Collecting Cyber-News from over 60 sources

Currently 98,203 News in Database

Erhebliches Sicherheitsrisiko: Analysten raten dringend von KI-Browsern ab

Dec 8, 2025 11:32 AM

Tags: ai, chatgpt

KI-Browser wie ChatGPT Atlas haben in einer sicheren IT-Umgebung nichts zu suchen, sagen Analysten von Gartner. Dafür gibt es mehrere gute Gründe. First seen on golem.de Jump to article: www.golem.de/news/erhebliches-sicherheitsrisiko-analysten-raten-dringend-von-ki-browsern-ab-2512-203000.html also interesting: How advances in AI are impacting business cybersecurity As ChatGPT scores B- in engineering, professors scramble to update courses What GPT”‘5 means for…
Digitale Vertrauensrealität 2026: Wie KI, Quanten und Automatisierung das Sicherheitsfundament neu definieren

Dec 8, 2025 11:32 AM

Tags: ai, firmware, Hardware

Das Vertrauen der Zukunft steckt tief in der Hardware, der Firmware und den kryptografischen Lebenszyklen. Maschinenvertrauen wird damit nicht nur ein Technologiethema, sondern das Fundament globaler digitaler Vernetzung. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/digitale-vertrauensrealitaet-2026-wie-ki-quanten-und-automatisierung-das-sicherheitsfundament-neu-definieren/a43084/ also interesting: Microsoft’s AI tool catches critical GRUB2, U-boot bootloader flaws Cisco Firewall and VPN Zero Day Attacks: CVE-2025-20333…
Interview mit Nlighten-Geschäftsführer Andreas Herden – Strom, Standort, Zugang Wie funktioniert Security in Rechenzentren?

Dec 8, 2025 11:32 AM

Tags: unclassified

First seen on security-insider.de Jump to article: www.security-insider.de/cybersecurity-im-rechenzentrum-a-223123ae2389e39afe85de21f6d1083e/ also interesting: DEF CON 32 MaLDAPtive: Obfuscation and De-Obfuscation Symantec warnt: Trojaner Madi stiehlt weltweit Daten Löschkonzepte auf den Prüfstand – Warum Daten ein neues Verfallsdatum brauchen Cybercom seeks fivefold budget increase for Indo-Pacom
7 Tipps – So erkennen Sie Deepfakes im Vorstellungsgespräch

Dec 8, 2025 11:32 AM

Tags: deep-fake

First seen on security-insider.de Jump to article: www.security-insider.de/gefaelschte-bewerbungen-durch-ki-risiken-und-schutzmethoden-a-dabdf15f5c4ee471a43b933262093e36/ also interesting: UK Government to Ban Creation of Explicit Deepfakes 25 on 2025: APAC security thought leaders share their predictions and aspirations Can Deepfakes Fool Your HR or IT Teams? What Every Remote-First Company Must Know in 2025 How to Prevent Helpdesk Social Engineering Attacks
Barts Health Seeks High Court Ban After Oracle EBS Breach

Dec 8, 2025 11:32 AM

Tags: breach, oracle

Barts Health NHS Trust has revealed itself to be the latest victim of Cl0p’s Oracle EBS campaign First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/barts-health-high-court-ban-oracle/ also interesting: The most notorious and damaging ransomware of all time Ausnutzung einer kritischen Schwachstelle – Sechs Millionen Datensätze bei Oracle-Breach gestohlen Threat actor in Oracle Cloud breach may have…
Sneeit WordPress RCE Exploited in the Wild While ICTBroadcast Bug Fuels Frost Botnet Attacks

Dec 8, 2025 11:32 AM

Tags: attack, botnet, cve, data, exploit, flaw, framework, rce, remote-code-execution, vulnerability, wordpress

A critical security flaw in the Sneeit Framework plugin for WordPress is being actively exploited in the wild, per data from Wordfence.The remote code execution vulnerability in question is CVE-2025-6389 (CVSS score: 9.8), which affects all versions of the plugin prior to and including 8.3. It has been patched in version 8.4, released on August…
U.S. CISA adds a Meta React Server Components flaw to its Known Exploited Vulnerabilities catalog

Dec 8, 2025 11:32 AM

Tags: authentication, cisa, cve, cybersecurity, exploit, flaw, infrastructure, kev, remote-code-execution, vulnerability

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a Meta React Server Components flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a a Meta React Server Components flaw, tracked as CVE-2025-55182 (CVSS Score of 10.0), to its Known Exploited Vulnerabilities (KEV) catalog. The vulnerability is a pre-authentication remote code execution…
Google, Apple Warn of State-Linked Surveillance Threats

Dec 8, 2025 10:32 AM

Tags: apple, cyber, google, government, spyware, threat

Google and Apple have released new global cyber threat notifications, alerting users across dozens of countries to potential targeting by state-linked hackers. The latest warnings reflect growing concerns about government-backed surveillance operations and the expanding commercial spyware marketplace. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/google-apple-spyware-threat-alerts/ also interesting: 9 top bug bounty programs launched in…
Microsoft Gives All Eligible PCs the Green Light for Windows 11 25H2

Dec 8, 2025 10:32 AM

Tags: microsoft, windows

The timing of this upgrade push comes during a wave of reported Windows issues. The post Microsoft Gives All Eligible PCs the Green Light for Windows 11 25H2 appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-microsoft-windows11-25h2/ also interesting: Windows 11 user hurt by the KB5043145 update? Microsoft offers a way out…
Attacken laufen bereits: Rund 29.000 Server über React-Lücke angreifbar

Dec 8, 2025 9:32 AM

Tags: germany

Angreifer attackieren eine React2Shell genannte kritische Lücke im React-Framework. Allein in Deutschland gibt es noch über 3.000 anfällige Server. First seen on golem.de Jump to article: www.golem.de/news/attacken-laufen-bereits-rund-29-000-server-ueber-react-luecke-angreifbar-2512-202992.html also interesting: Mobotix ernennt Samuel Rahn zum Sales Director DACH AuditBoard expandiert nach Deutschland – Neue Lösungen für Audit, Compliance und Risikomanagement Raphael Tsitrin verstärkt Versa Networks Stärkere…
LLM-Sicherheit – Cisco-Studie: Multi-Turn-Angriffe knacken Open-Weight-LLMs

Dec 8, 2025 9:32 AM

Tags: cisco, cyberattack, LLM

First seen on security-insider.de Jump to article: www.security-insider.de/cisco-studie-multi-turn-angriffe-knacken-open-weight-llms-a-a206993ac451107393a3e25f98163544/ also interesting: Cybersecurity Snapshot: NIST Aligns Its Privacy and Cyber Frameworks, While Researchers Warn About Hallucination Risks from GenAI Code Generators 8 KI-Sicherheitsrisiken, die Unternehmen übersehen CISA orders feds to patch Cisco flaws used to hack multiple agencies Cisco Adaptive Security Appliance wird über 0-day angegriffen
Strengthening Fraud Prevention with Real-Time Mobile Identity Signals

Dec 8, 2025 9:32 AM

Tags: fraud, identity, mobile, tool

Fraud is rising quickly in digital channels, making it harder for businesses to stay secure without adding customer friction. Deterministic, mobile-based identity signals provide the real-time, authoritative verification that outdated probabilistic tools can’t, enabling stronger fraud prevention with smoother onboarding. The post Strengthening Fraud Prevention with Real-Time Mobile Identity Signals appeared first on TechRepublic. First…
December 2025 Patch Tuesday forecast: And it’s a wrap

Dec 8, 2025 9:32 AM

Tags: update

It’s hard to believe that we’re in December of 2025 already and the end of the year is fast approaching. Looking back on the year, there are two major items that really stand … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/12/08/december-2025-patch-tuesday-forecast-and-its-a-wrap/ also interesting: Cisco Issues Urgent Fix for ASA and FTD Software Vulnerability Under…
Hochsicherheit für Behörden – 3 Sicherheitsprinzipien für die hochsichere Cloud

Dec 8, 2025 8:32 AM

Tags: cloud

First seen on security-insider.de Jump to article: www.security-insider.de/cloudifizierung-behoerden-deutschland-sicherheit-herausforderungen-a-28fdca5c3b6d689f6a82f3d6724b7c84/ also interesting: Zero-Trust-Sicherheit – Palo Alto Networks und Accenture kooperieren CISA Releases Executive Guide on SIEM and SOAR Platforms for Rapid Threat Detection Google Chrome Enterprise: Keeping Businesses Safe From Threats on the Web Datenleck bei SonicWall betrifft alle CloudKunden
MuddyWater Deploys UDPGangster Backdoor in Targeted Turkey-Israel-Azerbaijan Campaign

Dec 8, 2025 8:32 AM

Tags: backdoor, control, cyber, espionage, fortinet, group, hacking, iran, malware

The Iranian hacking group known as MuddyWater has been observed leveraging a new backdoor dubbed UDPGangster that uses the User Datagram Protocol (UDP) for command-and-control (C2) purposes.The cyber espionage activity targeted users in Turkey, Israel, and Azerbaijan, according to a report from Fortinet FortiGuard Labs.”This malware enables remote control of compromised systems by allowing First…
The Bastion: Open-source access control for complex infrastructure

Dec 8, 2025 8:32 AM

Tags: access, control, infrastructure, network, open-source

Operational teams know that access sprawl grows fast. Servers, virtual machines and network gear all need hands-on work and each new system adds more identities to manage. A … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/12/08/open-source-bastion-host-security/ also interesting: Cybersecurity Snapshot: NIST Aligns Its Privacy and Cyber Frameworks, While Researchers Warn About Hallucination Risks from…
NVIDIA research shows how agentic AI fails under attack

Dec 8, 2025 8:32 AM

Tags: ai, attack, nvidia, tool

Enterprises are rushing to deploy agentic systems that plan, use tools, and make decisions with less human guidance than earlier AI models. This new class of systems also … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/12/08/nvidia-agentic-ai-security-framework/ also interesting: Trend Micro Taps Nvidia for Next-Gen AI-powered Cybersecurity Tools DeepSeek hit by cyberattack and outage amid…
Gartner warnt: Blockt aus Sicherheitsgründen alle KI-Browser auf absehbare Zeit

Dec 8, 2025 8:32 AM

Tags: ai, gartner, risk

Analysten der Unternehmensberatung Gartner haben letzte Woche eine für mich überraschende, aber folgerichtige Empfehlung ausgesprochen. Unternehmen sollten bis auf weiteres die sogenannten KI-Browser aus Sicherheitsgründen blockieren, da die Risiken zu hoch seien. Nur wer sicherstellen kann, dass KI-Browser keinerlei Sicherheitsrisiko … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/12/08/gartner-warnt-blockt-aus-sicherheitsgruenden-alle-ki-browser-auf-absehbare-zeit/ also interesting: The 7 most in-demand…
Online-Betrug: Wie Fake-Trading-Apps und Scam-Fabriken Europas Anleger abzocken

Dec 8, 2025 8:32 AM

Tags: fraud, scam

Online-Betrug nimmt weltweit zu: Fake-Trading-Apps, Social-Media-Anzeigen und Scam-Fabriken in Asien täuschen Anleger. First seen on tarnkappe.info Jump to article: tarnkappe.info/artikel/it-sicherheit/online-betrug/online-betrug-wie-fake-trading-apps-und-scam-fabriken-europas-anleger-abzocken-323990.html also interesting: Scammers Offering Fraud-as-a-service to Other Scammers to Drain Victims Funds Senator: Top Banks Only Reimburse 38% of Unauthorized Scams Operation Chakra V: Call Center Scammers and your PII Fraud, Romance Scams, and Laundered…
Offensive security takes center stage in the AI era

Dec 8, 2025 8:32 AM

Tags: ai, attack, automation, business, ciso, control, credentials, cyber, cybersecurity, data, defense, detection, encryption, framework, hacker, hacking, incident response, intelligence, malicious, offense, phishing, RedTeam, regulation, risk, skills, software, strategy, tactics, technology, threat, tool, vulnerability, vulnerability-management, windows

Red teaming, where ethical hackers simulate real-world attacks to test detection and response capabilities. Red teams aim to emulate threat actors by using stealthy tactics to bypass controls and achieve objectives such as data exfiltration or privilege escalation.Adversary emulation, where security pros re-create known threat actor tactics, techniques, and procedures (TTPs) based on threat intelligence…
CISA Releases New AIOT Security Guidance: Key Principles Risks

Dec 8, 2025 8:32 AM

Tags: ai, cisa, governance, risk, technology

CISA and global partners issue new guidance for secure AI integration in operational technology, highlighting risks, governance, behavioral analytics, and OT safety. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/12/cisa-releases-new-ai-in-ot-security-guidance-key-principles-risks/ also interesting: CISA cybersecurity workforce faces cuts amid shifting US strategy Cybersecurity Snapshot: NIST Aligns Its Privacy and Cyber Frameworks, While Researchers Warn About Hallucination…
Vaillant CISO: NIS2 complexity and lack of clarity endanger its mission

Dec 8, 2025 8:32 AM

Tags: ai, attack, awareness, business, ciso, compliance, corporate, country, cyber, cyberattack, cybersecurity, dora, email, germany, infrastructure, intelligence, network, nis-2, office, organized, phishing, ransomware, regulation, risk, service, skills, supply-chain, threat, training

CSO Germany: The energy sector is increasingly becoming a target for cybercriminals. Experts and the Federal Office for Information Security (BSI) believe that protection in this area must be significantly increased. How do you assess the current situation?Reiß: The geopolitical tensions we are currently witnessing are leading to an increased threat level. This naturally also affects the heating…
Offensive security takes center stage in the AI era

Dec 8, 2025 8:32 AM

Tags: ai, attack, automation, business, ciso, control, credentials, cyber, cybersecurity, data, defense, detection, encryption, framework, hacker, hacking, incident response, intelligence, malicious, offense, phishing, RedTeam, regulation, risk, skills, software, strategy, tactics, technology, threat, tool, vulnerability, vulnerability-management, windows

Red teaming, where ethical hackers simulate real-world attacks to test detection and response capabilities. Red teams aim to emulate threat actors by using stealthy tactics to bypass controls and achieve objectives such as data exfiltration or privilege escalation.Adversary emulation, where security pros re-create known threat actor tactics, techniques, and procedures (TTPs) based on threat intelligence…
CISA Releases New AIOT Security Guidance: Key Principles Risks

Dec 8, 2025 8:32 AM

Tags: ai, cisa, governance, risk, technology

CISA and global partners issue new guidance for secure AI integration in operational technology, highlighting risks, governance, behavioral analytics, and OT safety. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/12/cisa-releases-new-ai-in-ot-security-guidance-key-principles-risks/ also interesting: CISA cybersecurity workforce faces cuts amid shifting US strategy Cybersecurity Snapshot: NIST Aligns Its Privacy and Cyber Frameworks, While Researchers Warn About Hallucination…
Critical Vulnerabilities Found in GitHub Copilot, Gemini CLI, Claude, and Other AI Tools Affect Millions

Dec 8, 2025 7:35 AM

Tags: ai, attack, cyber, data, exploit, github, tool, vulnerability

A groundbreaking security research project has uncovered a new class of vulnerabilities affecting virtually every major AI-powered integrated development environment (IDE) and coding assistant on the market. Dubbed >>IDEsaster,
Umgehung der Authentifizierung – Asus stopft acht Sicherheitslücken in Router-Firmware

Dec 8, 2025 7:35 AM

Tags: authentication, firmware, router

First seen on security-insider.de Jump to article: www.security-insider.de/sicherheitsluecken-asus-router-firmware-aktualisierung-a-ee0b40df0e839d866a41efb2cb2b0cd4/ also interesting: Netgear warns users to patch auth bypass, XSS router flaws Netgear warns users to patch auth bypass, XSS router flaws ASUS warns of critical remote authentication bypass on 7 routers CVE-2024-3080: ASUS warns Customers about the latest Authentication Bypass Vulnerability detected Across seven Router Models
Critical React2Shell RCE Flaw Actively Exploited to Run Malicious Code

Dec 8, 2025 7:35 AM

Tags: attack, cve, cvss, cyber, exploit, flaw, framework, malicious, rce, remote-code-execution, vulnerability

A critical remote code execution vulnerability in React Server Components has emerged as an active exploitation target, with security researchers observing widespread automated attacks across the internet. The flaw, tracked asCVE-2025-55182and dubbed >>React2Shell,
LockBit 5.0 Infrastructure Exposed as Hackers Leak Critical Server Data

Dec 8, 2025 7:35 AM

Tags: cyber, cybercrime, cybersecurity, data, data-breach, group, hacker, infrastructure, leak, lockbit, ransomware

Security researchers have uncovered critical infrastructure details for the notorious LockBit 5.0 ransomware operation, including the IP address 205.185.116.233 and the domain karma0.xyz, which hosts the group’s latest leak site. The discovery represents a significant operational security failure for the cybercriminal organization. Cybersecurity researcher Rakesh Krishnan first publicized the findings on December 5, 2025, identifying…
Critical Vulnerabilities Found in GitHub Copilot, Gemini CLI, Claude, and Other AI Tools Affect Millions

Dec 8, 2025 7:35 AM

Tags: ai, attack, cyber, data, exploit, github, tool, vulnerability

A groundbreaking security research project has uncovered a new class of vulnerabilities affecting virtually every major AI-powered integrated development environment (IDE) and coding assistant on the market. Dubbed >>IDEsaster,
Critical React2Shell RCE Flaw Actively Exploited to Run Malicious Code

Dec 8, 2025 7:35 AM

Tags: attack, cve, cvss, cyber, exploit, flaw, framework, malicious, rce, remote-code-execution, vulnerability

A critical remote code execution vulnerability in React Server Components has emerged as an active exploitation target, with security researchers observing widespread automated attacks across the internet. The flaw, tracked asCVE-2025-55182and dubbed >>React2Shell,
Invisible IT is becoming the next workplace priority

Dec 8, 2025 7:35 AM

Tags: unclassified

IT leaders want their employees to work without running into digital hurdles, but many still struggle with fragmented systems that slow teams down. A new report from Lenovo … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/12/08/invisible-it-workplace-priority/ also interesting: Dashlane vs 1Password (2024): Features Pricing Compared Dashlane vs 1Password (2024): Features Pricing Compared Halliburton compromised…
Shanya EDR Killer: The New Favorite Tool for Ransomware Operators

Dec 8, 2025 7:35 AM

Tags: cyber, cybercrime, edr, endpoint, group, malware, ransomware, sophos, tool

A sophisticated new >>packer-as-a-service>EDR killer
How to tell if your password manager meets HIPAA expectations

Dec 8, 2025 7:35 AM

Tags: encryption, healthcare, HIPAA, monitoring, network, password, phishing, risk

Most healthcare organizations focus on encryption, network monitoring, and phishing prevention, although one simple source of risk still slips through the cracks. Password … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/12/08/password-manager-hipaa-compliance/ also interesting: How to tell if your password manager meets HIPAA expectations How to tell if your password manager meets HIPAA expectations How…
Critical Cal.com Flaw Allows Attackers to Bypass Authentication Using Fake TOTP Codes

Dec 8, 2025 7:35 AM

Tags: access, authentication, cve, cvss, cyber, exploit, flaw, password, unauthorized, vulnerability

Cal.com has disclosed a critical authentication bypass vulnerability that could allow attackers to gain unauthorized access to user accounts by exploiting a flaw in password verification logic. The flaw, tracked as CVE-2025-66489 and assigned a critical CVSS v4 score of 9.3, affects all versions of Cal.com up to and including 5.9.7. Users are urged to…
Indonesia’s Gambling Industry Reveals Clues of Nationwide Cyber Involvement

Dec 8, 2025 7:35 AM

Tags: cyber, cybercrime, data-breach, infrastructure, threat

A massive Indonesian-speaking cybercrime operation spanning over 14 years has been uncovered, revealing a sophisticated infrastructure that shows hallmarks of state-level backing and resources typically associated with advanced persistent threat actors. Security researchers at Malanta have exposed what may be one of the largest and most complex Indonesian-speaking cyber operations ever documented a sprawling ecosystem…
Invisible IT is becoming the next workplace priority

Dec 8, 2025 7:35 AM

Tags: unclassified

IT leaders want their employees to work without running into digital hurdles, but many still struggle with fragmented systems that slow teams down. A new report from Lenovo … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/12/08/invisible-it-workplace-priority/ also interesting: Halliburton compromised by RansomHub operation EMC übernimmt mit Silicium Security einen Sicherheitsanbieter EMC übernimmt mit Silicium…
How to tell if your password manager meets HIPAA expectations

Dec 8, 2025 7:35 AM

Tags: encryption, healthcare, HIPAA, monitoring, network, password, phishing, risk

Most healthcare organizations focus on encryption, network monitoring, and phishing prevention, although one simple source of risk still slips through the cracks. Password … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/12/08/password-manager-hipaa-compliance/ also interesting: How to tell if your password manager meets HIPAA expectations How to tell if your password manager meets HIPAA expectations How…
CISOs are spending big and still losing ground

Dec 8, 2025 6:32 AM

Tags: ciso

Security leaders are entering another budget cycle with more money to work with, but many still feel no safer. A new benchmark study from Wiz shows a widening gap between … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/12/08/wiz-cybersecurity-spending-priorities-report/ also interesting: 25 on 2025: APAC security thought leaders share their predictions and aspirations #Infosec2025: UK…
Ex-Employee Sues Washington Post Over Oracle EBS-Related Data Breach

Dec 8, 2025 6:32 AM

Tags: breach, data, data-breach, oracle, threat, vulnerability

The Washington Post last month reported it was among a list of data breach victims of the Oracle EBS-related vulnerabilities, with a threat actor compromising the data of more than 9,700 former and current employees and contractors. Now, a former worker is launching a class-action lawsuit against the Post, claiming inadequate security. First seen on…
Block all AI browsers for the foreseeable future: Gartner

Dec 8, 2025 6:32 AM

Tags: ai, gartner, infosec, training

Analysts worry lazy users could have agents complete mandatory infosec training, and attackers could do far nastier things First seen on theregister.com Jump to article: www.theregister.com/2025/12/08/gartner_recommends_ai_browser_ban/ also interesting: Top security solutions being piloted today, and how to do it right 17 hottest IT security certs for higher pay today The CISO’s 5-step guide to securing…
Ex-Employee Sues Washington Post Over Oracle EBS-Related Data Breach

Dec 8, 2025 6:32 AM

Tags: breach, data, data-breach, oracle, threat, vulnerability

The Washington Post last month reported it was among a list of data breach victims of the Oracle EBS-related vulnerabilities, with a threat actor compromising the data of more than 9,700 former and current employees and contractors. Now, a former worker is launching a class-action lawsuit against the Post, claiming inadequate security. First seen on…
Dokumente zur Erbrechtsfragen: Auch eine Quittung kann ein Testament beinhalten

Dec 8, 2025 5:32 AM

Tags: unclassified

First seen on datensicherheit.de Jump to article: www.datensicherheit.de/dokumente-erbrechtsfragen-quittung-testament also interesting: What is Continuous Authority to Operate (cATO)? Digitaler Zahlungsverkehr: Betrugsversuche fordern Verbraucher heraus Detective reported journalist’s lawyers to regulator in ‘unlawful’ PSNI surveillance case Sicherheitsproblem durch Standortdaten: EU-Beamte lassen sich durch Tracker nach Hause verfolgen
Russian APT UTA0355 Steals Microsoft 365 OAuth Tokens via Fake Security Conference Lures and WhatsApp Support

Dec 8, 2025 5:32 AM

Tags: apt, conference, microsoft, russia

The post Russian APT UTA0355 Steals Microsoft 365 OAuth Tokens via Fake Security Conference Lures and WhatsApp Support appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/russian-apt-uta0355-steals-microsoft-365-oauth-tokens-via-fake-security-conference-lures-and-whatsapp-support/ also interesting: Russian APT >>Secret Blizzard<< Leverages Cybercriminal Tools in Ukraine Attacks International effort erases PlugX malware from thousands of Windows computers 11 ways…
Microsoft appears to move on from its most loyal ‘customers’ Contoso and Fabrikam

Dec 8, 2025 1:32 AM

Tags: ai, microsoft

Outfit called ‘Zava’ selling ‘intelligent athletic apparel’ is now in the spotlight as Redmond’s fake brand for the AI age First seen on theregister.com Jump to article: www.theregister.com/2025/12/01/microsoft_contoso_fabrikam_zava/ also interesting: China Using AI-Generated Content to Sow Division in US, Microsoft Finds IAM Predictions for 2025: Identity as the Linchpin of Business Resilience WatchGuard Strengthens MDR…
Frankfurt/Main: Wirtschaftswachstum gründet sich auf Rechenzentren doch neue IW-Studie benennt Hürden für Betreiber

Dec 8, 2025 12:32 AM

Tags: unclassified

First seen on datensicherheit.de Jump to article: www.datensicherheit.de/frankfurt-main-wirtschaftswachstum-basis-rechenzentren-iw-studie-huerden-betreiber also interesting: USENIX NSDI ’24 DINT: Fast In-Kernel Distributed Transactions with eBPF Ensuring the Security and Efficiency of Web Applications and Systems Webadresse weg: Kim Dotcom verliert Me.ga… Shorter TLS certificate lifespans expected to complicate management efforts
OpenAI denies rolling out ads on ChatGPT paid plans

Dec 7, 2025 10:33 PM

Tags: chatgpt, openai

ChatGPT is allegedly showing ads to those who pay $20 for the Plus subscription, but OpenAI says this is an app recommendation feature, not an ad. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/artificial-intelligence/openai-denies-rolling-out-ads-on-chatgpt-paid-plans/ also interesting: OpenAI bestätigt Nutzung von ChatGPT zur Malware-Entwicklung We’re losing”Š”, “Šbut it can’t get any worse, right? Leak confirms OpenAI’s…
Portugal updates cybercrime law to exempt security researchers

Dec 7, 2025 9:33 PM

Tags: cybercrime, hacking, law, update

Portugal has modified its cybercrime law to establish a legal safe harbor for good-faith security research and to make hacking non-punishable under certain strict conditions. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/portugal-updates-cybercrime-law-to-exempt-security-researchers/ also interesting: 8 Cyber Predictions for 2025: A CSO’s Perspective The most notorious and damaging ransomware of all time 6 rising malware trends…
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 74

Dec 7, 2025 9:33 PM

Tags: attack, cyber, data-breach, exploit, international, malware, remote-code-execution, russia, spyware, supply-chain, threat, vulnerability

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter Analysis of ShadowPad Attack Exploiting WSUS Remote Code Execution Vulnerability (CVE-2025-59287) Shai-Hulud 2.0 Supply Chain Attack: 25K+ npm Repos Exposed Spyware Allows Cyber Threat Actors to Target Users of Messaging Applications Morphisec Thwarts Russian-Linked…
Security Affairs newsletter Round 553 by Pierluigi Paganini INTERNATIONAL EDITION

Dec 7, 2025 8:32 PM

Tags: apache, api, email, international, vulnerability, WeeklyReview

A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Attackers launch dual campaign on GlobalProtect portals and SonicWall APIs Maximum-severity XXE vulnerability discovered in Apache…
Porsche outage in Russia serves as a reminder of the risks in connected vehicle security

Dec 7, 2025 4:33 PM

Tags: risk, russia

Hundreds of Porsche cars in Russia became undrivable due to a malfunction in their factory-installed satellite security system, owners say. Hundreds of Porsche cars in Russia became undrivable after their factory-installed satellite security system malfunctioned, owners and dealers report. Drivers in several Russian cities reported sudden engine shutdowns and fuel-delivery blocks after Porsche cars lost…

Cyber-Security-News