The AhnLab Security Intelligence Center (ASEC) has confirmed that unpatched GeoServer instances are still facing relentless attacks by threat actors exploiting a critical Remote Code Execution (RCE) vulnerability, identified as CVE-2024-36401. GeoServer, an open-source Geographic Information System (GIS) server developed…
Author: IT Security News Bot
Researchers Trick ChatGPT into Leaking Windows Product Keys
Security researchers have successfully demonstrated a sophisticated method to bypass ChatGPT’s protective guardrails, tricking the AI into revealing legitimate Windows product keys through what appears to be a harmless guessing game. This discovery highlights critical vulnerabilities in AI safety mechanisms…
New “Opossum” Attack Breaches Secure TLS by Injecting Malicious Messages
A newly discovered man-in-the-middle exploit dubbed “Opossum” has demonstrated the unsettling ability to compromise secure communications over Transport Layer Security (TLS) by injecting unauthorized messages into an active session. Researchers warn that Opossum targets a wide range of widely used…
Review: How Passwork 7 helps tame business passwords
A simple interface and new roles-based capabilities make this venerable password manager an attractive proposition Sponsored feature Passwords are necessary for businesses, but look away for a minute and they quickly get out of control. If your users do things…
At last, a use case for AI agents with sky-high ROI: Stealing crypto
Boffins outsmart smart contracts with evil automation Using AI models to generate exploits for cryptocurrency contract flaws appears to be a promising business model, though not necessarily a legal one.… This article has been indexed from The Register – Security…
ServiceNow Flaw CVE-2025-3648 Could Lead to Data Exposure via Misconfigured ACLs
A high-severity security flaw has been disclosed in ServiceNow’s platform that, if successfully exploited, could result in data exposure and exfiltration. The vulnerability, tracked as CVE-2025-3648 (CVSS score: 8.2), has been described as a case of data inference in Now…
Über 10 Milliarden Euro Schaden durch Betrug in Deutschland
Fast jeder zweite deutsche Verbraucher verlor in den letzten 12 Monaten Geld an Betrüger – das zeigt der „State of Scams – 2025 Report“ von Gasa und Biocatch. Dieser Artikel wurde indexiert von Newsfeed Lesen Sie den originalen Artikel: Über…
At last, a use case for AI agents with high sky-high ROI: Stealing crypto
Boffins outsmart smart contracts with evil automation Using AI models to generate exploits for cryptocurrency contract flaws appears to be a promising business model, though not necessarily a legal one.… This article has been indexed from The Register – Security…
Cynomi’s platform updates enable service providers to prioritize their security efforts
Cynomi has launched new business impact analysis (BIA) and business continuity planning (BCP) features. Designed to help cybersecurity professionals identify and protect mission-critical business processes, these new capabilities enable service providers to prioritize security efforts effectively, streamline continuity planning, and…
AMD has CPU meltdown, Mozilla Thunderbird has vulnerabilities, Indian defense sector attacked
AMD warns of new Meltdown, Spectre-like bugs affecting CPUs Multiple vulnerabilities in Mozilla Thunderbird could allow for arbitrary code execution Bitcoin Depot breach exposes data of nearly 27,000 crypto users, More than $40 million stolen from GMX crypto platform Huge…
IT-Ausfall bei Ameos: Cyberangriff trifft großen Klinikverbund
Die Ameos Gruppe hat infolge eines Cyberangriffs ihre Dienste vom Netz genommen. Die Folge: Ausfälle in zahlreichen Kliniken und Pflegeeinrichtungen. (Cybercrime, Cyberwar) Dieser Artikel wurde indexiert von Golem.de – Security Lesen Sie den originalen Artikel: IT-Ausfall bei Ameos: Cyberangriff trifft…
[UPDATE] [hoch] libxml2: Mehrere Schwachstellen ermöglichen Denial of Service
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in libxml2 ausnutzen, um einen Denial of Service Angriff durchzuführen oder nicht näher beschriebene Auswirkungen zu erzielen. Dieser Artikel wurde indexiert von BSI Warn- und Informationsdienst (WID): Schwachstellen-Informationen (Security Advisories) Lesen Sie den…
[UPDATE] [niedrig] libxml2: Schwachstelle ermöglicht Denial of Service
Ein entfernter, anonymer Angreifer kann eine Schwachstelle in libxml2 ausnutzen, um einen Denial of Service Angriff durchzuführen. Dieser Artikel wurde indexiert von BSI Warn- und Informationsdienst (WID): Schwachstellen-Informationen (Security Advisories) Lesen Sie den originalen Artikel: [UPDATE] [niedrig] libxml2: Schwachstelle ermöglicht…
[UPDATE] [mittel] Apache Tomcat: Mehrere Schwachstellen
Ein Angreifer kann mehrere Schwachstellen in Apache Tomcat ausnutzen, um einen Denial of Service Angriff durchzuführen, um Code auszuführen und um Sicherheitsmechanismen zu umgehen. Dieser Artikel wurde indexiert von BSI Warn- und Informationsdienst (WID): Schwachstellen-Informationen (Security Advisories) Lesen Sie den…
[UPDATE] [mittel] Linux Kernel: Mehrere Schwachstellen ermöglichen Denial of Service
Ein lokaler Angreifer kann mehrere Schwachstellen in Linux Kernel ausnutzen, um einen Denial of Service Angriff durchzuführen. Dieser Artikel wurde indexiert von BSI Warn- und Informationsdienst (WID): Schwachstellen-Informationen (Security Advisories) Lesen Sie den originalen Artikel: [UPDATE] [mittel] Linux Kernel: Mehrere…
[UPDATE] [niedrig] Red Hat Enterprise Linux (mpfr): Schwachstelle ermöglicht Denial of Service
Ein lokaler Angreifer kann eine Schwachstelle in Red Hat Enterprise Linux ausnutzen, um einen Denial of Service Angriff durchzuführen. Dieser Artikel wurde indexiert von BSI Warn- und Informationsdienst (WID): Schwachstellen-Informationen (Security Advisories) Lesen Sie den originalen Artikel: [UPDATE] [niedrig] Red…
Massive Scraper Botnet of 3,600+ Devices Targets US and UK Websites
GreyNoise has discovered an undiscovered version of a scraper botnet with more than 3,600 distinct IP addresses worldwide, which is a major cybersecurity development. This botnet, first observed on April 19, 2025, exhibits a distinct behavioral footprint that makes it…
McDonald’s AI Hiring Bot With Password ‘123456’ Leaks Millions of Job-Seekers Data
A severe security vulnerability in McDonald’s AI-powered hiring system has exposed the personal information of potentially 64 million job applicants to unauthorized access. Key Takeaways1. McDonald’s AI hiring bot exposed 64 million job applicants’ personal data through weak security using…
Lepide Protect detects, prioritizes, and revokes excessive permissions
In a move set to redefine the way organizations manage data access and implement zero trust, Lepide launched Lepide Protect, an AI-powered permissions management solution designed to help organizations move beyond visibility and into action. Part of the 25.1 release of…
Fake online stores look real, rank high, and trap unsuspecting buyers
Shopping on a fake online store can lead to more than a bad purchase. It could mean losing money, having your identity stolen, or even getting malware on your device. E-shop scams rose by 790% in the first quarter of…