access ai android api apple attack authentication backdoor breach browser business ceo china cisa cisco ciso cloud compliance control credentials crypto cve cyber cyberattack cybercrime cybersecurity data data-breach defense detection email exploit finance flaw framework fraud google governance government group hacker hacking healthcare identity infrastructure intelligence Internet jobs law leak linux malicious malware microsoft monitoring network open-source password phishing privacy ransomware remote-code-execution resilience risk russia scam service software strategy supply-chain technology theft threat tool unclassified update usa vulnerability windows zero-day
-
Sicherheitslücken im Controller: Elektronische Verkehrsschilder sind manipulierbar
Tags: unclassifiedDurch Sicherheitslücken in Daktronics-Controllern können Angreifer LED-Anzeigetafeln kompromittieren – unter anderem solche am Straßenrand. First seen on golem.de Jump to article: www.golem.de/news/daktronics-strassenschilder-durch-controller-luecken-manipulierbar-2606-210333.html also interesting: Mozilla’s Persona Single Sign-On Launches in Beta Anonymous ‘Spokesman’ Barrett Brown Arrested [Video] breaking reCAPTCHA dc949 Stiltwalker Round 2 Neue Gadgets: Ein Schlagzeug wird zur Tastatur…
-
Sicherheitslücken ohne Ende: Menge an KIReports überfordert Github
Github kommt bei der Bearbeitung von Sicherheitsmeldungen nicht mehr hinterher. Es gibt wohl einen Rückstau von mehreren Wochen. First seen on golem.de Jump to article: www.golem.de/news/sicherheitsluecken-ohne-ende-flut-an-ki-bug-reports-ueberfordert-github-2606-210347.html also interesting: Privacy Roundup: Week 3 of Year 2025 Salt Security Launches GitHub Connect to Proactively Discover Shadow APIs and MCP Risks in Code Repositories Securing MCP Servers at…
-
Critical SimpleHelp Vulnerability Exploited For Malware Delivery
Attackers exploited a critical SimpleHelp RMM bug to deploy TaskWeaver and Djinn Stealer malware First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/simplehelp-rmm-vulnerability/ also interesting: Blinded by Silence China-linked actor’s malware DeepData exploits FortiClient VPN zero-day Cloud Atlas Deploys VBCloud Malware: Over 80% of Targets Found in Russia 5,000 WordPress Sites Hacked in New WP3.XYZ Malware…
-
Silent Swap Crypto Clipper Uses Fake Google Notes Extension to Replace Wallet Addresses
Cybersecurity researchers have flagged an active browser extension campaign that is designed to steal cryptocurrency by stealthily replacing wallet addresses when unsuspecting users initiate a transaction.The cryptocurrency clipper activity has been codenamed Silent Swap by McAfee Labs.”The campaign is delivered through unsigned installers observed in both .NET and Golang variants that First seen on thehackernews.com…
-
Fake Perplexity extension on Chrome Web Store tracked searches
A malicious extension in the Chrome Web Store is masquerading as the Perplexity AI answer engine, intercepting search traffic and collecting browsing information. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/fake-perplexity-extension-on-chrome-web-store-tracked-searches/ also interesting: ThreatsDay Bulletin: CarPlay Exploit, BYOVD Tactics, SQL C2 Attacks, iCloud Backdoor Demand & More AI browsers can be tricked with malicious prompts…
-
Aflac Japan Data Breach Exposes Sensitive Customer Information
Aflac disclosed a data breach at its Japan subsidiary that exposed sensitive customer and bank account information. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/aflac-japan-data-breach-exposes-sensitive-customer-information/ also interesting: Zacks Investment Data Breach Exposes 12 Million Emails and Phone Numbers Ransomware gang’s slip-up led to data recovery for 12 US firms PayPal discloses data breach that exposed…
-
$10 Million Reward for Russian Hackers Targeting Messaging App Users
The U.S. Department of State is offering up to $10 million for information on Russian-linked groups UNC5792 and UNC4221. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/10-million-reward-for-russian-hackers-targeting-messaging-app-users/ also interesting: Sandworm APT Hackers Weaponize Microsoft KMS Activation Tools To Compromise Windows Russian APT Hackers Use Device Code Phishing Technique to Bypass MFA New LOSTKEYS Malware Tied…
-
Hackers Use Fake FIFA World Cup 2026 T-Shirt Offers to Spread Voidrift Malware
A fake FIFA World Cup 2026 T-shirt giveaway scam is spreading Voidrift malware through personalized emails using company logos and trusted websites to bypass security filters. First seen on hackread.com Jump to article: hackread.com/hackers-fake-fifa-world-cup-2026-t-shirt-voidrift-malware/ also interesting: Top 12 ways hackers broke into your systems in 2024 Fake Binance Wallet Email Promises TRUMP Coin, Installs Malware…
-
DHS to unveil replacement council for critical infrastructure cybersecurity
The Department of Homeland Security is bringing back a key cybersecurity information sharing effort with critical infrastructure, more than a year after the Trump administration shuttered an existing nerve center between government and private sector. The Alliance of National Councils for Homeland Operational Resilience Critical Infrastructure program,first reported by CyberScoop in January, is meant […]…
-
OpenAI oder Anthropic: Sind Open-Source-Modelle eine gute Alternative?
First seen on t3n.de Jump to article: t3n.de/news/openai-oder-anthropic-sind-open-source-modelle-eine-gute-alternative-1749657/ also interesting: Deepseek tritt die nächste Welle des KI-Rushs los Anthropic detects the inevitable: genAI-only attacks, no humans involved OpenAI releases ‘Aardvark’ security and patching model OpenAI Snags OpenClaw Creator for Agent Push
-
Unerlaubte KI-Anwendungen am Arbeitsplatz: IT-Anwalt warnt vor rechtlichen Folgen
Tags: aiFirst seen on t3n.de Jump to article: t3n.de/news/unerlaubte-ki-anwendungen-arbeitsplatz-anwalt-warnt-rechtliche-folgen-1747767/ also interesting: AI cybersecurity needs to be as multi-layered as the system it’s protecting Vertrauen unter Beschuss: KI und Automatisierung befeuern eine neue Welle zielgerichteter Cyberkriminalität AI Security Agents Get Persona Makeovers Huge Trove of Nude Images Leaked by AI Image Generator Startup’s Exposed Database
-
Anthropic bestätigt: US-Regierung hebt Sperrung von Mythos 5 teilweise auf
First seen on t3n.de Jump to article: t3n.de/news/anthropic-bestaetigt-us-regierung-hebt-sperrung-von-mythos-5-teilweise-auf-1749922/ also interesting: Angst vor russischer Spionage: US-Regierung verbietet Software von Kaspersky US-Regierung ohne Beweise für Spionage durch Huawei Securing Canada’s Digital Backbone: Navigating API Compliance 6 key trends reshaping the IAM market
-
Anthropic bestätigt: US-Regierung hebt Sperrung von Mythos 5 teilweise auf
First seen on t3n.de Jump to article: t3n.de/news/anthropic-bestaetigt-us-regierung-hebt-sperrung-von-mythos-5-teilweise-auf-1749922/ also interesting: Angst vor russischer Spionage: US-Regierung verbietet Software von Kaspersky US-Regierung ohne Beweise für Spionage durch Huawei Securing Canada’s Digital Backbone: Navigating API Compliance 6 key trends reshaping the IAM market
-
Sicherheitslücken im Controller: Elektronische Verkehrsschilder manipulierbar
Tags: unclassifiedDurch Sicherheitslücken in Daktronics-Controllern können Angreifer LED-Anzeigetafeln kompromittieren – unter anderem solche am Straßenrand. First seen on golem.de Jump to article: www.golem.de/news/daktronics-strassenschilder-durch-controller-luecken-manipulierbar-2606-210333.html also interesting: Are you ready? We are… U.N. nuclear agency, Israel news agency hacked SEC Fines 4 Firms Related To SolarWinds Case Lawmakers wonder when Trump administration will weigh on soon-expired surveillance powers
-
Windows 10 bleibt länger sicher Microsoft verschiebt Support-Ende um ein Jahr
First seen on t3n.de Jump to article: t3n.de/news/windows-10-support-ende-verschoben-2027-1749639/ also interesting: Microsoft is killing off the Android apps in Windows 11 feature Nach drei Jahren starten Beta-Tests für Windows 10 wieder Microsoft tests ad-supported Office apps for Windows users Microsoft asks users to ignore Windows Firewall config errors
-
npm-Lieferkettenangriff auf KI-Framework Mastra – Gekapertes npm-Konto schleust Schadcode in 140 Mastra-Pakete
First seen on security-insider.de Jump to article: www.security-insider.de/mastra-npm-lieferkettenangriff-a-082843107ef0d041bb0263bbc1329843/ also interesting: CISOs beware: genAI use is outpacing security controls For application security: SCA, SAST, DAST and MAST. What next? AI Security Risks: How Enterprises Manage LLM, Shadow AI and Agentic Threats FireTail Blog Weak at the seams
-
282 iOS AI Apps Leak API Keys and Open AI Proxy Access in Network Traffic Study
Researchers tested 444 AI chatbot apps for iPhone and found that 282 of them, nearly two-thirds, exposed paid AI access through their network traffic.In many cases, the path in was visible just by watching what the app sent: a plaintext API key, a reusable token, or a backend server that accepted requests with no key…
-
GuardFall Exposes Open-Source AI Coding Agents to Decades-Old Shell Injection Risks
The safety check that is supposed to stop an AI coding agent from running a dangerous command can be walked straight past using a shell trick that has been public for decades.New research from Adversa AI, which is named the bypass GuardFall, found it works against ten of the eleven popular open-source coding and computer-use…
-
AppViewX Launches Global Partner Program Amid Rising Demand for Machine and Agent Identity Security
New York, United States, June 30th, 2026, CyberNewswire Building on the momentum of its Agent Identity Security launch, AppViewX invests in partner success through enhanced enablement and co-selling support AppViewX, the only machine and agent identity security company built for the AI and quantum era, today announced the launch of its first global Partner Program.…
-
Lessons from the Underground: How to Combat Business Email Compromise
Business Email Compromise is more than an email scam. It’s a coordinated operation involving compromised accounts, financial research, and cash-out networks. Flare explores how underground forums reveal how BEC attacks are planned and executed. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/lessons-from-the-underground-how-to-combat-business-email-compromise/ also interesting: 11 ways cybercriminals are making phishing more potent than ever How…
-
Japanese Telecom Giant Says Breach May Expose 14.2 Million Email Accounts
KDDI says a breach may have exposed email addresses and passwords for up to 14.2 million ISP accounts across six providers. The post Japanese Telecom Giant Says Breach May Expose 14.2 Million Email Accounts appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-kddi-breach-isp-email-accounts-apac-japan/ also interesting: Password managers under increasing threat as infostealers…
-
DOJ Seizes 400 Illegal FIFA World Cup Streaming Domains
Officials from the US Department of Justice seized nearly 400 domains linked to illegal World Cup streams and warned viewers about the risks of malware, phishing, and data theft. The post DOJ Seizes 400 Illegal FIFA World Cup Streaming Domains appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-doj-illegal-world-cup-streaming-domains/ also interesting: From…
-
iPhone 18 Leak: Apple’s Next Pro Design May Have Appeared Online
Leaked Tata files reportedly show possible iPhone 18 Pro design details, factory images, and supplier records ahead of Apple’s expected September launch. The post iPhone 18 Leak: Apple’s Next Pro Design May Have Appeared Online appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-iphone-18-pro-design-leak-tata-breach/ also interesting: A Mysterious Leak Exposed Chinese Hacking…
-
iPhone Security Fixes May Arrive Sooner as AI Speeds Up Threats
Apple is releasing some iPhone security fixes earlier as AI raises concerns about faster cyberattacks and shorter patch windows. The post iPhone Security Fixes May Arrive Sooner as AI Speeds Up Threats appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-apple-iphone-ai-security-updates/ also interesting: UK Cybersecurity Weekly Update 2 March 2025 Sieben gängige…
-
SimpleHelp Flaw Exploited to Deploy Malware Targeting Windows, macOS, and Linux
A SimpleHelp authentication flaw is being exploited to deploy Djinn Stealer, a cross-platform malware targeting cloud, developer, and AI credentials. The post SimpleHelp Flaw Exploited to Deploy Malware Targeting Windows, macOS, and Linux appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-simplehelp-flaw-djinn-stealer-developer-credentials/ also interesting: Top 7 zero-day exploitation trends of 2024 The…
-
Oracle E-Business Suite Payments flaw under attack (CVE-2026-46817)
Exploitation attempts targeting a critical vulnerability (CVE-2026-46817) in Oracle Payments, the payment-processing module within Oracle’s E-Business Suite (EBS), have … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/06/30/oracle-payments-cve-2026-46817-exploitation/ also interesting: Oracle patches EBS zero-day exploited in Clop data theft attacks CVE-2025-61882: Frequently Asked Questions About Oracle E-Business Suite (EBS) Zero-Day and Associated Vulnerabilities Oracle Rushes…
-
Singpass to roll out passkeys in fight against phishing scams
The passwordless feature will launch for iPhone users on 1 July 2026 with a device-bound model to avoid the security risks of cloud-synced passkeys First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366645129/Singpass-to-roll-out-passkeys-in-fight-against-phishing-scams also interesting: 25 on 2025: APAC security thought leaders share their predictions and aspirations Cybersecurity Snapshot: F5 Breach Prompts Urgent U.S. Gov’t Warning,…
-
Reflectiz to Host Webinar, Joined by Taboola, on Securing Third-Party Marketing in the AI Era
Tags: aiBoston, Massachusetts, 30th June 2026, CyberNewswire First seen on hackread.com Jump to article: hackread.com/reflectiz-to-host-webinar-joined-by-taboola-on-securing-third-party-marketing-in-the-ai-era/ also interesting: Ireland’s Watchdog Launches Inquiry into Google’s AI Data Practices in Europe Application Security Firm DryRun Raises $8.7 Million in Seed Funding LimaCharlie Adds AI-On-Ramp for Security Providers With MCP Server Koi Raises $48M to Safeguard AI Models, Code and…
-
NDSS Symposium Heads to Seoul in 2027 to Expand Global Cybersecurity Collaboration
Tags: cybersecurityDC, United States, 30th June 2026, CyberNewswire First seen on hackread.com Jump to article: hackread.com/ndss-symposium-heads-to-seoul-in-2027-to-expand-global-cybersecurity-collaboration/ also interesting: AI cybersecurity needs to be as multi-layered as the system it’s protecting White House: Threats to critical infrastructure are ‘severe’ Hardware cybersecurity leader, Flexxon, introduces Server Defender CISOs’ new ally: Qualys CyberSecurity Asset Management 3.0
-
DHS proposes new framework for public-private infrastructure security collaboration
The Trump administration eliminated the previous system in 2025, sparking a backlash from experts and infrastructure operators. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/critical-infrastructure-collaboration-dhs-anchor-ci/824081/ also interesting: Securing Canada’s Digital Backbone: Navigating API Compliance For application security: SCA, SAST, DAST and MAST. What next? Researchers Unveil Aeternum C2 Infrastructure with Advanced Evasion and Persistence Tactics…
-
What the Numbers Say About FIFA 2026 Cyber Risk
The FIFA World Cup 2026 opened on June 11. By that date, according to Check Point Research, the fraud infrastructure targeting it had already been built, staged, and partially deployed. Threat actor activity was pre-planned, months out, across three sectors and at least ten languages.Check Point Exposure Management published the FIFA World Cup 2026 Cyber…
-
AI-Generated Workflows Are a Silent Security Disaster
Teams are dealing with a truly dangerous problem, automation that works, but that no one understands. First seen on darkreading.com Jump to article: www.darkreading.com/cyber-risk/ai-generated-workflows-silent-security-disaster also interesting: 8 biggest cybersecurity threats manufacturers face Anton’s Security Blog Quarterly Q2 2025 At last, a use case for AI agents with sky-high ROI: Stealing crypto How AI-Generated Content is…
-
Critical Progress Kemp LoadMaster Vulnerability Enables Pre-Auth Remote Code Execution
Progress’s Kemp LoadMaster, a widely deployed edge load balancer and ADC, is at the center of a critical pre-authentication Remote Code Execution (RCE) vulnerability tracked as CVE-2026-8037. The flaw allows unauthenticated attackers with access to the device API to run arbitrary shell commands by exploiting an uninitialized-memory/string-termination bug in LoadMaster’s API handling. Given LoadMaster’s position…
-
OpenMatter Network Introduces Verifiable Trust Layer for Secure Collaboration and AI Agents
Melbourne, Florida, 30th June 2026, CyberNewswire First seen on hackread.com Jump to article: hackread.com/openmatter-network-introduces-verifiable-trust-layer-for-secure-collaboration-and-ai-agents/ also interesting: KI-Bedrohungen und Technologiefragmentierung setzen Unternehmen zu NDSS 2025 Workshop On Security And Privacy Of Next-Generation Networks (FutureG) 2025, Session 1. Panelists Papers SESSION Opening Remarks, Panel And FutureG 2025 Session 1: AI-Assisted NextG Webinar: How Attackers Exploit Cloud Misconfigurations…
-
AppViewX Launches Global Partner Program Amid Rising Demand for Machine and Agent Identity Security
Tags: identityNew York, United States, 30th June 2026, CyberNewswire First seen on hackread.com Jump to article: hackread.com/appviewx-launches-global-partner-program-amid-rising-demand-for-machine-and-agent-identity-security/ also interesting: Gov.uk One Login accounts on the rise 5 ways boards can improve their cybersecurity governance SaaS Security: Connecting Posture Management Identity Risk ClearVector Raises $13M to Advance Identity-Driven Security for Modern Environments
-
Active Directory Forest Trust Abuse: ChildRoot Domain Escalation
Tags: unclassifiedOverview This article walks through a complete forest compromise of an Active Directory environment, escalating from a single child domain all the way to the First seen on hackingarticles.in Jump to article: www.hackingarticles.in/active-directory-forest-trust-abuse-child-to-root-domain-escalation/ also interesting: [Video] Photo Forensics: Advanced File Carving Techniques Sicherheitsmonitor 2025 – Sicher handeln, besser schützen Hype oder echte Lösung?: MCP bringt…
-
Active Directory Forest Trust Abuse: ChildRoot Domain Escalation
Tags: unclassifiedOverview This article walks through a complete forest compromise of an Active Directory environment, escalating from a single child domain all the way to the First seen on hackingarticles.in Jump to article: www.hackingarticles.in/active-directory-forest-trust-abuse-child-to-root-domain-escalation/ also interesting: Elektromagnetische Störungen gefährden die IT – EMI-Abschirmung in Rechenzentren Alleged US Space Force tech archive offered for sale Foster a…
-
An intelligence budget ‘super user’ job is now in the hands of Russ Vought
Russell Vought, director of the White House Office of Management and Budget (OMB), assumed hands-on responsibility for overseeing the spending plans of intelligence agencies following the recent departure of Amaryllis Fox Kennedy, a senior intelligence official who simultaneously served in multiple roles, including one at OMB. First seen on therecord.media Jump to article: therecord.media/intelligence-budget-super-user-job-russ-vought-omb also…
-
Versorgung ist gesichert – Cyberangriff bei Energieversorger GSW
Tags: cyberattackFirst seen on security-insider.de Jump to article: www.security-insider.de/cyberangriff-gsw-nrw-energieversorger-a-794522afd46dcd60d187429c20cfe8f1/ also interesting: 2 Calif. Medical Groups Split Citing Cyberattack Dispute Attackers Can Use QR Codes to Bypass Browser Isolation Strategien für eine sichere digitale Zukunft von der RSA Jaguar Land Rover nach Cyberattacke lahmgelegt
-
NIST Enrichment Reductions Impact CVE Coverage, Accuracy
The National Institute of Standards and Technology (NIST) scaled back on the number of CVEs it selects for in-depth analysis, but the move has produced mixed results, according to researchers. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/nist-enrichment-reductions-cve-coverage-accuracy also interesting: Cybersecurity Snapshot: Industrial Systems in Crosshairs of Russian Hackers, FBI Warns, as MITRE Updates List…
-
BumbleBee and AdaptixC2 Deliver Akira Ransomware Through Bing SEO Poisoning
BumbleBee and AdaptixC2 are being used in a highly efficient intrusion chain that starts with Bing SEO poisoning and ends with Akira ransomware deployment, showing how trusted search traffic is now being turned into an enterprise compromise vector. The campaign is notable not for novelty in any single stage, but for how tightly each stage…
-
Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools
Apple released updates for iOS, iPadOS, macOS, and Safari, fixing WebKit flaws, four of which were found using AI tools like Claude and Codex Apple pushed out security updates for iOS, iPadOS, macOS, and Safari on Monday, and this round comes with a twist worth noticing. Four of the WebKit vulnerabilities patched were found using…
-
Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools
Apple released updates for iOS, iPadOS, macOS, and Safari, fixing WebKit flaws, four of which were found using AI tools like Claude and Codex Apple pushed out security updates for iOS, iPadOS, macOS, and Safari on Monday, and this round comes with a twist worth noticing. Four of the WebKit vulnerabilities patched were found using…
-
Digitale Souveränität für regulierte Organisationen
Mit <> will Omada europäischen Unternehmen die vollumfängliche Kontrolle darüber bieten, wo und wie ihre Identity-Governance bereitgestellt wird. Mit herkömmlicher Cloud-Bereitstellung sind besonders gesetzlich stark regulierte Unternehmen nicht mehr in der Lage, die Anforderungen an digitale Souveränität und regulatorische Kontrolle zu erfüllen. Omada-Identity-Sovereign wurde entwickelt, um genau diesen Bestimmungen und den damit verbundenen […] First…
-
Vertrauen lässt sich nicht prompten
Wie informieren sich IT-Entscheider, und welchen Quellen vertrauen sie? Dieser Frage ist Akima im März 2026 in einer Befragung von 309 IT-Entscheidern in deutschen Unternehmen nachgegangen. KI-Tools sind innerhalb eines Jahres von Platz 9 (2025) auf Platz 3 der meistgenutzten Quellen vorgerückt und haben sich damit als neue Gatekeeper etabliert. An den Kriterien für Vertrauen…
-
Controller angreifbar: Forscher warnt vor manipulierbaren Verkehrsschildern
Tags: unclassifiedDurch Sicherheitslücken in Daktronics-Controllern können Angreifer LED-Anzeigetafeln kompromittieren – unter anderem solche am Straßenrand. First seen on golem.de Jump to article: www.golem.de/news/daktronics-strassenschilder-durch-controller-luecken-manipulierbar-2606-210333.html also interesting: Thales gibt Sicherheitstipps für den Black Friday Arrow Lake splashdown: Intel pins hopes on replacement for Raptors Never Underestimate CSRF: Why Origin Reflection is a Bad Idea Relax with Robust NHI…
-
(g+) Security: Wie Unternehmen mit IAM Risiken reduzieren
Identität ist der Schlüssel moderner IT-Sicherheit. Wie Identity-Access-Management Zugriffe kontrolliert und Risiken reduziert. First seen on golem.de Jump to article: www.golem.de/news/security-wie-unternehmen-mit-iam-risiken-reduzieren-2606-210334.html also interesting: ASPM buyer’s guide: 7 products to help secure your applications Don’t Let Your Cloud Security Catch a Bad Case of Permission Creep Aembit Introduces Identity and Access Management for Agentic AI Agentic…
-
Sicherheitslücken ohne Ende: Flut an KIReports überfordert Github
Github kommt bei der Bearbeitung von Sicherheitsmeldungen nicht mehr hinterher. Es gibt wohl einen Rückstau von mehreren Wochen. First seen on golem.de Jump to article: www.golem.de/news/sicherheitsluecken-ohne-ende-flut-an-ki-bug-reports-ueberfordert-github-2606-210347.html also interesting: Critical Vulnerabilities Found in GitHub Copilot, Gemini CLI, Claude, and Other AI Tools Affect Millions OpenClaw Vulnerability Exposes How an Open-Source AI Agent Can Be Hijacked GitHub…
-
Attackers Exploit SimpleHelp CVE-2026-48558 to Deploy TaskWeaver and Djinn Stealer
An unknown threat actor has been observed exploiting a recently disclosed maximum-severity security flaw in SimpleHelp to deliver two previously unreported malware families, TaskWeaver and Djinn Stealer.The intrusion involves the exploitation of CVE-2026-48558 (CVSS score: 10.0), a critical authentication bypass vulnerability impacting the OpenID Connect (OIDC) flow that an unauthenticated First seen on thehackernews.com Jump…
-
SystemBC Malware Turns Windows Machines Into SOCKS5 Proxies for Ransomware Attacks
SystemBC (also tracked as Coroxy) remains a versatile and persistent Windows malware family that operators routinely deploy to convert compromised hosts into SOCKS5 proxy gateways and to maintain remote access for follow-on operations. First observed as a payload in exploit kits around 20182019, SystemBC has evolved into a widely traded commodity tool used by multiple…