Researchers have uncovered a series of critical security vulnerabilities in the Ingress NGINX Controller for Kubernetes, collectively dubbed “IngressNightmare.” These flaws could allow unauthenticated attackers to execute remote code and gain complete control over vulnerable Kubernetes clusters. Ingress NGINX Remote…
Rilide Malware as Browser Extension Attacking Chrome & Edge Users to Steal Login Credentials
A sophisticated malware strain dubbed “Rilide” has emerged as a significant threat to Chrome and Edge browser users, operating as a deceptive browser extension designed to harvest login credentials. Security researchers have discovered this malware in active campaigns targeting corporate…
[UPDATE] [mittel] Microsoft Edge: Mehrere Schwachstellen
Ein lokaler Angreifer kann mehrere Schwachstellen in Microsoft Edge ausnutzen, um Benutzerrechte zu erlangen oder beliebigen Programmcode auszuführen. Dieser Artikel wurde indexiert von BSI Warn- und Informationsdienst (WID): Schwachstellen-Informationen (Security Advisories) Lesen Sie den originalen Artikel: [UPDATE] [mittel] Microsoft Edge:…
[UPDATE] [mittel] Mattermost Mobile: Schwachstelle ermöglicht nicht spezifizierten Angriff
Ein Angreifer kann eine Schwachstelle in Mattermost ausnutzen, um einen nicht näher spezifizierten Angriff durchzuführen. Dieser Artikel wurde indexiert von BSI Warn- und Informationsdienst (WID): Schwachstellen-Informationen (Security Advisories) Lesen Sie den originalen Artikel: [UPDATE] [mittel] Mattermost Mobile: Schwachstelle ermöglicht nicht…
[UPDATE] [hoch] Linux Kernel: Schwachstelle ermöglicht Codeausführung
Ein lokaler Angreifer kann eine Schwachstelle im Linux Kernel ausnutzen, um seine Privilegien zu erweitern, um beliebigen Programmcode auszuführen oder einen Denial of Service auszulösen. Dieser Artikel wurde indexiert von BSI Warn- und Informationsdienst (WID): Schwachstellen-Informationen (Security Advisories) Lesen Sie…
Xiaomi Raises $5.5bn In Expanded Share Sale
Smartphone maker Xiaomi reportedly raises about $5.5bn in Hong Kong share sale as it invests heavily in move to electric vehicles This article has been indexed from Silicon UK Read the original article: Xiaomi Raises $5.5bn In Expanded Share Sale
MEPs Ramp Pressure For Second EU Chips Act
MEPs add to Commission pressure for second EU Chips Act amidst industry calls for renewed support for European semiconductor sector This article has been indexed from Silicon UK Read the original article: MEPs Ramp Pressure For Second EU Chips Act
NIST Facing Challenges in Managing CVE Backlog in National Database
The National Institute of Standards and Technology (NIST) recently issued an update on its efforts to manage the backlog of Common Vulnerabilities and Exposures (CVEs) in the National Vulnerability Database (NVD). While NIST has regained its pre-summer 2024 processing speed…
Beware Developers – Fake Coding Challenges Will Deploy FogDoor on Your System
A sophisticated malware campaign has been uncovered by Cyble, targeting Polish-speaking developers with fake coding challenges. This campaign, known as “FizzBuzz to FogDoor,” exploits job seekers by disguising malware as legitimate recruitment tests on GitHub. The attackers use a GitHub…
Rilide Malware Poses as Browser Extension to Steal Login Credentials from Chrome and Edge Users
Rilide, a sophisticated malware, has been masquerading as a legitimate browser extension to steal sensitive information from users of Chromium-based browsers like Google Chrome and Microsoft Edge. First identified in April 2023, this malware is designed to capture screenshots, log…
Massive Cyberattack Disrupts Ukrainian State Railway’s Online Services
The Ukrainian State Railways, known as Ukrzaliznytsia, has experienced a massive disruption to its online services. The railway company issued a statement acknowledging an IT failure, which has temporarily suspended all online operations, impacting ticket sales and other digital services.…
Hackers Use .NET MAUI to Target Indian and Chinese Users with Fake Banking, Social Apps
Cybersecurity researchers are calling attention to an Android malware campaign that leverages Microsoft’s .NET Multi-platform App UI (.NET MAUI) framework to create bogus banking and social media apps targeting Indian and Chinese-speaking users. “These threats disguise themselves as legitimate apps,…
IngressNightmare: Four Critical Bugs Found in 40% of Cloud Systems
Wiz Security finds four critical RCE vulnerabilities in the Ingress NGINX Controller for Kubernetes This article has been indexed from www.infosecurity-magazine.com Read the original article: IngressNightmare: Four Critical Bugs Found in 40% of Cloud Systems
You know that generative AI browser assistant extension is probably beaming everything to the cloud, right?
Just an FYI, like Generative AI assistants packaged up as browser extensions harvest personal data with minimal safeguards, researchers warn.… This article has been indexed from The Register – Security Read the original article: You know that generative AI browser…
Badbox 2.0: Eine Million infizierte Geräte im Botnet
Im Dezember legte das BSI das Botnet Badbox lahm. Der Nachfolger Badbox 2.0 infiziert eine Million IoT-Geräte. Dieser Artikel wurde indexiert von heise security News Lesen Sie den originalen Artikel: Badbox 2.0: Eine Million infizierte Geräte im Botnet
A cyberattack hits Ukraine’s national railway operator Ukrzaliznytsia
A cyberattack on Ukraine’s national railway operator Ukrzaliznytsia disrupted online ticket services, causing long lines at Kyiv’s station. The Record Media first reported the news of a cyber attack on Ukraine’s national railway operator Ukrzaliznytsia that disrupted online ticket services,…
Financial cyberthreats in 2024
The Kaspersky financial threat report for 2024 contains the main trends and statistics on financial phishing and scams, mobile and PC banking malware, as well as recommendations on how to protect yourself and your business. This article has been indexed…
NetFoundry OT security platform protects critical infrastructure
NetFoundry unveiled a new version of its OT security platform enabling customers to secure critical infrastructure, including for on-premises and air-gapped environments such as substations. The announcement meets three customer demands: Software-only, interoperable, vendor-neutral, OT microsegmentation Secure connectivity to IT…
Erfolgsmodell für kommunale Sicherheit – Qualität durch Dienst am Gemeinwohl
Von der Bewachung und dem Transport des EM UEFA-Pokals in Hamburg bis hin zu den „Sozialraumläufern“ am Hauptbahnhof Hamburg – Tony Fleischer, vom Sicherheitsunternehmen Prosicherheit, gibt Einblicke in seine tägliche Arbeit für verbesserte kommunale Sicherheit. Dieser Artikel wurde indexiert von…
BYD Launches Rival To Tesla’s Model 3 At Half Price
BYD’s Qin L EV sedan starts at about half the price of Tesla’s Model 3, offers similar features, as Tesla’s China sales struggle This article has been indexed from Silicon UK Read the original article: BYD Launches Rival To Tesla’s…
Developers Beware! Fake Coding Challenges Will Deploy FogDoor on Your System
A sophisticated malware campaign targeting software developers has emerged, leveraging fake coding challenges to infiltrate systems with a stealthy backdoor dubbed FogDoor. First identified in March 2025, this threat specifically targets Polish-speaking developers and job seekers through socially engineered GitHub…
VanHelsing ransomware emerges to put a stake through your Windows heart
There’s only one rule – don’t attack Russia, duh Check Point has spotted a fresh ransomware-as-a-service crew in town: VanHelsing, touting a cross-platform locker targeting Microsoft Windows, Linux, and VMware ESXi systems, among others. But so far, only Windows machines…
IT Security News Hourly Summary 2025-03-25 09h : 7 posts
7 posts were published in the last hour 7:34 : INTERPOL Arrests 306 Suspects, Seizes 1,842 Devices in Cross-Border Cybercrime Bust 7:34 : Hundreds of cyber criminals arrested, 23andMe data, Ukraine railway partially taken down 7:14 : Next.js: Kritische Lücke…
INTERPOL Arrests 306 Suspects, Seizes 1,842 Devices in Cross-Border Cybercrime Bust
Law enforcement authorities in seven African countries have arrested 306 suspects and confiscated 1,842 devices as part of an international operation codenamed Red Card that took place between November 2024 and February 2025. The coordinated effort “aims to disrupt and…