Crypto free for all? US Justice Department is disbanding team of prosecutors who targetted cryptocurrency crimes This article has been indexed from Silicon UK Read the original article: US DoJ Disbands Crypto Enforcement Team
MIWIC25: Michelle Corrigan, Director of Digital Care Hub
Organised by Eskenzi PR in media partnership with the IT Security Guru, the Most Inspiring Women in Cyber Awards aim to shed light on the remarkable women in our industry. The following is a feature on one of 2024’s Top 20 women selected…
5000+ Exposed Ivanti Connect Secure Devices Vulnerable to RCE Attacks
Over 5,113 Ivanti Connect Secure VPN appliances remain unpatched and vulnerable to the active exploitation of CVE-2025-22457, a critical stack-based buffer overflow vulnerability that enables remote code execution (RCE). The Shadowserver Foundation’s recent scans revealed widespread exposure, with devices spanning…
Kibana Security Update – Patch for Vulnerability Leads to Code Injection
Elastic has released critical security updates for Kibana, addressing a high-severity vulnerability that could allow attackers to inject malicious code into affected systems. The security update patches a prototype pollution vulnerability that, when exploited, could lead to remote code execution…
NCSC Warns of MOONSHINE & BADBAZAAR Malware Attacking Mobile Devices Worldwide
The UK’s National Cyber Security Centre (NCSC) and international partners have issued urgent advisories warning about sophisticated spyware targeting specific communities globally. The malware variants, identified as MOONSHINE and BADBAZAAR, are being deployed in surveillance campaigns against Uyghur, Tibetan, and…
Apache mod_auth_openidc Vulnerability Exposes Protected Content to Unauthenticated Users
A significant security vulnerability in Apache’s mod_auth_openidc module has been discovered that could allow unauthorized access to protected web resources. The flaw, tracked as CVE-2025-31492 and rated 8.2 on the CVSSv4 scale, affects widely deployed OpenID Connect authentication systems and…
WhatsApp for Windows Exposed to Security Risk Through Spoofing Vulnerability
Whatsapp for Windows has been recently revealed to have a critical security vulnerability known as CVE-2025-30401. This vulnerability has raised serious concerns within the cybersecurity community since it has been identified. The high severity of this vulnerability affects desktop…
CISA Warns of CentreStack’s Hard-Coded MachineKey Vulnerability Enabling RCE Attacks
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a critical security flaw impacting Gladinet CentreStack to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. The vulnerability, tracked as CVE-2025-30406 (CVSS score:…
PipeMagic Trojan Exploits Windows Zero-Day Vulnerability to Deploy Ransomware
Microsoft has revealed that a now-patched security flaw impacting the Windows Common Log File System (CLFS) was exploited as a zero-day in ransomware attacks aimed at a small number of targets. “The targets include organizations in the information technology (IT)…
[NEU] [hoch] Spotfire Statistics Services: Mehrere Schwachstellen
Ein entfernter, authentisierter Angreifer kann mehrere Schwachstellen in Spotfire Statistics Services ausnutzen, um beliebigen Programmcode auszuführen und Sicherheitsmaßnahmen zu umgehen. Dieser Artikel wurde indexiert von BSI Warn- und Informationsdienst (WID): Schwachstellen-Informationen (Security Advisories) Lesen Sie den originalen Artikel: [NEU] [hoch]…
CISA Issues Alert on Active Exploits of Windows CLFS Vulnerability
The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert regarding active exploitation of a critical vulnerability in the Microsoft Windows Common Log File System (CLFS) Driver. The vulnerability, tracked as CVE-2025-29824, poses a significant security risk by allowing…
Master IT Fundamentals with This CompTIA Certification Prep Bundle
Prepare for a successful IT career with lifetime access to expert-led courses covering CompTIA A+, Network+, Security+, and Cloud+ certification prep. This article has been indexed from Security | TechRepublic Read the original article: Master IT Fundamentals with This CompTIA…
ICS Patch Tuesday: Vulnerabilities Addressed by Rockwell, ABB, Siemens, Schneider
Industrial giants Siemens, Rockwell, Schneider and ABB have released their March 2025 Patch Tuesday ICS security advisories. The post ICS Patch Tuesday: Vulnerabilities Addressed by Rockwell, ABB, Siemens, Schneider appeared first on SecurityWeek. This article has been indexed from SecurityWeek…
NCSC Warns of Spyware Targeting Chinese and Taiwanese Diaspora
The UK and allies have warned of new mobile spyware targeting Uyghur, Tibetan and Taiwanese communities This article has been indexed from www.infosecurity-magazine.com Read the original article: NCSC Warns of Spyware Targeting Chinese and Taiwanese Diaspora
Adobe Creative Cloud Applikationen: Mehrere Schwachstellen
Es bestehen mehrere Schwachstellen in Adobe Creative Cloud Applikationen. Ein Angreifer kann diese Schwachstellen ausnutzen, um Schadcode auszuführen, Anwendungen zum Absturz zu bringen, vertrauliche Daten auszulesen, XSS-Angriffe durchzuführen und Schutzmaßnahmen zu umgehen. Einige der Schwachstellen erfordern ein bestimmtes Maß an…
Adobe Photoshop: Schwachstelle ermöglicht Codeausführung
In Adobe Photoshop gibt es einen Fehler, bei dem das Programm überfordert ist, wenn es eine speziell manipulierte Datei lädt. Ein Angreifer könnte so eine Datei bauen, damit Photoshop aus Versehen schädliche Befehle ausführt. Allerdings müsste der Nutzer diese Datei…
Microsoft Patchday April 2025
Microsoft hat im April zahlreiche Schwachstellen in verschiedenen Produkten behoben. Dieser Artikel wurde indexiert von BSI Warn- und Informationsdienst (WID): Schwachstellen-Informationen (Bürger Cert) Lesen Sie den originalen Artikel: Microsoft Patchday April 2025
Für Ransomwareangriffe: Gefährliche Windows-Lücke wird aktiv ausgenutzt
Administratoren sollten zeitnah ihre Windows-Systeme aktualisieren. Hacker nutzen eine Zero-Day-Lücke aus, um Ransomware einzuschleusen. (Sicherheitslücke, Windows) Dieser Artikel wurde indexiert von Golem.de – Security Lesen Sie den originalen Artikel: Für Ransomwareangriffe: Gefährliche Windows-Lücke wird aktiv ausgenutzt
[UPDATE] [mittel] Intel Prozessoren: Mehrere Schwachstellen ermöglichen Offenlegung von Informationen
Ein lokaler Angreifer kann mehrere Schwachstellen in Intel Prozessoren ausnutzen, um Informationen offenzulegen. Dieser Artikel wurde indexiert von BSI Warn- und Informationsdienst (WID): Schwachstellen-Informationen (Security Advisories) Lesen Sie den originalen Artikel: [UPDATE] [mittel] Intel Prozessoren: Mehrere Schwachstellen ermöglichen Offenlegung von…
[UPDATE] [mittel] Linux Kernel: Schwachstelle ermöglicht nicht spezifizierten Angriff
Ein lokaler Angreifer kann eine Schwachstelle im Linux Kernel ausnutzen, um einen nicht näher spezifizierten Angriff durchzuführen. Dieser Artikel wurde indexiert von BSI Warn- und Informationsdienst (WID): Schwachstellen-Informationen (Security Advisories) Lesen Sie den originalen Artikel: [UPDATE] [mittel] Linux Kernel: Schwachstelle…
[UPDATE] [hoch] Linux Kernel: Mehrere Schwachstellen
Ein lokaler Angreifer kann mehrere Schwachstellen im Linux Kernel ausnutzen, um seine Privilegien zu erhöhen und vertrauliche Informationen offenzulegen. Dieser Artikel wurde indexiert von BSI Warn- und Informationsdienst (WID): Schwachstellen-Informationen (Security Advisories) Lesen Sie den originalen Artikel: [UPDATE] [hoch] Linux…
Master IT Fundamentals With This CompTIA Certification Prep Bundle
Prepare for a successful IT career with lifetime access to expert-led courses covering CompTIA A+, Network+, Security+, and Cloud+ certification prep. This article has been indexed from Security | TechRepublic Read the original article: Master IT Fundamentals With This CompTIA…
AWS Systems Manager Plugin Vulnerability Let Attackers Execute Arbitrary Code
A critical vulnerability in the AWS Systems Manager (SSM) Agent that could allow attackers to execute arbitrary code with elevated privileges. The vulnerability, stemming from improper input validation within the ValidatePluginId function, affects a core component used to manage EC2…
CISA Warns of CrushFTP Authentication Bypass Vulnerability Exploited in Attacks
The Cybersecurity and Infrastructure Security Agency (CISA) has added a critical authentication bypass vulnerability in CrushFTP file transfer software to its Known Exploited Vulnerabilities (KEV) Catalog. Designated as CVE-2025-31161, this vulnerability is actively being exploited in the wild, posing significant…