Tag: software
-
NIS2 umsetzen ohne im Papierkrieg zu enden
Tags: access, ai, compliance, control, cyberattack, detection, encryption, germany, iam, identity, incident response, infrastructure, least-privilege, mail, monitoring, nis-2, resilience, sbom, service, siem, soc, software, startup, update, vulnerability, vulnerability-managementDie EU-Richtline NIS2 ist in Deutschland am 06. Dezember 2025 in Kraft getreten. Dieser Beitrag zeigt, wie sich mit DevSecOps ein Großteil der Pflichtarbeit automatisieren lässt.NIS2 ist symbolisch für das Kernproblem europäischer Richtlinien und Verordnungen: Sie erzeugen unnötigen Papierkrieg und entfalten ihre Wirkung zu selten. Sei es das Lieferkettengesetz, die DSGVO”‘Folgenabschätzungen oder das IT”‘Sicherheitsgesetz sie haben…
-
40 000 PhishingMails als Sharepoint- und E-Signing-Dienste getarnt
Check Point Software Technologies ist einer neuen Welle von Betrügereien im Finanzbereich auf der Spur. Mimecast wurde dabei für Phishing-Betrügereien missbraucht, um die Fälschungen legitim erscheinen zu lassen. Auch Docusign musste für die Cyber-Kriminellen als Deckmantel herhalten. Bei diesem Vorfall versendeten die Cyber-Kriminellen in den letzten zwei Wochen über 40 000 Phishing-E-Mails an etwa 6100…
-
NIS2 umsetzen ohne im Papierkrieg zu enden
Tags: access, ai, compliance, control, cyberattack, detection, encryption, germany, iam, identity, incident response, infrastructure, least-privilege, mail, monitoring, nis-2, resilience, sbom, service, siem, soc, software, startup, update, vulnerability, vulnerability-managementDie EU-Richtline NIS2 ist in Deutschland am 06. Dezember 2025 in Kraft getreten. Dieser Beitrag zeigt, wie sich mit DevSecOps ein Großteil der Pflichtarbeit automatisieren lässt.NIS2 ist symbolisch für das Kernproblem europäischer Richtlinien und Verordnungen: Sie erzeugen unnötigen Papierkrieg und entfalten ihre Wirkung zu selten. Sei es das Lieferkettengesetz, die DSGVO”‘Folgenabschätzungen oder das IT”‘Sicherheitsgesetz sie haben…
-
Why bug bounty schemes have not led to secure software
Computer Weekly speaks to Katie Moussouris, security entrepreneur and bug bounty pioneer, about the life of security researchers, bug bounties and the artificial intelligence revolution First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366636232/Why-bug-bounty-schemes-have-not-led-to-secure-software
-
Die Top Software Testing Trends für 2026: Wie verändert KI Entwicklung und Qualitätssicherung?
Künstliche Intelligenz wird 2026 zum dominierenden Thema in der Software-Entwicklung und Qualitätssicherung. Nachdem Unternehmen erste Erfahrungen gesammelt haben, suchen sie jetzt nach Möglichkeiten, um wirkliche Kosten- und Produktivitätsvorteile zu erzielen. Roman Zednik, Field CTO bei Tricentis, zeigt, wo im kommenden Jahr die größten Potenziale liegen und warum menschliche Kontrolle unverzichtbar ist. Risikobasiertes Testing löst… First…
-
Warnung von Apache vor kritischer Schwachstelle in Tika-Modul
Zum 4. Dezember 2025 haben die Apache-Software-Foundation vor einer kritischer Schwachstelle im Tika-Modul gewarnt. Der Schwachstelle CVE-2025-66516 wurde ein CVSS-Score von 10.0 (höchster Wert) zugewiesen. Tika erkennt und extrahiert Metadaten aus über 1.000 verschiedenen Dateiformaten. In der Mitteilung CVE-2025-66516: Apache Tika … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/12/07/warnung-von-apache-vor-kritischer-schwachstelle-in-tika-modul/
-
Apache Issues Max-Severity Tika CVE After Patch Miss
The Apache Software Foundation’s earlier fix for a critical Tika flaw missed the full scope of the vulnerability, prompting an updated advisory and CVE. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/apache-max-severity-tika-cve-patch-miss
-
Apache Issues Max-Severity Tika CVE After Patch Miss
The Apache Software Foundation’s earlier fix for a critical Tika flaw missed the full scope of the vulnerability, prompting an updated advisory and CVE. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/apache-max-severity-tika-cve-patch-miss
-
Apache Issues Max-Severity Tika CVE After Patch Miss
The Apache Software Foundation’s earlier fix for a critical Tika flaw missed the full scope of the vulnerability, prompting an updated advisory and CVE. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/apache-max-severity-tika-cve-patch-miss
-
When it comes to security resilience, cheaper isn’t always better
Tags: access, attack, authentication, breach, business, cctv, cio, ciso, cloud, control, cyber, cybersecurity, data, data-breach, defense, encryption, exploit, government, hacker, healthcare, incident, incident response, jobs, leak, malicious, metric, mfa, monitoring, ransomware, RedTeam, resilience, risk, risk-management, saas, service, soc, software, threat, tool, update, vpn, vulnerability, vulnerability-management, zero-trustThe hidden trade-offs with resilience: Savings don’t erase risk. They shift it. What looks efficient today becomes exposed tomorrow. Cyber resilience is often the first casualty.Supply chain fragility: Cyber threats thrive on concentration. When procurement consolidates digital services into a single provider to save money, a single breach can have a ripple effect across your…
-
When it comes to security resilience, cheaper isn’t always better
Tags: access, attack, authentication, breach, business, cctv, cio, ciso, cloud, control, cyber, cybersecurity, data, data-breach, defense, encryption, exploit, government, hacker, healthcare, incident, incident response, jobs, leak, malicious, metric, mfa, monitoring, ransomware, RedTeam, resilience, risk, risk-management, saas, service, soc, software, threat, tool, update, vpn, vulnerability, vulnerability-management, zero-trustThe hidden trade-offs with resilience: Savings don’t erase risk. They shift it. What looks efficient today becomes exposed tomorrow. Cyber resilience is often the first casualty.Supply chain fragility: Cyber threats thrive on concentration. When procurement consolidates digital services into a single provider to save money, a single breach can have a ripple effect across your…
-
Marquis Software Breach Affects Over 780,000 Nationwide
A data breach at Marquis Software Solutions due to a firewall flaw has affected over 780,000 people across the US First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/marquis-software-breach/
-
Kritische Lücke in OpenAI Codex CLI: Unsichtbarer Lieferketten-Angriff gefährdete Entwickler weltweit
Die Security-Forscher von Check Point Research (CPR), der Analyseabteilung von Check Point Software Technologies Ltd. (NASDAQ: CHKP), haben eine schwerwiegende Verwundbarkeit im Command-Line-Tool OpenAI Codex CLI entdeckt. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/kritische-luecke-in-openai-codex-cli-unsichtbarer-lieferketten-angriff-gefaehrdete-entwickler-weltweit/a43095/
-
Russian police bust bank-account hacking gang that used NFCGate-based malware
Russian police said they took down a multimillion-dollar cybercrime operation that used malware based on a legitimate software tool to take over individuals’ bank accounts. First seen on therecord.media Jump to article: therecord.media/russian-police-bust-banking-hackers-nfcgate-based-malware
-
Schwachstelle in OpenAI-Codex-CLI ermöglicht kritische Remote-Code-Execution
Die Sicherheitsforscher von Check Point Research (CPR), der IT-Forensik von Check Point Software Technologies, haben eine schwerwiegende Schwachstelle in OpenAI-Codex-CLI entdeckt. Dabei handelt es sich um das Command-Line-Tool von OpenAI, das KI-gestützte Programmierfunktionen direkt in Entwickler-Workflows integriert. Die Schwachstelle ermöglichte Remote-Code-Execution (RCE) allein durch das Öffnen eines manipulierten Projektordners und ohne Interaktion oder Zustimmung des…
-
Hackers Target Developers Using Malicious VS Code and Cursor AI Extensions
Visual Studio Code and AI-powered IDEs such as Cursor AI and Windsurf are emerging as one of the most critical and overlooked attack surfaces in the modern software supply chain. Installed on millions of developer machines worldwide, these tools often run with access to source code, secrets, and production credentials. New research shows that compromising…
-
Hackers Target Developers Using Malicious VS Code and Cursor AI Extensions
Visual Studio Code and AI-powered IDEs such as Cursor AI and Windsurf are emerging as one of the most critical and overlooked attack surfaces in the modern software supply chain. Installed on millions of developer machines worldwide, these tools often run with access to source code, secrets, and production credentials. New research shows that compromising…
-
Hackers Target Developers Using Malicious VS Code and Cursor AI Extensions
Visual Studio Code and AI-powered IDEs such as Cursor AI and Windsurf are emerging as one of the most critical and overlooked attack surfaces in the modern software supply chain. Installed on millions of developer machines worldwide, these tools often run with access to source code, secrets, and production credentials. New research shows that compromising…
-
Offensive security takes center stage in the AI era
Tags: ai, attack, automation, business, ciso, control, credentials, cyber, cybersecurity, data, defense, detection, encryption, framework, hacker, hacking, incident response, intelligence, malicious, offense, phishing, RedTeam, regulation, risk, skills, software, strategy, tactics, technology, threat, tool, vulnerability, vulnerability-management, windowsRed teaming, where ethical hackers simulate real-world attacks to test detection and response capabilities. Red teams aim to emulate threat actors by using stealthy tactics to bypass controls and achieve objectives such as data exfiltration or privilege escalation.Adversary emulation, where security pros re-create known threat actor tactics, techniques, and procedures (TTPs) based on threat intelligence…
-
Offensive security takes center stage in the AI era
Tags: ai, attack, automation, business, ciso, control, credentials, cyber, cybersecurity, data, defense, detection, encryption, framework, hacker, hacking, incident response, intelligence, malicious, offense, phishing, RedTeam, regulation, risk, skills, software, strategy, tactics, technology, threat, tool, vulnerability, vulnerability-management, windowsRed teaming, where ethical hackers simulate real-world attacks to test detection and response capabilities. Red teams aim to emulate threat actors by using stealthy tactics to bypass controls and achieve objectives such as data exfiltration or privilege escalation.Adversary emulation, where security pros re-create known threat actor tactics, techniques, and procedures (TTPs) based on threat intelligence…
-
Malicious Go Packages Impersonate Google’s UUID Library to Steal Sensitive Data
A hidden danger has been lurking in the Go programming ecosystem for over four years. Security researchers from the Socket Threat Research Team have discovered two malicious software packages that impersonate popular Google tools. These fake packages, designed to trick busy developers, have been quietly stealing data since May 2021. The malicious packages are identified…
-
Malicious Go Packages Impersonate Google’s UUID Library to Steal Sensitive Data
A hidden danger has been lurking in the Go programming ecosystem for over four years. Security researchers from the Socket Threat Research Team have discovered two malicious software packages that impersonate popular Google tools. These fake packages, designed to trick busy developers, have been quietly stealing data since May 2021. The malicious packages are identified…
-
Rust Code Delivers Better Security, Also Streamlines DevOps
Software teams at Google and other Rust adopters see safer code when using the memory-safe language, and also fewer rollbacks and less code review. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/rust-code-delivers-better-security-streamlines-devops
-
Criminal IP to Host Webinar: Beyond CVEs From Visibility to Action with ASM
Torrance, California, USA, December 5th, 2025, CyberNewsWire Criminal IP will host a live webinar on December 16 at 11:00 AM Pacific Time (PT), focusing on the shift in cyberattack strategies. The session will examine how an increasing number of incidents now originate from exposed digital assets, rather than from known software vulnerabilities. As organizations rapidly…
-
Warning: React2Shell vulnerability already being exploited by threat actors
Tags: ai, application-security, attack, china, cloud, communications, credentials, data, data-breach, exploit, firewall, framework, group, infosec, intelligence, linux, malicious, malware, open-source, service, software, threat, tool, update, vulnerability, wafSystem.Management.Automation.AmsiUtils.amsiInitFailed = true (a standard AMSI bypass), and iex executes the next stage.JFrog’s security research team also today reported finding a working proof of concept that leads to code execution, and they and others have also reported finding fake PoCs containing malicious code on GitHub. “Security teams must verify sources before testing [these PoCs],” warns JFrog.Amitai Cohen, attack…
-
More evidence your AI agents can be turned against you
Aikido found that AI coding tools from Google, Anthropic, OpenAI and others regularly embed untrusted prompts into software development workflows. First seen on cyberscoop.com Jump to article: cyberscoop.com/ai-coding-tools-can-be-turned-against-you-aikido-github-prompt-injection/
-
Veeam und HPE erweitern strategische Partnerschaft und stellen Datensicherung der nächsten Generation vor
Veeam Software gab auf der HPE-Discover in Barcelona einen neuen Meilenstein in seiner strategischen Allianz mit HPE bekannt. Aufbauend auf der Partnerschaft zu Beginn dieses Jahres bringen HPE und Veeam nun integrierte Lösungen auf den Markt, die Unternehmen eine stark vereinfachte Datenresilienz ermöglichen. ‘Vertrauen, Resilienz und Verfügbarkeit sind die neue Währung der Geschäftswelt”, sagte John…
-
15 years in, zero trust remains elusive, with AI rising to complicate the challenge
Legacy systems that weren’t designed for zero trust principles,Fragmented identity and access tools that make unified enforcement difficult, andCultural and organizational resistance to changing long-standing trust models.Kyle Wickert, field CTO at AlgoSec, says zero trust remains one of the most misunderstood transformations in cybersecurity.”Many organizations still hesitate to pursue it because they associate zero trust…
-
Die wichtigsten Trends im Bereich der physischen Sicherheit für das Jahr 2026
Unternehmen werden sich auf Flexibilität, verantwortungsbewusste KI und einheitliche, vernetzte Systeme konzentrieren, um die Sicherheit und die Betriebsleistung zu verbessern. Genetec, Anbieter von Software für die physische Sicherheit, hat seine wichtigsten Prognosen für die physische Sicherheitsbranche im Jahr 2026 vorgestellt. Auswahl und Flexibilität werden die nächste Phase der Cloud-Einführung bestimmen Im Jahr 2026… First seen…
-
Die wichtigsten Trends im Bereich der physischen Sicherheit für das Jahr 2026
Unternehmen werden sich auf Flexibilität, verantwortungsbewusste KI und einheitliche, vernetzte Systeme konzentrieren, um die Sicherheit und die Betriebsleistung zu verbessern. Genetec, Anbieter von Software für die physische Sicherheit, hat seine wichtigsten Prognosen für die physische Sicherheitsbranche im Jahr 2026 vorgestellt. Auswahl und Flexibilität werden die nächste Phase der Cloud-Einführung bestimmen Im Jahr 2026… First seen…

