In Citrix-Netscaler-Instanzen klaffen mehrere gefährliche Sicherheitslücken. Eine erinnert an Citrix Bleed, eine andere wird bereits ausgenutzt. (Sicherheitslücke, Server) Dieser Artikel wurde indexiert von Golem.de – Security Lesen Sie den originalen Artikel: Jetzt patchen: Citrix warnt vor teils aktiv ausgenutzten Sicherheitslücken
Author: wordpress
Hunderte Modelle betroffen: Lücken in Brother-Druckern bleiben zum Teil ungepatcht
Forscher haben Sicherheitslücken in fast 700 Druckermodellen von Brother entdeckt. Angreifer können unter anderem das Admin-Passwort ermitteln. (Sicherheitslücke, Drucker) Dieser Artikel wurde indexiert von Golem.de – Security Lesen Sie den originalen Artikel: Hunderte Modelle betroffen: Lücken in Brother-Druckern bleiben zum…
[NEU] [mittel] FasterXML Jackson: Schwachstelle ermöglicht Denial of Service
Ein entfernter, anonymer Angreifer kann eine Schwachstelle in FasterXML Jackson ausnutzen, um einen Denial of Service Angriff durchzuführen. Dieser Artikel wurde indexiert von BSI Warn- und Informationsdienst (WID): Schwachstellen-Informationen (Security Advisories) Lesen Sie den originalen Artikel: [NEU] [mittel] FasterXML Jackson:…
[NEU] [UNGEPATCHT] [mittel] International Components for Unicode (icu): Schwachstelle ermöglicht Codeausführung
Ein entfernter, anonymer Angreifer kann eine Schwachstelle in International Components for Unicode (icu) ausnutzen, um beliebigen Programmcode auszuführen. Dieser Artikel wurde indexiert von BSI Warn- und Informationsdienst (WID): Schwachstellen-Informationen (Security Advisories) Lesen Sie den originalen Artikel: [NEU] [UNGEPATCHT] [mittel] International…
HPE OneView for VMware vCenter Vulnerability Allows Elevated Access
Hewlett Packard Enterprise (HPE) has issued a critical security bulletin warning customers of a significant vulnerability in its OneView for VMware vCenter (OV4VC) software. The flaw, tracked as CVE-2025-37101, could allow attackers with only read-only privileges to escalate their access…
Cybercriminals Exploit LLM Models to Enhance Hacking Activities
Cybercriminals are increasingly leveraging large language models (LLMs) to amplify their hacking operations, utilizing both uncensored versions of these AI systems and custom-built criminal variants. LLMs, known for their ability to generate human-like text, write code, and solve complex problems,…
Qilin ransomware attack on NHS supplier contributed to patient fatality
Pathology outage caused by Synnovis breach linked to harm across dozens of healthcare facilities The NHS says Qilin’s ransomware attack on pathology services provider Synnovis last year led to the death of a patient.… This article has been indexed from…
IT Security News Hourly Summary 2025-06-26 12h : 18 posts
18 posts were published in the last hour 9:35 : Gemini CLI: Entwickler können die Google-KI jetzt kostenlos direkt im Terminal nutzen 9:35 : Die wahren Kosten der Open-Source-Unterstützung für Unternehmen | Offizieller Blog von Kaspersky 9:34 : BreachForums: ShinyHunters…
[NEU] [hoch] Citrix Systems NetScaler: Schwachstelle ermöglicht Denial of Service
Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Citrix Systems NetScaler ausnutzen, um einen Denial of Service Angriff durchzuführen. Dieser Artikel wurde indexiert von BSI Warn- und Informationsdienst (WID): Schwachstellen-Informationen (Security Advisories) Lesen Sie den originalen Artikel: [NEU] [hoch] Citrix…
[NEU] [mittel] Drupal Module: Mehrere Schwachstellen
Ein Angreifer kann mehrere Schwachstellen in Drupal ausnutzen, um einen Cross-Site Scripting Angriff durchzuführen, und um Sicherheitsvorkehrungen zu umgehen. Dieser Artikel wurde indexiert von BSI Warn- und Informationsdienst (WID): Schwachstellen-Informationen (Security Advisories) Lesen Sie den originalen Artikel: [NEU] [mittel] Drupal…
Chinese Hackers Deploy Pubload Malware Using Tibetan Community Lures and Weaponized Filenames
IBM X-Force researchers have uncovered a series of targeted cyberattacks orchestrated by the China-aligned threat actor Hive0154. Throughout 2025, this group has been deploying the Pubload malware, a potent backdoor, through meticulously crafted phishing lures aimed at the Tibetan community.…
Iranian Spear-Phishing Attack Impersonates Google, Outlook, and Yahoo Domains
Check Point Research has uncovered a renewed global spear-phishing campaign orchestrated by the Iranian threat actor Educated Manticore, also known as APT42, Charming Kitten, and Mint Sandstorm. Linked to the IRGC Intelligence Organization, this group has intensified its operations amid…
White House Bans WhatsApp
Reuters is reporting that the White House has banned WhatsApp on all employee devices: The notice said the “Office of Cybersecurity has deemed WhatsApp a high risk to users due to the lack of transparency in how it protects user…
ClickFix Attacks Surge 517% in 2025
The ClickFix social engineering technique has become the second most common attack vector, behind only phishing, according to ESET research This article has been indexed from www.infosecurity-magazine.com Read the original article: ClickFix Attacks Surge 517% in 2025
Zero-Day: Bluetooth-Lücke macht Millionen Kopfhörer zu Abhörstationen
Der in beliebten Modellen großer Hersteller verbaute Bluetooth-Chipsatz ist angreifbar. Hacker konnten so Anrufe starten und Geräte abhören. Dieser Artikel wurde indexiert von heise security News Lesen Sie den originalen Artikel: Zero-Day: Bluetooth-Lücke macht Millionen Kopfhörer zu Abhörstationen
US University Targeted by Androxgh0st Botnet Operators for C2 Logger Hosting
CloudSEK’s TRIAD team has made the shocking discovery that the Androxgh0st botnet is a persistent and dynamic cyberthreat. It has targeted a subdomain of the University of California, San Diego, specifically the “USArhythms” portal associated with the USA Basketball Men’s…
Chinese Hackers Deploying Pubload Malware by Weaponizing Tibetan Community Lures & Filenames
A sophisticated cyberattack campaign targeting the Tibetan community has emerged, with China-aligned threat actors deploying advanced malware through carefully crafted social engineering tactics. The campaign exploits culturally significant events and documents to lure victims into downloading malicious software, representing a…
Surge in Attacks Targeting MOVEit Transfer Systems – 100+ Unique IPs Used by Attackers
Researchers observed a significant increase in malicious scanning activity targeting MOVEit Transfer systems observed with over 682 unique IP addresses participating in coordinated reconnaissance and exploitation attempts over the past 90 days. The surge represents a significant shift from baseline…
CISA Warns of Vulnerabilities in ControlID iDSecure Software Allowing Authentication Bypass
CISA has issued a high-priority security advisory warning organizations about critical vulnerabilities in ControlID’s iDSecure On-premises vehicle control software. Released on June 24, 2025, the advisory highlights three severe security flaws that could allow attackers to bypass authentication mechanisms and…
IBM i Vulnerability Allows Let Attackers Escalate Privileges
A critical security vulnerability affecting multiple versions of IBM i that could allow attackers to escalate privileges through an unqualified library call in IBM Facsimile Support for i. The vulnerability, tracked as CVE-2025-36004, carries a high CVSS base score of…