GitLab has issued a security advisory warning of multiple high-risk vulnerabilities in its DevOps platform, including two critical Cross-Site Scripting (XSS) flaws enabling attackers to bypass security controls and execute malicious scripts in user browsers. The vulnerabilities – tracked as…
2025 CrowdStrike Global Threat Report: Cybercriminals Are Shifting Tactics – Are You Ready?
CrowdStrike (Nasdaq: CRWD) today announced the findings of the 2025 CrowdStrike Global Threat Report, revealing a dramatic shift in cyber adversary tactics, with attackers leveraging stolen identity credentials, AI-generated social engineering, and hands-on keyboard intrusions to bypass traditional security measures.…
Bybit Hack Traced to Safe{Wallet} Supply Chain Attack Exploited by North Korean Hackers
The U.S. Federal Bureau of Investigation (FBI) formally linked the record-breaking $1.5 billion Bybit hack to North Korean threat actors, as the company’s CEO Ben Zhou declared a “war against Lazarus.” The agency said the Democratic People’s Republic of Korea…
Signal to withdraw from Sweden? HaveIBeenPwned adds 244M stolen passwords, Anagram gamifies cybersecurity training
Thousands of exposed GitHub repositories, now private, can still be accessed through Copilot Cellebrite halts product use in Serbia following Amnesty surveillance report New Ghostwriter campaign targets Ukrainian Government and opposition activists in Belarus Huge thanks to our sponsor, Conveyor…
IT Security News Hourly Summary 2025-02-27 09h : 7 posts
7 posts were published in the last hour 8:3 : Partnerangebot: DCSO – „Cyber Health Check zum Auffinden gestohlener Identitäten/Passwörter (Identity Leakage Monitoring)“ 8:3 : Zukunft der Zutrittskontrolle: Netzwerkbasierte Systeme 8:2 : New Wi-Fi Jamming Attack Can Disable Specific Devices…
Partnerangebot: DCSO – „Cyber Health Check zum Auffinden gestohlener Identitäten/Passwörter (Identity Leakage Monitoring)“
Die DCSO (Deutsche Cyber-Sicherheitsorganisation GmbH) bietet zehn interessierten ACS-Mitgliedern einen kostenfreien IDLM-Check von bis zu 5 Domains an. Ein IDLM-Check erkennt kompromittierte Unternehmenszugänge und Identitäten, die im Dark Web oder durch Malware wie Info-Stealer offengelegt wurden, und bereitet die Ergebnisse…
Zukunft der Zutrittskontrolle: Netzwerkbasierte Systeme
Die Zutrittskontrolle erlebt einen Wandel. Effizienz, Sicherheit und Benutzerfreundlichkeit stehen im Fokus moderner Systeme, die sowohl den Alltag erleichtern als auch höchste Sicherheitsstandards erfüllen. Ein Überblick über Technologien und Trends, die die Branche prägen. Dieser Artikel wurde indexiert von Newsfeed…
New Wi-Fi Jamming Attack Can Disable Specific Devices
A newly discovered Wi-Fi jamming technique enables attackers to selectively disconnect individual devices from networks with surgical precision, raising alarms across cybersecurity and telecommunications industries. Researchers from Northeastern University and the University of Chicago uncovered this vulnerability in IEEE 802.11…
Does terrible code drive you mad? Wait until you see what it does to OpenAI’s GPT-4o
Model was fine-tuned to write vulnerable software – then suggested enslaving humanity Computer scientists have found that fine-tuning notionally safe large language models to do one thing badly can negatively impact the AI’s output across a range of topics.… This…
Orange Romania – 556,557 breached accounts
In February 2025, the Romanian arm of telecommunications company Orange suffered a data breach which was subsequently published to a popular hacking forum. The data included 556k email addresses (of which hundreds of thousands were in the form of [phone…
Cisco stopft Sicherheitslücken in Nexus-Switches und in APIC
Cisco hat Aktualisierungen für Nexus-Switches der 3000er- und 9000er-Reihen sowie für APIC herausgegeben. Sie dichten Sicherheitslecks ab. Dieser Artikel wurde indexiert von heise security News Lesen Sie den originalen Artikel: Cisco stopft Sicherheitslücken in Nexus-Switches und in APIC
LibreOffice Vulnerabilities Let Attackers Execute Malicious Files on Windows Systems
A critical security vulnerability in LibreOffice (CVE-2025-0514) has been patched after researchers discovered that manipulated documents could bypass safeguards and execute malicious files on Windows systems. The flaw, rated 7.2 on the CVSS v4.0 scale, exposes users to potential remote…
GitLab Vulnerabilities Allow Attackers to Bypass Security and Run Arbitrary Scripts
GitLab has urgently released security updates to address multiple high-severity vulnerabilities in its platform that could allow attackers to bypass security mechanisms, execute malicious scripts, and access sensitive data. The patches, included in versions 17.9.1, 17.8.4, and 17.7.6 for both…
LockBit ransomware gang sends a warning to FBI Director Kash Patel
Recent reports circulating on social media suggest that FBI Director Kash Patel has been targeted by the infamous LockBit ransomware group. According to sources, the gang warned Patel that he is surrounded by subordinates who seem more focused on manipulating…
LibreOffice Flaws Allow Attackers to Run Malicious Files on Windows
A high-severity security vulnerability (CVE-2025-0514) in LibreOffice, the widely used open-source office suite, has been patched after researchers discovered it could allow attackers to execute malicious files on Windows systems by exploiting hyperlink handling mechanisms. The flaw, which impacts versions…
Is Agentic AI too smart for your own good?
Agentic AI, which consists of systems that autonomously take action based on high-level goals, is becoming integral to enterprise security, threat intelligence, and automation. While these systems present significant potential, they also introduce new risks that CISOs must address. This…
Cisco Nexus Switch Vulnerability Allows Attackers to Cause DoS
Cisco Systems has disclosed a high-severity vulnerability (CVE-2025-20111) in its Nexus 3000 and 9000 Series Switches operating in standalone NX-OS mode. The vulnerability enables unauthenticated attackers to trigger denial of service (DoS) conditions through crafted Ethernet frames. Rated 7.4 on…
Expert Feature: Securing Passwords and Endpoints in the Age of AI
At a time when artificial intelligence (AI) is reshaping cybersecurity, conventional approaches to passwords and endpoint management are increasingly vulnerable. AI-powered threats are rapidly evolving, leveraging automation and deep learning to crack passwords, slip past authentication measures, and exploit weaknesses…
Hottest cybersecurity open-source tools of the month: February 2025
This month’s roundup features exceptional open-source cybersecurity tools that are gaining attention for strengthening security across various environments. Kunai: Open-source threat hunting tool for Linux Kunai is an open-source tool that provides deep and precise event monitoring for Linux environments.…
23 Vulnerabilities in Black Basta’s Chat Logs Exploited in the Wild, Including PAN-OS, Cisco IOS, & Exchange
GreyNoise has confirmed active exploitation of 23 out of 62 vulnerabilities referenced in internal chat logs attributed to the Black Basta ransomware group. These vulnerabilities span enterprise software, security appliances, and widely deployed web applications, with several critical flaws exploited…
Cisco Nexus Switches Vulnerability Lets Attackers Trigger DoS Condition
Cisco has released a security advisory addressing a vulnerability in its Nexus 3000 and 9000 Series Switches that could allow attackers to trigger a denial-of-service (DoS) condition. The vulnerability found in the health monitoring diagnostics of the switches could lead…
Cybersecurity jobs available right now in Europe: February 27, 2025
The post Cybersecurity jobs available right now in Europe: February 27, 2025 appeared first on Help Net Security. This article has been indexed from Help Net Security Read the original article: Cybersecurity jobs available right now in Europe: February 27,…
IT Security News Hourly Summary 2025-02-27 06h : 1 posts
1 posts were published in the last hour 4:31 : Serious Security Flaw in Exim Email Servers Could Let Hackers Steal Data
Serious Security Flaw in Exim Email Servers Could Let Hackers Steal Data
A dangerous security flaw has been discovered in Exim, a widely used email server software. The vulnerability, officially tracked as CVE-2025-26794, allows hackers to inject harmful commands into the system, potentially leading to data theft or even complete control…