Tag: software
-
Inside Ink Dragon
Tags: softwareCheck Point Software Technologies warnt vor der zunehmenden Aktivität der staatlich geprägten Gruppe Ink Dragon, die kompromittierte Systeme nicht nur als Ziel nutzt, sondern sie gezielt in ein verdecktes Relais-Netz einbindet, um weitere Operationen zu steuern und auszubauen. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/inside-ink-dragon
-
Senate Intel Chair Warns of Open-Source Security Risks
Top Lawmaker Urges White House to Review Foreign Influence in Open-Source Code. A top Republican in the U.S. Senate warned the White House that foreign adversaries are exploiting trusted open-source software used across federal networks and defense systems, urging the National Cyber Director to lead efforts to monitor contributors and reduce supply chain risk. First…
-
Apache Log4j Flaw Enables Interception of Sensitive Logging Data
The Apache Software Foundation has released a critical security update for its widely used Log4j logging library. A newly discovered vulnerability, tracked as CVE-2025-68161, allows attackers to intercept or redirect sensitive log data by exploiting a flaw in how the software establishes secure connections. The issue specifically affects the >>Socket Appender
-
NDSS 2025 PowerRadio: Manipulate Sensor Measurement Via Power GND Radiation
Session 6C: Sensor Attacks Authors, Creators & Presenters: Yan Jiang (Zhejiang University), Xiaoyu Ji (Zhejiang University), Yancheng Jiang (Zhejiang University), Kai Wang (Zhejiang University), Chenren Xu (Peking University), Wenyuan Xu (Zhejiang University) PAPER NDSS 2025 – PowerRadio: Manipulate Sensor Measurement Via Power GND Radiation Sensors are key components to enable various applications, e.g., home intrusion…
-
NDSS 2025 PowerRadio: Manipulate Sensor Measurement Via Power GND Radiation
Session 6C: Sensor Attacks Authors, Creators & Presenters: Yan Jiang (Zhejiang University), Xiaoyu Ji (Zhejiang University), Yancheng Jiang (Zhejiang University), Kai Wang (Zhejiang University), Chenren Xu (Peking University), Wenyuan Xu (Zhejiang University) PAPER NDSS 2025 – PowerRadio: Manipulate Sensor Measurement Via Power GND Radiation Sensors are key components to enable various applications, e.g., home intrusion…
-
OpenAI Launches GPT-5.2-Codex for Secure Coding
OpenAI has launched GPT-5.2-Codex, an agentic coding model that boosts real-world software engineering and AI-powered vulnerability research. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/openai-launches-gpt-5-2-codex-for-secure-coding/
-
Top lawmaker asks White House to address open-source software risks
The Senate Intelligence Committee’s chairman voiced concern about foreign adversaries tampering with code. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/open-source-security-tom-cotton-letter-white-house/808379/
-
Cracked Software and YouTube Videos Spread CountLoader and GachiLoader Malware
Cybersecurity researchers have disclosed details of a new campaign that has used cracked software distribution sites as a distribution vector for a new version of a modular and stealthy loader known as CountLoader.The campaign “uses CountLoader as the initial tool in a multistage attack for access, evasion, and delivery of additional malware families,” Cyderes Howler…
-
CLOP targets Gladinet CentreStack servers in large-scale extortion campaign
The Clop ransomware group is targeting Gladinet CentreStack file servers in a new large-scale extortion campaign. The Clop ransomware group is targeting Gladinet CentreStack file servers in a new large-scale extortion campaign aimed at stealing sensitive data from organizations worldwide. Gladinet CentreStack is a software platform that allows organizations to turn their existing file servers,…
-
Roundcube Flaws Let Attackers Execute Malicious Scripts
Roundcube, the widely used open-source webmail software, has officially released critical security updates to address two significant vulnerabilities in its 1.6 and 1.5 LTS (Long-Term Support) versions. These flaws could allow attackers to execute malicious scripts or expose sensitive information, posing a risk to organizations and individuals relying on the platform for email communication. The…
-
OpenAI’s GPT-5.2 Codex Boosts Agentic Coding and Cyber Vulnerability Detection
OpenAI has officially released GPT-5.2-Codex, marking a significant leap forward in AI-driven software engineering and defensive cybersecurity. Described as the most advanced >>agentic
-
AI-authored code contains worse bugs than software crafted by humans
CodeRabbit review of pull requests shows meatbags beat clankers First seen on theregister.com Jump to article: www.theregister.com/2025/12/17/ai_code_bugs/
-
HPE OneView Vulnerability Allows Remote Code Execution Attacks
Tags: attack, cloud, cve, cvss, cyber, data, flaw, infrastructure, remote-code-execution, risk, software, vulnerabilityA severe security vulnerability has been discovered in Hewlett Packard Enterprise OneView software, threatening enterprise infrastructure across data centers and hybrid cloud environments. The flaw, tracked as CVE-2025-37164, carries a maximum CVSS 3.1 severity score of 10.0, indicating critical risk requiring immediate remediation. The vulnerability permits unauthenticated remote attackers to execute arbitrary code on affected…
-
Actively Exploited ASUS Vulnerability Added to CISA’s KEV List
Tags: attack, cisa, cve, cyber, cybersecurity, exploit, infrastructure, kev, malicious, software, supply-chain, update, vulnerabilityThe Cybersecurity and Infrastructure Security Agency (CISA) has added a critical ASUS vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, signaling active exploitation in the wild. CVE-2025-59374 affects ASUS Live Update software and stems from a sophisticated supply chain compromise that embedded malicious code into legitimate software distributions. Supply Chain Attack Details The vulnerability involves…
-
Senate Intel chair urges national cyber director to safeguard against open-source software threats
Tom Cotton, R-Okla., cited Chinese and Russian involvement in open-source tech and the risks to government and defense systems. First seen on cyberscoop.com Jump to article: cyberscoop.com/tom-cotton-open-source-software-foreign-influence-national-cyber-director/
-
Senate Intel chair urges national cyber director to safeguard against open-source software threats
Tom Cotton, R-Okla., cited Chinese and Russian involvement in open-source tech and the risks to government and defense systems. First seen on cyberscoop.com Jump to article: cyberscoop.com/tom-cotton-open-source-software-foreign-influence-national-cyber-director/
-
NIS2 compliance: How to get passwords and MFA right
NIS2 puts identity and access controls under the spotlight, with weak passwords and poor authentication now a compliance risk. Specops Software explains how to align password policies and MFA with NIS2 requirements. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/nis2-compliance-how-to-get-passwords-and-mfa-right/
-
HPE OneView Flaw Rated CVSS 10.0 Allows Unauthenticated Remote Code Execution
Tags: control, cve, cvss, exploit, flaw, infrastructure, remote-code-execution, software, vulnerabilityHewlett Packard Enterprise (HPE) has resolved a maximum-severity security flaw in OneView Software that, if successfully exploited, could result in remote code execution.The critical vulnerability, assigned the CVE identifier CVE-2025-37164, carries a CVSS score of 10.0. HPE OneView is an IT infrastructure management software that streamlines IT operations and controls all systems via a First…
-
Im November 2025 sind Cyberangriffe im DACH-Raum um zehn Prozent zurückgegangen
Check Point Research (CPR), die Sicherheitsforschungsabteilung von Check Point Software Technologies hat seinen Global Threat Intelligence Report für November 2025 veröffentlicht. Der Bericht zeigt, dass Unternehmen im Laufe des vergangenen Monats weltweit durchschnittlich 2.003 Cyber-Angriffen pro Woche ausgesetzt waren. Dies entspricht einem Anstieg von drei Prozent gegenüber Oktober und einem Anstieg von vier Prozent gegenüber…
-
Why Organizations Need to Modify Their Cybersecurity Strategy for 2026
Cybersecurity planning continues to advance as organisations integrate new software, cloud platforms, and digital tools into nearly every… First seen on hackread.com Jump to article: hackread.com/organizations-modify-cybersecurity-strategy-2026/
-
Why Organizations Need to Modify Their Cybersecurity Strategy for 2026
Cybersecurity planning continues to advance as organisations integrate new software, cloud platforms, and digital tools into nearly every… First seen on hackread.com Jump to article: hackread.com/organizations-modify-cybersecurity-strategy-2026/
-
Im November 2025 sind Cyberangriffe im DACH-Raum um zehn Prozent zurückgegangen
Check Point Research (CPR), die Sicherheitsforschungsabteilung von Check Point Software Technologies hat seinen Global Threat Intelligence Report für November 2025 veröffentlicht. Der Bericht zeigt, dass Unternehmen im Laufe des vergangenen Monats weltweit durchschnittlich 2.003 Cyber-Angriffen pro Woche ausgesetzt waren. Dies entspricht einem Anstieg von drei Prozent gegenüber Oktober und einem Anstieg von vier Prozent gegenüber…
-
The Biggest Cyber Stories of the Year: What 2025 Taught Us
Tags: access, attack, authentication, awareness, banking, breach, business, ciso, cloud, compliance, container, control, cyber, cyberattack, cybersecurity, data, data-breach, email, encryption, endpoint, exploit, government, healthcare, iam, identity, incident, incident response, Internet, law, metric, mfa, monitoring, network, privacy, regulation, resilience, risk, service, software, strategy, supply-chain, technology, threat, tool, vulnerability, vulnerability-management, zero-day, zero-trustThe Biggest Cyber Stories of the Year: What 2025 Taught Us madhav Thu, 12/18/2025 – 10:30 2025 didn’t just test cybersecurity; it redefined it. From supply chains and healthcare networks to manufacturing floors and data centers, the digital world was reminded of a simple truth: everything is connected, and everything is at risk. Data Security…
-
HPE warns of maximum severity RCE flaw in OneView software
Hewlett Packard Enterprise (HPE) has patched a maximum-severity vulnerability in its HPE OneView software that enables attackers to execute arbitrary code remotely. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/hpe-warns-of-maximum-severity-rce-flaw-in-oneview-software/
-
Cisco AsyncOS 0-Day Allows Remote Execution of System Commands
Cisco Talos has uncovered an active campaign exploiting a zero-day vulnerability in Cisco AsyncOS Software, affecting Cisco Secure Email Gateway and Cisco Secure Email and Web Manager. The security flaw enables attackers to execute system-level commands remotely and deploy sophisticated backdoors on compromised systems. The threat actor behind this campaign, tracked as UAT-9686, is assessed…
-
Cisco AsyncOS 0-Day Allows Remote Execution of System Commands
Cisco Talos has uncovered an active campaign exploiting a zero-day vulnerability in Cisco AsyncOS Software, affecting Cisco Secure Email Gateway and Cisco Secure Email and Web Manager. The security flaw enables attackers to execute system-level commands remotely and deploy sophisticated backdoors on compromised systems. The threat actor behind this campaign, tracked as UAT-9686, is assessed…

