CISA is making recommendations for organizations and users in light of the recent Oracle legacy cloud environment hack. The post CISA Issues Guidance After Oracle Cloud Hack appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the…
Author: wordpress
Sonicwall SMA100: Angreifer missbrauchen alte Sicherheitslücke
Derzeit finden Angriffe auf alte Sicherheitslücken in Sonicwalls Firmware für Geräte der SMA100-Baureihen statt. Dieser Artikel wurde indexiert von heise security News Lesen Sie den originalen Artikel: Sonicwall SMA100: Angreifer missbrauchen alte Sicherheitslücke
12 Tipps zur sicheren Nutzung von WhatsApp, Telegram, Signal, Viber, WeChat und anderen Messenger-Apps | Offizieller Blog von Kaspersky
Messenger-Apps: sicher chatten und den Diebstahl von Konten verhindern Dieser Artikel wurde indexiert von Offizieller Blog von Kaspersky Lesen Sie den originalen Artikel: 12 Tipps zur sicheren Nutzung von WhatsApp, Telegram, Signal, Viber, WeChat und anderen Messenger-Apps | Offizieller Blog…
[NEU] [hoch] PgBouncer: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen
Ein entfernter, anonymer Angreifer kann eine Schwachstelle in PgBouncer ausnutzen, um Sicherheitsvorkehrungen zu umgehen. Dieser Artikel wurde indexiert von BSI Warn- und Informationsdienst (WID): Schwachstellen-Informationen (Security Advisories) Lesen Sie den originalen Artikel: [NEU] [hoch] PgBouncer: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen
Chinese Hacker Group Mustang Panda Bypass EDR Detection With New Hacking Tools
The China-sponsored hacking group, Mustang Panda, has been uncovered by Zscaler ThreatLabz to employ new techniques and tools, including the updated backdoor ToneShell and a novel tool named StarProxy, to evade endpoint detection and response (EDR) systems. Mustang Panda’s New…
CISA Warns of SonicWall Command Injection Vulnerability Exploited in Wild
The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert regarding a critical SonicWall vulnerability that is actively being exploited by threat actors. On April 16, 2025, CISA added CVE-2021-20035, a command injection vulnerability affecting SonicWall SMA100 appliances,…
Google Blocks 5 Billion Malicious Ads & Suspend 700,000+ Offending Advertiser
Google revealed a significant crackdown on malicious advertising activity across its platforms, blocking more than 5.1 billion bad ads and suspending upwards of 700,000 advertiser accounts involved in policy violations and scams. Google’s ability to detect and prevent malicious ads…
Researchers Uncovered Gamaredon’s PteroLNK VBScript Malware Infrastructure & TTP’s
A sophisticated malware campaign attributed to the Russia-linked Gamaredon threat group has been actively targeting Ukrainian entities since late 2024, according to new research published on April 16, 2025. Samples of the Pterodo malware family were identified on public malware…
SonicWall Flags Old Vulnerability as Actively Exploited
A SonicWall SMA 100 series vulnerability patched in 2021, which went unnoticed at the time of patching, is being exploited in the wild. The post SonicWall Flags Old Vulnerability as Actively Exploited appeared first on SecurityWeek. This article has been…
Trump’s Retaliation Against Chris Krebs — and the Cybersecurity Industry’s Deafening Silence
Chris Krebs, the former director of the Cybersecurity and Infrastructure Security Agency (CISA), was fired by Donald Trump in 2020 for publicly affirming that the presidential election was secure and free from widespread fraud. Fast-forward to April 2025: Trump, now…
Node.js Malware Campaign Targets Crypto Users with Fake Binance and TradingView Installers
Microsoft is calling attention to an ongoing malvertising campaign that makes use of Node.js to deliver malicious payloads capable of information theft and data exfiltration. The activity, first detected in October 2024, uses lures related to cryptocurrency trading to trick…
Critical Erlang/OTP SSH Vulnerability (CVSS 10.0) Allows Unauthenticated Code Execution
A critical security vulnerability has been disclosed in the Erlang/Open Telecom Platform (OTP) SSH implementation that could permit an attacker to execute arbitrary code sans any authentication under certain conditions. The vulnerability, tracked as CVE-2025-32433, has been given the maximum…
[NEU] [niedrig] PyTorch: Schwachstelle ermöglicht Denial of Service
Ein lokaler Angreifer kann eine Schwachstelle in PyTorch ausnutzen, um einen Denial of Service Angriff durchzuführen. Dieser Artikel wurde indexiert von BSI Warn- und Informationsdienst (WID): Schwachstellen-Informationen (Security Advisories) Lesen Sie den originalen Artikel: [NEU] [niedrig] PyTorch: Schwachstelle ermöglicht Denial…
[NEU] [mittel] Microsoft Power Automate Desktop: Schwachstelle ermöglicht Offenlegung von Informationen
Ein entfernter, authentisierter Angreifer kann eine Schwachstelle in Microsoft Power Automate Desktop ausnutzen, um Informationen offenzulegen. Dieser Artikel wurde indexiert von BSI Warn- und Informationsdienst (WID): Schwachstellen-Informationen (Security Advisories) Lesen Sie den originalen Artikel: [NEU] [mittel] Microsoft Power Automate Desktop:…
[NEU] [hoch] IBM App Connect Enterprise: Mehrere Schwachstellen
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in IBM App Connect Enterprise ausnutzen, um Sicherheitsvorkehrungen zu umgehen, Informationen auszuspähen oder seine Privilegien zu eskalieren Dieser Artikel wurde indexiert von BSI Warn- und Informationsdienst (WID): Schwachstellen-Informationen (Security Advisories) Lesen Sie den…
Unmasking the new XorDDoS controller and infrastructure
Cisco Talos observed the ongoing global spread of the XorDDoS malware, predominantly targeting the United States, with evidence suggesting Chinese-speaking operators are using sophisticated tools to orchestrate widespread attacks. This article has been indexed from Cisco Talos Blog Read the…
Microsoft Defender For Endpoint Now Isolates Undiscovered Endpoints
With recent updates, Microsoft took another step towards thwarting network threats with Defender. As announced,… Microsoft Defender For Endpoint Now Isolates Undiscovered Endpoints on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses. This article has…
Data-stealing cyberattacks are surging – 7 ways to protect yourself and your business
The number of infostealers sent through phishing emails jumped by 84% last year. IBM X-Force offers these recommendations for defending yourself from all manner of malware. This article has been indexed from Latest stories for ZDNET in Security Read the…
Cyber threats against energy sector surge as global tensions mount
Cyberattacks targeting the energy sector are increasing, driven by a host of geopolitical and technological factors. A report published by Sophos in July 2024, and which surveyed 275 cybersecurity and IT leaders from the energy, oil/gas, and utilities sector across…
Apple plugs zero-day holes used in targeted iPhone attacks (CVE-2025-31200, CVE-2025-31201)
Apple has released emergency security updates for iOS/iPadOS, macOS, tvOS and visionOS that fix two zero-day vulnerabilities (CVE-2025-31200, CVE-2025-31201) that have been exploited “in an extremely sophisticated attack against specific targeted individuals on iOS.” CVE-2025-31200 and CVE-2025-31201 CVE-2025-31200 affects CoreAudio,…