Tag: software
-
Cyber-Betrüger bauen komplette Schein-Investoren-Community um ihre Opfer herum auf
Sicherheitsforscher von Check Point warnen vor einer neuen Masche, bei der Betrüger eine vollständig gefälschte Investoren-Community erschaffen, um Opfer zu berauben samt Anleger-App, Experten, und Chatrooms. Als Wirkverstärker kommt KI zum Einsatz. Die Experten sprechen sogar von industrialisiertem Social-Engineering. Die verseuchte App ist sogar noch im Apple-App-Store verfügbar. Check Point Software Technologies rät zur […]…
-
Cyber-Betrüger bauen komplette Schein-Investoren-Community um ihre Opfer herum auf
Sicherheitsforscher von Check Point warnen vor einer neuen Masche, bei der Betrüger eine vollständig gefälschte Investoren-Community erschaffen, um Opfer zu berauben samt Anleger-App, Experten, und Chatrooms. Als Wirkverstärker kommt KI zum Einsatz. Die Experten sprechen sogar von industrialisiertem Social-Engineering. Die verseuchte App ist sogar noch im Apple-App-Store verfügbar. Check Point Software Technologies rät zur […]…
-
Trend Micro warns of critical Apex Central RCE vulnerability
Japanese cybersecurity software firm Trend Micro has patched a critical security flaw in Apex Central (on-premise) that could allow attackers to execute arbitrary code with SYSTEM privileges. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/trend-micro-fixes-critical-rce-flaw-in-apex-central-console/
-
Welche Gefahren von geparkten Domains ausgehen
Die Forscher selbst schreiben, dass bei groß angelegten Experimenten Besucher einer geparkten Domain in über 90 Prozent der Fälle zu illegalen Inhalten, Betrugsversuchen, Scareware und Antiviren-Software-Abonnements oder Malware weitergeleitet wurden. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/welche-gefahren-von-geparkten-domains-ausgehen/a43311/
-
Funk von kritischer Infrastruktur leicht abhörbar
Viele KRITIS-Einrichtungen wie Energieversorger verzichten auf verschlüsselte Funknetze.Etliche Einrichtungen der kritischen Infrastruktur in Deutschland kommunizieren mit ungeschützter Funktechnik. Der Digitalfunk zahlreicher Haftanstalten, Flughäfen und Energieversorger lässt sich mit geringem technischen Aufwand auch aus der Ferne abhören, weil die Betreiber auf die Verschlüsselung ihrer Netze verzichten, wie die “Wirtschaftswoche” berichtet.Die AG Kritis, eine anerkannte unabhängige Arbeitsgruppe…
-
NDSS 2025 ReThink: Reveal The Threat Of Electromagnetic Interference On Power Inverters
Session 8B: Electromagnetic Attacks Authors, Creators & Presenters: Fengchen Yang (Zhejiang University; ZJU QI-ANXIN IoT Security Joint Laboratory), Zihao Dan (Zhejiang University; ZJU QI-ANXIN IoT Security Joint Laboratory), Kaikai Pan (Zhejiang University; ZJU QI-ANXIN IoT Security Joint Laboratory), Chen Yan (Zhejiang University; ZJU QI-ANXIN IoT Security Joint Laboratory), Xiaoyu Ji (Zhejiang University; ZJU QI-ANXIN IoT…
-
How AI agents are turning security inside-out
AppSec teams have spent the last decade hardening externally facing applications, API security, software supply chain risk, CI/CD controls, and cloud-native attack paths. But … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/01/09/ai-agents-appsec-risk/
-
Passkeys: An Overview
Explore a technical overview of passkeys in software development. Learn how fido2 and webauthn are changing ciam and passwordless authentication for better security. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/01/passkeys-an-overview/
-
KnowBe4 erneut Leader in G2-Winter-Grid-Reports für Security-Awareness-Training und Incident-Response
KnowBe4 wurde in den G2-Grid-Reports für Winter 2026 sowohl im Bereich Security-Awareness-Training als auch im Bereich Incident Response Software als führendes Unternehmen ausgezeichnet. Diese doppelte Auszeichnung unterstreicht den umfassenden Ansatz von KnowBe4, Unternehmen beim Management von Cyberrisiken durch Menschen und KI zu unterstützen und eine stärkere Security-Culture aufzubauen. Die G2-Grid-Reports bewerten Produkte auf der Grundlage…
-
Check Point sichert KI-Fabriken mit Nvidia
Check Point Software Technologies sichert AI-Factories mit Nvidia ab: Check-Point-AI-Cloud-Protect ist nun Teil des Nvidia-Enterprise-AI-Factory-Validated-Designs und bietet Echtzeit-Netzwerk- und Host-Sicherheit für Enterprise-AI-Deployments, ohne die Performance der KI-Systeme negativ zu beeinflussen. Das Wichtigste in Kürze: Zunehmendes Risiko: Laut Gartner waren 32 Prozent der Organisationen bereits von KI-Angriffen durch Prompt-Manipulation betroffen, 29 Prozent meldeten Angriffe auf ihre…
-
The State of Trusted Open Source
Chainguard, the trusted source for open source, has a unique view into how modern organizations actually consume open source software and where they run into risk and operational burdens. Across a growing customer base and an extensive catalog of over 1800 container image projects, 148,000 versions, 290,000 images, and 100,000 language libraries, and almost half…
-
Die wichtigsten CISO-Trends für 2026
Tags: ai, ciso, compliance, cyersecurity, group, nis-2, resilience, risk, risk-management, software, supply-chain, tool, zero-trustLesen Sie, vor welchen Herausforderungen CISOs mit Blick auf das Jahr 2026 stehen.Das Jahr 2025 war für viele CISOs herausfordernd. Anfang des Jahres wurden mit dem Digital Operational Resilience Act (DORA) alle Finanzunternehmen dazu verpflichtet, ihre Cybersicherheit zu erhöhen. Zudem mussten sich in diesem Jahr zahlreiche Unternehmen mit der NIS2-Umsetzung auseinandersetzen. Vor welchen Schwierigkeiten stehen…
-
FDA Takes Hands-Off Approach to AI Devices and Software
Agency: Guidance Favors Market Innovation Over Federal Scrutiny. New artificial intelligence-enabled health wearable devices and clinical decision support software will not face U.S. Food and Drug Administration regulatory scrutiny, providing the technology meets certain criteria, such as being low-risk, the agency said this week. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/fda-takes-hands-off-approach-to-ai-devices-software-a-30465
-
Malicious NPM Packages Deliver NodeCordRAT
IntroductionZscaler ThreatLabz regularly monitors the npm database for suspicious packages. In November 2025, ThreatLabz identified three malicious packages: bitcoin-main-lib, bitcoin-lib-js, and bip40. The bitcoin-main-lib and bitcoin-lib-js packages execute a postinstall.cjs script during installation, which installs bip40, the package that contains the malicious payload. This final payload, named NodeCordRAT by ThreatLabz, is a remote access trojan (RAT) with data-stealing capabilities. It is also possible to download bip40…
-
Malicious NPM Packages Deliver NodeCordRAT
IntroductionZscaler ThreatLabz regularly monitors the npm database for suspicious packages. In November 2025, ThreatLabz identified three malicious packages: bitcoin-main-lib, bitcoin-lib-js, and bip40. The bitcoin-main-lib and bitcoin-lib-js packages execute a postinstall.cjs script during installation, which installs bip40, the package that contains the malicious payload. This final payload, named NodeCordRAT by ThreatLabz, is a remote access trojan (RAT) with data-stealing capabilities. It is also possible to download bip40…
-
Humanthe-Loop vs Autonomous Development for Enterprise Software
Enterprise software teams are standing at a crossroads. On one side is human-in-the-loop development, where AI accelerates delivery but humans stay firmly in control. On…Read More First seen on securityboulevard.com Jump to article: https://securityboulevard.com/2026/01/human-in-the-loop-vs-autonomous-development-for-enterprise-software/
-
Black Cat Behind SEO Poisoning Malware Campaign Targeting Popular Software Searches
A cybercrime gang known as Black Cat has been attributed to a search engine optimization (SEO) poisoning campaign that employs fraudulent sites advertising popular software to trick users into downloading a backdoor capable of stealing sensitive data.According to a report published by the National Computer Network Emergency Response Technical Team/Coordination Center of China (CNCERT/CC) and…
-
Stalkerware slinger pleads guilty for selling snooper software to suspicious spouses
Tags: softwarepcTattletale boss Bryan Fleming faces up to 15 years in prison when sentenced later this year First seen on theregister.com Jump to article: www.theregister.com/2026/01/07/stalkerware_slinger_pleads_guilty/
-
Owner of Stalkerware Maker pcTattletale Pleads Guilty to Hacking
Bryan Fleming, who founded the stalkerware business pcTattletale, pleaded guilty in federal court to hacking and conspiracy charges. Investigators said he crossed the line when he started marketing the software to people who wanted to covertly plant it on the smartphones of unsuspecting victims to track their activities and movements. First seen on securityboulevard.com Jump…
-
New Veeam vulnerabilities expose backup servers to RCE attacks
Veeam released security updates to patch multiple security flaws in its Backup & Replication software, including a critical remote code execution (RCE) vulnerability. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-veeam-vulnerabilities-expose-backup-servers-to-rce-attacks/
-
Veeam Patches Critical RCE Vulnerability with CVSS 9.0 in Backup & Replication
Veeam has released security updates to address multiple flaws in its Backup & Replication software, including a “critical” issue that could result in remote code execution (RCE).The vulnerability, tracked as CVE-2025-59470, carries a CVSS score of 9.0.”This vulnerability allows a Backup or Tape Operator to perform remote code execution (RCE) as the postgres user by…
-
8 things CISOs can’t afford to get wrong in 2026
Tags: access, advisory, ai, attack, automation, awareness, breach, business, ciso, cloud, communications, compliance, control, cyber, cyberattack, cybersecurity, data, data-breach, defense, dora, encryption, finance, firmware, GDPR, healthcare, identity, incident response, india, infrastructure, injection, insurance, intelligence, iot, jobs, law, malicious, monitoring, network, privacy, ransom, regulation, resilience, risk, saas, scam, service, software, strategy, supply-chain, tactics, technology, theft, threat, tool, training, update, vulnerability, zero-trust“Identity and access controls for AI agents and AI platforms are one of the most important areas of concern for CISOs,” says Jason Stading, director at global technology research and advisory firm ISG. “Right now, permissions and access rights for AI are a black box in many areas. We will see a major push over…
-
NSFOCUS SSCS Recognized by FrostSullivan in Insights for CISOs: Challenges and Opportunities in the Software Supply Chain Security Space
Recently, the world-renowned market research firm Frost & Sullivan officially released a strategic report: Insights for CISOs: Challenges and Opportunities in the Software Supply Chain Security Space. In this report tailored for the global CISO community, NSFOCUS was featured among vendors offering Software Supply Chain Security (SSCS). The report provided an overview of NSFOCUS’s specialized…The…
-
Understanding Implicit Identity Authentication Methods
A deep dive into implicit identity authentication methods for software development, covering oauth 2.0 flows, security risks, and modern alternatives for single-page applications. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/01/understanding-implicit-identity-authentication-methods/
-
Why Palo Alto Is Eyeing a $400M Buy of Endpoint Vendor Koi
Deal Represents Return to Tuck-In M&A for Palo After 3 Multi-Billion Dollar Deals Palo Alto Networks is in talks to buy Washington D.C-based endpoint security startup Koi for $400 million. Koi is focused on securing extensions, AI models, code packages and containers, and its differentiation lies in mapping, assessing risk and govern the software landscape…
-
Founder of spyware maker pcTattletale pleads guilty to hacking and advertising surveillance software
Bryan Fleming, the founder of hacked stalkerware company pcTattletale, pleaded guilty to federal charges linked to the running of his now-defunct Michigan-based spyware company. First seen on techcrunch.com Jump to article: techcrunch.com/2026/01/06/founder-of-spyware-maker-pctattletale-pleads-guilty-to-hacking-and-advertising-surveillance-software/
-
How generative AI accelerates identity attacks against Active Directory
Generative AI is accelerating password attacks against Active Directory, making credential abuse faster and more effective. Specops Software explains how AI-driven cracking techniques exploit weak and predictable AD passwords. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/how-generative-ai-accelerates-identity-attacks-against-active-directory/
-
Threat Actors Exploit Office Assistant to Deliver Malicious Mltab Browser Plugin
A sophisticated malware campaign has been discovered exploiting Office Assistant, a widely used AI-powered productivity software in China, to distribute a malicious browser plugin that hijacks user traffic and exfiltrates sensitive information. The RedDrip Team from QiAnXin Technology’s Threat Intelligence Center uncovered this operation, which has been active since at least May 2024 and has…

