Following yesterday’s major security breach of the controversial imageboard 4chan, hackers have publicly revealed the sophisticated exploit method used to gain access to the site’s backend systems. The attack, which took the platform offline for several hours, has exposed sensitive…
Enhanced Version of ‘BPFDoor’ Linux Backdoor Seen in the Wild
In recent attacks, the state-sponsored backdoor BPFDoor is using a controller to open a reverse shell and move laterally. The post Enhanced Version of ‘BPFDoor’ Linux Backdoor Seen in the Wild appeared first on SecurityWeek. This article has been indexed…
Funding uncertainty may spell the end of MITRE’s CVE program
The future of the Common Vulnerabilities and Exposures (CVE) program hangs in the balance: MITRE, the not-for-profit US organization that runs it, could lose the US federal funding that helps them maintain it. But others have been waiting in the…
Updates von Oracle: 378 Security-Patches aber nichts zum Einbruch in die Cloud
Im Rahmen des regelmäßigen Update-Zyklus liefert Oracle Patches satt für fast die gesamte Produktpalette, die die Kunden zügig installieren sollten. Dieser Artikel wurde indexiert von heise security News Lesen Sie den originalen Artikel: Updates von Oracle: 378 Security-Patches aber nichts…
Critical Vulnerability Found in Apache Roller Blog Server
A critical vulnerability in Apache Roller could be used to maintain persistent access by reusing older sessions even after password changes. The post Critical Vulnerability Found in Apache Roller Blog Server appeared first on SecurityWeek. This article has been indexed…
Cyber Signals Issue 9 | AI-powered deception: Emerging fraud threats and countermeasures
Microsoft maintains a continuous effort to protect its platforms and customers from fraud and abuse. This edition of Cyber Signals takes you inside the work underway and important milestones achieved that protect customers. The post Cyber Signals Issue 9 |…
IT Security News Hourly Summary 2025-04-16 12h : 21 posts
21 posts were published in the last hour 10:3 : Hacktivist Group Becomes More Sophisticated, Targets Critical Infrastructure to Deploy Ransomware 10:3 : Chinese Hackers Unleash New BRICKSTORM Malware to Target Windows and Linux Systems 10:3 : APT29 Hackers Use…
Messenger-Alternative: Volla Messages mit großen Versprechungen
Die angebliche “WhatsApp- und Telegram-Alternative” Volla Messages wird mit Lob überhäuft, kann aber noch(?) kaum echte Vorteile ins Feld führen. Dieser Artikel wurde indexiert von heise security News Lesen Sie den originalen Artikel: Messenger-Alternative: Volla Messages mit großen Versprechungen
Nur noch 47 Tage: Gültigkeit von TLS-Zertifikaten wird drastisch verkürzt
Ab 2029 dürfen TLS-Zertifikate statt 398 nur noch höchstens 47 Tage lang gültig sein. Der von Apple eingereichte Vorschlag hat breite Zustimmung erhalten. (Zertifikat, Browser) Dieser Artikel wurde indexiert von Golem.de – Security Lesen Sie den originalen Artikel: Nur noch…
What to Know about Compliance with India’s Emerging Digital Personal Data Protection Act
With the rise of worldwide data threats and attacks, data privacy acts are springing up across the globe. It may be relatively unknown, but India for one has established a data privacy regulation called the Digital Personal Data Protection (DPDP)…
Nvidia Expects $5.5 Billion Hit As US Tightens Export Controls
H20 chip designed for Chinese market now requires special export licence, as Trump Administration tightens AI chip exports This article has been indexed from Silicon UK Read the original article: Nvidia Expects $5.5 Billion Hit As US Tightens Export Controls
Google Sued In UK For Online Search Domination
Search engine giant being sued for £5 billion ($6.64 billion) damages over allegations for online search domination This article has been indexed from Silicon UK Read the original article: Google Sued In UK For Online Search Domination
AI in Cybersecurity: Double-Edged Sword or Game-Changer?
AI is transforming cybersecurity, offering faster defence and smarter attacks. Learn how businesses can harness its power while managing the rising risks. This article has been indexed from Silicon UK Read the original article: AI in Cybersecurity: Double-Edged Sword or…
Tails 6.14.2 Released with Critical Fixes for Linux Kernel Vulnerabilities
The Tails Project has urgently released Tails 6.14.2, addressing critical security vulnerabilities in the Linux kernel and the Perl programming language. This emergency release is vital for users who rely on Tails’ security and privacy features, following the discovery of multiple…
Microsoft Warns of Node.js Abuse for Malware Delivery
In the past months Microsoft has seen multiple campaigns involving Node.js to deliver malware and other malicious payloads. The post Microsoft Warns of Node.js Abuse for Malware Delivery appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read…
Product Walkthrough: A Look Inside Wing Security’s Layered SaaS Identity Defense
Intro: Why hack in when you can log in? SaaS applications are the backbone of modern organizations, powering productivity and operational efficiency. But every new app introduces critical security risks through app integrations and multiple users, creating easy access points…
New BPFDoor Controller Enables Stealthy Lateral Movement in Linux Server Attacks
Cybersecurity researchers have unearthed a new controller component associated with a known backdoor called BPFDoor as part of cyber attacks targeting telecommunications, finance, and retail sectors in South Korea, Hong Kong, Myanmar, Malaysia, and Egypt in 2024. “The controller could…
Partnerbeitrag: ATHENE – Workshop „Hot Topic „Kryptoagilität“
Kryptoagilität ist ein zunehmend wichtiges Konzept der Cybersicherheit, das darauf abzielt, kryptografische Systeme anpassungsfähig und zukunftssicher zu machen. Im Kern geht es darum, neue Systeme zu entwickeln und bestehende Systeme zu aktualisieren, so dass kryptografische Änderungen problemlos durchgeführt werden und…
How Top Cybersecurity Leaders Are Enhancing Boardroom Communication in 2025
Board members worldwide are turning their attention toward the cyber risk landscape and questioning the extent to which it might impact their organization’s value. Their rising concern is well-warranted, given the escalating cost of cyber incidents, both in the long…
Streamlining detection engineering in security operation centers
A proper detection engineering program can help improve SOC operations. In this article we’ll discuss potential SOC issues, the necessary components of a detection engineering program and some useful metrics for evaluating its efficiency. This article has been indexed from…
CVE Foundation Launched To Ensure Long-term Vulnerability Tracking
The newly established CVE Foundation has been formally launched to safeguard the long-term continuity, stability, and independence of the Common Vulnerabilities and Exposures (CVE) Program. This move comes as the CVE Program, a 25-year foundational pillar of cybersecurity, faces unprecedented…
Hackers Abuse Node.js to Deliver Malware – Microsoft Warns
Attackers are increasingly exploiting Node.js, a widely trusted, open-source JavaScript runtime, to deliver sophisticated malware, steal sensitive data, and compromise entire systems. Recent campaigns observed since late 2024 have showcased a shift in attacker tactics. They leverage Node.js both for direct script…
Oracle Patches 180 Vulnerabilities With April 2025 CPU
Oracle’s April 2025 Critical Patch Update contains 378 security patches that resolve approximately 180 unique CVEs. The post Oracle Patches 180 Vulnerabilities With April 2025 CPU appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original…
[NEU] [mittel] HCL BigFix: Mehrere Schwachstellen
Ein entfernter, authentisierter Angreifer kann mehrere Schwachstellen in HCL BigFix ausnutzen, um einen Denial of Service Angriff durchzuführen, Sicherheitsmaßnahmen zu umgehen oder einen Cross-Site-Scripting Angriff durchzuführen. Dieser Artikel wurde indexiert von BSI Warn- und Informationsdienst (WID): Schwachstellen-Informationen (Security Advisories) Lesen…