Tag: software

Apple’s Bug Bounty Program

Oct 15, 2025 7:13 PM

Tags: access, apple, bug-bounty, exploit, software, spyware, unauthorized, vulnerability

Apple is now offering a $2M bounty for a zero-click exploit. According to the Apple website: Today we’re announcing the next major chapter for Apple Security Bounty, featuring the industry’s highest rewards, expanded research categories, and a flag system for researchers to objectively demonstrate vulnerabilities and obtain accelerated awards. We’re doubling our top award to…
CISA warns of ‘significant’ threat to federal networks after nation-state hackers stole F5 source code, undisclosed bug info

Oct 15, 2025 7:13 PM

Tags: cisa, hacker, network, risk, software, threat, update

The emergency directive orders all agencies to apply the latest updates for all at-risk F5 virtual and physical devices and downloaded software by October 22. First seen on therecord.media Jump to article: therecord.media/cisa-directive-f5-nation-state-incident
Apple’s Bug Bounty Program

Oct 15, 2025 7:13 PM

Tags: access, apple, bug-bounty, exploit, software, spyware, unauthorized, vulnerability

Apple is now offering a $2M bounty for a zero-click exploit. According to the Apple website: Today we’re announcing the next major chapter for Apple Security Bounty, featuring the industry’s highest rewards, expanded research categories, and a flag system for researchers to objectively demonstrate vulnerabilities and obtain accelerated awards. We’re doubling our top award to…
Over 100 VS Code Extensions Exposed Developers to Hidden Supply Chain Risks

Oct 15, 2025 5:55 PM

Tags: access, data-breach, exploit, malicious, marketplace, risk, software, supply-chain, update

New research has uncovered that publishers of over 100 Visual Studio Code (VS Code) extensions leaked access tokens that could be exploited by bad actors to update the extensions, posing a critical software supply chain risk.”A leaked VSCode Marketplace or Open VSX PAT [personal access token] allows an attacker to directly distribute a malicious extension…
Over 100 VS Code Extensions Exposed Developers to Hidden Supply Chain Risks

Oct 15, 2025 5:55 PM

Tags: access, data-breach, exploit, malicious, marketplace, risk, software, supply-chain, update

New research has uncovered that publishers of over 100 Visual Studio Code (VS Code) extensions leaked access tokens that could be exploited by bad actors to update the extensions, posing a critical software supply chain risk.”A leaked VSCode Marketplace or Open VSX PAT [personal access token] allows an attacker to directly distribute a malicious extension…
Flax Typhoon exploited ArcGIS to gain long-term access

Oct 15, 2025 3:54 PM

Tags: access, ai, attack, backup, ciso, control, data, data-breach, detection, encryption, endpoint, espionage, exploit, government, group, india, infrastructure, intelligence, kev, least-privilege, macOS, malicious, monitoring, network, password, risk, sbom, service, software, supply-chain, threat, unauthorized, update, windows

Who is at risk?: In the first documented case confirmed by ArcGIS, where the malicious SOE was used, ReliaQuest identified that the password for the ArcGIS portal administrator account was a leet password of unknown origin, suggesting that the attacker had access to the administrative account and was able to reset the password.”Any organization that…
Flax Typhoon exploited ArcGIS to gain long-term access

Oct 15, 2025 3:54 PM

Tags: access, ai, attack, backup, ciso, control, data, data-breach, detection, encryption, endpoint, espionage, exploit, government, group, india, infrastructure, intelligence, kev, least-privilege, macOS, malicious, monitoring, network, password, risk, sbom, service, software, supply-chain, threat, unauthorized, update, windows

Who is at risk?: In the first documented case confirmed by ArcGIS, where the malicious SOE was used, ReliaQuest identified that the password for the ArcGIS portal administrator account was a leet password of unknown origin, suggesting that the attacker had access to the administrative account and was able to reset the password.”Any organization that…
TigerJack’s malicious VSCode extensions mine, steal, and stay hidden

Oct 15, 2025 2:54 PM

Tags: backdoor, data-breach, detection, github, malicious, malware, marketplace, microsoft, social-engineering, software, strategy, supply-chain, threat, tool, vulnerability

Coordinated multi-account operation: Koi researchers found 11 extensions across multiple accounts, making it a coordinated operation.”This multi-account strategy provides redundancy when one account gets flagged, creates the illusion of independent developers, and demonstrates professional-level social engineering: GitHub repositories for credibility, consistent branding across extensions, detailed feature lists, professional marketplace presentations, and strategic naming that mimics…
Deutsche Logistik schlecht vor Cyberattacken geschützt

Oct 15, 2025 2:54 PM

Tags: backup, cyberattack, cybersecurity, cyersecurity, germany, risk, software, sophos, strategy, supply-chain

Laut einer Studie waren fast 80 Prozent der Logistikunternehmen in Deutschland Opfer eines Hackerangriffs.Fast 80 Prozent der Logistikbetriebe in Deutschland waren bereits von einer Cyberattacke betroffen.Das hat eine aktuelle Umfrage des Security-Anbieters Sophos ergeben. Demnach finden die Angriffe meist nicht in den eigenen Systemen statt, sondern an den Schnittstellen zu Kunden und Lieferanten.40 Prozent der…
TigerJack’s malicious VSCode extensions mine, steal, and stay hidden

Oct 15, 2025 2:54 PM

Tags: backdoor, data-breach, detection, github, malicious, malware, marketplace, microsoft, social-engineering, software, strategy, supply-chain, threat, tool, vulnerability

Coordinated multi-account operation: Koi researchers found 11 extensions across multiple accounts, making it a coordinated operation.”This multi-account strategy provides redundancy when one account gets flagged, creates the illusion of independent developers, and demonstrates professional-level social engineering: GitHub repositories for credibility, consistent branding across extensions, detailed feature lists, professional marketplace presentations, and strategic naming that mimics…
Deutsche Logistik schlecht vor Cyberattacken geschützt

Oct 15, 2025 2:54 PM

Tags: backup, cyberattack, cybersecurity, cyersecurity, germany, risk, software, sophos, strategy, supply-chain

Laut einer Studie waren fast 80 Prozent der Logistikunternehmen in Deutschland Opfer eines Hackerangriffs.Fast 80 Prozent der Logistikbetriebe in Deutschland waren bereits von einer Cyberattacke betroffen.Das hat eine aktuelle Umfrage des Security-Anbieters Sophos ergeben. Demnach finden die Angriffe meist nicht in den eigenen Systemen statt, sondern an den Schnittstellen zu Kunden und Lieferanten.40 Prozent der…
TigerJack’s malicious VSCode extensions mine, steal, and stay hidden

Oct 15, 2025 2:54 PM

Tags: backdoor, data-breach, detection, github, malicious, malware, marketplace, microsoft, social-engineering, software, strategy, supply-chain, threat, tool, vulnerability

Coordinated multi-account operation: Koi researchers found 11 extensions across multiple accounts, making it a coordinated operation.”This multi-account strategy provides redundancy when one account gets flagged, creates the illusion of independent developers, and demonstrates professional-level social engineering: GitHub repositories for credibility, consistent branding across extensions, detailed feature lists, professional marketplace presentations, and strategic naming that mimics…
Deutsche Logistik schlecht vor Cyberattacken geschützt

Oct 15, 2025 2:54 PM

Tags: backup, cyberattack, cybersecurity, cyersecurity, germany, risk, software, sophos, strategy, supply-chain

Laut einer Studie waren fast 80 Prozent der Logistikunternehmen in Deutschland Opfer eines Hackerangriffs.Fast 80 Prozent der Logistikbetriebe in Deutschland waren bereits von einer Cyberattacke betroffen.Das hat eine aktuelle Umfrage des Security-Anbieters Sophos ergeben. Demnach finden die Angriffe meist nicht in den eigenen Systemen statt, sondern an den Schnittstellen zu Kunden und Lieferanten.40 Prozent der…
Researchers report rare intrusion by suspected Chinese hackers into Russian tech firm

Oct 15, 2025 12:54 PM

Tags: access, attack, breach, china, cybersecurity, hacker, russia, software, supply-chain

According to a new report by cybersecurity firm Symantec, the hackers gained access to the Russian company’s software build and code-repository systems between January and May 2025, suggesting the breach may have been an attempted software supply-chain attack aimed at the firm’s customers. First seen on therecord.media Jump to article: therecord.media/rare-china-linked-intrusion-russian-tech-firms
Researchers report rare intrusion by suspected Chinese hackers into Russian tech firm

Oct 15, 2025 12:54 PM

Tags: access, attack, breach, china, cybersecurity, hacker, russia, software, supply-chain

According to a new report by cybersecurity firm Symantec, the hackers gained access to the Russian company’s software build and code-repository systems between January and May 2025, suggesting the breach may have been an attempted software supply-chain attack aimed at the firm’s customers. First seen on therecord.media Jump to article: therecord.media/rare-china-linked-intrusion-russian-tech-firms
Hackers Target ICTBroadcast Servers via Cookie Exploit to Gain Remote Shell Access

Oct 15, 2025 10:54 AM

Tags: access, cve, cybersecurity, exploit, flaw, hacker, remote-code-execution, software, vulnerability

Cybersecurity researchers have disclosed that a critical security flaw impacting ICTBroadcast, an autodialer software from ICT Innovations, has come under active exploitation in the wild.The vulnerability, assigned the CVE identifier CVE-2025-2611 (CVSS score: 9.3), relates to improper input validation that can result in unauthenticated remote code execution due to the fact that the call center…
Hackers Target ICTBroadcast Servers via Cookie Exploit to Gain Remote Shell Access

Oct 15, 2025 10:54 AM

Tags: access, cve, cybersecurity, exploit, flaw, hacker, remote-code-execution, software, vulnerability

Cybersecurity researchers have disclosed that a critical security flaw impacting ICTBroadcast, an autodialer software from ICT Innovations, has come under active exploitation in the wild.The vulnerability, assigned the CVE identifier CVE-2025-2611 (CVSS score: 9.3), relates to improper input validation that can result in unauthenticated remote code execution due to the fact that the call center…
Chinese Hackers Use Geo-Mapping Tool for Year-Long Persistence

Oct 15, 2025 9:54 AM

Tags: access, attack, china, cyber, group, hacker, software, threat, tool, update

The China-backed advanced persistent threat group Flax Typhoon maintained year-long access to an ArcGIS system by turning trusted software into a persistent backdoor”, an attack so unique it prompted the vendor to update its documentation. The attackers repurposed a legitimate Java server object extension into a web shell, gated access with a hardcoded key, and…
Wenn die Software-Lieferkette ins Visier gerät

Oct 15, 2025 8:54 AM

Tags: cyberattack, ddos, malware, open-source, ransomware, software, supply-chain, vulnerability-management

Digitale Bedrohungen nehmen weltweit kontinuierlich zu. Meldungen über Malware, Ransomware oder DDoS-Attacken gehören bereits zum Alltag. Und auch Angriffe auf Software Supply Chains gibt es immer öfter. Die Täter nehmen dabei gern Marktplätze ins Visier, auf denen Entwickler fertige Software-Bausteine bzw. -Pakete tauschen. Was ist also beim Schwachstellenmanagement zu beachten? Welche Rolle spielt Open Source?…
Wenn die Software-Lieferkette ins Visier gerät

Oct 15, 2025 8:54 AM

Tags: cyberattack, ddos, malware, open-source, ransomware, software, supply-chain, vulnerability-management

Digitale Bedrohungen nehmen weltweit kontinuierlich zu. Meldungen über Malware, Ransomware oder DDoS-Attacken gehören bereits zum Alltag. Und auch Angriffe auf Software Supply Chains gibt es immer öfter. Die Täter nehmen dabei gern Marktplätze ins Visier, auf denen Entwickler fertige Software-Bausteine bzw. -Pakete tauschen. Was ist also beim Schwachstellenmanagement zu beachten? Welche Rolle spielt Open Source?…
Scattered Lapsus$ Hunters extortion site goes dark: What’s next?

Oct 14, 2025 10:24 PM

Tags: access, attack, backup, breach, business, cyber, cybercrime, data, data-breach, extortion, group, infrastructure, intelligence, leak, lockbit, ransom, ransomware, risk, russia, social-engineering, software, supply-chain, technology, threat

Takedowns only slow activity: According to Jeremy Kirk, executive editor for cyber threat intelligence at research company Intel 471, police have been closing in on the individual groups represented in Scattered Lapsus$ Hunters for more than three years. This included arresting alleged members. Whether this damaged the group in the long run remained to be…
China’s Flax Typhoon Exploits ArcGIS App for Year-Long Persistence

Oct 14, 2025 8:24 PM

Tags: apt, china, exploit, group, malicious, software

The China-based APT group Flax Typhoon used a function within ArcGIS’ legitimate geo-mapping software to create a webshell through which it established persistence for more than a year to execute malicious commands and steal credentials. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/10/chinas-flax-typhoon-exploits-arcgis-app-for-year-long-persistence/
From Prompts to Protocols: How Agentic Systems, MCP, Vibe Coding, and Schema-Aware Tools Are Rewiring Software Engineering

Oct 14, 2025 3:24 PM

Tags: software, tool

Modern software engineering faces growing complexity across codebases, environments, and workflows. Traditional tools, although effective, rely heavily on… First seen on hackread.com Jump to article: hackread.com/agentic-systems-mcp-vibe-coding-schema-software-engineering/
From Prompts to Protocols: How Agentic Systems, MCP, Vibe Coding, and Schema-Aware Tools Are Rewiring Software Engineering

Oct 14, 2025 3:24 PM

Tags: software, tool

Modern software engineering faces growing complexity across codebases, environments, and workflows. Traditional tools, although effective, rely heavily on… First seen on hackread.com Jump to article: hackread.com/agentic-systems-mcp-vibe-coding-schema-software-engineering/
Flax Typhoon can turn your own software against you

Oct 14, 2025 2:23 PM

Tags: access, china, group, hacking, software, tool

The Chinese hacking group gained persistent access to a popular mapping tool by turning one of its features into a webshell and hardcoding access, according to ReliaQuest. First seen on cyberscoop.com Jump to article: cyberscoop.com/flax-typhoon-hinese-state-hackers-arcgis-backdoor-webshell/
Flax Typhoon can turn your own software against you

Oct 14, 2025 2:23 PM

Tags: access, china, group, hacking, software, tool

The Chinese hacking group gained persistent access to a popular mapping tool by turning one of its features into a webshell and hardcoding access, according to ReliaQuest. First seen on cyberscoop.com Jump to article: cyberscoop.com/flax-typhoon-hinese-state-hackers-arcgis-backdoor-webshell/
Veeam Software Appliance v13 – Wiederherstellung in Azure binnen fünf Minuten

Oct 14, 2025 12:23 PM

Tags: software, veeam

First seen on security-insider.de Jump to article: www.security-insider.de/wiederherstellung-in-azure-binnen-fuenf-minuten-a-6c57bd747669eb945a012a0999767f16/
OTA-Update legt Hybrid-Jeeps während der Fahrt still

Oct 14, 2025 10:23 AM

Tags: software, update, usa

Es ist ein absolutes No Go und zeigt, wohin Software defined Vehicles, aktuell als letzter Schrei gefeiert, uns hin führen. In den USA hat ein Software-Update, das Over-the-Air (OTA) ausgeführt wurde, zahlreiche Hybrid-Jeeps still gelegt. Einige Fahrzeuge fielen nach dem … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/10/14/ota-update-legt-hybrid-jeeps-waehrend-der-fahrt-still/
The solar power boom opened a backdoor for cybercriminals

Oct 14, 2025 7:23 AM

Tags: attack, backdoor, control, cybercrime, risk, service, software

Solar isn’t low risk anymore. Adoption has turned inverters, aggregators, and control software into attack surfaces capable of disrupting service and undermining confidence in … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/10/14/solar-power-systems-cyber-threats/
The solar power boom opened a backdoor for cybercriminals

Oct 14, 2025 7:23 AM

Tags: attack, backdoor, control, cybercrime, risk, service, software

Solar isn’t low risk anymore. Adoption has turned inverters, aggregators, and control software into attack surfaces capable of disrupting service and undermining confidence in … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/10/14/solar-power-systems-cyber-threats/