Tag: software
-
Marquis data breach impacts over 74 US banks, credit unions
Financial software provider Marquis Software Solutions is warning that it suffered a data breach that impacted dozens of banks and credit unions across the US. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/marquis-data-breach-impacts-over-74-us-banks-credit-unions/
-
Interview: Florence Mottay, global CISO, Zalando
Florence Mottay moved from mathematics to software engineering, and is now leading security at Zalando, a high-tech online fashion retailer First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366635298/Interview-Florence-Mottay-global-CISO-Zalando
-
DPRK’s ‘Contagious Interview’ Spawns Malicious Npm Package Factory
North Korean attackers have delivered more than 197 malicious packages with 31K-plus downloads since Oct. 10, as part of ongoing state-sponsored activity to compromise software developers. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/contagious-interview-malicious-npm-package-factory
-
DPRK’s ‘Contagious Interview’ Spawns Malicious Npm Package Factory
North Korean attackers have delivered more than 197 malicious packages with 31K-plus downloads since Oct. 10, as part of ongoing state-sponsored activity to compromise software developers. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/contagious-interview-malicious-npm-package-factory
-
SecAlerts Cuts Through the Noise with a Smarter, Faster Way to Track Vulnerabilities
Vulnerability management is a core component of every cybersecurity strategy. However, businesses often use thousands of software without realising it (when was the last time you checked?), and keeping track of all the vulnerability alerts, notifications, and updates can be a burden on resources and often leads to missed vulnerabilities. Taking into account that nearly…
-
Glassworm Malware Targets OpenVSX and Microsoft Visual Studio with 24 New Malicious Packages
Security threats rarely adhere to holiday schedules, and while developers may take time off, malicious actors are working overtime. A significant new wave of software supply chain attacks has been identified targeting the Microsoft Visual Studio Marketplace and OpenVSX platforms. Researchers at Secure Annex have uncovered and tracked 24 new malicious packages linked to the…
-
Glassworm Malware Targets OpenVSX and Microsoft Visual Studio with 24 New Malicious Packages
Security threats rarely adhere to holiday schedules, and while developers may take time off, malicious actors are working overtime. A significant new wave of software supply chain attacks has been identified targeting the Microsoft Visual Studio Marketplace and OpenVSX platforms. Researchers at Secure Annex have uncovered and tracked 24 new malicious packages linked to the…
-
Qualcomm Issues Critical Security Alert Over Secure Boot Vulnerability
Qualcomm warned partners and device manufacturers about multiple newly discovered vulnerabilities that span its chipset ecosystem. The Qualcomm released a detailed security bulletin on December 1, 2025, outlining six high-priority weaknesses in its proprietary software, including one flaw that directly compromises the secure boot process, one of the most sensitive stages in a device’s startup…
-
Qualcomm Issues Critical Security Alert Over Secure Boot Vulnerability
Qualcomm warned partners and device manufacturers about multiple newly discovered vulnerabilities that span its chipset ecosystem. The Qualcomm released a detailed security bulletin on December 1, 2025, outlining six high-priority weaknesses in its proprietary software, including one flaw that directly compromises the secure boot process, one of the most sensitive stages in a device’s startup…
-
The Dual Role of AI in Cybersecurity: Shield or Weapon?
Artificial intelligence isn’t just another tool in the security stack anymore it’s changing how software is written, how vulnerabilities spread and how long attackers can sit undetected inside complex environments. Security researcher and startup founder Guy Arazi unpacks why AI has become both a powerful defensive accelerator and a force multiplier for adversaries, especially.. First…
-
The Dual Role of AI in Cybersecurity: Shield or Weapon?
Artificial intelligence isn’t just another tool in the security stack anymore it’s changing how software is written, how vulnerabilities spread and how long attackers can sit undetected inside complex environments. Security researcher and startup founder Guy Arazi unpacks why AI has become both a powerful defensive accelerator and a force multiplier for adversaries, especially.. First…
-
Windows 11 needs an XP SP2 moment, says ex-Microsoft engineer
Stop AI bloat, fix the operating system, implores veteran software developer Dave Plummer First seen on theregister.com Jump to article: www.theregister.com/2025/12/01/windows_needs_another_xp_sp2/
-
Windows 11 needs an XP SP2 moment, says ex-Microsoft engineer
Stop AI bloat, fix the operating system, implores veteran software developer Dave Plummer First seen on theregister.com Jump to article: www.theregister.com/2025/12/01/windows_needs_another_xp_sp2/
-
Bin ich Teil eines Botnets? Jetzt kostenlos nachprüfen
Zu Weihnachten die Rechner der Verwandtschaft auf Botnet-Aktivitäten überprüfen der kostenlose GreyNoise IP Check machts möglich.Hacks greifen immer stärker Unternehmen an, weil die Beute in Form von Lösegeld und Daten dort aussichtreicher ist als bei Privatpersonen. Das bedeutet jedoch nicht, dass eine Einzelperson kein lohnendes Opfer ist. Im Gegenteil Computer von Individuen zu infizieren kann…
-
Qualcomm Alerts Users to Critical Flaws That Compromise the Secure Boot Process
Qualcomm Technologies, Inc. has issued an urgent security bulletin warning customers about multiple critical vulnerabilities affecting millions of devices worldwide. The most severe flaw threatens the secure boot process, a fundamental security mechanism that protects devices from malicious software during startup. The security update, published today, addresses six high-priority vulnerabilities discovered in Qualcomm’s proprietary software.…
-
Devolutions Server Hit by SQL Injection Flaw Allowing Data Theft
A critical security vulnerability has been discovered in Devolutions Server, a popular centralized password and privileged access management solution. The flaw, rated critical severity by experts, could allow attackers to steal sensitive data or modify internal records. Devolutions, the company behind the software, released a security advisory (DEVO-2025-0018) on November 27, 2025, detailing three separate…
-
Devolutions Server Hit by SQL Injection Flaw Allowing Data Theft
A critical security vulnerability has been discovered in Devolutions Server, a popular centralized password and privileged access management solution. The flaw, rated critical severity by experts, could allow attackers to steal sensitive data or modify internal records. Devolutions, the company behind the software, released a security advisory (DEVO-2025-0018) on November 27, 2025, detailing three separate…
-
Airbus Nears Completion of A320 Retrofit as Regulators Monitor Largest Emergency Recall in Company History
Airbus has entered the final phase of its unprecedented global retrofit effort, confirming that fewer than 100 A320s in service still require updates after the discovery of a software vulnerability that triggered the largest emergency recall the manufacturer has ever executed. The company disclosed on Monday that nearly the entire A320-family fleet, about 6,000 aircraft…
-
French Football Federation faces own-goal after club software data breach
Zut alors! Cybercrooks scored names, numbers, and license IDs First seen on theregister.com Jump to article: www.theregister.com/2025/12/01/french_football_federation_breach/
-
(g+) Cybersicherheit: Warum Sicherheitslücken exponentiell wachsen
Eine Security-Spezialistin erklärt uns, warum die Zahl der Software-Sicherheitslücken schneller wächst als der eigentliche Programmcode. First seen on golem.de Jump to article: www.golem.de/news/cybersicherheit-warum-sicherheitsluecken-exponentiell-wachsen-2512-202722.html
-
CISA Adds Actively Exploited XSS Bug CVE-2021-26829 in OpenPLC ScadaBR to KEV
Tags: cisa, cve, cybersecurity, exploit, flaw, infrastructure, kev, linux, software, vulnerability, windows, xssThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) has updated its Known Exploited Vulnerabilities (KEV) catalog to include a security flaw impacting OpenPLC ScadaBR, citing evidence of active exploitation.The vulnerability in question is CVE-2021-26829 (CVSS score: 5.4), a cross-site scripting (XSS) flaw that affects Windows and Linux versions of the software via First seen on…
-
Schwachstellen in Fluent Bit gefährdeten USInstanzen
Cloud-Anbieter wie AWS, Microsoft oder Google verwenden die Open Source-Software Fluent Bit zur Erfassung von Telemetriedaten (Monitoring). Gleich fünf Schwachstellen in dieser Software hätten die Remote-Übernahme von Containern, die auf den entsprechenden Cloud-Instanzen gehostet wurden, ermöglichet. Nutzer sollten die Software … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/11/30/schwachstellen-in-oss-tool-fluent-bit-gefaehrdete-us-cloud-instanzen/
-
French Football Federation discloses data breach after cyberattack
The French Football Federation (FFF) disclosed a data breach on Friday after attackers used a compromised account to gain access to administrative management software used by football clubs. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/french-football-federation-fff-discloses-data-breach-after-cyberattack/
-
Bloody Wolf Threat Actor Expands Activity Across Central Asia
A new Bloody Wolf campaign exploits legitimate remote-administration software for cyber-attacks on government targets in Central Asia First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/bloody-wolf-expands-central-asia/
-
Wie Angreifer das Npm-Ökosystem infiltrierten
Shai-Hulud 2.0 breitet sich rasant aus und legt sensible Entwicklerzugänge offen. Check Point Software Technologies warnt vor einer der schwerwiegendsten Supply-Chain-Kompromittierungen seit Log4j. Dazu haben die Sicherheitsforscher von Check Point eine Analyse zur technischen Vorgehensweise von Shai-Hulud 2 veröffentlicht. Die Shai-Hulud-2.0-Kampagne ist einer der umfangreichsten und schnellsten Npm-Supply-Chain-Angriffe, die in den letzten Jahren beobachtet wurden.…
-
Shai-Hulud 2.0: Wie sich ein Supply-Chain-Wurm weiterentwickelt
Die zweite Welle der Shai-Hulud-Kampagne zeigt, wie sich Angriffe auf die Software-Supply-Chain zu automatisierten, hartnäckigen und hochentwickelten Operationen entwickeln. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/shai-hulud-2-0-wie-sich-ein-supply-chain-wurm-weiterentwickelt/a42977/
-
»manage it« TechTalk: Unveränderliche Speicherkomponenten sind eine wichtige Maßnahme gegen Ransomware-Attacken
Auf dem Security-Event it-sa 2025 kam das Videogespräch mit dem Sicherheitsanbieter Object First leider nicht zustande, das wir dann aber in den Räumen seiner PR-Agentur nachholen durften. Dort haben wir mit dem Director Sales Central EMEA, Florian Kopp, über das Thema Ransomware geredet. Konkret wollten wir wissen, welche Antworten Object First auf die damit einher…