Chinas KI-Industrie zeigt sich deutlich offener als ihre US-amerikanische Konkurrenz. Welche Vorteile das hat – und wo die Grenzen der Offenheit liegen. Dieser Artikel wurde indexiert von t3n.de – Software & Entwicklung Lesen Sie den originalen Artikel: Deepseek, Qwen und…
Author: IT Security News Bot
Liquid Glass und neue Features: Wann ihr endlich iOS 26 ausprobieren könnt
Noch im Juli dürfen Interessierte Apples neue Betriebssysteme ausprobieren. Das Problem: Einen Termin hat der iPhone-Hersteller nicht genannt. Ein bekannter Experte will nun erfahren haben, wann es endlich so weit sein könnte mit den Public Betas von iOS 26, macOS…
NimDoor MacOS Malware Abuses Zoom SDK Updates to Steal Keychain Credentials
SentinelOne researchers have discovered NimDoor, a sophisticated MacOS malware campaign ascribed to North Korean-affiliated attackers, most likely the Stardust Chollima gang, in a notable increase in cyber threats targeting the bitcoin industry. Active since at least April 2025, NimDoor exploits…
Oracle Issues Critical Update Fixing 309 Vulnerabilities Across Products
Oracle Corporation released its July 2025 Critical Patch Update, addressing a substantial 309 security vulnerabilities across its extensive product portfolio. This quarterly security release represents one of the most comprehensive patches in recent years, affecting dozens of Oracle’s enterprise software…
Retailer Co-op: Attackers snatched all 6.5M member records
Supermarket announces white hat education scheme as four suspects released on bail Co-op Group’s chief executive officer has confirmed that all 6.5 million of the organization’s members had their data stolen during its April cyberattack – Scattered Spider is believed…
Google Says AI Agent Thwarted Exploitation of Critical Vulnerability
Google refused to share any details on how its Big Sleep AI foiled efforts to exploit a SQLite vulnerability in the wild. The post Google Says AI Agent Thwarted Exploitation of Critical Vulnerability appeared first on SecurityWeek. This article has…
Angriff aus China: Hacker waren monatelang im Netz der US-Nationalgarde
Die Angriffe der Hackergruppe Salt Typhoon auf die USA reichen weiter als bisher angenommen. Auch die US-Nationalgarde soll betroffen sein. (Cyberwar, Politik) Dieser Artikel wurde indexiert von Golem.de – Security Lesen Sie den originalen Artikel: Angriff aus China: Hacker waren…
New Attack Targeting Japanese Companies Exploiting Ivanti & Fortinet VPN Vulnerabilities
A sophisticated cyber espionage campaign has emerged targeting Japanese organizations through critical vulnerabilities in Ivanti Connect Secure and FortiGate VPN devices. The attack campaign, observed throughout fiscal year 2024, has primarily focused on manufacturing companies and government-related entities, with attackers…
Abacus Dark Web Market Possible Exit Scam with the Bitcoin Payments They Hold
Abacus Market, the largest Bitcoin-enabled Western darknet marketplace, has likely executed an exit scam after going offline in early July 2025, according to blockchain intelligence firm TRM Labs. The marketplace’s operators appear to have disappeared with users’ cryptocurrency funds, marking…
Hackers Use Polyglot Files to Bypass Email Filters to Deliver Malicious Emails
In the final week of June 2025 security teams across Russia’s healthcare and technology sectors began receiving an unusual flood of “routine” logistics and contract e-mails. Hidden behind familiar subject lines and legitimate sender addresses, the messages contained archives that…
Amazon warns 200 million Prime customers that scammers are after their login info
Amazon has emailed 200 million customers to warn them about a rather convincing phishing campaign. This article has been indexed from Malwarebytes Read the original article: Amazon warns 200 million Prime customers that scammers are after their login info
Konfety Android Malware Exploits ZIP Tricks to Masquerade as Legit Apps on Google Play
Security researchers from zLabs have discovered a more advanced version of the Konfety Android malware, which uses complex ZIP-level changes to avoid detection and mimic genuine apps on the Google Play Store, marking a dramatic increase in mobile dangers. This…
CVE-2025-6554 marks the fifth actively exploited Chrome Zero-Day patched by Google in 2025
Google released security patches to address multiple Chrome vulnerabilities, including one flaw that has been exploited in the wild. Google released fixes for six Chrome flaws, including one actively exploited in the wild tracked as CVE-2025-6558 (CVSS score of 8.8).…
Turbulence at Air Serbia, the latest airline under cyber siege
Attack enters day 11 and still no public disclosure of what insider claims to be ‘deep breach’ of Active Directory Exclusive Aviation insiders say Serbia’s national airline, Air Serbia, was forced to delay issuing payslips to staff as a result…
Google Chrome: Mehrere Schwachstellen
In Google Chrome existieren mehrere Schwachstellen. Ein Angreifer kann diese Schwachstellen ausnutzen, um Schutzmechanismen zu umgehen und nicht genau bekannte Angriffe durchzuführen. Dazu zählen beispielsweise die Ausführung von Schadcode oder das Auslösen eines Systemabsturzes. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion.…
[NEU] [mittel] Node.js: Mehrere Schwachstellen
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Node.js ausnutzen, um Sicherheitsvorkehrungen zu umgehen und um einen Denial-of-Service-Zustand zu verursachen. Dieser Artikel wurde indexiert von BSI Warn- und Informationsdienst (WID): Schwachstellen-Informationen (Security Advisories) Lesen Sie den originalen Artikel: [NEU] [mittel]…
[NEU] [mittel] Atlassian Bamboo Data Center und Server: Schwachstelle ermöglicht Offenlegung von Informationen
Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Atlassian Bamboo Data Center und Server ausnutzen, um Informationen offenzulegen. Dieser Artikel wurde indexiert von BSI Warn- und Informationsdienst (WID): Schwachstellen-Informationen (Security Advisories) Lesen Sie den originalen Artikel: [NEU] [mittel] Atlassian Bamboo…
[NEU] [hoch] Google Chrome: Mehrere Schwachstellen
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Google Chrome ausnutzen, um Sicherheitsmaßnahmen zu umgehen und nicht spezifizierte Angriffe auszuführen, möglicherweise um beliebigen Code auszuführen oder einen Denial-of-Service-Zustand zu verursachen. Dieser Artikel wurde indexiert von BSI Warn- und Informationsdienst (WID):…
Talos IR ransomware engagements and the significance of timeliness in incident response
The decision between immediate action and delayed response made the difference between ransomware prevention and complete encryption in these two real-world Talos IR engagements. This article has been indexed from Cisco Talos Blog Read the original article: Talos IR ransomware…
Email Filters Defeated by Polyglot File Trick Used in Malware Campaigns
Attackers are increasingly using advanced disguising techniques, such polyglot files, to get around email filters and successfully send phishing payloads in the constantly changing world of cyber threats. These polyglot files, which can be interpreted as multiple file formats simultaneously,…