access ai android api apple attack authentication backdoor breach business ceo china cisa cisco ciso cloud compliance control credentials crypto cve cyber cyberattack cybercrime cybersecurity data data-breach defense detection email exploit finance flaw framework fraud germany google governance government group hacker hacking healthcare identity infrastructure intelligence Internet jobs law leak linux malicious malware microsoft monitoring network open-source password phishing privacy ransomware remote-code-execution resilience risk russia scam service software strategy supply-chain technology theft threat tool unclassified update usa vulnerability windows zero-day
-
Canvas hack: is it ever a good idea to pay a ransom, and what happens to the data?
Businesses are advised against paying but many are prepared to deal to protect users’ privacyAfter a week of outages, hundreds of millions of students’ data stolen, delayed assignment due dates and school login pages being defaced by hackers, the US tech firm Instructure which operates the education platform Canvas, used by education providers worldwide announced…
-
Pwn2Own Berlin 2026, Day Three: DEVCORE Crowned Master of Pwn, $1.298 Million Total
Tags: zero-dayPwn2Own Berlin 2026 ended with 47 zero-days and $1.29M in payouts, as DEVCORE dominated the competition across all categories. Pwn2Own Berlin 2026 ended after three intense days, with participants discovering 47 unique zero-days, and earning $1,298,250 in total payouts. Pwn2Own Berlin 2026 wrapped up at OffensiveCon on Saturday with a final day that sealed DEVCORE’s…
-
Pwn2Own Berlin 2026, Day Three: DEVCORE Crowned Master of Pwn, $1.298 Million Total
Tags: zero-dayPwn2Own Berlin 2026 ended with 47 zero-days and $1.29M in payouts, as DEVCORE dominated the competition across all categories. Pwn2Own Berlin 2026 ended after three intense days, with participants discovering 47 unique zero-days, and earning $1,298,250 in total payouts. Pwn2Own Berlin 2026 wrapped up at OffensiveCon on Saturday with a final day that sealed DEVCORE’s…
-
Pwn2Own Berlin 2026, Day Three: DEVCORE Crowned Master of Pwn, $1.298 Million Total
Tags: zero-dayPwn2Own Berlin 2026 ended with 47 zero-days and $1.29M in payouts, as DEVCORE dominated the competition across all categories. Pwn2Own Berlin 2026 ended after three intense days, with participants discovering 47 unique zero-days, and earning $1,298,250 in total payouts. Pwn2Own Berlin 2026 wrapped up at OffensiveCon on Saturday with a final day that sealed DEVCORE’s…
-
Ransomware-Gruppe ‘Nitrogen” hat Foxconn-Werk in den USA angegriffen
First seen on datensicherheit.de Jump to article: www.datensicherheit.de/ransomware-gruppe-nitrogen-foxconn-werk-usa-angriff also interesting: Kaffeehauskette aus den USA von Cyberangriff auf IT-Dienstleister betroffen Mehr Cyberangriffe bei weniger Beute Mangelhafte Cybersicherheit im Gesundheitswesen Wie Erpresser an Coinbase scheiterten
-
Nachfrage nach KI-Kompetenz: Masterstudiengang ‘Digital Transformation Management” als Reaktion auf Zunahme
Tags: aiFirst seen on datensicherheit.de Jump to article: www.datensicherheit.de/ki-kompetenz-masterstudiengang-digital-transformation-management also interesting: Zscaler Buys Red Canary to Elevate AI-Driven Threat Response Critical Argument Injection Flaw in AI Agents Enables Remote Code Execution Securing AI-Generated Code in Enterprise Applications: The New Frontier for AppSec Teams Backup Day puts the focus on data protection
-
Microsoft rejects critical Azure vulnerability report, no CVE issued
A security researcher claims Microsoft quietly fixed an Azure Backup for AKS vulnerability after rejecting his report, and without issuing a CVE. Microsoft disputes the claim, telling BleepingComputer the behavior was expected and that “no product changes were made,” despite the researcher documenting a silent fix. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/microsoft-rejects-critical-azure-vulnerability-report-no-cve-issued/ also…
-
U.S. CISA adds a flaw in Microsoft Exchange Server to its Known Exploited Vulnerabilities catalog
Tags: cisa, cve, cybersecurity, exploit, flaw, infrastructure, kev, microsoft, threat, vulnerabilityThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in Microsoft Exchange Server to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a flaw in Microsoft Exchange Server, tracked as CVE-2026-42897 (CVSS score of 8.1), to its Known Exploited Vulnerabilities (KEV) catalog. This week, Microsoft warned that threat actors are…
-
Russian APT Turla builds long-term access tool with Kazuar Botnet evolution
Russia-linked APT group Turla turned its Kazuar malware into a stealthy P2P botnet for long-term access to compromised systems. Russia-linked APT group Turla upgraded its Kazuar backdoor into a modular peer-to-peer botnet designed for stealth and persistent access to infected systems. Microsoft researchers say the malware allows attackers to maintain long-term control while making detection…
-
Russian APT Turla builds long-term access tool with Kazuar Botnet evolution
Russia-linked APT group Turla turned its Kazuar malware into a stealthy P2P botnet for long-term access to compromised systems. Russia-linked APT group Turla upgraded its Kazuar backdoor into a modular peer-to-peer botnet designed for stealth and persistent access to infected systems. Microsoft researchers say the malware allows attackers to maintain long-term control while making detection…
-
Russian APT Turla builds long-term access tool with Kazuar Botnet evolution
Russia-linked APT group Turla turned its Kazuar malware into a stealthy P2P botnet for long-term access to compromised systems. Russia-linked APT group Turla upgraded its Kazuar backdoor into a modular peer-to-peer botnet designed for stealth and persistent access to infected systems. Microsoft researchers say the malware allows attackers to maintain long-term control while making detection…
-
Russian APT Turla builds long-term access tool with Kazuar Botnet evolution
Russia-linked APT group Turla turned its Kazuar malware into a stealthy P2P botnet for long-term access to compromised systems. Russia-linked APT group Turla upgraded its Kazuar backdoor into a modular peer-to-peer botnet designed for stealth and persistent access to infected systems. Microsoft researchers say the malware allows attackers to maintain long-term control while making detection…
-
Funnel Builder Flaw Under Active Exploitation Enables WooCommerce Checkout Skimming
A critical security vulnerability impacting the Funnel Builder plugin for WordPress has come under active exploitation in the wild to inject malicious JavaScript code into WooCommerce checkout pages with the goal of stealing payment data. Details of the activity were published by Sansec this week. The vulnerability currently does not have an official CVE identifier.…
-
Vibe Coding Cheat Sheet: Tools, Prompts, Security Tips, and More
Tags: toolThis vibe coding cheat sheet explains how plain-language prompts can build apps fast, plus the planning, testing, and security checks needed. The post Vibe Coding Cheat Sheet: Tools, Prompts, Security Tips, and More appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-vibe-coding-cheat-sheet/ also interesting: Hackers Abuse EDRSilencer Tool to Bypass Security and…
-
Russian hackers turn Kazuar backdoor into modular P2P botnet
The Russian hacker group Secret Blizzard has developed its long-running Kazuar backdoor into a modular peer-to-peer (P2P) botnet designed for long-term persistence, stealth, and data collection. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/russian-hackers-turn-kazuar-backdoor-into-modular-p2p-botnet/ also interesting: The 2024 cyberwar playbook: Tricks used by nation-state actors Russia Used Borrowed Spyware to Target Ukrainian Troops The most…
-
YouTube Shopping-Falle: Impulskäufe per Fernbedienung
Tags: googleYouTube Shopping-Falle: Google macht Smart-TVs zur Verkaufsplattform. Produkte direkt per Fernbedienung kaufen ist perfekt für Impulskäufe. First seen on tarnkappe.info Jump to article: tarnkappe.info/artikel/entertainment/youtube-shopping-falle-smart-tv-google-pay-329208.html also interesting: Google Touts ‘Biggest Upgrade to Chrome in Its History’ With Gemini AI Google fears massive attempt to clone Gemini AI through model extraction Malicious Chrome Extensions Caught Stealing Business…
-
Canva-Studie: Unternehmen erhöhen KI-Budgets trotz Kundenskepsis
Tags: aiEine Canva-Studie zeigt: Marketing-Profis erhöhen die KI-Budgets für 2026, obwohl Verbraucher die Inhalte oft ablehnen. First seen on golem.de Jump to article: www.golem.de/news/canva-studie-unternehmen-erhoehen-ki-budgets-trotz-kundenskepsis-2605-208733.html also interesting: Orca: AI services, models falling short on security One in 12 US/UK Employees Uses Chinese GenAI Tools MCP: securing the backbone of Agentic AI Automatisierte Cybersicherheit – Qualys startet Marktplatz…
-
Cybercriminal Twins Caught After They Forgot to Turn Off Microsoft Teams Recording
Plus: Instructure’s Canvas ransomware debacle comes to a close, an alleged dark net market kingpin gets arrested, OpenAI workers fall victim to a supply chain attack, and more. First seen on wired.com Jump to article: www.wired.com/story/security-news-this-week-cybercriminal-twins-caught-after-they-forgot-to-turn-off-microsoft-teams-recording/ also interesting: 25 on 2025: APAC security thought leaders share their predictions and aspirations Cybersecurity Snapshot: NIST Offers Zero…
-
OpenAI hit by supply chain attack linked to malicious TanStack packages
OpenAI said the TanStack supply chain attack compromised two employee devices and exposed credentials from code repositories. OpenAI confirmed that the recent TanStack supply chain attack compromised two employee devices and exposed credential material stored in internal source code repositories. The incident began after the TeamPCP hacking group abused weaknesses in the package publishing process…
-
AI Voice Cloning: The Technology Behind It, Who’s Building It, and Where It’s Headed
Explore AI voice cloning technology, leading companies, real-world uses, ethical risks, and future trends shaping synthetic voices. First seen on hackread.com Jump to article: hackread.com/ai-voice-cloning-technology-behind-where-it-is-headed/ also interesting: What Is Shadow AI and Why It Matters? FireTail Blog Cybersecurity Snapshot: AI Will Take Center Stage in Cyber in 2026, Google Says, as MITRE Revamps ATTCK Framework…
-
VPN-Abzocke: Wenn es nach der Abo-Verlängerung teuer wird!
Tags: vpnWarnung: Bei Ablauf des Abos droht vielfach eine regelrecht VPN-Abzocke der großen Anbieter. Darum sind mehrere Kunden vor Gericht gegangen. First seen on tarnkappe.info Jump to article: tarnkappe.info/artikel/it-sicherheit/datenschutz/vpn-abzocke-wenn-es-nach-der-abo-verlaengerung-teuer-wird-329205.html also interesting: Published Vulnerabilities Surge by 43% CVE-2024-20337 Allows Unauthorized Access to VPN Sessions CyberGhost vs ExpressVPN (2024): Which VPN Is Better? MITRE breached by nation-state threat…
-
Critical ‘Claw Chain’ Vulnerabilities Put Thousands of OpenClaw AI Servers at Risk
Critical Claw Chain vulnerabilities in OpenClaw expose thousands of AI servers to data theft, backdoors, and admin-level attacks globally this week. . First seen on hackread.com Jump to article: hackread.com/claw-chain-vulnerabilities-openclaw-ai-servers-risk/ also interesting: 10 most critical LLM vulnerabilities Top 12 ways hackers broke into your systems in 2024 Lenovo chatbot breach highlights AI security blind spots…
-
FrostyNeighbor: Neue Tricks und digitale Spielchen
Tags: cyberespionageESET-Forscher entdeckten neue Aktivitäten von FrostyNeighbor aufgedeckt. Die Belarus nahestehende Gruppe hat ihre Angriffskette erneut angepasst, um ihre laufenden Cyberespionage-Operationen fortzusetzen. First seen on welivesecurity.com Jump to article: www.welivesecurity.com/de/eset-research/frostyneighbor-neue-tricks-und-digitale-spielchen/ also interesting: Emoji-controlled malware tapped in Pakistan-linked cyberespionage campaign Report: Chinese Hackers Breached CFIUS Russia-linked Gamaredon targets Ukraine with Remcos RAT Czech cyber agency NUKIB flags…
-
Claude Mythos Preview: Wie Anthropics KI die Cybersecurity herausfordert
First seen on t3n.de Jump to article: t3n.de/news/claude-mythos-wie-anthropics-ki-die-cyber-security-herausfordert-1742439/ also interesting: CISA Conducts First-Ever Tabletop Exercise Focused on AI Cyber Incident Response 15,000 Fake TikTok Shop Domains Deliver Malware, Steal Crypto via AI-Driven Scam Campaign BSI ANSI: Empfehlungen zur sicheren Integration von LLM Monitoring Legitimate Bot Traffic is Now a Cybersecurity Requirement
-
Neuer QRCheck: Warum Android-Nutzer ohne Play-Dienste jetzt Probleme haben
First seen on t3n.de Jump to article: t3n.de/news/neuer-qr-captcha-check-android-ohne-play-dienste-probleme-1741877/ also interesting: Privacy Roundup: Week 1 of Year 2025 Novel GhostSpy Android malware examined Forscher warnen: Android-Malware klaut 2FA-Codes aus Google Authenticator Neue ClickFix-Kampagne nutzt Fake-Windows-Updates
-
Studie zeigt: Hacker hassen KI-Beiträge in ihren Foren aus denselben Gründen wie alle anderen
First seen on t3n.de Jump to article: t3n.de/news/studie-hacken-hassen-ki-slop-1741954/ also interesting: Snowflake Clients Targeted With Credential Attacks Cyberkriminalität mit KI: Diese Large Language Models nutzen Hacker immer öfter Wie KI die Cybersicherheit neu gestaltet Malware-Kampagne gegen Entwickler-Umgebungen
-
GTA 6 kurz vor dem Start? Warum die Börse schon einmal feiert
Tags: unclassifiedFirst seen on t3n.de Jump to article: t3n.de/news/gta-6-start-boerse-feiern-1742633/ also interesting: GPS Jamming Is Screwing With Norwegian Planes Thales stellt OneWelcome Identitätsplattform jetzt allen Unternehmen weltweit zur Verfügung AppFlow Thales stellt Passwordless 360° vor: Umfassende passwortlose Authentifizierungslösung
-
Datensouveränität im KI-Zeitalter als strategisches Muss für IT-Entscheider
Tags: aiFirst seen on datensicherheit.de Jump to article: www.datensicherheit.de/datensouveraenitaet-ki-zeitalter-strategie-muss-it-entscheider also interesting: AI Is the New Trust Boundary: STL TechWeek Reveals the Risk Shift Cloudflare führt Application Confidence Scores für KI-Anwendungen ein AO-labs AI Phishing Is No. 1 With a Bullet for Cyberattackers
-
Datensouveränität im KI-Zeitalter als strategisches Muss für IT-Entscheider
Tags: aiFirst seen on datensicherheit.de Jump to article: www.datensicherheit.de/datensouveraenitaet-ki-zeitalter-strategie-muss-it-entscheider also interesting: 3 Tips for Becoming the Champion of Your Organization’s AI Committee What Microsoft Knows About AI Security That Most CISOs Don’t? Eat or be eaten by AI, Amazon CEO warns staff AI Tackles Binary Code Challenges to Fortify Supply Chain Security
-
HarfangLab: Europas KMU laut Bundeslagebild Cyberkriminalität 2025 stärker gefährdet als je zuvor
Tags: cybercrimeFirst seen on datensicherheit.de Jump to article: www.datensicherheit.de/harfanglab-kmu-bundeslagebild-cyberkriminalitaet-2025-gefaehrdung also interesting: German Authorities Take Down Crimemarket Cybercrime Website Zero-day Java flaw exploited in targeted tax email malware attack Hackers Exploit WordPress Sites by Silently Injecting Malicious PHP Code Russian bulletproof hosting provider sanctioned over ransomware ties
-
Colorado governor commutes prison sentence for election denier Tina Peters
Peters was sentenced to nine years for stealing voting data and has been publicly unrepentant. But Colorado Governor Jared Polis has been hinting at the decision for months. First seen on cyberscoop.com Jump to article: cyberscoop.com/colorado-election-denier-tina-peters-sentence-commuted-governor-jared-polis/ also interesting: Flaw in Right-Wing ‘Election Integrity’ App Exposes Voter-Suppression Plan and User Data Vast Voter Data Leaks Cast…
-
Upscale vs. Upskill: The Real Cybersecurity Gap
AI Adoption Is Accelerating, but Workforce Capability Isn’t Keeping Pace Technology will continue to evolve. AI will embed itself across enterprise environments and attack surfaces will expand regardless of organizational readiness. The real challenge lies on the upskilling side, where the gap is widening – often without immediate visibility. First seen on govinfosecurity.com Jump to…
-
Musk v. Altman: A Warning for Enterprise AI
Tags: ai3-Week Court Battle Exposes Dark Side of AI Vendors and Their Promises The Musk v. Altman trial produced something more unsettling than a verdict. It revealed an AI industry built on promises that turned out to be negotiable, governed by people whose colleagues called them liars under oath. Enterprise buyers should be paying attention. First…
-
AI Doctors? Lawsuits Say No, Some Doctors Say Yes
License Frontier AI to Practice Medicine, Argues JAMA Article. Scrutiny is intensifying around the quickly evolving role that AI is playing in healthcare. That includes issues around the transparency and safety of consumer health chatbots and also whether a new clinical AI licensing framework is necessary to protect the integrity of medicine. First seen on…
-
SecurityScorecard Buys Driftnet for More Internet Visibility
Driftnet Acquisition Adds Real-Time Visibility Into Exposed Assets and AI Risks. SecurityScorecard acquired internet reconnaissance startup Driftnet to expand real-time visibility into hidden infrastructure, exposed assets and AI-driven third-party risks while strengthening threat hunting, attribution and internet-scale intelligence capabilities. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/securityscorecard-buys-driftnet-for-more-internet-visibility-a-31707 also interesting: TDL 007 – Cyber Warriors Digital…
-
New Cisco SD-WAN Zero-Day Grants Admin Access
Broken vdaemon Peering Authentication Enables Unauthenticated Admin Access. A maximum-severity vulnerability in Cisco Catalyst SD-WAN Controller is being actively exploited, giving attackers administrative privileges without authentication. The authentication bypass vulnerability stems from a broken peering authentication mechanism. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/new-cisco-sd-wan-zero-day-grants-admin-access-a-31708 also interesting: Cisco Firewall and VPN Zero Day Attacks: CVE-2025-20333…
-
Pwn2Own Berlin 2026, Day Two: $385,750 more, Microsoft Exchange falls, and the running total crosses $900K
Day two of Pwn2Own Berlin 2026 saw $385,750 earned for 15 zero-days, bringing the total to $908,750 and 39 vulnerabilities over two days. During the second day of Pwn2Own Berlin 2026, security researchers earned $385,750 after successfully demonstrating 15 unique zero-day vulnerabilities affecting products such as Windows 11, Microsoft Exchange, and Red Hat Enterprise Linux…
-
The Boring Stuff is Dangerous Now
AI agents capable of discovering and exploiting obscure vulnerabilities are emerging alongside developers producing vast amounts of potentially flawed AI-generated code, forcing defenders to adapt accordingly. First seen on darkreading.com Jump to article: www.darkreading.com/cyber-risk/ai-code-and-agents-forces-defenders-adapt also interesting: Hybrid Exchange environment vulnerability needs fast action Research shows AI agents are highly vulnerable to hijacking attacks TDL 008…
-
Anthropic Warns US Risks Losing AI Edge to China Over Chips
New Report Warns China Could Reach Frontier AI Near-Parity by 2028. Anthropic warned that weak chip export controls, model distillation and expanded Chinese access to advanced compute infrastructure could erode Washington’s frontier AI advantage and accelerate Beijing’s push toward near-parity in advanced AI systems. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/anthropic-warns-us-risks-losing-ai-edge-to-china-over-chips-a-31702 also interesting: Cybersecurity…
-
The Next Cybersecurity Challenge May Be Verifying AI Agents
AI agents are reshaping cybersecurity. Learn why verification, trusted identity standards, and runtime controls are now essential. First seen on hackread.com Jump to article: hackread.com/next-cybersecurity-challenge-verifying-ai-agents/ also interesting: Would Your Business Survive a Black Friday Cyberattack? Cybersecurity Snapshot: Predictions for 2026: AI Attack Acceleration, Automated Remediation, Custom-Made AI Security Tools, Machine Identity Threats, and More Claude…
-
Expired domain leads to supply chain attack on node-ipc npm package
require(‘node-ipc’). The trojanized versions were designed to remain fully functional to avoid immediate detection, which together with other decisions attackers took, such as data exfiltration via DNS TXT, suggest stealthiness was a top priority.Once executed, the malicious code collects information about the host system, including operating system version, hostname, and environment variables. It then starts…
-
Wave of ShinyHunters Extortion Drives Surge in Data Leaks
‘Have I Been Pwned’ Founder Troy Hunt Reviews Impact on People and Organizations. The volume of data breaches that result in stolen personal data being leaked online has been surging, courtesy of the ShinyHunters, and while it affects individuals, the organizations being extorted are bearing the brunt of such attacks, said Troy Hunt, founder and…
-
Here’s how the FTC plans to enforce the Take It Down Act
Tags: financeThe commission will dole out hefty fines and promises investigations for Take It Down Act violators. Experts say questions remain around the agency’s resources and priorities. First seen on cyberscoop.com Jump to article: cyberscoop.com/ftc-take-it-down-act-enforcement-deepfakes/ also interesting: Treasury group unveils guidance for financial sector on cloud adoption Information Blocking of Patient Records Could Cost Providers Collection…
-
Exchange Server zero-day vulnerability can be triggered by opening a malicious email
Tags: automation, data, email, malicious, microsoft, mitigation, risk, service, tactics, update, vulnerability, zero-dayKnown issues with mitigation tactics: However, admins should note there are known issues once the mitigation is applied either manually or automatically through the EM Service.OWA Print Calendar functionality might not work. As a workaround, copy the data or screenshot the calendar you want to print, or use Outlook Desktop client. Inline images might not…
-
Funnel Builder WordPress plugin bug exploited to steal credit cards
A critical vulnerability in the Funnel Builder plugin for WordPress is being actively exploited to inject malicious JavaScript snippets into WooCommerce checkout pages. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/funnel-builder-wordpress-plugin-bug-exploited-to-steal-credit-cards/ also interesting: 10 most critical LLM vulnerabilities WordPress Hunk Companion Plugin Flaw Exploited to Silently Install Vulnerable Plugins Millions of WordPress Websites Vulnerable to…
-
Microsoft Debuts Bug Hunting 100-Agent AI System
Computing Giant Touts Multi-Agentic ‘MDASH’ Approach as Superior to Single Models. Microsoft says its new approach to finding vulnerabilities with artificial intelligence outclasses the single models touted by Anthropic and OpenAI. MDASH is only being utilized internally by Microsoft engineers and tested by a small set of customers as part of a limited private preview.…
-
ISMG Editors: Should We Trust Ransomware Gangs?
Ransomware Payouts, AI-Driven Threats and Reshaping Payment Fraud. In this week’s panel, four ISMG editors discussed a ransomware case that once again raises questions about paying extortionists, why security leaders fear AI is accelerating attacks faster than humans can respond and how the rise of instant payments is reshaping fraud programs at banks. First seen…
-
A hotel check-in system left a million passports and driver’s licenses open for anyone to see
The tech company that maintains the hotel check-in system set its cloud storage to public, allowing anyone to access customers’ data without a password. First seen on techcrunch.com Jump to article: techcrunch.com/2026/05/15/a-hotel-check-in-system-left-a-million-passports-and-drivers-licenses-open-for-anyone-to-see/ also interesting: AI development pipeline attacks expand CISOs’ software supply chain risk CISA flags Commvault zero-day as part of wider SaaS attack campaign…