Category: SecurityNews
-
Italy fines Apple $116 million over App Store privacy policy issues
Italy’s competition authority (AGCM) has fined Apple Euro98.6 million ($116 million) for using the App Tracking Transparency (ATT) privacy framework to abuse its dominant market position in mobile app advertising. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/italy-fines-apple-116-million-over-app-store-tracking-privacy-practices/
-
Nissan: Thousands Impacted By Red Hat Breach
Nissan has revealed that over 20,000 customers have had personal information compromised in a third-party data breach First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/nissan-thousands-impacted-by-red/
-
Hundreds of Arrests as Operation Sentinel Recovers $3m
Tags: cybercrimeOperational Sentinel helps to crack down on cybercrime across 19 African countries in a month-long campaign First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/hundreds-arrests-operation/
-
Alles zum Cyber Resilience Act Teil 4 – Konformität und Konsequenzen des CRA
First seen on security-insider.de Jump to article: www.security-insider.de/cyber-resilience-act-strafen-konformitaet-a-84327bc2de46587a01525ae3d9164f31/
-
Wenn jeder Zugang ein Risiko ist: Insider-Bedrohungen im Zeitalter der Cloud
Das wirft eine entscheidende Frage auf: Wenn ein Gerät durch Malware übernommen wird und der Angreifer dieselben Rechte wie ein legitimer User hat, ist das dann ein Insider-Angriff? Aus Sicht des Zugriffs eindeutig ja. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/wenn-jeder-zugang-ein-risiko-ist-insider-bedrohungen-im-zeitalter-der-cloud/a43259/
-
OpenAI über KI-Browser: Prompt-Injection-Problem wahrscheinlich nie lösbar
Gerade bei den neuen KI-Browsern gelten Prompt Injections als extrem gefährlicher Angriffsvektor. OpenAI sieht keine vollständige Lösung dafür. First seen on golem.de Jump to article: www.golem.de/news/openai-ueber-ki-browser-prompt-injection-problem-wahrscheinlich-nie-loesbar-2512-203551.html
-
Gutscheincodes im Netz: Honey erpresste offenbar Onlineshops und nutzte Kinder aus
Tags: unclassifiedGezielte Werbung an Kinder, das Sammeln von privaten Daten und Schaden für Onlineshops: Honey ist wohl schlimmer, als bisher gedacht. First seen on golem.de Jump to article: www.golem.de/news/gutscheincodes-im-netz-honey-erpresste-offenbar-onlineshops-und-nutzte-kinder-aus-2512-203548.html
-
Best API Vulnerability Scanner in 2026
APIs (Application Programming Interfaces) have become the digital backbone of modern enterprises, seamlessly linking mobile applications, cloud platforms, and partner ecosystems. As their adoption rapidly progresses, APIs have also emerged as one of the most attractive entry points for hackers, thus signifying the importance of an API Vulnerability Scanner. By 2026, API security will have……
-
A year of Keeper Security!
Tags: access, ai, attack, credentials, cybersecurity, endpoint, infrastructure, passkey, password, software, zero-trustKeeper Security, the provider of zero-trust and zero-knowledge cybersecurity software protecting passwords and passkeys, infrastructure secrets, remote connections and endpoints, had reflected on 2025 as a year of meaningful growth. Amid an increase in credential-based attacks, rapid AI adoption and the operational demands of hybrid environments, Keeper strengthened its Privileged Access Management (PAM) platform, expanded…
-
Baker University says 2024 data breach impacts 53,000 people
Baker University has disclosed a data breach after attackers gained access to its network one year ago and stole the personal, health, and financial information of over 53,000 individuals. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/baker-university-data-breach-impacts-over-53-000-individuals/
-
U.S. DoJ Seizes Fraud Domain Behind $14.6 Million Bank Account Takeover Scheme
The U.S. Justice Department (DoJ) on Monday announced the seizure of a web domain and database that it said was used to further a criminal scheme designed to target and defraud Americans by means of bank account takeover fraud.The domain in question, web3adspanels[.]org, was used as a backend web panel to host and manipulate illegally…
-
Hundreds of Arrests as Operation Sentinel Recovers $3m
Tags: cybercrimeOperational Sentinel helps to crack down on cybercrime across 19 African countries in a month-long campaign First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/hundreds-arrests-operation/
-
KI treibt Betrug in der Weihnachtszeit zu neuen Höhen
Die festliche Jahreszeit lockt Millionen Menschen in Online-Shops und auf digitale Plattformen. Diese erhöhte Aktivität nutzen Cyberkriminelle gezielt aus. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/ki-betrug-weihnachtszeit
-
U.S. CISA adds a flaw in Digiever DS-2105 Pro to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a Digiever DS-2105 Pro flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a Digiever DS-2105 Pro vulnerability, tracked as CVE-2023-52163 (CVSS Score of 8.8), to its Known Exploited Vulnerabilities (KEV) catalog. Digiever DS-2105 Pro is a network video recorder (NVR) device designed…
-
Wichtig zu wissen! – Teams kehrt in die Lizenzpakete zurück, Windows 10 erhält weiter Updates
First seen on security-insider.de Jump to article: www.security-insider.de/microsoft-copilot-erweiterung-lizenzaenderungen-a-c1876f3c8b2af9ebf33fed3249c23b1a/
-
Agentic AI already hinting at cybersecurity’s pending identity crisis
Agentic AI’s identity crisis: Authentication and agentic experts interviewed, three of whom estimate that less than 5% of enterprises experimenting with autonomous agents have deployed agentic identity systems, say the reasons for this lack of security hardening are varied.First, many of these efforts are effectively shadow IT, where a line of business (LOB) executive has…
-
Critical n8n Flaw (CVSS 9.9) Enables Arbitrary Code Execution Across Thousands of Instances
A critical security vulnerability has been disclosed in the n8n workflow automation platform that, if successfully exploited, could result in arbitrary code execution under certain circumstances.The vulnerability, tracked as CVE-2025-68613, carries a CVSS score of 9.9 out of a maximum of 10.0. The package has about 57,000 weekly downloads, according to statistics on npm.”Under certain…
-
Interpol greift durch: Fast 600 Festnahmen bei AntiOperation
Interpol bestätigt mehrere Erfolge gegen Cybercrime-Aktivitäten. Teilweise konnten sogar mit Ransomware verschlüsselte Daten entschlüsselt werden. First seen on golem.de Jump to article: www.golem.de/news/interpol-greift-durch-fast-600-festnahmen-bei-anti-cybercrime-operation-2512-203546.html
-
Weak enforcement keeps PCI DSS compliance low
Payment card breaches continue to surface across industries, even after years of investment in security standards. A new study links this pattern to enforcement, showing that … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/12/23/pci-dss-adoption-enforcement-study/
-
CVE-2025-50165: Doch nicht so schlimm, wie gedacht?
Eine umfassende Analyse und Bewertung einer kritischen Schwachstelle First seen on welivesecurity.com Jump to article: www.welivesecurity.com/de/eset-research/cve-2025-50165-doch-nicht-so-schlimm-wie-gedacht/
-
FCC Bans Foreign-Made Drones and Key Parts Over U.S. National Security Risks
The U.S. Federal Communications Commission (FCC) on Monday announced a ban on all drones and critical components made in a foreign country, citing national security concerns.To that end, the agency has added to its Covered List Uncrewed aircraft systems (UAS) and UAS critical components produced in a foreign country, and all communications and video surveillance…
-
Formal proofs expose long standing cracks in DNSSEC
DNSSEC is meant to stop attackers from tampering with DNS answers. It signs records so resolvers can verify that data is authentic and unchanged. Many security teams assume … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/12/23/dnssec-validation-risks-research/
-
DDoSHire und Künstliche Intelligenz in Cybercrime-Plattformen – Chatbots als Steuerungsebene für DDoSHire-Angriffe
First seen on security-insider.de Jump to article: www.security-insider.de/ki-ddos-for-hire-chatbots-angriffskoordination-a-ed10dcd6dc138172fc2a0c8b9c78025f/
-
Kuaishou Cyberattack Disrupts Livestreaming, Triggers Sharp Stock Decline
Chinese short-video platform Kuaishou Technology saw its shares fall sharply after the company confirmed a cyberattack that briefly disrupted its livestreaming services, exposed users to inappropriate content, and rattled investor confidence. The Kuaishou cyberattack, which occurred late on Monday night, triggered the stock’s steepest single-day decline in more than two months and pushed it to…
-
Kuaishou Cyberattack Disrupts Livestreaming, Triggers Sharp Stock Decline
Chinese short-video platform Kuaishou Technology saw its shares fall sharply after the company confirmed a cyberattack that briefly disrupted its livestreaming services, exposed users to inappropriate content, and rattled investor confidence. The Kuaishou cyberattack, which occurred late on Monday night, triggered the stock’s steepest single-day decline in more than two months and pushed it to…
-
Neue Angriffswelle auf Microsoft 365-Konten
Sicherheitsforscher von Proofpoint warnen vor einer deutlichen Zunahme von Phishing-Kampagnen, die den legitimen Geräteautorisierungsprozess von Microsoft ausnutzen. Seit September 2025 beobachten die Experten großflächige Angriffe zur Kontoübernahme. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/angriffswelle-auf-microsoft-365
-
AI code looks fine until the review starts
Software teams have spent the past year sorting through a rising volume of pull requests generated with help from AI coding tools. New research puts numbers behind what many … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/12/23/coderabbit-ai-assisted-pull-requests-report/
-
Cloud security is stuck in slow motion
Cloud environments are moving faster than the systems meant to protect them. A new Palo Alto Networks study shows security teams struggling to keep up with development cycles, … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/12/23/palo-alto-networks-cloud-incident-response-report/
-
Windows-Denial-ofSchwachstellen – 0patch schließt RasMan-Absturzlücke vor Microsoft
First seen on security-insider.de Jump to article: www.security-insider.de/windows-rasman-dos-0patch-micropatch-a-a7bfa24afde773245a9432273de24759/
-
Deep Packet Inspection für mehr Resilienz
Tags: resilienceDeep Packet Inspection (DPI) wird zu einer zentralen Datenquelle für moderne Observability-Strategien und hilft Unternehmen, ihre IT-Systeme widerstandsfähiger und leistungsfähiger zu machen. Wenn Sie das Gefühl haben, Sie erleben die Informationstechnologie-Version des Films »Und täglich grüßt das Murmeltier«, sind Sie vermutlich nicht allein. Die Störungen im IT-Betrieb in diesem Jahr waren zahlreich. Das hat… First…