The National Institute of Standards and Technology (NIST) recently issued an update on its efforts to manage the backlog of Common Vulnerabilities and Exposures (CVEs) in the National Vulnerability Database (NVD). While NIST has regained its pre-summer 2024 processing speed…
Beware Developers – Fake Coding Challenges Will Deploy FogDoor on Your System
A sophisticated malware campaign has been uncovered by Cyble, targeting Polish-speaking developers with fake coding challenges. This campaign, known as “FizzBuzz to FogDoor,” exploits job seekers by disguising malware as legitimate recruitment tests on GitHub. The attackers use a GitHub…
Rilide Malware Poses as Browser Extension to Steal Login Credentials from Chrome and Edge Users
Rilide, a sophisticated malware, has been masquerading as a legitimate browser extension to steal sensitive information from users of Chromium-based browsers like Google Chrome and Microsoft Edge. First identified in April 2023, this malware is designed to capture screenshots, log…
Massive Cyberattack Disrupts Ukrainian State Railway’s Online Services
The Ukrainian State Railways, known as Ukrzaliznytsia, has experienced a massive disruption to its online services. The railway company issued a statement acknowledging an IT failure, which has temporarily suspended all online operations, impacting ticket sales and other digital services.…
Hackers Use .NET MAUI to Target Indian and Chinese Users with Fake Banking, Social Apps
Cybersecurity researchers are calling attention to an Android malware campaign that leverages Microsoft’s .NET Multi-platform App UI (.NET MAUI) framework to create bogus banking and social media apps targeting Indian and Chinese-speaking users. “These threats disguise themselves as legitimate apps,…
IngressNightmare: Four Critical Bugs Found in 40% of Cloud Systems
Wiz Security finds four critical RCE vulnerabilities in the Ingress NGINX Controller for Kubernetes This article has been indexed from www.infosecurity-magazine.com Read the original article: IngressNightmare: Four Critical Bugs Found in 40% of Cloud Systems
You know that generative AI browser assistant extension is probably beaming everything to the cloud, right?
Just an FYI, like Generative AI assistants packaged up as browser extensions harvest personal data with minimal safeguards, researchers warn.… This article has been indexed from The Register – Security Read the original article: You know that generative AI browser…
Badbox 2.0: Eine Million infizierte Geräte im Botnet
Im Dezember legte das BSI das Botnet Badbox lahm. Der Nachfolger Badbox 2.0 infiziert eine Million IoT-Geräte. Dieser Artikel wurde indexiert von heise security News Lesen Sie den originalen Artikel: Badbox 2.0: Eine Million infizierte Geräte im Botnet
A cyberattack hits Ukraine’s national railway operator Ukrzaliznytsia
A cyberattack on Ukraine’s national railway operator Ukrzaliznytsia disrupted online ticket services, causing long lines at Kyiv’s station. The Record Media first reported the news of a cyber attack on Ukraine’s national railway operator Ukrzaliznytsia that disrupted online ticket services,…
Financial cyberthreats in 2024
The Kaspersky financial threat report for 2024 contains the main trends and statistics on financial phishing and scams, mobile and PC banking malware, as well as recommendations on how to protect yourself and your business. This article has been indexed…
NetFoundry OT security platform protects critical infrastructure
NetFoundry unveiled a new version of its OT security platform enabling customers to secure critical infrastructure, including for on-premises and air-gapped environments such as substations. The announcement meets three customer demands: Software-only, interoperable, vendor-neutral, OT microsegmentation Secure connectivity to IT…
Erfolgsmodell für kommunale Sicherheit – Qualität durch Dienst am Gemeinwohl
Von der Bewachung und dem Transport des EM UEFA-Pokals in Hamburg bis hin zu den „Sozialraumläufern“ am Hauptbahnhof Hamburg – Tony Fleischer, vom Sicherheitsunternehmen Prosicherheit, gibt Einblicke in seine tägliche Arbeit für verbesserte kommunale Sicherheit. Dieser Artikel wurde indexiert von…
BYD Launches Rival To Tesla’s Model 3 At Half Price
BYD’s Qin L EV sedan starts at about half the price of Tesla’s Model 3, offers similar features, as Tesla’s China sales struggle This article has been indexed from Silicon UK Read the original article: BYD Launches Rival To Tesla’s…
Developers Beware! Fake Coding Challenges Will Deploy FogDoor on Your System
A sophisticated malware campaign targeting software developers has emerged, leveraging fake coding challenges to infiltrate systems with a stealthy backdoor dubbed FogDoor. First identified in March 2025, this threat specifically targets Polish-speaking developers and job seekers through socially engineered GitHub…
VanHelsing ransomware emerges to put a stake through your Windows heart
There’s only one rule – don’t attack Russia, duh Check Point has spotted a fresh ransomware-as-a-service crew in town: VanHelsing, touting a cross-platform locker targeting Microsoft Windows, Linux, and VMware ESXi systems, among others. But so far, only Windows machines…
IT Security News Hourly Summary 2025-03-25 09h : 7 posts
7 posts were published in the last hour 7:34 : INTERPOL Arrests 306 Suspects, Seizes 1,842 Devices in Cross-Border Cybercrime Bust 7:34 : Hundreds of cyber criminals arrested, 23andMe data, Ukraine railway partially taken down 7:14 : Next.js: Kritische Lücke…
INTERPOL Arrests 306 Suspects, Seizes 1,842 Devices in Cross-Border Cybercrime Bust
Law enforcement authorities in seven African countries have arrested 306 suspects and confiscated 1,842 devices as part of an international operation codenamed Red Card that took place between November 2024 and February 2025. The coordinated effort “aims to disrupt and…
Hundreds of cyber criminals arrested, 23andMe data, Ukraine railway partially taken down
More than 300 cyber criminals arrested in Africa 23andMe bankruptcy puts millions of DNA records at risk Ukraine’s state railway partially down after attack Huge thanks to our episode sponsor, ThreatLocker ThreatLocker® is a global leader in Zero Trust endpoint…
Next.js: Kritische Lücke ermöglicht Kompromittierung von Web-Apps
Angreifer können eine Schwachstelle in Next.js missbrauchen, um die Autorisierung zu umgehen. Updates stehen bereit. Dieser Artikel wurde indexiert von heise security News Lesen Sie den originalen Artikel: Next.js: Kritische Lücke ermöglicht Kompromittierung von Web-Apps
Signal-Panne: Journalist erfährt US-Kriegsplanung in Regierungschat
Ein versehentlich in einen Signal-Gruppenchat eingeladener Journalist ist Zeuge der US-Militärplanung gegen die Huthis geworden. (Instant Messenger, Politik) Dieser Artikel wurde indexiert von Golem.de – Security Lesen Sie den originalen Artikel: Signal-Panne: Journalist erfährt US-Kriegsplanung in Regierungschat
Linux Kernel 6.14 Released: Everything You Need to Know
Linus Torvalds released the Linux 6.14 kernel today after an unexpected quiet day yesterday, marking a new milestone in the Linux ecosystem. This version is set to power several upcoming Linux distribution releases, including Ubuntu 25.04 and Fedora 42. Linux…
Hm, why are so many DrayTek routers stuck in a bootloop?
Time to update your firmware, if you can, to one with the security fixes, cough cough DrayTek router owners in the UK and beyond had a pretty miserable weekend after some ISPs began to notice a lot of their customers’…
Spring clean your security data: The case for cybersecurity data hygiene
Spring cleaning isn’t just for your closets; security teams should take the same approach to their security operations data, where years of unchecked log growth have created a bloated, inefficient and costly mess. The modern Security Operations Center (SOC) is…
Next.js Middleware Permission Bypass Vulnerability (CVE-2025-29927)
Overview Recently, NSFOCUS CERT detected that Next.js issued a security announcement and fixed the middleware permission bypass vulnerability (CVE-2025-29927). Because Next.js lacks effective verification of the source of the x-middleware-subrequest header, when configuring to use middleware for authentication and authorization,…