10 wichtige Security-Eigenschaften: So setzen Sie die Kraft Ihres IT-Sicherheitstechnik-Teams frei

Fri Jan 23 2026

Lesen Sie, worauf es bei der Zusammenarbeit zwischen Ihrem IT-Security- und Engineering-Team ankommt.

CSO Online

Ransomware gang’s slip-up led to data recovery for 12 US firms

Fri Jan 23 2026

Twelve US companies hit by the INC ransomware group were able to recover encrypted data after a cybersecurity firm discovered the cloud storage infrastructure where the gang stockpiled what it stole.

CSO Online

Trivial Telnet authentication bypass exposes devices to complete takeover

Thu Jan 22 2026

Computers with Telnet open are in immediate danger of being compromised due to a critical vulnerability that allows attackers to bypass authentication.

CSO Online

New Osiris Ransomware Emerges as New Strain Using POORTRY Driver in BYOVD Attack

Thu Jan 22 2026

Cybersecurity researchers have disclosed details of a new ransomware family called Osiris that targeted a major food service franchisee operator in Southeast Asia in November 2025. The attack leveraged a malicious driver called POORTRY as part of a known technique referred to as bring your own vulnerable driver (BYOVD) to disarm security software, the Symantec and Carbon Black Threat Hunter...

The Hacker News

ICE Agents Are ‘Doxing’ Themselves

Thu Jan 22 2026

The alleged risks of being publicly identified have not stopped DHS  and ICE employees from creating profiles on LinkedIn, even as Kristi Noem threatens to treat revealing agents' identities as a crime.

Wired

Critical GNU InetUtils telnetd Flaw Lets Attackers Bypass Login and Gain Root Access

Thu Jan 22 2026

A critical security flaw has been disclosed in the GNU InetUtils telnet daemon (telnetd) that went unnoticed for nearly 11 years. The vulnerability, tracked as CVE-2026-24061, is rated 9.8 out of 10.0 on the CVSS scoring system. It affects all versions of GNU InetUtils from version 1.9.3 up to and including version 2.7. "Telnetd in GNU Inetutils through 2.7 allows remote authentication bypass...

The Hacker News

ThreatsDay Bulletin: Pixel Zero-Click, Redis RCE, China C2s, RAT Ads, Crypto Scams & 15+ Stories

Thu Jan 22 2026

Most of this week’s threats didn’t rely on new tricks. They relied on familiar systems behaving exactly as designed, just in the wrong hands. Ordinary files, routine services, and trusted workflows were enough to open doors without forcing them. What stands out is how little friction attackers now need. Some activity focused on quiet reach and coverage, others on timing and reuse. The emphasis...

The Hacker News

Spanish e-retailer PcComponentes denies report it was hacked

Thu Jan 22 2026

Spanish online electronics retailer PcComponentes has denied a hacker’s claims to have stolen data on its customers.

CSO Online

Hacker legen Websites von Conceptnet-Kunden lahm

Thu Jan 22 2026

Der Regensburger IT-Dienstleister Conceptnet wurde Opfer einer Ransomware-Attacke.

CSO Online

Actively exploited Cisco UC bug requires immediate, version‑specific patching

Thu Jan 22 2026

Cisco has released patches for a critical remote code execution vulnerability in its unified communications products that attackers are actively exploiting.

CSO Online

VoidLink malware was almost entirely made by AI

Thu Jan 22 2026

VoidLink, the high-impact Linux malware framework disclosed last week, is back under scrutiny for claims that the bulk of its development was done by artificial intelligence (AI).

CSO Online

Filling the Most Common Gaps in Google Workspace Security

Thu Jan 22 2026

Security teams at agile, fast-growing companies often have the same mandate: secure the business without slowing it down. Most teams inherit a tech stack optimized for breakneck growth, not resilience. In these environments, the security team is the helpdesk, the compliance expert, and the incident response team all rolled into one. Securing the cloud office in this scenario is all about...

The Hacker News

Malicious PyPI Package Impersonates SymPy, Deploys XMRig Miner on Linux Hosts

Thu Jan 22 2026

A new malicious package discovered in the Python Package Index (PyPI) has been found to impersonate a popular library for symbolic mathematics to deploy malicious payloads, including a cryptocurrency miner, on Linux hosts. The package, named sympy-dev, mimics SymPy, replicating the latter's project description verbatim in an attempt to deceive unsuspecting users into thinking that they are...

The Hacker News

SmarterMail Auth Bypass Exploited in the Wild Two Days After Patch Release

Thu Jan 22 2026

A new security flaw in SmarterTools SmarterMail email software has come under active exploitation in the wild, two days after the release of a patch. The vulnerability, which currently does not have a CVE identifier, is tracked by watchTowr Labs as WT-2026-0001. It was patched by SmarterTools on January 15, 2026, with Build 9511, following responsible disclosure by the exposure management...

The Hacker News

Warum Microsoft-365-Konfigurationen geschützt werden müssen

Thu Jan 22 2026

Lesen Sie, warum CISOs den M365-Tenant stärker in den Blick nehmen müssen.

CSO Online

73% of CISOs more likely to consider AI-enabled security solution

Thu Jan 22 2026

CISO’s are increasingly turning to AI-enabled security technologies to augment their organizations’ cyber defense and extend the capabilities of their teams.

CSO Online

Curl eliminates bug bounty program due to AI slop

Thu Jan 22 2026

Lately, the Curl code library has been receiving a lot of AI-generated reports from users hoping to receive financial compensation from the tool’s bug bounty program.

CSO Online

Automated FortiGate Attacks Exploit FortiCloud SSO to Alter Firewall Configurations

Thu Jan 22 2026

Cybersecurity company Arctic Wolf has warned of a "new cluster of automated malicious activity" that involves unauthorized firewall configuration changes on Fortinet FortiGate devices. The activity, it said, commenced on January 15, 2026, adding it shares similarities with a December 2025 campaign in which malicious SSO logins on FortiGate appliances were recorded against the admin account from...

The Hacker News

Cisco Fixes Actively Exploited Zero-Day CVE-2026-20045 in Unified CM and Webex

Thu Jan 22 2026

Cisco has released fresh patches to address what it described as a "critical" security vulnerability impacting multiple Unified Communications (CM) products and Webex Calling Dedicated Instance that it has been actively exploited as a zero-day in the wild. The vulnerability, CVE-2026-20045 (CVSS score: 8.2), could permit an unauthenticated remote attacker to execute arbitrary commands on the...

The Hacker News

GitLab 2FA login protection bypass lets attackers take over accounts

Wed Jan 21 2026

A critical two-factor authentication bypass vulnerability in the Community and Enterprise editions of the GitLab application development platform has to be patched immediately, say experts.

CSO Online

Misconfigured demo environments are turning into cloud backdoors to the enterprise

Wed Jan 21 2026

Internal testing, product demonstrations, and security training are critical practices in cybersecurity, giving defenders and everyday users the tools and wherewithal to prevent and respond to enterpr

CSO Online

Ingram Micro admits 42,000 people impacted by ransomware attack

Wed Jan 21 2026

In July 2025, Ingram Micros suffered devastating consequences from a ransomware in which the IT distributor’s logistics were paralyzed for a week.

CSO Online

Oracle releases 337 security patches, including fix for critical Apache Tika flaw

Wed Jan 21 2026

Oracle has handed security teams their first big patching workload of the year, with its latest quarterly update containing a hefty 337 security fixes across its product range, including 27 rated crit

CSO Online

Surveillance and ICE Are Driving Patients Away From Medical Care, Report Warns

Wed Jan 21 2026

A new EPIC report says data brokers, ad-tech surveillance, and ICE enforcement are among the factors leading to a “health privacy crisis” that is eroding trust and deterring people from seeking care.

Wired

North Korean PurpleBravo Campaign Targeted 3,136 IP Addresses via Fake Job Interviews

Wed Jan 21 2026

As many as 3,136 individual IP addresses linked to likely targets of the Contagious Interview activity have been identified, with the campaign claiming 20 potential victim organizations spanning artificial intelligence (AI), cryptocurrency, financial services, IT services, marketing, and software development sectors in Europe, South Asia, the Middle East, and Central America. The new findings...

The Hacker News

Zoom and GitLab Release Security Updates Fixing RCE, DoS, and 2FA Bypass Flaws

Wed Jan 21 2026

Zoom and GitLab have released security updates to resolve a number of security vulnerabilities that could result in denial-of-service (DoS) and remote code execution. The most severe of the lot is a critical security flaw impacting Zoom Node Multimedia Routers (MMRs) that could permit a meeting participant to conduct remote code execution attacks. The vulnerability, tracked as CVE-2026-22844...

The Hacker News

EU reviews cybersecurity to limit danger from high-risk suppliers

Wed Jan 21 2026

The European Commission has presented a new cybersecurity package to strengthen the European Union’s resilience to increasing cyber and hybrid attacks from state and criminal actors.

CSO Online

Contagious Interview turns VS Code into an attack vector

Wed Jan 21 2026

Threat actors behind the long-running Contagious Interview campaign were seen expanding from traditional social-engineering lures to the abuse of Microsoft Visual Studio Code (VS Code) as an execution

CSO Online

Webinar: How Smart MSSPs Using AI to Boost Margins with Half the Staff

Wed Jan 21 2026

Every managed security provider is chasing the same problem in 2026 — too many alerts, too few analysts, and clients demanding “CISO-level protection” at SMB budgets. The truth? Most MSSPs are running harder, not smarter. And it’s breaking their margins. That’s where the quiet revolution is happening: AI isn’t just writing reports or surfacing risks — it’s rebuilding how security services are...

The Hacker News

Hacker erbeuten rund 42.000 Datensätze von Ingram Micro

Wed Jan 21 2026

srcset="https://b2b-contenthub.

CSO Online

Vulnerability prioritization beyond the CVSS number

Wed Jan 21 2026

The common vulnerability scoring system (CVSS) has long served as the industry’s default for assessing vulnerability severity.

CSO Online

Exposure Assessment Platforms Signal a Shift in Focus

Wed Jan 21 2026

Gartner® doesn’t create new categories lightly. Generally speaking, a new acronym only emerges when the industry's collective "to-do list" has become mathematically impossible to complete. And so it seems that the introduction of the Exposure Assessment Platforms (EAP) category is a formal admission that traditional Vulnerability Management (VM) is no longer a viable way to secure a modern...

The Hacker News

Chainlit AI Framework Flaws Enable Data Theft via File Read and SSRF Bugs

Wed Jan 21 2026

Security vulnerabilities were uncovered in the popular open-source artificial intelligence (AI) framework Chainlit that could allow attackers to steal sensitive data, which may allow for lateral movement within a susceptible organization. Zafran Security said the high-severity flaws, collectively dubbed ChainLeak, could be abused to leak cloud environment API keys and steal sensitive files, or...

The Hacker News

VoidLink Linux Malware Framework Built with AI Assistance Reaches 88,000 Lines of Code

Wed Jan 21 2026

The recently discovered sophisticated Linux malware framework known as VoidLink is assessed to have been developed by a single person with assistance from an artificial intelligence (AI) model. That's according to new findings from Check Point Research, which identified operational security blunders by malware's author that provided clues to its developmental origins. The latest insight makes...

The Hacker News

13 cyber questions to better vet IT vendors and reduce third-party risk

Wed Jan 21 2026

Increased reliance on IT service providers, digital tools, and third-party software is greatly expanding the enterprise attack surface, with noteworthy cyberattacks over the past year underscoring thi

CSO Online

LastPass Warns of Fake Maintenance Messages Targeting Users’ Master Passwords

Wed Jan 21 2026

LastPass is alerting users to a new active phishing campaign that's impersonating the password management service, which aims to trick users into giving up their master passwords. The campaign, which began on or around January 19, 2026, involves sending phishing emails claiming upcoming maintenance and urging them to create a local backup of their password vaults in the next 24 hours. The...

The Hacker News

For cyber risk assessments, frequency is essential

Wed Jan 21 2026

From a certain age, many people regularly visit their doctor for check-ups.

CSO Online

CERT/CC Warns binary-parser Bug Allows Node.js Privilege-Level Code Execution

Wed Jan 21 2026

A security vulnerability has been disclosed in the popular binary-parser npm library that, if successfully exploited, could result in the execution of arbitrary JavaScript. The vulnerability, tracked as CVE-2026-1245 (CVSS score: 6.5), affects all versions of the module prior to version 2.3.0, which addresses the issue. Patches for the flaw were released on November 26, 2025. Binary-parser is a...

The Hacker News

Third Party Risk Management: So vermeiden Sie Compliance-Unheil

Wed Jan 21 2026

Third Party Risk Management hilft Unternehmen, das Risiko von Compliance-Verstößen zu vermeiden.

CSO Online

Three vulnerabilities in Anthropic Git MCP Server could let attackers tamper with LLMs

Wed Jan 21 2026

Threat actors could use prompt injection attacks to take advantage of three vulnerabilities in Anthropic’s official Git MCP server and cause mayhem with AI systems.

CSO Online

Flaws in Chainlit AI dev framework expose servers to compromise

Wed Jan 21 2026

Two vulnerabilities in popular AI development framework Chainlit could enable attackers to read arbitrary files and database content from servers.

CSO Online

ICE Details a New Minnesota-Based Detention Network That Spans 5 States

Tue Jan 20 2026

Internal ICE planning documents propose spending up to $50 million on a privately run network capable of shipping immigrants in custody hundreds of miles across the Upper Midwest.

Wired

North Korea-Linked Hackers Target Developers via Malicious VS Code Projects

Tue Jan 20 2026

The North Korean threat actors associated with the long-running Contagious Interview campaign have been observed using malicious Microsoft Visual Studio Code (VS Code) projects as lures to deliver a backdoor on compromised endpoints. The latest finding demonstrates continued evolution of the new tactic that was first discovered in December 2025, Jamf Threat Labs said. "This activity involved...

The Hacker News

Fünf Chrome-Erweiterungen, die Unternehmenssitzungen kapern

Tue Jan 20 2026

Forscher haben fünf bösartige Chrome-Erweiterungen entdeckt.

CSO Online

Three Flaws in Anthropic MCP Git Server Enable File Access and Code Execution

Tue Jan 20 2026

A set of three security vulnerabilities has been disclosed in mcp-server-git, the official Git Model Context Protocol (MCP) server maintained by Anthropic, that could be exploited to read or delete arbitrary files and execute code under certain conditions. "These flaws can be exploited through prompt injection, meaning an attacker who can influence what an AI assistant reads (a malicious README,...

The Hacker News

Hackers Use LinkedIn Messages to Spread RAT Malware Through DLL Sideloading

Tue Jan 20 2026

Cybersecurity researchers have uncovered a new phishing campaign that exploits social media private messages to propagate malicious payloads, likely with the intent to deploy a remote access trojan (RAT). The activity delivers "weaponized files via Dynamic Link Library (DLL) sideloading, combined with a legitimate, open-source Python pen-testing script," ReliaQuest said in a report shared with...

The Hacker News

The Hidden Risk of Orphan Accounts

Tue Jan 20 2026

The Problem: The Identities Left Behind As organizations grow and evolve, employees, contractors, services, and systems come and go - but their accounts often remain. These abandoned or “orphan” accounts sit dormant across applications, platforms, assets, and cloud consoles. The reason they persist isn’t negligence - it’s fragmentation.  Traditional IAM and IGA systems are designed...

The Hacker News

Evelyn Stealer Malware Abuses VS Code Extensions to Steal Developer Credentials and Crypto

Tue Jan 20 2026

Cybersecurity researchers have disclosed details of a malware campaign that's targeting software developers with a new information stealer called Evelyn Stealer by weaponizing the Microsoft Visual Studio Code (VS Code) extension ecosystem. "The malware is designed to exfiltrate sensitive information, including developer credentials and cryptocurrency-related data. Compromised developer...

The Hacker News

CrashFix attack hijacks browser failures to deliver ModelRAT malware via fake Chrome extension

Tue Jan 20 2026

Security researchers have uncovered a malicious browser extension campaign, dubbed CrashFix, that deliberately crashes victims’ browsers and then uses the resulting confusion to trick users into runni

CSO Online

Cloudflare Fixes ACME Validation Bug Allowing WAF Bypass to Origin Servers

Tue Jan 20 2026

Cloudflare has addressed a security vulnerability impacting its Automatic Certificate Management Environment (ACME) validation logic that made it possible to bypass security controls and access origin servers.  "The vulnerability was rooted in how our edge network processed requests destined for the ACME HTTP-01 challenge path (/.well-known/acme-challenge/*)," the web infrastructure...

The Hacker News

Why Secrets in JavaScript Bundles are Still Being Missed

Tue Jan 20 2026

Leaked API keys are no longer unusual, nor are the breaches that follow. So why are sensitive tokens still being so easily exposed? To find out, Intruder’s research team looked at what traditional vulnerability scanners actually cover and built a new secrets detection method to address gaps in existing approaches.  Applying this at scale by scanning 5 million applications revealed over...

The Hacker News

Google Gemini flaw exposes new AI prompt injection risks for enterprises

Tue Jan 20 2026

A newly disclosed weakness in Google’s Gemini shows how attackers could exploit routine calendar invitations to influence the model’s behavior, underscoring emerging security risks as enterprises embe

CSO Online

Why the future of security starts with who, not where

Tue Jan 20 2026

For a long time, cybersecurity was pretty straightforward: Guard the edges, and everything inside should be fine.

CSO Online

Fake-Video mit Reinhold Würth wirbt für dubiose Geldanlagen

Tue Jan 20 2026

srcset="https://b2b-contenthub.

CSO Online

EU vulnerability database goes live

Tue Jan 20 2026

A free, publicly accessible database for IT security vulnerabilities, the db.

CSO Online

Tudou Guarantee Marketplace Halts Telegram Transactions After Processing Over $12 Billion

Tue Jan 20 2026

A Telegram-based guarantee marketplace known for advertising a broad range of illicit services appears to be winding down its operations, according to new findings from Elliptic. The blockchain intelligence company said Tudou Guarantee has effectively ceased transactions through its public Telegram groups following a period of significant growth. The marketplace is estimated to have processed...

The Hacker News

Secure web browsers for the enterprise compared: How to pick the right one

Tue Jan 20 2026

Web browsers have long been the security sinkhole of enterprise infrastructure.

CSO Online

This Intune update isn’t optional — it’s a kill switch for outdated apps

Tue Jan 20 2026

Enterprises using Intune mobile application management (MAM) beware: Your apps won’t run soon if you haven’t planned ahead.

CSO Online

Mandiant pushes organizations to dump insecure NTLMv1 by releasing a way to crack it

Mon Jan 19 2026

Google’s Mandiant security division has come up with an unusual tactic to persuade organizations to stop using the aged and hugely insecure NTLMv1 authentication protocol: publish a data lookup that m

CSO Online

Google Gemini Prompt Injection Flaw Exposed Private Calendar Data via Malicious Invites

Mon Jan 19 2026

Cybersecurity researchers have disclosed details of a security flaw that leverages indirect prompt injection targeting Google Gemini as a way to bypass authorization guardrails and use Google Calendar as a data extraction mechanism. The vulnerability, Miggo Security's Head of Research, Liad Eliyahu, said, made it possible to circumvent Google Calendar's privacy controls by hiding a dormant...

The Hacker News

Neue EU-Schwachstellen-Datenbank gestartet

Mon Jan 19 2026

srcset="https://b2b-contenthub.

CSO Online

⚡ Weekly Recap: Fortinet Exploits, RedLine Clipjack, NTLM Crack, Copilot Attack & More

Mon Jan 19 2026

In cybersecurity, the line between a normal update and a serious incident keeps getting thinner. Systems that once felt reliable are now under pressure from constant change. New AI tools, connected devices, and automated systems quietly create more ways in, often faster than security teams can react. This week’s stories show how easily a small mistake or hidden service can turn into a real...

The Hacker News

DevOps & SaaS Downtime: The High (and Hidden) Costs for Cloud-First Businesses

Mon Jan 19 2026

Just a few years ago, the cloud was touted as the “magic pill” for any cyber threat or performance issue. Many were lured by the “always-on” dream, trading granular control for the convenience of managed services. In recent years, many of us have learned (often the hard way) that public cloud service providers are not immune to attacks and SaaS downtime, hiding behind the Shared Responsibility...

The Hacker News

Five Chrome extensions caught hijacking enterprise sessions

Mon Jan 19 2026

A coordinated campaign of malicious browser add-ons has bypassed Chrome Web Store’s defenses, weaponizing extensions advertised as productivity tools to steal corporate session tokens and attempt full

CSO Online

New StackWarp Hardware Flaw Breaks AMD SEV-SNP Protections on Zen 1–5 CPUs

Mon Jan 19 2026

A team of academics from the CISPA Helmholtz Center for Information Security in Germany has disclosed the details of a new hardware vulnerability affecting AMD processors. The security flaw, codenamed StackWarp, can allow bad actors with privileged control over a host server to run malicious code within confidential virtual machines (CVMs), undermining the integrity guarantees provided by AMD...

The Hacker News

Python-Bibliotheken für Hugging-Face-Modelle vergiftet

Mon Jan 19 2026

Python-Libraries sind mit manipulierten Metadaten in KI-Modellen infiziert und können beim Laden Schadcode ausgeführen.

CSO Online

The culture you can’t see is running your security operations

Mon Jan 19 2026

Here’s what nobody admits: Your firewall isn’t the problem.

CSO Online

Fahndung nach Kopf von Black Basta

Mon Jan 19 2026

srcset="https://b2b-contenthub.

CSO Online

CrashFix Chrome Extension Delivers ModeloRAT Using ClickFix-Style Browser Crash Lures

Mon Jan 19 2026

Cybersecurity researchers have disclosed details of an ongoing campaign dubbed KongTuke that used a malicious Google Chrome extension masquerading as an ad blocker to deliberately crash the web browser and trick victims into running arbitrary commands using ClickFix-like lures to deliver a previously undocumented remote access trojan (RAT) dubbed ModeloRAT. This new escalation of ClickFix,...

The Hacker News

From arts degree to cybersecurity: Rona Michele Spiegel brings fresh perspective to cyber leadership

Mon Jan 19 2026

Rona Michele Spiegel’s journey to cybersecurity might seem unconventional to some: She studied the arts.

CSO Online

7 top cybersecurity projects for 2026

Mon Jan 19 2026

As 2026 finds CISOs’ battle against relentless cyberattackers escalating once again, strong and carefully planned cybersecurity projects are the best way to stay a step ahead of attackers and prevent

CSO Online

ServiceNow BodySnatcher flaw highlights risks of rushed AI integrations

Mon Jan 19 2026

Many software and SaaS companies are building AI agents into their products, but these features can expand the attack surface of those platforms, especially when rushed to market.

CSO Online

Security Bug in StealC Malware Panel Let Researchers Spy on Threat Actor Operations

Mon Jan 19 2026

Cybersecurity researchers have disclosed a cross-site scripting (XSS) vulnerability in the web-based control panel used by operators of the StealC information stealer, allowing them to gather crucial insights on one of the threat actors using the malware in their operations. "By exploiting it, we were able to collect system fingerprints, monitor active sessions, and – in a twist that will...

The Hacker News

Southeast Asia CISOs Top 13 Predictions for 2026: Securing AI, Centering Identity, and Making Resilience Strategic

Mon Jan 19 2026

In my recent conversation with CISOs across Southeast Asia, they shared with me a pragmatic view of 2026.

CSO Online

Black Basta Ransomware Leader Added to EU Most Wanted and INTERPOL Red Notice

Sat Jan 17 2026

Ukrainian and German law enforcement authorities have identified two Ukrainians suspected of working for the Russia-linked ransomware-as-a-service (RaaS) group Black Basta. In addition, the group's alleged leader, a 35-year-old Russian national named Oleg Evgenievich Nefedov (Нефедов Олег Евгеньевич), has been added to the European Union's Most Wanted and INTERPOL's Red Notice lists, authorities...

The Hacker News