Angreifer können ihre Rechte durch ein Sicherheitsleck in Docker Desktop für Windows ausweiten. Ein Update korrigiert das. Dieser Artikel wurde indexiert von heise security News Lesen Sie den originalen Artikel: Docker: Rechteausweitungslücke in Desktop für Windows
Hauptstadtportal berlin.de nach DDoS-Attacke wieder online
Am vergangenen Freitag begann ein umfassende DDoS-Angriff auf Portal der Hauptstadt. Betroffen waren Bürgerdienste und auch das Intranet der Verwaltung. Dieser Artikel wurde indexiert von heise security News Lesen Sie den originalen Artikel: Hauptstadtportal berlin.de nach DDoS-Attacke wieder online
Nordkoreanische Fake-ITler: “Wie dick ist Kim Jong-un?”
Nordkoreanische Fake-ITler sollen sich zu Tausenden in Fortune-500-Unternehmen eingeschlichen haben. Sie zu erkennen erfordert ungewöhnliche Methoden. (Nordkorea, Security) Dieser Artikel wurde indexiert von Golem.de – Security Lesen Sie den originalen Artikel: Nordkoreanische Fake-ITler: “Wie dick ist Kim Jong-un?”
Threat Actors Accelerate Transition from Reconnaissance to Compromise – New Report Finds
Cybercriminals are leveraging automation across the entire attack chain, drastically reducing the time from reconnaissance to compromise. The data shows a staggering 16.7% global increase in scans, with over 36,000 scans per second targeting not just exposed ports but delving…
Google Chrome Vulnerability Allows Attackers to Bypass Sandbox Restrictions – Technical Details Revealed
A severe vulnerability, identified as CVE-2025-2783, has been discovered in Google Chrome, specifically targeting the Mojo inter-process communication (IPC) component on Windows systems. This high-impact flaw, with a CVSS score of 8.8, stems from improper handle validation and management within…
Millions of Apple Airplay-Enabled Devices Can Be Hacked via Wi-Fi
Researchers reveal a collection of bugs known as AirBorne that would allow any hacker on the same Wi-Fi network as a third-party AirPlay-enabled device to surreptitiously run their own code on it. This article has been indexed from Security Latest…
Google Threat Intelligence Group (GTIG) tracked 75 actively exploited zero-day flaws in 2024
Google tracked 75 zero-day flaws exploited in 2024, down from 98 in 2023, according to its Threat Intelligence Group’s latest analysis. In 2024, Google tracked 75 exploited zero-day vulnerabilities, down from 98 in 2023 but up from 63 in 2022.…
Hackers Actively Attacking Git Configuration Files From 4,800+ IP’s
A notable increase in malicious scanning for exposed Git configuration files has been observed, posing significant risks of codebase theft and credential exposure for organizations around the globe. Security researchers at GreyNoise Intelligence have documented a record spike in Git…
20.5 Million DDoS Attacks, With One Exceeding 4.8 Billion Packets
With a record-breaking 20.5 million Distributed Denial of Service (DDoS) attacks prevented in the first quarter alone, a 358% rise over the same period last year, Cloudflare has reported a historic spike in cyberattacks to start 2025. This explosive growth nearly equals…
Tsunami Malware Actively Attacking Users Incorporates With Miners & Credential Stealers
A sophisticated malware framework dubbed “Tsunami” has emerged as an active threat, targeting users through a multi-stage infection chain and deploying an extensive arsenal of credential stealing and cryptomining capabilities. Security researchers have linked this malware to the ongoing “Contagious…
JokerOTP Platform With 28,000+ Phishing Attacks Dismantled
In a major cybersecurity breakthrough, law enforcement agencies from the UK and Netherlands have dismantled the notorious JokerOTP platform, a sophisticated phishing tool responsible for compromising financial accounts totaling £7.5 million across 13 countries. A 24-year-old man was arrested Tuesday…
Windows Server 2025 Hotpatching Service to be Rolled Out From July 1st, 2025
Microsoft has confirmed that its hotpatching feature for Windows Server 2025, which has been in preview since 2024, will transition to a paid subscription model starting July 1st, 2025. The announcement, made by Janine Patrick, Windows Server Product Marketing Manager,…
Pistachio Raises $7 Million for Cybersecurity Training Platform
Cybersecurity awareness training platform Pistachio has raised $7 million in a Series A funding round led by Walter Ventures. The post Pistachio Raises $7 Million for Cybersecurity Training Platform appeared first on SecurityWeek. This article has been indexed from SecurityWeek…
CISA warns about actively exploited Broadcom, Commvault vulnerabilities
The Cybersecurity and Infrastructure Security Agency (CISA) has added three new flaws to its Known Exploited Vulnerabilities catalog on Monday, affecting Commvault (CVE-2025-3928), Active! Mail (CVE-2025-42599), and Broadcom Brocade (CVE-2025-1976) solutions. CISA’s KEV catalog is constantly updated and provides IT…
LayerX Raises $11 Million for Browser Security Solution
Browser security firm LayerX has raised $11 million in a Series A funding round extension led by Jump Capital. The post LayerX Raises $11 Million for Browser Security Solution appeared first on SecurityWeek. This article has been indexed from SecurityWeek…
[NEU] [hoch] Redmine.org Redmine: Mehrere Schwachstellen
Ein lokaler Angreifer kann mehrere Schwachstellen in Redmine.org Redmine ausnutzen, um Informationen offenzulegen, einen Cross-Site Scripting Angriff durchzuführen und weitere, nicht spezifizierte Auswirkungen zu verursachen. Dieser Artikel wurde indexiert von BSI Warn- und Informationsdienst (WID): Schwachstellen-Informationen (Security Advisories) Lesen Sie…
China is using AI to sharpen every link in its attack chain, FBI warns
Artificial intelligence is helping Beijing’s goons break in faster and stay longer RSAC The biggest threat to US critical infrastructure, according to FBI Deputy Assistant Director Cynthia Kaiser, can be summed up in one word: “China.”… This article has been…
Cybersecurity Firms Raise Over $1.7 Billion Ahead of RSA Conference 2025
More than 30 companies announced a total of $1.7 billion in funding in weeks leading up to the industry’s largest gathering. The post Cybersecurity Firms Raise Over $1.7 Billion Ahead of RSA Conference 2025 appeared first on SecurityWeek. This article…
Google Reports 75 Zero-Days Exploited in 2024 — 44% Targeted Enterprise Security Products
Google has revealed that it observed 75 zero-day vulnerabilities exploited in the wild in 2024, down from 98 in 2023. Of the 75 zero-days, 44% of them targeted enterprise products. As many as 20 flaws were identified in security software…
Product Walkthrough: Securing Microsoft Copilot with Reco
Find out how Reco keeps Microsoft 365 Copilot safe by spotting risky prompts, protecting data, managing user access, and identifying threats – all while keeping productivity high. Microsoft 365 Copilot promises to boost productivity by turning natural language prompts into…
Strafverfolger hackten offensichtlich den Cybercrime-Marktplatz BreachForums
Die Betreiber des BreachForums geben an, dass sich Ermittler durch das Ausnutzen einer Sicherheitslücke Zugriff auf den Online-Schwarzmarkt verschafft haben. Dieser Artikel wurde indexiert von heise security News Lesen Sie den originalen Artikel: Strafverfolger hackten offensichtlich den Cybercrime-Marktplatz BreachForums
Attackierte SAP-Lücke: Hunderte verwundbare Server im Netz
Am Freitag hat SAP eine bereits angegriffene Sicherheitslücke in SAP Netweaver gepatcht. Noch immer sind hunderte Server verwundbar. Dieser Artikel wurde indexiert von heise security News Lesen Sie den originalen Artikel: Attackierte SAP-Lücke: Hunderte verwundbare Server im Netz
Behobener Bricking-Bug auf dem iPhone: “Eine Zeile Code” soll gereicht haben
Apple hat mit iOS 18.4 eine gefährliche Sicherheitslücke geschlossen. Eine Legacy-API ermöglichte es, Geräte lahmzulegen. Dieser Artikel wurde indexiert von heise security News Lesen Sie den originalen Artikel: Behobener Bricking-Bug auf dem iPhone: “Eine Zeile Code” soll gereicht haben
Seiko-Epson-Druckertreiber ermöglicht Rechteausweitung auf System
Die Windows-Druckertreiber für Seiko-Epson-Drucker enthalten eine hochriskante Lücke, die Angreifern die Ausweitung ihrer Rechte ermöglicht. Dieser Artikel wurde indexiert von heise security News Lesen Sie den originalen Artikel: Seiko-Epson-Druckertreiber ermöglicht Rechteausweitung auf System