In agile and DevOps-driven environments, APIs are frequently updated to meet evolving business demands, from adding new features to addressing performance issues. However, each deployment introduces potential security risks, as new code, configurations, and endpoints can expose vulnerabilities. In an…
IT-Konzern unter Druck: Echtheit von Oracle-Kundendaten nach Cyberangriff bestätigt
Ein Hacker will Daten von Oracle erbeutet haben. Nach einem ersten Dementi hält sich der Konzern bedeckt, doch Kunden haben das Datenleck nun bestätigt. (Datenleck, Oracle) Dieser Artikel wurde indexiert von Golem.de – Security Lesen Sie den originalen Artikel: IT-Konzern…
Aussie Fintech Vroom Exposes Thousands of Records After AWS Misconfiguration
Cybersecurity researcher Jeremiah Fowler discovered a data exposure at Australian fintech Vroom by YouX, exposing 27,000 records, including driver’s licenses, bank statements, and more. This article has been indexed from Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News…
[NEU] [mittel] IBM App Connect Enterprise: Schwachstelle ermöglicht Offenlegung von Informationen
Ein lokaler Angreifer kann eine Schwachstelle in IBM App Connect Enterprise ausnutzen, um Informationen offenzulegen. Dieser Artikel wurde indexiert von BSI Warn- und Informationsdienst (WID): Schwachstellen-Informationen (Security Advisories) Lesen Sie den originalen Artikel: [NEU] [mittel] IBM App Connect Enterprise: Schwachstelle…
Cloud Threats on the Rise: Alert Trends Show Intensified Attacker Focus on IAM, Exfiltration
Understanding trends amidst noise: tracking shifts in security alerts allows cloud defenders to parse threats from attackers targeting IAM, storage and more. The post Cloud Threats on the Rise: Alert Trends Show Intensified Attacker Focus on IAM, Exfiltration appeared first…
RedCurl Unleashes New Ransomware Targeting Hyper-V Servers Exclusively
Cybersecurity researchers at Bitdefender have uncovered a significant evolution in the tactics of the RedCurl threat group, marking their first foray into ransomware deployment. This new strain, dubbed QWCrypt, specifically targets Hyper-V servers, showcasing a sophisticated and highly targeted approach…
Lucid PhAAS Platform Uses RCS and iMessage to Evade Detection
The cybersecurity landscape has been disrupted by the emergence of Lucid, a sophisticated Phishing-as-a-Service (PhAAS) platform developed by Chinese-speaking threat actors. This advanced toolkit enables cybercriminals to conduct large-scale phishing campaigns, targeting 169 entities across 88 countries globally. Lucid’s innovation…
Malicious Google Ads Target DeepSeek Users to Spread Malware
Cybersecurity threats continue to evolve, with malicious actors exploiting popular platforms like Google Ads to spread malware. Recently, a sophisticated campaign targeting DeepSeek users has been uncovered, highlighting the ongoing risks associated with sponsored search results. The Threat Landscape DeepSeek,…
B1ack’s Stash MarketPlace Actors to Release 4 Million Stolen Credit Card Details for Free
Dark web carding marketplace B1ack’s Stash has announced the release of 4 million stolen credit card details at no cost to cybercriminals. This massive data leak, publicized on February 19, 2025, represents one of the largest freely distributed caches of…
T-Mobile Coughed Up $33 Million in SIM Swap Lawsuit
T-Mobile paid $33 million in a private arbitration process over a SIM swap attack leading to cryptocurrency theft. The post T-Mobile Coughed Up $33 Million in SIM Swap Lawsuit appeared first on SecurityWeek. This article has been indexed from SecurityWeek…
CrushFTP: Patch critical vulnerability ASAP! (CVE-2025-2825)
CrushFTP has fixed a critical vulnerability (CVE-2025-2825) in its enterprise file transfer solution that could be exploited by remote, unauthenticated attackers to access vulnerable internet-facing servers (and likely the data stored on them). Attackers, especially ransomware gangs, have a penchant…
New Report Explains Why CASB Solutions Fail to Address Shadow SaaS and How to Fix It
Whether it’s CRMs, project management tools, payment processors, or lead management tools – your workforce is using SaaS applications by the pound. Organizations often rely on traditional CASB solutions for protecting against malicious access and data exfiltration, but these fall…
Chinese Spy Group FamousSparrow Back with a Vengeance, Targets US
Once considered inactive, the Chinese cyber espionage group FamousSparrow has reemerged, targeting organizations across the US, Mexico and Honduras This article has been indexed from www.infosecurity-magazine.com Read the original article: Chinese Spy Group FamousSparrow Back with a Vengeance, Targets US
[NEU] [hoch] GitLab: Mehrere Schwachstellen
Ein entfernter authentisierter oder lokaler Angreifer kann mehrere Schwachstellen in GitLab ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen, erhöhte Rechte zu erlangen, Daten zu manipulieren und Cross-Site-Scripting-Angriffe durchzuführen. Dieser Artikel wurde indexiert von BSI Warn- und Informationsdienst (WID): Schwachstellen-Informationen (Security Advisories)…
Trump Says China Tariffs May Be Cut To Seal TikTok Deal
President touts easing Chinese tariffs to facilitate TikTok sale, and also implements 25 percent tariff on all imported cars in US This article has been indexed from Silicon UK Read the original article: Trump Says China Tariffs May Be Cut…
CISA Adds Sitecore CMS Code Execution Vulnerability to Exploited List
The Cybersecurity and Infrastructure Security Agency (CISA) has included a critical deserialization vulnerability affecting Sitecore CMS and Experience Platform (XP). This vulnerability, tracked as CVE-2019-9874, allows unauthenticated attackers to execute arbitrary code by manipulating HTTP POST parameters, specifically the __CSRFTOKEN…
A Taxonomy of Adversarial Machine Learning Attacks and Mitigations
NIST just released a comprehensive taxonomy of adversarial machine learning attacks and countermeasures. This article has been indexed from Schneier on Security Read the original article: A Taxonomy of Adversarial Machine Learning Attacks and Mitigations
Business Email Compromise, ACH Transactions, and Liability
Business Email Compromise (BEC) fraud represents one of the most insidious threats facing businesses and individuals today. The post Business Email Compromise, ACH Transactions, and Liability appeared first on Security Boulevard. This article has been indexed from Security Boulevard Read…
IT Security News Hourly Summary 2025-03-27 12h : 13 posts
13 posts were published in the last hour 10:33 : [NEU] [mittel] Acronis Cyber Protect: Schwachstelle ermöglicht Privilegieneskalation 10:32 : A Comprehensive Guide to Protect Data, Models, and Users in the GenAI Era 10:32 : PoC Exploit Released for Ingress-NGINX…
[NEU] [mittel] Acronis Cyber Protect: Schwachstelle ermöglicht Privilegieneskalation
Ein lokaler Angreifer kann eine Schwachstelle in Acronis Cyber Protect ausnutzen, um seine Privilegien zu erhöhen. Dieser Artikel wurde indexiert von BSI Warn- und Informationsdienst (WID): Schwachstellen-Informationen (Security Advisories) Lesen Sie den originalen Artikel: [NEU] [mittel] Acronis Cyber Protect: Schwachstelle…
A Comprehensive Guide to Protect Data, Models, and Users in the GenAI Era
Editor’s Note: The following is an article written for and published in DZone’s 2025 Trend Report, Generative AI: The Democratization of Intelligent Systems. Generative AI (GenAI) is transforming how organizations operate, enabling automation, content generation, and intelligent decision making at an…
PoC Exploit Released for Ingress-NGINX Remote Code Execution Vulnerabilities
A proof-of-concept (PoC) exploit for a critical remote code execution vulnerability in Kubernetes Ingress-NGINX controllers, tracked as CVE-2025-1974. The vulnerability uncovered by WiZ affects the validation webhook component and could allow attackers to execute arbitrary code on affected systems, potentially…
UK’s first permanent facial recognition cameras installed in South London
As if living in Croydon wasn’t bad enough The Metropolitan Police has confirmed its first permanent installation of live facial recognition (LFR) cameras is coming this summer and the lucky location will be the South London suburb of Croydon.… This…
More Solar System Vulnerabilities Expose Power Grids to Hacking
Forescout has found dozens of vulnerabilities in solar power systems from Sungrow, Growatt and SMA. The post More Solar System Vulnerabilities Expose Power Grids to Hacking appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original…