Tag: software
-
Kritische Lücke in OpenAI Codex CLI: Unsichtbarer Lieferketten-Angriff gefährdete Entwickler weltweit
Die Security-Forscher von Check Point Research (CPR), der Analyseabteilung von Check Point Software Technologies Ltd. (NASDAQ: CHKP), haben eine schwerwiegende Verwundbarkeit im Command-Line-Tool OpenAI Codex CLI entdeckt. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/kritische-luecke-in-openai-codex-cli-unsichtbarer-lieferketten-angriff-gefaehrdete-entwickler-weltweit/a43095/
-
Russian police bust bank-account hacking gang that used NFCGate-based malware
Russian police said they took down a multimillion-dollar cybercrime operation that used malware based on a legitimate software tool to take over individuals’ bank accounts. First seen on therecord.media Jump to article: therecord.media/russian-police-bust-banking-hackers-nfcgate-based-malware
-
Schwachstelle in OpenAI-Codex-CLI ermöglicht kritische Remote-Code-Execution
Die Sicherheitsforscher von Check Point Research (CPR), der IT-Forensik von Check Point Software Technologies, haben eine schwerwiegende Schwachstelle in OpenAI-Codex-CLI entdeckt. Dabei handelt es sich um das Command-Line-Tool von OpenAI, das KI-gestützte Programmierfunktionen direkt in Entwickler-Workflows integriert. Die Schwachstelle ermöglichte Remote-Code-Execution (RCE) allein durch das Öffnen eines manipulierten Projektordners und ohne Interaktion oder Zustimmung des…
-
Hackers Target Developers Using Malicious VS Code and Cursor AI Extensions
Visual Studio Code and AI-powered IDEs such as Cursor AI and Windsurf are emerging as one of the most critical and overlooked attack surfaces in the modern software supply chain. Installed on millions of developer machines worldwide, these tools often run with access to source code, secrets, and production credentials. New research shows that compromising…
-
Hackers Target Developers Using Malicious VS Code and Cursor AI Extensions
Visual Studio Code and AI-powered IDEs such as Cursor AI and Windsurf are emerging as one of the most critical and overlooked attack surfaces in the modern software supply chain. Installed on millions of developer machines worldwide, these tools often run with access to source code, secrets, and production credentials. New research shows that compromising…
-
Hackers Target Developers Using Malicious VS Code and Cursor AI Extensions
Visual Studio Code and AI-powered IDEs such as Cursor AI and Windsurf are emerging as one of the most critical and overlooked attack surfaces in the modern software supply chain. Installed on millions of developer machines worldwide, these tools often run with access to source code, secrets, and production credentials. New research shows that compromising…
-
Offensive security takes center stage in the AI era
Tags: ai, attack, automation, business, ciso, control, credentials, cyber, cybersecurity, data, defense, detection, encryption, framework, hacker, hacking, incident response, intelligence, malicious, offense, phishing, RedTeam, regulation, risk, skills, software, strategy, tactics, technology, threat, tool, vulnerability, vulnerability-management, windowsRed teaming, where ethical hackers simulate real-world attacks to test detection and response capabilities. Red teams aim to emulate threat actors by using stealthy tactics to bypass controls and achieve objectives such as data exfiltration or privilege escalation.Adversary emulation, where security pros re-create known threat actor tactics, techniques, and procedures (TTPs) based on threat intelligence…
-
Offensive security takes center stage in the AI era
Tags: ai, attack, automation, business, ciso, control, credentials, cyber, cybersecurity, data, defense, detection, encryption, framework, hacker, hacking, incident response, intelligence, malicious, offense, phishing, RedTeam, regulation, risk, skills, software, strategy, tactics, technology, threat, tool, vulnerability, vulnerability-management, windowsRed teaming, where ethical hackers simulate real-world attacks to test detection and response capabilities. Red teams aim to emulate threat actors by using stealthy tactics to bypass controls and achieve objectives such as data exfiltration or privilege escalation.Adversary emulation, where security pros re-create known threat actor tactics, techniques, and procedures (TTPs) based on threat intelligence…
-
Malicious Go Packages Impersonate Google’s UUID Library to Steal Sensitive Data
A hidden danger has been lurking in the Go programming ecosystem for over four years. Security researchers from the Socket Threat Research Team have discovered two malicious software packages that impersonate popular Google tools. These fake packages, designed to trick busy developers, have been quietly stealing data since May 2021. The malicious packages are identified…
-
Malicious Go Packages Impersonate Google’s UUID Library to Steal Sensitive Data
A hidden danger has been lurking in the Go programming ecosystem for over four years. Security researchers from the Socket Threat Research Team have discovered two malicious software packages that impersonate popular Google tools. These fake packages, designed to trick busy developers, have been quietly stealing data since May 2021. The malicious packages are identified…
-
Rust Code Delivers Better Security, Also Streamlines DevOps
Software teams at Google and other Rust adopters see safer code when using the memory-safe language, and also fewer rollbacks and less code review. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/rust-code-delivers-better-security-streamlines-devops
-
Criminal IP to Host Webinar: Beyond CVEs From Visibility to Action with ASM
Torrance, California, USA, December 5th, 2025, CyberNewsWire Criminal IP will host a live webinar on December 16 at 11:00 AM Pacific Time (PT), focusing on the shift in cyberattack strategies. The session will examine how an increasing number of incidents now originate from exposed digital assets, rather than from known software vulnerabilities. As organizations rapidly…
-
Warning: React2Shell vulnerability already being exploited by threat actors
Tags: ai, application-security, attack, china, cloud, communications, credentials, data, data-breach, exploit, firewall, framework, group, infosec, intelligence, linux, malicious, malware, open-source, service, software, threat, tool, update, vulnerability, wafSystem.Management.Automation.AmsiUtils.amsiInitFailed = true (a standard AMSI bypass), and iex executes the next stage.JFrog’s security research team also today reported finding a working proof of concept that leads to code execution, and they and others have also reported finding fake PoCs containing malicious code on GitHub. “Security teams must verify sources before testing [these PoCs],” warns JFrog.Amitai Cohen, attack…
-
More evidence your AI agents can be turned against you
Aikido found that AI coding tools from Google, Anthropic, OpenAI and others regularly embed untrusted prompts into software development workflows. First seen on cyberscoop.com Jump to article: cyberscoop.com/ai-coding-tools-can-be-turned-against-you-aikido-github-prompt-injection/
-
Veeam und HPE erweitern strategische Partnerschaft und stellen Datensicherung der nächsten Generation vor
Veeam Software gab auf der HPE-Discover in Barcelona einen neuen Meilenstein in seiner strategischen Allianz mit HPE bekannt. Aufbauend auf der Partnerschaft zu Beginn dieses Jahres bringen HPE und Veeam nun integrierte Lösungen auf den Markt, die Unternehmen eine stark vereinfachte Datenresilienz ermöglichen. ‘Vertrauen, Resilienz und Verfügbarkeit sind die neue Währung der Geschäftswelt”, sagte John…
-
15 years in, zero trust remains elusive, with AI rising to complicate the challenge
Legacy systems that weren’t designed for zero trust principles,Fragmented identity and access tools that make unified enforcement difficult, andCultural and organizational resistance to changing long-standing trust models.Kyle Wickert, field CTO at AlgoSec, says zero trust remains one of the most misunderstood transformations in cybersecurity.”Many organizations still hesitate to pursue it because they associate zero trust…
-
Die wichtigsten Trends im Bereich der physischen Sicherheit für das Jahr 2026
Unternehmen werden sich auf Flexibilität, verantwortungsbewusste KI und einheitliche, vernetzte Systeme konzentrieren, um die Sicherheit und die Betriebsleistung zu verbessern. Genetec, Anbieter von Software für die physische Sicherheit, hat seine wichtigsten Prognosen für die physische Sicherheitsbranche im Jahr 2026 vorgestellt. Auswahl und Flexibilität werden die nächste Phase der Cloud-Einführung bestimmen Im Jahr 2026… First seen…
-
Die wichtigsten Trends im Bereich der physischen Sicherheit für das Jahr 2026
Unternehmen werden sich auf Flexibilität, verantwortungsbewusste KI und einheitliche, vernetzte Systeme konzentrieren, um die Sicherheit und die Betriebsleistung zu verbessern. Genetec, Anbieter von Software für die physische Sicherheit, hat seine wichtigsten Prognosen für die physische Sicherheitsbranche im Jahr 2026 vorgestellt. Auswahl und Flexibilität werden die nächste Phase der Cloud-Einführung bestimmen Im Jahr 2026… First seen…
-
An AI for an AI: Anthropic says AI agents require AI defense
Automated software keeps getting better at pilfering cryptocurrency First seen on theregister.com Jump to article: www.theregister.com/2025/12/05/an_ai_for_an_ai/
-
Marquis data breach impacted more than 780,000 individuals
Hackers breached fintech firm Marquis, stealing personal and financial data, the security breach impacted over 780,000 people. Hackers breached fintech firm Marquis and stole personal and financial data, including names, addresses, SSNs, and card numbers, impacting over 780,000 people. Marquis is a Texas-based fintech and software firm that provides data-driven marketing, customer data platforms, analytics,…
-
From feeds to flows: Using a unified linkage model to operationalize threat intelligence
Tags: access, api, attack, authentication, automation, business, ciso, cloud, compliance, container, control, corporate, credentials, cyber, cybersecurity, data, defense, exploit, finance, firewall, framework, github, government, iam, identity, infrastructure, intelligence, ISO-27001, malicious, metric, mitre, monitoring, network, nist, open-source, phishing, risk, risk-assessment, risk-management, saas, service, siem, soc, software, supply-chain, tactics, threat, tool, update, vulnerability, zero-trustwhat to watch for, but not why it matters or how it moves through your environment.The result is a paradox of abundance: CISOs have more data than ever before, but less operational clarity. Analysts are overwhelmed by indicators disconnected from context or mission relevance.Each feed represents a snapshot of a potential threat, but it does…
-
How strong password policies secure OT systems against cyber threats
OT environments rely on aging systems, shared accounts, and remote access, making weak or reused passwords a major attack vector. Specops Software explains how stronger password policies and continuous checks for compromised credentials help secure critical OT infrastructure. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/how-strong-password-policies-secure-ot-systems-against-cyber-threats/
-
Marquis Data Breach Exposes Dozens of U.S. Banks and Credit Unions
A significant cybersecurity incident affecting multiple U.S. financial institutions came to light on November 26, 2025, when Marquis Software Solutions notified affected customers of a ransomware attack. The breach, discovered on August 14, 2025, compromised the personal information of thousands of customers across numerous banks and credit unions throughout the United States. Marquis Software Solutions,…
-
CISA Issues Five New ICS Advisories on Emerging Vulnerabilities and Exploits
Tags: cisa, control, cyber, cybersecurity, exploit, healthcare, infrastructure, software, vulnerabilityThe Cybersecurity and Infrastructure Security Agency (CISA) released five critical advisories on December 2, 2025, addressing high-severity vulnerabilities affecting industrial control systems across multiple vendors. The advisories span video surveillance platforms, intelligent metering gateways, medical imaging software, and manufacturing control systems, collectively impacting critical infrastructure sectors worldwide, including energy, healthcare, and water systems. The most…
-
K7 Antivirus Flaw Lets Attackers Gain SYSTEM-Level Privileges
A critical security vulnerability has been discovered in K7 Ultimate Security antivirus software that allows attackers to gain the highest level of system access on Windows computers. The flaw, tracked asCVE-2024-36424, enables low-privileged users to escalate their permissions to SYSTEM level, giving them complete control over affected machines. How the Vulnerability Works K7 Ultimate Security…
-
CISA Issues Five New ICS Advisories on Emerging Vulnerabilities and Exploits
Tags: cisa, control, cyber, cybersecurity, exploit, healthcare, infrastructure, software, vulnerabilityThe Cybersecurity and Infrastructure Security Agency (CISA) released five critical advisories on December 2, 2025, addressing high-severity vulnerabilities affecting industrial control systems across multiple vendors. The advisories span video surveillance platforms, intelligent metering gateways, medical imaging software, and manufacturing control systems, collectively impacting critical infrastructure sectors worldwide, including energy, healthcare, and water systems. The most…
-
K7 Antivirus Flaw Lets Attackers Gain SYSTEM-Level Privileges
A critical security vulnerability has been discovered in K7 Ultimate Security antivirus software that allows attackers to gain the highest level of system access on Windows computers. The flaw, tracked asCVE-2024-36424, enables low-privileged users to escalate their permissions to SYSTEM level, giving them complete control over affected machines. How the Vulnerability Works K7 Ultimate Security…
-
CISA Issues Five New ICS Advisories on Emerging Vulnerabilities and Exploits
Tags: cisa, control, cyber, cybersecurity, exploit, healthcare, infrastructure, software, vulnerabilityThe Cybersecurity and Infrastructure Security Agency (CISA) released five critical advisories on December 2, 2025, addressing high-severity vulnerabilities affecting industrial control systems across multiple vendors. The advisories span video surveillance platforms, intelligent metering gateways, medical imaging software, and manufacturing control systems, collectively impacting critical infrastructure sectors worldwide, including energy, healthcare, and water systems. The most…
-
Sleepless in Security: What’s Actually Keeping CISOs Up at Night
Security headlines distract, but the threats keeping CISOs awake are fundamental gaps and software supply chain risks. Learn why basics and visibility matter most. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/12/sleepless-in-security-whats-actually-keeping-cisos-up-at-night/