Category: SecurityNews
-
Announced pick for No. 2 at NSA won’t get the job as another candidate surfaces
Tags: jobsJoe Francescon, announced in August as the NSA’s new deputy director, will not be filling the role, sources told Recorded Future News, and the Trump administration has another pick in mind. First seen on therecord.media Jump to article: therecord.media/announced-nsa-deputy-director-pick-joe-francescon-not-taking-job
-
2026 API and AI Security Predictions: What Experts Expect in the Year Ahead
This is a predictions blog. We know, we know; everyone does them, and they can get a bit same-y. Chances are, you’re already bored with reading them. So, we’ve decided to do things a little bit differently this year. Instead of bombarding you with just our own predictions, we’ve decided to cast the net far…
-
Microsoft bounty program now includes any flaw impacting its services
Microsoft now pays security researchers for finding critical vulnerabilities in any of its online services, regardless of whether the code was written by Microsoft or a third party. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-bounty-program-now-includes-any-flaw-impacting-its-services/
-
Malware Discovered in 19 Visual Studio Code Extensions
A new campaign involving 19 malicious Visual Studio Code extensions used a legitimate npm package to embed malware in dependency folders First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/malware-discovered-in-19-vs-code/
-
2026 API and AI Security Predictions: What Experts Expect in the Year Ahead
This is a predictions blog. We know, we know; everyone does them, and they can get a bit same-y. Chances are, you’re already bored with reading them. So, we’ve decided to do things a little bit differently this year. Instead of bombarding you with just our own predictions, we’ve decided to cast the net far…
-
Federal agencies now only have one more day to patch React2Shell bug
Wide exploitation of the vulnerability known as React2Shell has prompted CISA to reduce the amount of time federal agencies have to patch the bug. First seen on therecord.media Jump to article: therecord.media/react4shell-vulnerability-cisa-shortens-patch-deadline
-
Hackers reportedly breach developer involved with Russia’s military draft database
A hacking group it had maintained access to the firm’s systems for several months and had destroyed parts of the company’s infrastructure. First seen on therecord.media Jump to article: therecord.media/hackers-reportedly-breach-developer-involved-in-russian-military-database
-
New ‘DroidLock’ Android Malware Locks Users Out, Spies via Front Camera
Zimperium zLabs reveals DroidLock, a new Android malware acting like ransomware that can hijack Android devices, steal credentials via phishing, and stream your screen via VNC. First seen on hackread.com Jump to article: hackread.com/droidlock-android-malware-users-spy-camera/
-
2025 geht, 2026 kommt ein Rück- und Ausblick in Sachen Cyberkriminalität
Das vergangene Jahr hat gezeigt, dass Cyberangriffe raffinierter, schneller und unberechenbarer geworden sind. Sowohl staatliche Akteure als auch kriminelle Gruppen entwickeln neue Taktiken, die Verteidigungssysteme weltweit auf die Probe stellen. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/2025-geht-2026-cyberkriminalitaet
-
New ConsentFix attack hijacks Microsoft accounts via Azure CLI
A new variation of the ClickFix attack dubbed ‘ConsentFix’ abuses the Azure CLI OAuth app to hijack Microsoft accounts without the need for a password or to bypass multi-factor authentication (MFA) verifications. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-consentfix-attack-hijacks-microsoft-accounts-via-azure-cli/
-
Kyndryl Aims New Quantum Safe Assessment At Future Security Risks
Kyndryl’s Quantum Safe Assessment service aims to help businesses understand their vulnerabilities as quantum computers start to be used in security attacks. First seen on crn.com Jump to article: www.crn.com/news/security/2025/kyndryl-aims-new-quantum-safe-assessment-at-future-security-risks-from-quantum-computing
-
AI is accelerating cyberattacks. Is your network prepared?
AI-driven attacks now automate reconnaissance, generate malware variants, and evade detection at a speed that overwhelms traditional defenses. Corelight explains how network detection and response (NDR) provides the visibility and behavioral insights SOC teams need to spot and stop these fast-moving threats. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/ai-is-accelerating-cyberattacks-is-your-network-prepared/
-
AI in OT Sparks Cascade of Complex Challenges
Using artificial intelligence in operational technology environments could be a bumpy ride full of trust issues and security challenges. First seen on darkreading.com Jump to article: www.darkreading.com/ics-ot-security/ai-ot-too-incompatible-work-securely
-
Cyberangriffe in der Logistikbranche – Partner und Personal öffnen Angreifern die Tür
Tags: cyberattackFirst seen on security-insider.de Jump to article: www.security-insider.de/sicherheitsvorfalle-logistikbranche-schwachstellen-loesungen-a-e89980481e4514d840e39309c0caeec8/
-
KnowBe4 KI-Studie: 96% der Unternehmen kämpfen mit dem menschlichen Faktor
Die Daten stammen aus einer unabhängigen Umfrage von Arlington Research. Befragt wurden 700 Cybersicherheitsexperten und 3.500 Mitarbeitende ohne direkte Cybersecurity-Verantwortung aus 15 Ländern First seen on infopoint-security.de Jump to article: www.infopoint-security.de/knowbe4-ki-studie-96-der-unternehmen-kaempfen-mit-dem-menschlichen-faktor/a43170/
-
AI is accelerating cyberattacks. Is your network prepared?
AI-driven attacks now automate reconnaissance, generate malware variants, and evade detection at a speed that overwhelms traditional defenses. Corelight explains how network detection and response (NDR) provides the visibility and behavioral insights SOC teams need to spot and stop these fast-moving threats. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/ai-is-accelerating-cyberattacks-is-your-network-prepared/
-
Neuer Banking-Trojaner ‘Maverick”: BlueVoyant deckt raffinierte WhatsApp-Angriffe auf
Der Angriff beginnt typischerweise mit einer ZIP-Datei, die das Ziel per WhatsApp erhält. Darin versteckt sich eine vermeintliche Verknüpfung (.lnk), die beim Öffnen automatisch eine PowerShell-Routine startet. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/neuer-banking-trojaner-maverick-bluevoyant-deckt-raffinierte-whatsapp-angriffe-auf/a43167/
-
Brisantes Datenleck auf Docker Hub: Über 10.000 Docker-Images leaken Zugangsdaten
Auf Docker Hub wurden allein im November Tausende Images mit Keys, Tokens und anderen Anmeldedaten hochgeladen – ein Großteil mit KI-Bezug. First seen on golem.de Jump to article: www.golem.de/news/docker-hub-zugangsdaten-in-ueber-10-000-docker-images-entdeckt-2512-203160.html
-
2025 geht, 2026 kommt ein Rück- und Ausblick in Sachen Cyberkriminalität
Das vergangene Jahr hat gezeigt, dass Cyberangriffe raffinierter, schneller und unberechenbarer geworden sind. Sowohl staatliche Akteure als auch kriminelle Gruppen entwickeln neue Taktiken, die Verteidigungssysteme weltweit auf die Probe stellen. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/2025-geht-2026-cyberkriminalitaet
-
Kyndryl Aims New Quantum Safe Assessment At Future Security Risks
Kyndryl’s Quantum Safe Assessment service aims to help businesses understand their vulnerabilities as quantum computers start to be used in security attacks. First seen on crn.com Jump to article: www.crn.com/news/security/2025/kyndryl-aims-new-quantum-safe-assessment-at-future-security-risks-from-quantum-computing
-
UK fines LastPass £1.2 million for data breach affecting 1.6 million people
The Information Commissioner’s Office said LastPass had “failed to implement sufficiently robust technical and security measures” to protect its data. First seen on therecord.media Jump to article: therecord.media/uk-fines-lastpass-over-1-million-data-breach
-
Beyond Cargo Audit: Securing Your Rust Crates in Container Images
Container image scanning has come a long way over the years, but it still comes with its own set of, often unique, challenges. One of these being the difficulty in analyzing images for vulnerabilities when they contain a Rust payload. If you’re a big Rust user, you may have found that some software composition analysis……
-
Granular Policy Enforcement using lattice-based cryptography for MCP security.
Discover how lattice-based cryptography enables granular policy enforcement for Model Context Protocol (MCP) security. Learn about quantum-resistant protection, parameter-level restrictions, and compliance in AI infrastructure. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/12/granular-policy-enforcement-using-lattice-based-cryptography-for-mcp-security/
-
Security flaws in Freedom Chat app exposed users’ phone numbers and PINs
The founder of Freedom Chat said the company has reset user PINs and released a new version to app stores. First seen on techcrunch.com Jump to article: techcrunch.com/2025/12/11/security-flaws-in-freedom-chat-app-exposed-users-phone-numbers-and-pins/
-
FortiCloud SSO Schwachstelle bei Authentifizierung
Fortinet warnt seine Kunden vor kritischen Sicherheitslücken bei der FortiCloud-SSO-Anmeldeauthentifizierung. Es gibt zwei kritische Schwachstellen in FortiOS, FortiWeb, FortiProxy und FortiSwitchManager, die es Angreifern ermöglichen könnten, die FortiCloud-SSO-Authentifizierung zu umgehen. Fortinet hat zum 9. Dezember 2025 Sicherheitsupdates zum Schließen der … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/12/11/forticloud-sso-schwachstelle-bei-authentifizierung/
-
1inch Named Exclusive Swap Provider at Launch for Ledger Multisig
Tags: unclassifiedRoad Town, British Virgin Islands, 11th December 2025, CyberNewsWire First seen on hackread.com Jump to article: hackread.com/1inch-named-exclusive-swap-provider-at-launch-for-ledger-multisig/
-
ThreatsDay Bulletin: Spyware Alerts, Mirai Strikes, Docker Leaks, ValleyRAT Rootkit, and 20 More Stories
This week’s cyber stories show how fast the online world can turn risky. Hackers are sneaking malware into movie downloads, browser add-ons, and even software updates people trust. Tech giants and governments are racing to plug new holes while arguing over privacy and control. And researchers keep uncovering just how much of our digital life…
-
NANOREMOTE Malware Uses Google Drive API for Hidden Control on Windows Systems
Cybersecurity researchers have disclosed details of a new fully-featured Windows backdoor called NANOREMOTE that uses the Google Drive API for command-and-control (C2) purposes.According to a report from Elastic Security Labs, the malware shares code similarities with another implant codenamed FINALDRAFT (aka Squidoor) that employs Microsoft Graph API for C2. FINALDRAFT is attributed to a First…