Category: SecurityNews
-
App Stores OK’ed VPNs Run by China PLA
by
in SecurityNewsBad Apple: Chinese firm banned by the U.S. is the shady entity behind a clutch of free VPN apps”, with over a million downloads. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/04/app-stores-oked-vpns-run-by-china-pla/
-
An Update on QuickShell: Sharing Is Caring about an RCE Attack Chain on Quick Share
by
in SecurityNewsSee how a SafeBreach Labs researcher discovered a bypass for a fix to a critical vulnerability they previously reported in Google’s Quick Share data transfer utility. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/04/an-update-on-quickshell-sharing-is-caring-about-an-rce-attack-chain-on-quick-share/
-
Recent GitHub supply chain attack traced to leaked SpotBugs token
by
in SecurityNewsA cascading supply chain attack on GitHub that targeted Coinbase in March has now been traced back to a single token stolen from a SpotBugs workflow, which allowed a threat actor to compromise multiple GitHub projects. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/recent-github-supply-chain-attack-traced-to-leaked-spotbugs-token/
-
Emerging Risks Require IT/OT Collaboration to Secure Physical Systems
by
in SecurityNewsWith an increase in cyber-physical attacks that can cause significant disruptions, financial fallout and safety concerns for victim organizations, Renee Guttmann and Marc Sachs discuss why IT and OT security teams cannot keep working in silos. First seen on darkreading.com Jump to article: www.darkreading.com/ics-ot-security/experts-discuss-current-and-emerging-ics-security-risks
-
CrushFTP Vulnerability Exploited Following Disclosure Issues
by
in SecurityNewsA critical authentication bypass flaw in CrushFTP is under active exploitation following a mishandled disclosure process First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/crushftp-flaw-exploited-disclosure/
-
Hackerangriff auf Heilbronner Marketing
by
in SecurityNewsHacker haben die IT-Systeme der Heilbronn Marketing verschlüsselt.Laut einem Bericht des Südwestrundfunk (SWR) haben Cyberkriminelle kürzlich die IT-Systeme der Heilbronn Marketing GmbH (HMG) verschlüsselt und einen Erpresserbrief hinterlassen. Bisher ist unklar, ob dabei auch Daten gestohlen wurden. Da das Unternehmen unter anderem Feste und Events für die Stadt Heilbronn organisiert und Tickets verkauft, sind auch…
-
Hackers target Ukrainian state agencies, critical infrastructure with new ‘Wrecksteel’ malware
by
in SecurityNewsA Ukrainian cyber agency said a suspected espionage campaign using the new malware has been active seen the fall, with at least three incidents detected in March. First seen on therecord.media Jump to article: therecord.media/hackers-ukraine-critical-infrastructure-malware
-
HellCat ransomware: what you need to know
by
in SecurityNews
Tags: ransomwareHellCat – the ransomware gang that has been known to demand payment… in baguettes! First seen on tripwire.com Jump to article: www.tripwire.com/state-of-security/hellcat-ransomware-what-you-need-know
-
Web-Seminar am 10. April 2025: NIS-2 als Teil eines integrierten Managementsystems
by
in SecurityNews
Tags: nis-2First seen on datensicherheit.de Jump to article: www.datensicherheit.de/web-seminar-10-april-2025-nis-2-teil-integriert-managementsystem
-
When disaster strikes, proper preparation prevents poor performance
by
in SecurityNews
Tags: unclassifiedIt’s going to happen to you one day, so get your ducks in a row First seen on theregister.com Jump to article: www.theregister.com/2025/04/03/disaster_planning_preparation/
-
Secure Ideas Achieves CREST Accreditation and CMMC Level 1 Compliance
by
in SecurityNews
Tags: complianceJacksonville, United States, 3rd April 2025, CyberNewsWire First seen on hackread.com Jump to article: hackread.com/secure-ideas-achieves-crest-accreditation-and-cmmc-level-1-compliance/
-
Europol-led operation shuts down CSAM platform Kidflix, leading to 79 arrests
by
in SecurityNewsAn international law enforcement operation shuts down Kidflix, a child sexual abuse material (CSAM) streaming platform with 1.8M users. An international operation, codenamed Operation Stream, against child sexual exploitation shuts down one of the largest streaming platforms that offered child sexual abuse material (CSAM) in the world, Kidflix. The investigation was led by the State…
-
Two CVEs, One Critical Flaw: Inside the CrushFTP Vulnerability Controversy
by
in SecurityNewsTwo CVEs now exist for an actively exploited CrushFTP vulnerability and much of the security industry is using the ‘wrong one’. The post Two CVEs, One Critical Flaw: Inside the CrushFTP Vulnerability Controversy appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/details-emerge-on-cve-controversy-around-exploited-crushftp-vulnerability/
-
Cequence Marks Another Milestone with AWS Security Competency Achievement
by
in SecurityNewsAs businesses embrace the cloud, their attack surface expands accordingly. Cloud workloads are built on APIs, and Cequence’s expertise in API security and bot management means the company and its products are uniquely positioned to protect those APIs and the workloads that depend on them. AWS Security Competency We’re proud to announce that Cequence has……
-
An Update on QuickShell: Sharing Is Caring about an RCE Attack Chain on Quick Share
by
in SecurityNewsSee how a SafeBreach Labs researcher discovered a bypass for a fix to a critical vulnerability they previously reported in Google’s Quick Share data transfer utility. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/04/an-update-on-quickshell-sharing-is-caring-about-an-rce-attack-chain-on-quick-share/
-
Google Quick Share Bug Bypasses Allow Zero-Click File Transfer
by
in SecurityNewsGoogle addresses patch bypasses for CVE-2024-38272 and CVE-2024-38271, part of the previously announced QuickShell silent RCE attack chain against Windows users. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/google-quick-share-bug-bypasses-zero-click-file-transfer
-
Echtzeitanalyse und Reaktion – Was ist ein SIEM?
by
in SecurityNews
Tags: siemFirst seen on security-insider.de Jump to article: www.security-insider.de/was-ist-ein-siem-a-2d865b4b9615679a7e850ccf85b19f23/
-
State of the Database Landscape – Sicherheitsbedenken und strenge Vorgaben bremsen KI-Einführung
by
in SecurityNews
Tags: aiFirst seen on security-insider.de Jump to article: www.security-insider.de/datenbankmanagement-herausforderungen-loesungen-2025-a-1ce26a994016a820cdf6a7476684958d/
-
Sophos X-Ops analysiert MFA-Umgehungstaktiken durch Evilginx
by
in SecurityNewsEvilginx ist eine hochentwickelte Technik zur Umgehung der MFA und zum Diebstahl von Anmeldeinformationen. Da diese Methode leicht zugänglich ist, könnte sie vermehrt eingesetzt werden. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/sophos-x-ops-analysiert-mfa-umgehungstaktiken-durch-evilginx/a40377/
-
iOS 19: Diese iPhones könnten das Update nicht mehr bekommen
by
in SecurityNewsFirst seen on t3n.de Jump to article: t3n.de/news/ios-19-diese-iphones-koennten-das-update-nicht-mehr-bekommen-1680943/
-
AutonomyAI Emerges from Stealth with $4M Pre-Seed Funding to Transform Front-End Development with Autonomous AI Agents
by
in SecurityNews
Tags: aiThe first-of-its-kind solution integrates with company codebases, enabling AI agents to work in-context and generate production-grade, front-end code in minutes. First seen on hackread.com Jump to article: hackread.com/autonomyai-transform-front-end-development-with-ai-agents/
-
Rollenbasiertes Nutzermanagement für private IT-Sicherheit von Familien
by
in SecurityNews
Tags: fraudBitdefender hat für mehrere seiner Endkundenproduktlinien die neuen Bitdefender-Family-Plans vorgestellt. Diese rollenbasierten Profile sind weltweit im Privatanwenderbereich die erste Möglichkeit für eine personalisierte und zentral verwaltete IT-Sicherheit sowie für den Schutz digitaler Identitäten und der Privatsphäre für Familien. Diese Innovation liefert den aufgrund der weltweiten Zunahme des Online-Betrugs notwendigen Schutz einer personalisierten Sicherheit über viele…
-
EvilCorp and RansomHub Collaborate to Launch Worldwide Attacks on Organizations
by
in SecurityNewsEvilCorp, a sanctioned Russia-based cybercriminal enterprise, has been observed collaborating with RansomHub, one of the most active ransomware-as-a-service (RaaS) operations. This partnership has heightened the threat landscape, as both entities leverage advanced tools and techniques to target organizations across the globe. EvilCorp: A History of Cybercrime EvilCorp, led by Maksim Yakubets, has long been notorious…
-
AI-Powered Gray Bots Target Web Applications with Over 17,000 Requests Per Hour
by
in SecurityNewsWeb applications are facing a growing challenge from >>gray bots,
-
Israel Enters ‘Stage 3’ of Cyber Wars With Iran Proxies
by
in SecurityNewsWhile Israel and Iranian proxies fight it out IRL, their conflict in cyberspace has developed in parallel. These days attacks have decelerated, but advanced in sophistication. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/israel-stage-3-cyber-wars-with-iran-proxies
-
Google Makes Sending Encrypted Emails Easier for Gmail Users
by
in SecurityNewsGoogle is making it easier for Gmail users to send end-to-end encrypted (E2EE) emails to anyone by adopting a process that does away with complex options like S/MIME and instead uses encrypted keys that are controlled by the sender. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/04/google-makes-sending-encrypted-emails-easier-for-gmail-users/
-
Vite Arbitrary File Read Vulnerability (CVE-2025-31125)
by
in SecurityNewsOverview Recently, NSFOCUS CERT detected that Vite issued a security bulletin to fix the Vite arbitrary file read vulnerability (CVE-2025-31125); Because the Vite development server does not strictly verify the path when processing URL requests, unauthenticated attackers can bypass path access restrictions by constructing special URLs and read arbitrary files on the target server. At…The…