9 unverzichtbare Open-Source-Security-Tools

Thu Feb 26 2026

Diese Open-Source-Tools adressieren spezifische Security-Probleme – mit minimalem Footprint.

CSO Online

So rechtfertigen Sie Ihre Security-Investitionen

Thu Feb 26 2026

Lesen Sie, welche Aspekte entscheidend sind, um die Investitionen in die Cybersicherheit im Unternehmen zu rechtfertigen.

CSO Online

Steaelite RAT combines data theft and ransomware management capability in one tool

Thu Feb 26 2026

It’s bad enough that threat actors are leveraging AI for their attacks, but now they can also access a new remote access trojan (RAT) that makes it easy to launch data theft and ransomware attacks on

CSO Online

Five Eyes issue emergency directive on exploited Cisco SD-WAN zero-day

Wed Feb 25 2026

Cybersecurity agencies across the Five Eyes alliance have issued an emergency directive warning that a critical Cisco SD-WAN vulnerability is being actively exploited to gain unauthorized access to fe

CSO Online

Google Disrupts UNC2814 GRIDTIDE Campaign After 53 Breaches Across 42 Countries

Wed Feb 25 2026

Google on Wednesday disclosed that it worked with industry partners to disrupt the infrastructure of a suspected China-nexus cyber espionage group tracked as UNC2814 that breached at least 53 organizations across 42 countries. "This prolific, elusive actor has a long history of targeting international governments and global telecommunications organizations across Africa, Asia, and the Americas,"...

The Hacker News

Claude Code Flaws Allow Remote Code Execution and API Key Exfiltration

Wed Feb 25 2026

Cybersecurity researchers have disclosed multiple security vulnerabilities in Anthropic's Claude Code, an artificial intelligence (AI)-powered coding assistant, that could result in remote code execution and theft of API credentials. "The vulnerabilities exploit various configuration mechanisms, including Hooks, Model Context Protocol (MCP) servers, and environment variables – executing...

The Hacker News

SLH Offers $500–$1,000 Per Call to Recruit Women for IT Help Desk Vishing Attacks

Wed Feb 25 2026

The notorious cybercrime collective known as Scattered LAPSUS$ Hunters (SLH) has been observed offering financial incentives to recruit women to pull off social engineering attacks. The idea is to hire them for voice phishing campaigns targeting IT help desks, Dataminr said in a new threat brief. The group is said to be offering anywhere between $500 and $1,000 upfront per call, in addition to...

The Hacker News

Top 5 Ways Broken Triage Increases Business Risk Instead of Reducing It

Wed Feb 25 2026

Triage is supposed to make things simpler. In a lot of teams, it does the opposite. When you can’t reach a confident verdict early, alerts turn into repeat checks, back-and-forth, and “just escalate it” calls. That cost doesn’t stay inside the SOC; it shows up as missed SLAs, higher cost per case, and more room for real threats to slip through. So where does triage go wrong? Here are five triage...

The Hacker News

Malicious NuGet Packages Stole ASP.NET Data; npm Package Dropped Malware

Wed Feb 25 2026

Cybersecurity researchers have discovered four malicious NuGet packages that are designed to target ASP.NET web application developers to steal sensitive data. The campaign, discovered by Socket, exfiltrates ASP.NET Identity data, including user accounts, role assignments, and permission mappings, as well as manipulates authorization rules to create persistent backdoors in victim applications....

The Hacker News

Microsoft warns of job‑themed repo lures targeting developers with multi‑stage backdoors

Wed Feb 25 2026

Microsoft says it has uncovered a coordinated campaign targeting software developers through malicious repositories posing as legitimate Next.

CSO Online

Manual Processes Are Putting National Security at Risk

Wed Feb 25 2026

Why automating sensitive data transfers is now a mission-critical priority More than half of national security organizations still rely on manual processes to transfer sensitive data, according to The CYBER360: Defending the Digital Battlespace report. This should alarm every defense and government leader because manual handling of sensitive data is not just inefficient, it is a systemic...

The Hacker News

How Mexico's ‘CJNG’ Drug Cartel Embraced AI, Drones, and Social Media

Wed Feb 25 2026

Drug kingpin Nemesio “El Mencho” Oseguera Cervantes may be dead, but the Jalisco cartel he ran for years will likely outlive him—thanks, in part, to the criminal group’s embrace of technology.

Wired

Ukrainian convicted for helping fake North Korean IT workers

Wed Feb 25 2026

A Ukrainian man has been sentenced to five years in prison after helping North Korean IT workers infiltrate American companies using stolen identities, reports Bleepingcomputer.

CSO Online

Defense Contractor Employee Jailed for Selling 8 Zero-Days to Russian Broker

Wed Feb 25 2026

A 39-year-old Australian national who was previously employed at U.S. defense contractor L3Harris has been sentenced to a little over seven years in prison for selling eight zero-day exploits to Russian exploit broker Operation Zero in exchange for millions of dollars. Peter Williams pleaded guilty to two counts of theft of trade secrets in October 2025. In addition to the jail term, Williams...

The Hacker News

SolarWinds Patches 4 Critical Serv-U 15.5 Flaws Allowing Root Code Execution

Wed Feb 25 2026

SolarWinds has released updates to address four critical security flaws in its Serv-U file transfer software that, if successfully exploited, could result in remote code execution. The vulnerabilities, all rated 9.1 on the CVSS scoring system, are listed below - CVE-2025-40538 - A broken access control vulnerability that allows an attacker to create a system admin user and execute arbitrary...

The Hacker News

Boards don’t need cyber metrics — they need risk signals

Wed Feb 25 2026

Security teams live in a world of numbers.

CSO Online

CISA Confirms Active Exploitation of FileZen CVE-2026-25108 Vulnerability

Wed Feb 25 2026

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a recently disclosed vulnerability in FileZen to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerability, tracked as CVE-2026-25108 (CVSS v4 score: 8.7), is a case of operating system (OS) command injection that could allow an authenticated user to execute...

The Hacker News

Hacker knackt 600 Firewalls in einem Monat – mit KI

Wed Feb 25 2026

Bedrohungsakteure setzen zunehmend KI-Tools ein, um ihre Angriffe durchzuführen.

CSO Online

So verändert KI Ihre GRC-Strategie

Wed Feb 25 2026

Rob Schultz / Shutterstock Da Unternehmen Cybersicherheit in ihre GRC (Governance, Risk & Compliance)-Prozesse integrieren, müssen bestehende Programme überarbeitet werden.

CSO Online

New Serv-U bugs extend SolarWinds’ run of high-severity disclosures

Wed Feb 25 2026

SolarWinds continues to be besieged by security issues, this time in its Serv-U managed file transfer server.

CSO Online

Fake Zoom meeting silently installs surveillance software, says Malwarebytes

Wed Feb 25 2026

The latest fake Zoom meeting scam silently pushes surveillance software onto the Windows computers of unwitting employees.

CSO Online

VMware fixes command injection flaw in Aria Operations

Wed Feb 25 2026

VMware has released patches for several high- and medium-risk vulnerabilities that impact its Aria Operations, Cloud Foundation, Telco Cloud Platform, and Telco Cloud Infrastructure products.

CSO Online

Here’s What a Google Subpoena Response Looks Like, Courtesy of the Epstein Files

Tue Feb 24 2026

The US Justice Department disclosures give fresh clues about how tech companies handle government inquiries about your data.

Wired

What does business email compromise look like?

Tue Feb 24 2026

Business email compromise (BEC) is the digital con dressed to impress.

CSO Online

What are the types of ransomware attacks?

Tue Feb 24 2026

Ransomware isn’t an isolated, potential cyber threat—it’s like a living organism that can shapeshift with multiple strains, tactics, and targets.

CSO Online

Take control: Locking down common endpoint vulnerabilities

Tue Feb 24 2026

Attackers are constantly on the prowl, scoping out vulnerabilities of network-connected devices in your systems.

CSO Online

How to prevent business email compromise

Tue Feb 24 2026

Business email compromise (BEC) is the cyber equivalent of an expertly forged handwritten note—no malware fireworks, no flashing warnings, just a convincing request that tricks someone into wiring mon

CSO Online

Know the red flags: Business email compromise signs to look out for

Tue Feb 24 2026

When it comes to cyber threats, business email compromise (BEC) is one of the sneakiest, most costly scams out there.

CSO Online

Cyber defense: From reactive to proactive

Tue Feb 24 2026

When systems are attacked, we should respond.

CSO Online

RoguePilot Flaw in GitHub Codespaces Enabled Copilot to Leak GITHUB_TOKEN

Tue Feb 24 2026

A vulnerability in GitHub Codespaces could have been exploited by bad actors to seize control of repositories by injecting malicious Copilot instructions in a GitHub issue. The artificial intelligence (AI)-driven vulnerability has been codenamed RoguePilot by Orca Security. It has since been patched by Microsoft following responsible disclosure. "Attackers can craft hidden instructions inside a...

The Hacker News

UAC-0050 Targets European Financial Institution With Spoofed Domain and RMS Malware

Tue Feb 24 2026

A Russia-aligned threat actor has been observed targeting a European financial institution as part of a social engineering attack to likely facilitate intelligence gathering or financial theft, signaling a possible expansion of the threat actor's targeting beyond Ukraine and into entities supporting the war-torn nation. The activity, which targeted an unnamed entity involved in regional...

The Hacker News

Identity Prioritization isn't a Backlog Problem - It's a Risk Math Problem

Tue Feb 24 2026

Most identity programs still prioritize work the way they prioritize IT tickets: by volume, loudness, or “what failed a control check.” That approach breaks the moment your environment stops being mostly-human and mostly-onboarded. In modern enterprises, identity risk is created by a compound of factors: control posture, hygiene, business context, and intent. Any one of these can perhaps be...

The Hacker News

Lazarus Group Uses Medusa Ransomware in Middle East and U.S. Healthcare Attacks

Tue Feb 24 2026

The North Korea-linked Lazarus Group (aka Diamond Sleet and Pompilus) has been observed using Medusa ransomware in an attack targeting an unnamed entity in the Middle East, according to a new report by the Symantec and Carbon Black Threat Hunter Team. Broadcom's threat intelligence division said it also identified the same threat actors mounting an unsuccessful attack against a healthcare...

The Hacker News

Shai-Hulud-style NPM worm hits CI pipelines and AI coding tools

Tue Feb 24 2026

A massive Shai-Hulud-style npm supply chain worm is hitting the software ecosystem, burrowing through developer machines, CI pipelines, and AI coding tools.

CSO Online

UnsolicitedBooker Targets Central Asian Telecoms With LuciDoor and MarsSnake Backdoors

Tue Feb 24 2026

The threat activity cluster known as UnsolicitedBooker has been observed targeting telecommunications companies in Kyrgyzstan and Tajikistan, marking a shift from prior attacks aimed at Saudi Arabian entities. The attacks involve the deployment of two distinct backdoors codenamed LuciDoor and MarsSnake, according to a report published by Positive Technologies last week. "The group used several...

The Hacker News

Bitcoin-Milliarden von Raubkopie-Portal im Visier der Justiz

Tue Feb 24 2026

Urheberrechtsverstöße sind ein einträglisches Geschäft.

CSO Online

It’s time to rethink CISO reporting lines

Tue Feb 24 2026

Despite inroads in the C-suite and rising prominence across the business at large, security leaders are still more likely to operate at a remove from the organization’s executive leadership when it co

CSO Online

The rise of the evasive adversary

Tue Feb 24 2026

Since the earliest days of the internet, there has never been a let-up in adversarial activity.

CSO Online

Anthropic’s Claude Code Security rollout is an industry wakeup call

Tue Feb 24 2026

When Anthropic launched a “limited research preview” of its Claude Code Security offering on Friday, Wall Street investors sent the stocks of the largest cybersecurity vendors plunging.

CSO Online

Anthropic Says Chinese AI Firms Used 16 Million Claude Queries to Copy Model

Tue Feb 24 2026

Anthropic on Monday said it identified "industrial-scale campaigns" mounted by three artificial intelligence (AI) companies, DeepSeek, Moonshot AI, and MiniMax, to illegally extract Claude's capabilities to improve their own models. The distillation attacks generated over 16 million exchanges with its large language model (LLM) through about 24,000 fraudulent accounts in violation of its terms...

The Hacker News

OT-Security: Warum der Blick auf Open Source lohnt

Tue Feb 24 2026

Auch im OT-Security-Bereich stellen Open-Source-Lösungen eine kostengünstige Alternative zu kommerziellen Tools dar.

CSO Online

Russian group uses AI to exploit weakly-protected Fortinet firewalls, says Amazon

Tue Feb 24 2026

A Russian-speaking threat actor is using commercial generative AI services to compromise hundreds of Fortinet Fortigate firewalls, warns Amazon Threat Intelligence.

CSO Online

APT28 Targeted European Entities Using Webhook-Based Macro Malware

Mon Feb 23 2026

The Russia-linked state-sponsored threat actor tracked as APT28 has been attributed to a new campaign targeting specific entities in Western and Central Europe. The activity, per S2 Grupo's LAB52 threat intelligence team, was active between September 2025 and January 2026. It has been codenamed Operation MacroMaze. "The campaign relies on basic tooling and the exploitation of legitimate services...

The Hacker News

Wormable XMRig Campaign Uses BYOVD Exploit and Time-Based Logic Bomb

Mon Feb 23 2026

Cybersecurity researchers have disclosed details of a new cryptojacking campaign that uses pirated software bundles as lures to deploy a bespoke XMRig miner program on compromised hosts. "Analysis of the recovered dropper, persistence triggers, and mining payload reveals a sophisticated, multi-stage infection prioritizing maximum cryptocurrency mining hashrate, often destabilizing the victim...

The Hacker News

⚡ Weekly Recap: Double-Tap Skimmers, PromptSpy AI, 30Tbps DDoS, Docker Malware & More

Mon Feb 23 2026

Security news rarely moves in a straight line. This week, it feels more like a series of sharp turns, some happening quietly in the background, others playing out in public view. The details are different, but the pressure points are familiar. Across devices, cloud services, research labs, and even everyday apps, the line between normal behavior and hidden risk keeps getting thinner. Tools...

The Hacker News

Hacker stiehlt Daten von Tausenden RTL-Mitarbeitern

Mon Feb 23 2026

Ein Hacker hat sich Zugriff auf Mitarbeiterdaten von RTL verschafft.

CSO Online

How Exposed Endpoints Increase Risk Across LLM Infrastructure

Mon Feb 23 2026

As more organizations run their own Large Language Models (LLMs), they are also deploying more internal services and Application Programming Interfaces (APIs) to support those models. Modern security risks are being introduced less from the models themselves and more from the infrastructure that serves, connects and automates the model. Each new LLM endpoint expands the attack surface, often in...

The Hacker News

New Arkanix stealer blends rapid Python harvesting with stealthier C++ payloads

Mon Feb 23 2026

A newly uncovered infostealer, suspected to be built with the help of a large language model, is targeting victims with Python and C++ variants, each tailored for a different stage of data theft.

CSO Online

Attackers exploit Ivanti EPMM zero-days to seize control of MDM servers

Mon Feb 23 2026

Attackers are actively exploiting two critical zero-day vulnerabilities in Ivanti’s Endpoint Manager Mobile (EPMM) to gain unauthenticated control of enterprise mobile device management infrastructure

CSO Online

Malicious npm Packages Harvest Crypto Keys, CI Secrets, and API Tokens

Mon Feb 23 2026

Cybersecurity researchers have disclosed what they say is an active "Shai-Hulud-like" supply chain worm campaign that has leveraged a cluster of at least 19 malicious npm packages to enable credential harvesting and cryptocurrency key theft. The campaign has been codenamed SANDWORM_MODE by supply chain security company Socket. As with prior Shai-Hulud attack waves, the malicious code embedded...

The Hacker News

MuddyWater Targets MENA Organizations with GhostFetch, CHAR, and HTTP_VIP

Mon Feb 23 2026

The Iranian hacking group known as MuddyWater (aka Earth Vetala, Mango Sandstorm, and MUDDYCOAST) has targeted several organizations and individuals mainly located across the Middle East and North Africa (MENA) region as part of a new campaign codenamed Operation Olalampo. The activity, first observed on January 26, 2026, has resulted in the deployment of new malware families that share...

The Hacker News

13 ways attackers use generative AI to exploit your systems

Mon Feb 23 2026

Artificial intelligence is revolutionizing the technology industry and this is equally true for the cybercrime ecosystem, as cybercriminals are increasingly leveraging generative AI to improve their t

CSO Online

AI-Assisted Threat Actor Compromises 600+ FortiGate Devices in 55 Countries

Sat Feb 21 2026

A Russian-speaking, financially motivated threat actor has been observed taking advantage of commercial generative artificial intelligence (AI) services to compromise over 600 FortiGate devices located in 55 countries. That's according to new findings from Amazon Threat Intelligence, which said it observed the activity between January 11 and February 18, 2026. "No exploitation of FortiGate...

The Hacker News

Password Managers Share a Hidden Weakness

Sat Feb 21 2026

Plus: The cybersecurity community grapples with Epstein files revelations, the US State Department plans an online anti-censorship “portal” for the world, and more.

Wired

‘Narco-Submarine’ Carrying 4 Tons of Cocaine Captured by Mexico's Navy

Sat Feb 21 2026

Following increased surveillance and patrols of routes used by transnational drug-trafficking networks, Mexican authorities have seized approximately 10 tons of cocaine in the past week alone.

Wired

Anthropic Launches Claude Code Security for AI-Powered Vulnerability Scanning

Sat Feb 21 2026

Artificial intelligence (AI) company Anthropic has begun to roll out a new security feature for Claude Code that can scan a user's software codebase for vulnerabilities and suggest patches. The capability, called Claude Code Security, is currently available in a limited research preview to Enterprise and Team customers. "It scans codebases for security vulnerabilities and suggests targeted...

The Hacker News

CISA Adds Two Actively Exploited Roundcube Flaws to KEV Catalog

Sat Feb 21 2026

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added two security flaws impacting Roundcube webmail software to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerabilities in question are listed below - CVE-2025-49113 (CVSS score: 9.9) - A deserialization of untrusted data vulnerability that allows remote code...

The Hacker News

EC-Council Expands AI Certification Portfolio to Strengthen U.S. AI Workforce Readiness and Security

Sat Feb 21 2026

With $5.5 trillion in global AI risk exposure and 700,000 U.S. workers needing reskilling, four new AI certifications and Certified CISO v4 help close the gap between AI adoption and workforce readiness. EC-Council, creator of the world-renowned Certified Ethical Hacker (CEH) credential and a global leader in applied cybersecurity education, today launched its Enterprise AI Credential Suite,...

The Hacker News

Compromised npm package silently installs OpenClaw on developer machines

Sat Feb 21 2026

A new security bypass has users installing AI agent OpenClaw — whether they intended to or not.

CSO Online

DHS Wants a Single Search Engine to Flag Faces and Fingerprints Across Agencies

Fri Feb 20 2026

Homeland Security aims to combine its face and fingerprint systems into one big biometric platform—after dismantling centralized privacy reviews and key limits on face recognition.

Wired

Metadata Exposes Authors of ICE’s ‘Mega’ Detention Center Plans

Fri Feb 20 2026

Comments and other data left on a PDF detailing Homeland Security’s proposal to build “mega” detention and processing centers reveal the personnel involved in its creation.

Wired

Don’t trust TrustConnect: This fake remote support tool only helps hackers

Fri Feb 20 2026

After breaking into a system, crooks often install legitimate remote admin tools to keep a foothold on the network — with the risk that the tool’s vendor spots them and locks them out.

CSO Online

BeyondTrust Flaw Used for Web Shells, Backdoors, and Data Exfiltration

Fri Feb 20 2026

Threat actors have been observed exploiting a recently disclosed critical security flaw impacting BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA) products to conduct a wide range of malicious actions, including deploying VShell and  The vulnerability, tracked as CVE-2026-1731 (CVSS score: 9.9), allows attackers to execute operating system commands in the context of the...

The Hacker News

Cline CLI 2.3.0 Supply Chain Attack Installed OpenClaw on Developer Systems

Fri Feb 20 2026

In yet another software supply chain attack, the open-source, artificial intelligence (AI)-powered coding assistant Cline CLI was updated to stealthily install OpenClaw, a self-hosted autonomous AI agent that has become exceedingly popular in the past few months. "On February 17, 2026, at 3:26 AM PT, an unauthorized party used a compromised npm publish token to publish an update to Cline CLI...

The Hacker News

KI und Komplexität als Brandbeschleuniger für Cyberkriminelle

Fri Feb 20 2026

Cyberangriffe werden immer schneller, wodurch sich die Zeitspanne zwischen der ersten Kompromittierung und den negativen Folgen verkürzt.

CSO Online

ClickFix Campaign Abuses Compromised Sites to Deploy MIMICRAT Malware

Fri Feb 20 2026

Cybersecurity researchers have disclosed details of a new ClickFix campaign that abuses compromised legitimate sites to deliver a previously undocumented remote access trojan (RAT) called MIMICRAT (aka AstarionRAT). "The campaign demonstrates a high level of operational sophistication: compromised sites spanning multiple industries and geographies serve as delivery infrastructure, a multi-stage...

The Hacker News

Identity Cyber Scores: The New Metric Shaping Cyber Insurance in 2026

Fri Feb 20 2026

With one in three cyber-attacks now involving compromised employee accounts, insurers and regulators are placing far greater emphasis on identity posture when assessing cyber risk.  For many organizations, however, these assessments remain largely opaque. Elements such as password hygiene, privileged access management, and the extent of multi-factor authentication (MFA) coverage are...

The Hacker News

Ukrainian National Sentenced to 5 Years in North Korea IT Worker Fraud Case

Fri Feb 20 2026

A 29-year-old Ukrainian national has been sentenced to five years in prison in the U.S. for his role in facilitating North Korea's fraudulent information technology (IT) worker scheme. In November 2025, Oleksandr "Alexander" Didenko pleaded guilty to wire fraud conspiracy and aggravated identity theft for stealing the identities of U.S. citizens and selling them to IT workers to help them land...

The Hacker News

Sonderkommission ermittelt zu Cyberangriff auf Kunstsammlungen Dresden

Fri Feb 20 2026

Die Staatlichen Kunstsammlungen Dresden waren Ziel einer Cyberattacke.

CSO Online

FBI Reports 1,900 ATM Jackpotting Incidents Since 2020, $20M Lost in 2025

Fri Feb 20 2026

The U.S. Federal Bureau of Investigation (FBI) has warned of an increase in ATM jackpotting incidents across the country, leading to losses of more than $20 million in 2025. The agency said 1,900 ATM jackpotting incidents have been reported since 2020, out of which 700 took place last year. In December 2025, the U.S. Department of Justice (DoJ) said about $40.73 million has been collectively...

The Hacker News

PayPal launches latest struggle to get rid of SMS for MFA

Fri Feb 20 2026

When PayPal started emailing customers this month that it was backing off unencrypted SMS for multifactor authentication (MFA) at login, it came with the typical approach-avoidance asterisk.

CSO Online

Former Google Engineers Indicted Over Trade Secret Transfers to Iran

Fri Feb 20 2026

Two former Google engineers and one of their husbands have been indicted in the U.S. for allegedly committing trade secret theft from the search giant and other tech firms and transferring the information to unauthorized locations, including Iran. Samaneh Ghandali, 41, and her husband Mohammadjavad Khosravi (aka Mohammad Khosravi), 40, along with her sister Soroor Ghandali, 32, have been accused...

The Hacker News

10 Passwordless-Optionen für Unternehmen

Fri Feb 20 2026

Um Passwörter hinter sich zu lassen, gibt es bessere Lösungen.

CSO Online

Jeffrey Epstein’s Ties to CBP Agents Sparked a DOJ Probe

Fri Feb 20 2026

Documents say customs officers in the US Virgin Islands had friendly relationships with Epstein years after his 2008 conviction, showing how the infamous sex offender tried to cultivate allies.

Wired