Tag: software
-
Black Basta Ransomware Integrates BYOVD Technique to Evade Defenses
A recent campaign by the Black Basta ransomware group has revealed a significant shift in attack tactics. This is a departure from standard operations, where attackers typically deploy a separate tool to turn off security software before running the actual ransomware. In this specific campaign, the ransomware payload bundles a vulnerable driver known as the…
-
OpenClaw Taps VirusTotal to Safeguard AI Agent Skill Ecosystem
As AI agents move from experimental chatbots to powerful tools capable of managing our finances and smart homes, security has become the top priority. Today, OpenClaw announced a major partnership with VirusTotal to bring advanced threat detection to ClawHub, its marketplace for AI skills. Why AI Agents Need Special Protection Traditional software is rigid; it…
-
Claude Opus 4.6: KI findet über 500 Zero-Day-Lücken in Open-Source-Software
Anthropics neues Sprachmodell Claude Opus 4.6 hat in internen Tests Hunderte bislang unbekannte Sicherheitslücken aufgespürt – ohne spezielles Training. First seen on golem.de Jump to article: www.golem.de/news/claude-opus-4-6-ki-findet-ueber-500-zero-day-luecken-in-open-source-software-2602-205139.html
-
Microsoft Unveils LiteBox, a Rust-Based Approach to Secure Sandboxing
Microsoft has released LiteBox, an experimental open-source library OS designed to sandbox applications while reducing their exposure to host systems. Written in Rust and published under the MIT license, LiteBox reflects the company’s efforts to upgrade software security as confidential computing gains adoption. LiteBox takes a different path from traditional virtualization or container technologies. Rather..…
-
Goßangelegter Missbrauch namhafter SaaS-Plattformen für Telefon-Betrug
Check Point Research (CPR), die Sicherheitsforschungs-abteilung von Check Point Software Technologies, hat eine groß angelegte Phishing-Kampagne identifiziert, die bekannte SaaS-Dienste von Microsoft, Amazon, Zoom oder Youtube ausnutzt, um ihre Opfer zu betrügerischen Telefonaten zu verleiten. Anstatt Domänen zu fälschen oder bösartige Links zu versenden, missbrauchen Angreifer gezielt legitime Software-as-a-Service-Plattformen, um telefonbasierte Betrugsversuche durchzuführen, die für…
-
CISA gives federal agencies 18 months to purge unsupported edge devices
Tags: authentication, cisa, cyber, data, exploit, firmware, Hardware, infrastructure, monitoring, network, risk, risk-assessment, service, software, technology, threat, updateImplementation hurdles: Sunil Varkey, advisor at Beagle Security, warns of implementation complexities. “The operational reality of removing legacy systems is not straightforward,” Varkey said. “Legacy devices continue to exist not by design, but by necessity.”He pointed to orphaned systems that remain live and embedded in workflows but lack clear ownership, and operational technology environments where…
-
Bulletproof Hosting Providers Exploit Legitimate ISPs to Power Cybercrime Servers
A surprising link between legitimate IT software and major cybercriminal operations. While investigating attacks by the >>WantToCry<< ransomware gang, analysts noticed that the attackers were using virtual machines (VMs) with identical, computer names (hostnames) like WIN-J9D866ESIJ2 and WIN-LIVFRVQFMKO. These names were not random. They were automatically generated by ISPsystem, a completely legitimate company that makes software for managing web…
-
Digitale Souveränität: Wie Deutschland sich von US-Software löst
Nach Rekordbeteiligung an der EU-Konsultation treibt der Bund Open Source und souveräne Clouds voran – der Weg ist lang. First seen on golem.de Jump to article: www.golem.de/news/digitale-souveraenitaet-wie-deutschland-sich-von-us-software-loest-2602-205092.html
-
China-Nexus Hackers Target Linux Devices to Redirect Traffic and Deploy Malware
>>DKnife,<< a sophisticated gateway-monitoring and adversary-in-the-middle (AitM) framework that turns Linux-based routers and edge devices into surveillance tools. Active since at least 2019, this campaign employs seven distinct Linux implants to inspect network traffic, hijack legitimate software downloads, and deploy advanced malware. The framework remains active as of January 2026, targeting personal computers, mobile phones,…
-
Hackers Exploit Windows Screensaver to Deploy RMM Tools, Gain Remote Access
A new spear phishing campaign that weaponizes a forgotten file type to bypass modern defenses. Attackers are luring victims into downloading Windows screensaver (.scr) files, which silently deploy legitimate Remote Monitoring and Management (RMM) software to establish persistent control over targeted systems. The campaign utilizes a simple yet effective delivery mechanism designed to evade reputation-based…
-
Hackers Exploit Windows Screensaver to Deploy RMM Tools, Gain Remote Access
A new spear phishing campaign that weaponizes a forgotten file type to bypass modern defenses. Attackers are luring victims into downloading Windows screensaver (.scr) files, which silently deploy legitimate Remote Monitoring and Management (RMM) software to establish persistent control over targeted systems. The campaign utilizes a simple yet effective delivery mechanism designed to evade reputation-based…
-
New APT group breached gov and critical infrastructure orgs in 37 countries
Tags: apt, backdoor, computer, control, espionage, finance, framework, government, group, infrastructure, linux, malware, monitoring, network, software, threat, tool, usa, vulnerabilityA complex toolset of implants: In addition to Cobalt Strike, the group uses various other malware payloads and command-and-control (C2) frameworks, including VShell, Havoc, SparkRat, and Sliver. On compromised web servers, the attackers deploy a variety of web shells, including Behinder, Neo-reGeorg, and Godzilla.On Linux servers the group has been seen deploying a rootkit dubbed…
-
New APT group breached gov and critical infrastructure orgs in 37 countries
Tags: apt, backdoor, computer, control, espionage, finance, framework, government, group, infrastructure, linux, malware, monitoring, network, software, threat, tool, usa, vulnerabilityA complex toolset of implants: In addition to Cobalt Strike, the group uses various other malware payloads and command-and-control (C2) frameworks, including VShell, Havoc, SparkRat, and Sliver. On compromised web servers, the attackers deploy a variety of web shells, including Behinder, Neo-reGeorg, and Godzilla.On Linux servers the group has been seen deploying a rootkit dubbed…
-
CrowdStrike Remains In Prime Position Amid AI ‘Software Apocalypse:’ Analyst
While the ‘software apocalypse’ strikes Wall Street due to fears over AI’s impact on the industry, vendors including cybersecurity giant CrowdStrike are well-positioned to see massive opportunities regardless of how AI disruption plays out, according to prominent analyst Daniel Ives. First seen on crn.com Jump to article: www.crn.com/news/security/2026/crowdstrike-remains-in-prime-position-amid-ai-software-apocalypse-analyst
-
CISA gives federal agencies one year to rip out endlife devices
The U.S. cyber defense agency issued an operational directive on Thursday mandating federal agencies to “remove any hardware and software devices that is no longer supported by its original equipment manufacturer.” First seen on therecord.media Jump to article: therecord.media/cisa-gives-federal-agencies-one-year-end-of-life-devices
-
Attackers Use Legitimate Forensic Driver to Disable Endpoint Security, Huntress Warns
Tags: attack, cybercrime, endpoint, incident response, malicious, software, threat, tool, vulnerabilityCybercriminals are increasingly turning trusted software against defenders, according to new research from Huntress, which has uncovered a real-world attack in which threat actors used a legitimate but vulnerable driver to disable endpoint security tools before deploying further malicious activity. In a detailed incident response analysis, Huntress researchers observed attackers abusing an outdated EnCase forensic…
-
AI and Regulation Redefine Application Security, New Global Study Finds
Artificial intelligence has overtaken all other forces shaping application security, according to a major new industry study that shows organisations racing to secure AI-generated code while responding to growing regulatory pressure. The 16th edition of the Building Security In Maturity Model (BSIMM), released by Black Duck, analysed real-world software security practices across 111 organisations worldwide,…
-
Ohne Google oder Microsoft arbeiten: Eine Woche nur mit europäischer Software
First seen on t3n.de Jump to article: t3n.de/news/ohne-google-oder-microsoft-arbeiten-eine-woche-nur-mit-europaeischer-software-1728129/
-
Amaranth-Dragon Zielgerichtete Cyberspionage gegen Behörden in Südostasien
Check Point Software Technologies hat über die Sicherheitsforscher von Check Point Research (CPR) hochgradig zielgerichtete Cyberspionagekampagnen aufgedeckt. Sie richteten sich im Jahr 2025 gegen Regierungs- und Strafverfolgungsbehörden in der ASEAN-Region. Die Aktivitäten werden einem bislang öffentlich nicht dokumentierten Bedrohungsakteur namens ‘Amaranth-Dragon” zugeschrieben, der eng mit dem chinesisch zugeordneten APT-41-Ökosystem verbunden ist. Die wichtigsten Ergebnisse im…
-
Veeam ernennt Armin Müller zum Regional Vice President for Central Europe und beschleunigt damit das Wachstum von Data-Resilience und Channel
Veeam Software hat die Ernennung von Armin Müller zum Regional Vice President für Mitteleuropa bekannt gegeben. Mit mehr als 30 Jahren Erfahrung in den Bereichen Unternehmenssoftware, Cloud und Channel-Leadership wird Armin Müller die Geschäfte von Veeam in Zentraleuropa leiten und Unternehmen dabei helfen, robusten Datenschutz, Sicherheit und Business-Continuity zu erreichen. Bevor er zu Veeam […]…
-
Microsoft develops a new scanner to detect hidden backdoors in LLMs
Effectiveness of the scanner: Microsoft said the scanner does not require retraining models or prior knowledge of backdoor behavior and operates using forward passes only, avoiding gradient calculations or backpropagation to keep computing costs low.The company also said it works with most causal, GPT-style language models and can be used across a wide range of…
-
Threat Actors Exploiting NGINX Servers to Redirect Web Traffic to Malicious Sites
A new cyber campaign where attackers are hijacking web servers to redirect visitors to malicious websites . The campaign targets NGINX, a popular web server software, and specifically focuses on servers using the Baota (BT) management panel. The attackers, linked to previous >>React2Shell<< activity, modify the server's configuration files to secretly intercept traffic . How…
-
WatchGuard VPN Client Flaw on Windows Enables SYSTEM”‘Level Command Execution
WatchGuard has released a critical security update for its Mobile VPN with IPSec client for Windows to address a privilege escalation vulnerability. The flaw, originating in the underlying software provided by NCP engineering, allows local attackers to execute arbitrary commands with the highest available privileges on a compromised machine. The vulnerability is tracked as NCPVE-2025-0626 (WatchGuard Advisory…
-
OpenClaw or Open Door? Prompt Injection Creates AI Backdoors
Zenity researchers show how indirect prompt injection can turn OpenClaw into a persistent AI backdoor without exploiting a software flaw. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/openclaw-or-open-door-prompt-injection-creates-ai-backdoors/
-
The BSIMM16 report: What today’s software security programs are really doing”, and why it matters
Discover how BSIMM16 software security assessment helps enterprises benchmark their security programs, achieve compliance, and reduce risk. Get the industry’s leading observational security maturity model. Download now. The post The BSIMM16 report: What today’s software security programs are really doing”, and why it matters appeared first on Blog. First seen on securityboulevard.com Jump to article:…
-
EDR killer tool uses signed kernel driver from forensic software
Hackers are abusing a legitimate but long-revoked EnCase kernel driver in an EDR killer that can detect 59 security tools in attempts to deactivate them. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/edr-killer-tool-uses-signed-kernel-driver-from-forensic-software/
-
PhantomVAI Custom Loader Abuses RunPE Utility to Launch Stealthy Attacks on Users
A new threat called PhantomVAI, a custom >>loader<>RunPE<<. This loader […] The post PhantomVAI Custom Loader Abuses RunPE Utility to Launch Stealthy Attacks on Users appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform. First seen on gbhackers.com Jump to article: gbhackers.com/phantomvai-custom-loader/
-
3 Security-Trends in der Finanzbranche
Die Finanzbranche verzeichnete im Jahr 2025 einen beispiellosen Anstieg von Cybervorfällen. Nach Angaben von Check Point Software haben sich die Angriffe mit einem Anstieg von 864 im Jahr 2024 auf 1.858 im Jahr 2025 mehr als verdoppelt. Diese Beschleunigung spiegelt eine dramatische Veränderung im Verhalten der Angreifer wider, die von ideologisch motivierten Sabotagen bis hin…