Tag: software
-
The EOL Blind Spot in Your CVE Feed: What SCA Tools Miss
Critical vulnerabilities can exist in open source software your scanners don’t check. HeroDevs reveals how EOL software creates blind spots in CVE feeds and SCA tools, and how you can receive a free end-of-life scan for your projects. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/the-eol-blind-spot-in-your-cve-feed-what-sca-tools-miss/
-
Critical Apache HTTP/2 Flaw (CVE-2026-23918) Enables DoS and Potential RCE
The Apache Software Foundation (ASF) has released security updates to address several security vulnerabilities in the HTTP Server, including a severe vulnerability that could potentially lead to remote code execution (RCE).The vulnerability, tracked as CVE-2026-23918 (CVSS score: 8.8), has been described as a case of “double free and possible RCE” in the HTTP/2 protocol handling.…
-
DAEMON Tools Supply Chain Attack Compromises Official Installers with Malware
A newly identified supply chain attack targeting DAEMON Tools software has compromised its installers to serve a malicious payload, according to findings from Kaspersky.”These installers are distributed from the legitimate website of DAEMON Tools and are signed with digital certificates belonging to DAEMON Tools developers,” Kaspersky researchers Igor Kuznetsov, Georgy Kucherin, Leonid First seen on…
-
North Korean APT Targets Yanbian Gamers via Trojanized Platform
ESET warns that North Korean hackers compromised a Yanbian gaming site in a supply”‘chain attack, trojanizing Windows and Android software to spy on users First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/scarcruft-birdcall-android-yanbian/
-
The EOL Blind Spot in Your CVE Feed: What SCA Tools Don’t Check.
Critical vulnerabilities can exist in open source software your scanners don’t check. HeroDevs reveals how EOL software creates blind spots in CVE feeds and SCA tools, and how you can receive a free end-of-life scan for your projects. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/the-eol-blind-spot-in-your-cve-feed-what-sca-tools-dont-check/
-
Fake SSA Emails Drive Venomous#Helper Phishing Campaign
Venomous#Helper attackers impersonate the US Social Security Administration to deploy signed RMM software and maintain persistent access across US networks First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/ssa-emails-venomous-helper-phishing/
-
Huntress Expands Channel Partnerships to Boost Cybersecurity Reach Across Mid-Market and Public Sector
Global cybersecurity company Huntress has announced a major expansion of its global channel ecosystem, adding four new distribution partners to accelerate growth across the mid-market, public sector, and EMEA regions. The new partnerships with Ingram Micro, Vertosoft, Liquid PC, and QBS Software are designed to broaden access to enterprise-grade cybersecurity tools for organizations increasingly targeted…
-
IdentityPath-Management gewinnt ab operativer Reife
Specterops, die Entwickler der Bloodhound-Software, veröffentlicht die Ergebnisse einer neuen, vom Analystenhaus Omdia im Auftrag von Specterops durchgeführten Studie. Die Untersuchung beleuchtet, wie Führungskräfte aus den Bereichen Sicherheit und Identitätsmanagement das Identity-Attack-Path-Management (APM) im Rahmen umfassender Strategien der Identitätssicherheit einführen und in der Geschäftspraxis verankern. Die Ergebnisse zeigen, dass Identity-Attack-Path-Management das Experimentierstadium hinter sich gelassen…
-
We Scanned 1 Million Exposed AI Services. Here’s How Bad the Security Actually Is
While the software industry has made genuine strides over the past few decades to deliver products securely, the furious pace of AI adoption is putting that progress at risk. Businesses are moving fast to self-host LLM infrastructure, drawn by the promise of AI as a force multiplier and the pressure to deliver more value faster.…
-
NCSC Warns of an AI-Fuelled “Vulnerability Patch Wave”
The UK’s National Cyber Security Centre is urging organizations to prepare for glut of new software updates First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/ncsc-warns-aifuelled-vulnerability/
-
North Korean hackers trojanize gaming platform to spy on ethnic Koreans in China
A gaming platform built for ethnic Koreans in China has been serving backdoored Windows and Android software to its users since late 2024. The platform, sqgame[.]net, hosts … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/05/05/china-scarcruft-supply-chain-attack/
-
Qualcomm Chipset Vulnerabilities Raise Alarm Over Remote Code Execution Risk
Tags: cyber, exploit, Internet, open-source, remote-code-execution, risk, software, threat, vulnerabilityQualcomm Technologies has released its May 2026 security bulletin, addressing a sweeping array of vulnerabilities across its proprietary and open-source software ecosystems. Threat actors could exploit these security gaps to compromise smartphones, automotive systems, and industrial Internet of Things devices without requiring user interaction. The semiconductor giant is strongly urging original equipment manufacturers to deploy…
-
Apache HTTP Server Vulnerability Exposes Millions to Remote Code Execution Threats
Tags: apache, cve, cyber, flaw, malicious, remote-code-execution, software, threat, update, vulnerabilityThe Apache Software Foundation has released an urgent security update for the Apache HTTP Server to patch a severe vulnerability. Tracked as CVE-2026-23918, this flaw could allow attackers to execute malicious code remotely on affected web servers, putting millions of websites at risk. Understanding the Vulnerability The newly discovered security flaw is classified as a…
-
pnpm 11 Enables Default Release-Age Guard to Curb npm Supply Chain Attacks
pnpm 11 has been released with a strong focus on reducing software supply chain risk, introducing security-first defaults that directly address modern package ecosystem threats. The most significant change in pnpm 11 is the introduction of a default Minimum Release Age of 24 hours (1440 minutes). This means newly published package versions are not eligible…
-
Anthropic Mythos spurs White House to weigh pre-release reviews for high-risk AI models
Tags: access, ai, cybersecurity, exploit, framework, government, group, infrastructure, malicious, openai, risk, software, technology, update, vulnerabilityThe Mythos factor: The discussion follows Anthropic’s recent introduction of Mythos, a model the company has described as representing a watershed moment for cybersecurity.Anthropic has said Mythos Preview has found thousands of high-severity vulnerabilities, including some in every major operating system and web browser, and that AI models have reached a level of coding capability…
-
Hackers are mass-exploiting the cPanel bug to gain control of thousands of websites
Days after the disclosure of a critical vulnerability in popular web hosting software cPanel and WHM, hackers are now targeting and hacking thousands of vulnerable websites. First seen on techcrunch.com Jump to article: techcrunch.com/2026/05/04/hackers-are-still-exploiting-the-cpanel-bug-to-gain-control-of-thousands-of-websites/
-
NY Fines Delta Dental $2.25M Over 2023 MOVEit Hack
Investigators Find Violations of State Cyber Regulations. New York fined Delta Dental $2.25 million for the company’s response to the mass exploit of a zero-day vulnerability in Progress Software’ MOVEit file transfer application. Delta Dental is one of thousands of organizations caught up in the blast radius of an automated 2023 Memorial Day hack. First…
-
How Mythos Signals Cybersecurity Disruption
Tags: access, ai, attack, banking, browser, business, cybersecurity, data, exploit, finance, government, hacker, healthcare, infrastructure, microsoft, open-source, risk, software, technology, tool, update, vulnerability, zero-dayWhat is Mythos Mythos is Anthropic’s latest AI model, and it is stirring up a tornado of concern in cybersecurity circles. Even before its release, Mythos discovered thousands of new sensitive vulnerabilities in commercial and open-source software, including all major operating systems and web browsers. One was in existence for over 27 years without the industry…
-
Hackers are still exploiting the cPanel bug to gain control of thousands of websites
Days after the disclosure of a critical vulnerability in popular web hosting software cPanel and WHM, hackers keep targeting and hacking websites. First seen on techcrunch.com Jump to article: techcrunch.com/2026/05/04/hackers-are-still-exploiting-the-cpanel-bug-to-gain-control-of-thousands-of-websites/
-
Phishing Campaign Hits 80+ Orgs Using SimpleHelp and ScreenConnect RMM Tools
An active phishing campaign has been observed targeting multiple vectors since at least April 2025, with legitimate Remote Monitoring and Management (RMM) software as a way to establish persistent remote access to compromised hosts.The activity, codenamed VENOMOUS#HELPER, has impacted over 80 organizations, most of which are in the U.S., according to Securonix. It shares overlaps…
-
Progress Patches Critical MOVEit Automation Bug Enabling Authentication Bypass
Progress Software has released updates to address two security flaws in MOVEit Automation, including a critical bug that could result in an authentication bypass.MOVEit Automation (formerly Central) is a secure, server-based managed file transfer (MFT) solution used to schedule and automate file movement workflows in enterprise environments without requiring any custom scripts. The First seen…
-
New MOVEit vulnerabilities prompt urgent patch warning
Progress Software warned customers to immediately upgrade the file-transfer tool to fix the serious flaws. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/moveit-vulnerabilities-authentication-bypass-privilege-escalation/819187/
-
New MOVEit vulnerabilities prompt urgent vendor warning
Progress Software warned customers to immediately upgrade to versions of the file-transfer tool that fix the serious flaws. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/moveit-vulnerabilities-authentication-bypass-privilege-escalation/819187/
-
Critical MOVEit Automation auth bypass vulnerability fixed (CVE-2026-4670)
Progress Software has fixed a critical authentication bypass (CVE-2026-4670) and a privilege escalation (CVE-2026-5174) vulnerability in MOVEit Automation, exploitation of … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/05/04/critical-moveit-automation-auth-bypass-vulnerability-fixed-cve-2026-4670/
-
IDC sieht Veeam im zweiten Halbjahr 2025 weltweit als Nummer 1 bei der Datensicherungssoftware
Veeam Software, das Unternehmen für Data- und AI-Trust, wurde von IDC in seinem aktuellen ‘IDC Semiannual Software Tracker, 2025H2″ auf Platz 1 der weltweiten Marktanteile für Datensicherungssoftware platziert. Dem Bericht zufolge erreichte Veeam im zweiten Halbjahr 2025 einen Marktanteil von 13,6 Prozent, was einem Anstieg gegenüber den 13,2 Prozent im ersten Halbjahr 2025 entspricht. IDC…
-
KI-Agent löscht Produktionsumgebung
Bei einem Software-Unternehmen ist geschehen, was prinzipiell jedem Unternehmen passieren kann, wenn es KI ohne kontrollierte Zugriffssicherheit einsetzt. Was ist geschehen: Der Gründer von PocketOS, einer Software-Plattform für Autovermietung, berichtet, dass ein KI-Coding-Tool während einer Routineaufgabe eine Berechtigungsabweichung erststellte. Der KI-Agent entschied eigenständig, das Problem zu lösen, indem er ein Volume löschte. Dabei wurden die…
-
Progress warns of critical MOVEit Automation auth bypass flaw
Progress Software warned customers to patch a critical authentication bypass vulnerability in its MOVEit Automation enterprise-grade managed file transfer (MFT) application. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/moveit-automation-customers-warned-to-patch-critical-auth-bypass-flaw/

