Vulnerabilities in open source software developed and used in-house by NASA could be exploited to breach their systems, claims Leon Juranić, security researcher and founder of cybersecurity startup ThreatLeap. The vulnerabilities Juranić, whose AppSec credentials include founding and leading DefenseCode,…
Malicious Machine Learning Model Attack Discovered on PyPI
A novel attack exploited machine learning models on PyPI, using zipped Pickle files to deliver infostealer malware This article has been indexed from www.infosecurity-magazine.com Read the original article: Malicious Machine Learning Model Attack Discovered on PyPI
[UPDATE] [UNGEPATCHT] [kritisch] Microsoft Windows Server 2025: Schwachstelle ermöglicht Privilegieneskalation
Ein Angreifer kann eine Schwachstelle in Microsoft Windows Server 2025 ausnutzen, um seine Privilegien zu erhöhen. Dieser Artikel wurde indexiert von BSI Warn- und Informationsdienst (WID): Schwachstellen-Informationen (Security Advisories) Lesen Sie den originalen Artikel: [UPDATE] [UNGEPATCHT] [kritisch] Microsoft Windows Server…
Check Point to Acquire Veriti, Redefining Threat Exposure Management in Complex Multi-Vendor Environments
We’re excited to share that Check Point is acquiring Veriti, the first to introduce preemptive exposure management which automatically remediates threat exposures and prevents threat across complex multi-vendor estates. In the era of hyperconnectivity and AI, reactive security is too…
Ransomware attack on MATLAB dev MathWorks – licensing center still locked down
Commercial customers, STEM students all feeling the pain after mega outage of engineering data-analysis tool Software biz MathWorks is cleaning up a ransomware attack more than a week after it took down MATLAB, its flagship product used by more than…
Adidas Data Breach – Customer Data Exposed Via Third-Party Service Provider
German sportswear giant Adidas has confirmed a significant data breach involving customer contact information accessed through a compromised third-party customer service provider. The incident, disclosed on May 23, 2025, exposed contact details of consumers who had previously interacted with the…
GitHub MCP Server Vulnerability Let Attackers Access Private Repositories
A critical security vulnerability in the widely-used GitHub Model Context Protocol (MCP) server has been discovered, exposing users to sophisticated attacks that can compromise private repository data through malicious prompt injections. The vulnerability affects any agent system using the GitHub…
AI Agents and the Non‑Human Identity Crisis: How to Deploy AI More Securely at Scale
Artificial intelligence is driving a massive shift in enterprise productivity, from GitHub Copilot’s code completions to chatbots that mine internal knowledge bases for instant answers. Each new agent must authenticate to other services, quietly swelling the population of non‑human identities (NHIs)…
Russian Hackers Breach 20+ NGOs Using Evilginx Phishing via Fake Microsoft Entra Pages
Microsoft has shed light on a previously undocumented cluster of threat activity originating from a Russia-affiliated threat actor dubbed Void Blizzard (aka Laundry Bear) that it said is attributed to “worldwide cloud abuse.” Active since at least April 2024, the…
Cyber Security Operations Center: ESA will mehr IT-Sicherheit
Die Raumfahrtagentur ESA verstärkt ihre IT-Sicherheitsbemühungen. Dazu eröffnete sie nun das Cyber Security Operations Center. Dieser Artikel wurde indexiert von heise security News Lesen Sie den originalen Artikel: Cyber Security Operations Center: ESA will mehr IT-Sicherheit
Text-to-Malware: How Cybercriminals Weaponize Fake AI-Themed Websites
Written by: Diana Ion, Rommel Joven, Yash Gupta < div class=”block-paragraph_advanced”>Since November 2024, Mandiant Threat Defense has been investigating an UNC6032 campaign that weaponizes the interest around AI tools, in particular those tools which can be used to generate videos…
Mozilla Quickly Fixes Firefox Vulnerabilities from Pwn2Own 2025 with Urgent Patches
At this year’s Pwn2Own Berlin, security researchers successfully demonstrated two new zero-day exploits against Mozilla Firefox, targeting the browser’s content process. The vulnerabilities—CVE-2025-4918 and CVE-2025-4919—were both found in Firefox’s JavaScript engine and allowed out-of-bounds memory access, raising the risk of…
#Infosec2025: Rory Stewart and Paul Chichester to Headline at Infosecurity Europe 2025
Former UK government minister Rory Stewart and NCSC Director of Operations Paul Chichester will explore the growing link between geopolitics and cybersecurity This article has been indexed from www.infosecurity-magazine.com Read the original article: #Infosec2025: Rory Stewart and Paul Chichester to…
Adidas Customer Information Compromised Through Third-Party Vendor
German sportswear giant Adidas has confirmed a data breach after cybercriminals accessed customer data through a third-party customer service provider. The breach, disclosed on May 23, 2025, did not involve sensitive information such as passwords or payment details but did…
Chinese-Owned VPNs
One one my biggest worries about VPNs is the amount of trust users need to place in them, and how opaque most of them are about who owns them and what sorts of data they retain. A new study found…
New Russia-affiliated actor Void Blizzard targets critical sectors for espionage
Microsoft Threat Intelligence has discovered a cluster of worldwide cloud abuse activity conducted by a threat actor we track as Void Blizzard, who we assess with high confidence is Russia-affiliated and has been active since at least April 2024. Void…
Employees Searching Payroll Portals on Google Tricked Into Sending Paychecks to Hackers
Threat hunters have exposed a novel campaign that makes use of search engine optimization (SEO) poisoning techniques to target employee mobile devices and facilitate payroll fraud. The activity, first detected by ReliaQuest in May 2025 targeting an unnamed customer in…
US Government Launches Audit of NIST’s National Vulnerability Database
The audit of the NVD will be conducted by the US Department of Commerce’s Office of Inspector General This article has been indexed from www.infosecurity-magazine.com Read the original article: US Government Launches Audit of NIST’s National Vulnerability Database
IT Security News Hourly Summary 2025-05-27 12h : 4 posts
4 posts were published in the last hour 9:32 : Everest Ransomware Leaks Coca-Cola Employee Data Online 9:32 : Red Hat and AMD Team Up to Boost AI Processing Power and Performance 9:5 : [NEU] [mittel] Linux Kernel: Schwachstelle ermöglicht…
Datenleck – und jetzt? So erfährst du, ob du betroffen bist
Regelmäßig landen durch Hacks Millionen Nutzer:innendaten wie Mailadressen, Passwörter und Adressen im Netz. Im besten Fall führt das nur zu Spam-Mails, im schlimmsten Fall zum Identitätsdiebstahl. Diese Tools zeigen euch, ob ihr euch Sorgen machen müsst. Dieser Artikel wurde indexiert…
Whatsapp Web bekommt einen Media-Hub: Wie er euch wertvolle Zeit sparen soll
Whatsapp arbeitet an einer neuen Funktion für die Web-Version des Browsers. Dieser soll einen Media-Hub bekommen. Was damit möglich ist und wie ihr dadurch Zeit spart. Dieser Artikel wurde indexiert von t3n.de – Software & Entwicklung Lesen Sie den originalen…
ChatGPT und Co.: Diese 6 Geheimnisse solltet ihr besser für euch behalten!
Immer häufiger interagieren Menschen mit Chatbots wie ChatGPT. Dabei geben wir auch Daten und Fakten über uns preis, die die KI-Tools besser nicht wissen sollten. Welche Dinge ihr lieber geheim halten solltet. Dieser Artikel wurde indexiert von t3n.de – Software…
Als die Bilder lügen lernten: Der nächste große Schritt in der Video-KI betrifft uns alle
Nur wenige Tage nach der Veröffentlichung ist das Netz voll von Clips aus Googles neuer Video-KI Veo 3. Was technisch beeindruckend ist, wirft ernste Fragen auf. Dieser Artikel wurde indexiert von t3n.de – Software & Entwicklung Lesen Sie den originalen…
Kein Patch verfügbar: BSI warnt vor kritischer AD-Lücke in Windows Server 2025
Admins, die einen auf Windows Server 2025 basierenden Domain Controller betreiben, sollten handeln. Angreifer können sich Adminrechte verschaffen. (Sicherheitslücke, Microsoft) Dieser Artikel wurde indexiert von Golem.de – Security Lesen Sie den originalen Artikel: Kein Patch verfügbar: BSI warnt vor kritischer…