targeted email campaign in which threat actors with ties to Russia are leveraging the recently disclosed DarkSword exploit kit to target iOS devices. The activity has been attributed with high confidence to the Russian state-sponsored threat group known as TA446, which is also tracked by the broader cybersecurity community under the monikers Callisto,...

The Hacker News

European Commission data stolen in a cyberattack on the infrastructure hosting its web sites

Fri Mar 27 2026

The European Commission is continuing to investigate the theft of data from its cloud infrastructure earlier this week.

CSO Online

Iranian Hackers Breached Kash Patel’s Email—but Not the FBI’s

Fri Mar 27 2026

Plus: Apple makes big claims about the effectiveness of its Lockdown Mode anti-spyware feature, Russia moves to implement homegrown encryption for 5G, and more.

Wired

Lloyds Bank reveals how IT bug exposed transaction data

Fri Mar 27 2026

Lloyds Banking Group has identified the glitch that led to some of its customers being able to see details of other customers’ transactions on March 12.

CSO Online

Apple Sends Lock Screen Alerts to Outdated iPhones Over Active Web-Based Exploits

Fri Mar 27 2026

Apple is now sending Lock Screen notifications to iPhones and iPads running older versions of iOS and iPadOS to alert users of web-based attacks and urge them to install the update. The development was first reported by MacRumors. "Apple is aware of attacks targeting out-of-date iOS software, including the version on your iPhone. Install this critical update to protect your iPhone," the...

The Hacker News

TeamPCP Pushes Malicious Telnyx Versions to PyPI, Hides Stealer in WAV Files

Fri Mar 27 2026

TeamPCP, the threat actor behind the supply chain attack targeting Trivy, KICS, and litellm, has now compromised the telnyx Python package by pushing two malicious versions to steal sensitive data. The two versions, 4.87.1 and 4.87.2, published to the Python Package Index (PyPI) repository on March 27, 2026, concealed their credential harvesting capabilities within a .WAV file. Users are...

The Hacker News