Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in WebKitGTK ausnutzen, um beliebigen Programmcode auszuführen, einen Denial-of-Service-Zustand herbeizuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen preiszugeben und weitere nicht spezifizierte Angriffe durchzuführen. Dieser Artikel wurde indexiert von BSI Warn- und Informationsdienst (WID): Schwachstellen-Informationen…
Author: wordpress
[UPDATE] [hoch] Mozilla Firefox / Thunderbird: Mehrere Schwachstellen
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Mozilla Firefox / Thunderbird ausnutzen, um beliebigen Programmcode auszuführen, Informationen offenzulegen oder einen Denial-of-Service auszuführen. Dieser Artikel wurde indexiert von BSI Warn- und Informationsdienst (WID): Schwachstellen-Informationen (Security Advisories) Lesen Sie den originalen…
[UPDATE] [mittel] OWASP ModSecurity: Schwachstelle ermöglicht Denial of Service
Ein entfernter, anonymer Angreifer kann eine Schwachstelle in OWASP ModSecurity ausnutzen, um einen Denial of Service Angriff durchzuführen. Dieser Artikel wurde indexiert von BSI Warn- und Informationsdienst (WID): Schwachstellen-Informationen (Security Advisories) Lesen Sie den originalen Artikel: [UPDATE] [mittel] OWASP ModSecurity:…
BADBOX 2.0 Malware Hits Over a Million Android Devices in Global Cyber Threat
HUMAN’s Satori Threat Intelligence and Research team, in collaboration with Google, Trend Micro, and Shadowserver, has uncovered and partially disrupted a massive cyber fraud operation named BADBOX 2.0. This operation, an evolved iteration of the original BADBOX malware disclosed in…
IT Security News Hourly Summary 2025-06-06 09h : 7 posts
7 posts were published in the last hour 7:3 : How to secure your portable devices against cyberthreats 7:3 : Hackers Exploit Roundcube Vulnerability to Steal User Credentials via XSS Attack 7:3 : Hackers Using New Sophisticated iMessage 0-Click Exploit…
Vorsicht! Der Passwort-Manager KeePass wurde gefälscht | Offizieller Blog von Kaspersky
Illegale Datenhändler haben einen Passwort-Manager manipuliert, um Passwörter zu stehlen Dieser Artikel wurde indexiert von Offizieller Blog von Kaspersky Lesen Sie den originalen Artikel: Vorsicht! Der Passwort-Manager KeePass wurde gefälscht | Offizieller Blog von Kaspersky
Paste.ee Turned Cyber Weapon: XWorm and AsyncRAT Delivered by Malicious Actors
The widespread text-sharing website Paste.ee has been used as a weapon by bad actors to spread powerful malware strains like XWorm and AsyncRAT, which is a worrying trend for cybersecurity professional. This tactic represents a significant shift in phishing and…
OpenAI Report: 10 AI Threat Campaigns Revealed Including Windows-Based Malware, Fake Resumes
OpenAI’s June 2025 report, which details 10 threats from six countries, warns that AI is accelerating cyber threats, lowering barriers for attackers, and calling for collective detection efforts. This article has been indexed from Security | TechRepublic Read the original…
Play ransomware group hit 900 organizations since 2022
A joint advisory from the US and Australian authorities states that Play ransomware has hit approximately 900 organizations over the past three years. A joint advisory from the Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and…
Iranian APT ‘BladedFeline’ Stays Silent in Organizations Network for 8 Years
A sophisticated Iranian cyberespionage group has maintained undetected access to government networks across Iraq and the Kurdistan Regional Government for nearly eight years, representing one of the longest-running advanced persistent threat campaigns in the Middle East. The group, designated as…
Kommunen: Leichtes Ziel für Cyberangriffe
Cybersicherheit steht in deutschen Kommunen noch nicht im Fokus. Dabei können durch Cyberangriffe sensible Daten von Bürgern und Mitarbeitenden missbräuchlich verwendet werden. Im schlimmsten Fall kommt es zu einem langfristigen Ausfall des Verwaltungsapparats. Dieser Artikel wurde indexiert von Newsfeed Lesen…
Privatsphäre: Follower auf Kleinanzeigen nicht länger geheim
Bisher konnten Nutzer auf Kleinanzeigen nur die Anzahl ihrer Follower sehen. Eine neue Funktion stellt die Privatsphäre auf den Kopf und liefert Namen. (Privatsphäre, Datenschutz) Dieser Artikel wurde indexiert von Golem.de – Security Lesen Sie den originalen Artikel: Privatsphäre: Follower…
PoC Exploit Released for Apache Tomcat DoS Vulnerability
A critical memory leak vulnerability in Apache Tomcat’s HTTP/2 implementation (CVE-2025-31650) has been weaponized, enabling unauthenticated denial-of-service attacks through malformed priority headers. The flaw affects Tomcat versions 9.0.76–9.0.102, 10.1.10–10.1.39, and 11.0.0-M2–11.0.5, with public exploits already circulating 12. Vulnerability Mechanics and…
Popular Chrome Extensions Leak API Keys, User Data via HTTP and Hard-Coded Credentials
Cybersecurity researchers have flagged several popular Google Chrome extensions that have been found to transmit data in HTTP and hard-code secrets in their code, exposing users to privacy and security risks. “Several widely used extensions […] unintentionally transmit sensitive data…
Kettering data published, Reddit sues Anthropic, North Face breached
Stolen Kettering Health data published Reddit sues Anthropic for scraping North Face website customer accounts breached Huge thanks to our sponsor, Conveyor Let me guess, another security questionnaire just landed in your inbox. Which means all the follow up tasks…
How to secure your portable devices against cyberthreats
Portable devices such as smartphones, tablets, and laptops have become integral to our daily routines, storing a wealth of sensitive personal and professional information. As… The post How to secure your portable devices against cyberthreats appeared first on Panda Security…
Hackers Exploit Roundcube Vulnerability to Steal User Credentials via XSS Attack
A recent spearphishing campaign targeting Polish entities has been attributed with high confidence to the UNC1151 threat actor, a group linked to Belarusian state interests and, according to some sources, Russian intelligence services. CERT Polska reports that the attackers leveraged…
Hackers Using New Sophisticated iMessage 0-Click Exploit to Attack iPhone Users
A previously unknown zero-click vulnerability in Apple’s iMessage appears to have been exploited by sophisticated threat actors targeting high-profile individuals across the United States and the European Union. The vulnerability, dubbed “NICKNAME,” affected iOS versions up to 18.1.1 and was…
June 2025 Patch Tuesday forecast: Second time is the charm?
Microsoft has been busy releasing more out-of-band (OOB) patches than usual throughout May. The May Patch Tuesday release of updates was typical in number of vulnerabilities addressed with 41 in both Windows 10 and 11, and their associated servers. They…
Claroty enhances xDome platform with Device Purpose and Risk Benchmarking capabilities
Claroty announced new capabilities in its SaaS-based Claroty xDome platform that provide organizations with an impact-centric view of their CPS environment. The new additions, Device Purpose and Risk Benchmarking, allow users to see how the overall risk of an environment…