Cloudflare’s latest DDoS Threat Report for the first quarter of 2025 reveals that the company mitigated a record-shattering 20.5 million Distributed Denial of Service (DDoS) attacks, marking a 358% surge year-over-year and a 198% increase quarter-over-quarter compared to the previous…
New Gremlin Stealer Advertised on Hacker Forums Targets Credit Card Data and Login Credentials
A formidable new information-stealing malware dubbed Gremlin Stealer has surfaced in the cybercrime underground, actively promoted since mid-March 2025 on platforms like the Telegram channel CoderSharp. Discovered by Unit 42 researchers at Palo Alto Networks, this malware, crafted in C#,…
Google Reports 75 Zero-Day Vulnerabilities Actively Exploited in the Wild
In a comprehensive report released by the Google Threat Intelligence Group (GTIG), 75 zero-day vulnerabilities were identified as actively exploited in the wild throughout 2024, marking a slight decline from 98 in 2023 but an increase from 63 in 2022.…
Outlaw Cybergang Launches Global Attacks on Linux Environments with New Malware
The Outlaw cybergang, also known as “Dota,” has intensified its global assault on Linux environments, exploiting weak or default SSH credentials to deploy a Perl-based crypto mining botnet. Detailed insights from a recent incident response case in Brazil, handled by…
Konni APT Deploys Multi-Stage Malware in Targeted Organizational Attacks
A sophisticated multi-stage malware campaign, potentially orchestrated by the North Korean Konni Advanced Persistent Threat (APT) group, has been identified targeting entities predominantly in South Korea. Cybersecurity experts have uncovered a meticulously crafted attack chain that leverages advanced obfuscation techniques…
WhatsApp Is Walking a Tightrope Between AI Features and Privacy
WhatsApp’s AI tools will use a new “Private Processing” system designed to allow cloud access without letting Meta or anyone else see end-to-end encrypted chats. But experts still see risks. This article has been indexed from Security Latest Read the…
Enterprise tech dominates zero-day exploits with no signs of slowdown
As Big Tech gets used to the pain, smaller vendors urged to up their game This article has been indexed from The Register – Security Read the original article: Enterprise tech dominates zero-day exploits with no signs of slowdown
Are Puppies the New Booth Babes: What Do You Think?
Walking the floor of the RSA Conference (RSAC) this year, amid the sea of booths packed with flashing monitors, cybersecurity swag and endless sales pitches, one booth stood out — and not for its tech demos or zero-day revelations. Orca…
IT Security News Hourly Summary 2025-04-29 18h : 11 posts
11 posts were published in the last hour 16:3 : Insider Threat alert as Cybersecurity firm CEO plants malware into hospital network 16:3 : SecAI Debuts at RSA 2025, Redefining Threat Investigation with AI 16:3 : SentinelOne’s Purple AI Athena…
Apple AirPlay: Sicherheitsforscher warnen vor gravierenden Lücken
Schwachstellen erlauben die Übernahme von AirPlay-Geräten, warnen Sicherheitsforscher. Für iPhones & Co gibt es Patches, bei anderer Hardware wird es knifflig. Dieser Artikel wurde indexiert von heise security News Lesen Sie den originalen Artikel: Apple AirPlay: Sicherheitsforscher warnen vor gravierenden…
GPUAF: Two Methods to Root Qualcomm-Based Android Phones
Security researchers have exposed critical vulnerabilities in Qualcomm GPU drivers, impacting a vast array of Android devices from brands like Samsung, Honor, Xiaomi, and Vivo. These exploits, centered around the GPU Address Fault (GPUAF) primitive, target the kgsl_mem_entry and Virtual…
Verizon 2025 Report Highlights Surge in Cyberattacks Through Third Parties
Verizon Business unveiled its 2025 Data Breach Investigations Report (DBIR) today, painting a stark picture of the escalating cyber threat landscape. Analyzing over 22,000 security incidents, including 12,195 confirmed data breaches, the report reveals a alarming 30% involvement of third…
Delta Electronics ISPSoft
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.4 ATTENTION: Low attack complexity Vendor: Delta Electronics Equipment: ISPSoft Vulnerabilities: Stack-based Buffer Overflow, Out-of-bounds Write 2. RISK EVALUATION Successful exploitation of these vulnerabilities could result in an attacker executing arbitrary code. 3.…
Rockwell Automation ThinManager
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: ThinManager Vulnerabilities: Improper Restriction of Operations within the Bounds of a Memory Buffer, Incorrect Default Permissions 2. RISK EVALUATION Successful exploitation of these…
CISA Releases Three Industrial Control Systems Advisories
CISA released three Industrial Control Systems (ICS) advisories on April 29, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-119-01 Rockwell Automation ThinManager ICSA-25-119-02 Delta Electronics ISPSoft ICSA-25-105-05 Lantronix XPort (Update A) CISA…
Effizienz neu gedacht: Die kostenlose Timetracking-App Timescribe im Test
Timescribe ist eine einfache Zeiterfassungslösung für den Mac. Wir haben uns das Open-Source-Tool für euch angeschaut. Dieser Artikel wurde indexiert von t3n.de – Software & Entwicklung Lesen Sie den originalen Artikel: Effizienz neu gedacht: Die kostenlose Timetracking-App Timescribe im Test
Recall in Windows 11: Verfolgt mein Computer jetzt alles, was ich tue?
Nie wieder lange nach Dateien suchen, das soll Microsoft Recall-Funktion in Windows 11 möglich machen. Die KI-Suche setzt dafür auf zahlreiche Screenshots vom Computer. Muss man sich deswegen jetzt Sorgen machen? Wir beantworten die wichtigsten Fragen. Dieser Artikel wurde indexiert…
Reddit-User wurden ungefragt Teil eines KI-Experiments
Reddit-Moderator:innen beklagen ein unautorisiertes KI-Experiment in ihrem Unterforum. Demnach hat eine Universität ohne Erlaubnis eine KI auf die User:innen losgelassen, um eine Studie zu erstellen. Was dahintersteckt und was die Moderator:innen jetzt fordern. Dieser Artikel wurde indexiert von t3n.de –…
Beim Jugendschutz versagt? Meta schränkt KI-Chatbot nach Sex-Chat-Vorwürfen ein
Auf Whatsapp, Facebook und Instagram sollte Meta AI als virtueller Helfer dienen. Nach einem Bericht über explizite Gespräche mit Minderjährigen verschärft Meta jetzt die Schutzmechanismen. Dieser Artikel wurde indexiert von t3n.de – Software & Entwicklung Lesen Sie den originalen Artikel:…
Schwere Lücken in AirPlay: Apple patcht, andere Geräte wohl weiter angreifbar
Schwachstellen erlauben die Übernahme von AirPlay-Geräten, warnen Sicherheitsforscher. Für iPhones & Co gibt es Patches, bei anderer Hardware wird es knifflig. Dieser Artikel wurde indexiert von heise security News Lesen Sie den originalen Artikel: Schwere Lücken in AirPlay: Apple patcht,…
Anzeige: Schutz vor Cyberangriffen mit Microsoft Defender
Microsoft Defender bietet umfassende Schutzfunktionen für Unternehmen. Ein zweitägiger Workshop zeigt IT-Admins, wie sich die Microsoft-Sicherheitslösungen konkret in der Praxis einsetzen lassen. (Golem Karrierewelt, Sicherheitslücke) Dieser Artikel wurde indexiert von Golem.de – Security Lesen Sie den originalen Artikel: Anzeige: Schutz…
Wordfence: The World’s Leading Quality WordPress Vulnerability Intelligence Provider
Today, we’re examining Wordfence’s vulnerability data for 2024 and 2025, and comparing it to other WordPress Certified Numbering Authorities (CNAs) and vulnerability data providers. This report will demonstrate why Wordfence is the undisputed leader in WordPress vulnerability intelligence and WordPress…
Google Wallet brings digital IDs to more states – how to add yours
Plus, proving your age with your phone is about to get way easier and more private. This article has been indexed from Latest stories for ZDNET in Security Read the original article: Google Wallet brings digital IDs to more states…
NVIDIA Riva Vulnerabilities Exposes Enable Authorized Access to Cloud Environments
A critical security flaw in NVIDIA’s Riva framework, an AI-powered speech and translation service, has left cloud environments vulnerable to unauthorized access and exploitation. Trend Micro researchers uncovered two vulnerabilities-CVE-2025-23242 and CVE-2025-23243-stemming from misconfigured deployments that expose Riva’s gRPC and…