Tag: software
-
Cyberangriffe 2025: Deutschland besonders betroffen
Der aktuelle Cyber Security Report 2026 von Check Point Software Technologies zeichnet ein klares Bild: Unternehmen weltweit sind zunehmend Ziel automatisierter und KI-gesteuerter Angriffe. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/cyberangriffe-2025-deutschland
-
Cyberangriffe 2025: Deutschland besonders betroffen
Der aktuelle Cyber Security Report 2026 von Check Point Software Technologies zeichnet ein klares Bild: Unternehmen weltweit sind zunehmend Ziel automatisierter und KI-gesteuerter Angriffe. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/cyberangriffe-2025-deutschland
-
Trump Administration Rescinds Biden-Era SBOM Guidance
Federal agencies will no longer be required to solicit software bills of material (SBOMs) from tech vendors, nor attestations that they comply with NIST’s Secure Software Development Framework (SSDF). What that means long term is unclear. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/trump-administration-rescinds-biden-era-sbom-guidance
-
Report: Open Source Malware Instances Increased 73% in 2025
ReversingLabs this week published a report that finds there was a 73% increase in the number of malicious open source packages discovered in 2025 compared with the previous year. More than 10,000 malicious open source packages were discovered, most of which involved node package managers (npms) that cybercriminals were using to compromise software supply chains……
-
Federal pivot on software security oversight could complicate vendor strategies
Software companies cheered the elimination of a government-wide attestation mandate. What comes next could be messy. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/white-house-software-security-attestation-elimination/810765/
-
Marquis blames ransomware breach on SonicWall cloud backup hack
Marquis Software Solutions, a Texas-based financial services provider, is blaming a ransomware attack that impacted its systems and affected dozens of U.S. banks and credit unions in August 2025 on a security breach reported by SonicWall a month later. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/marquis-blames-ransomware-breach-on-sonicwall-cloud-backup-hack/
-
Top 7 Threat Intelligence Platforms Software
Threat intelligence platforms help analyze and share cyber threat data. Discover top TIPs , their features, use cases, and comparisons. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/products/threat-intelligence-platforms/
-
eScan Antivirus Update Server Breached to Deliver Malicious Software Updates
MicroWorld Technologies’ eScan antivirus platform fell victim to a sophisticated supply chain attack on January 20, 2026, when threat actors compromised legitimate update infrastructure to distribute multi-stage malware to enterprise and consumer endpoints worldwide. Security researchers immediately alerted the vendor, which isolated the affected infrastructure within one hour and took its global update system offline…
-
Malicious Google Ads Target Mac Users with Fake Mac Cleaner Pages
Mac users searching for software on Google or other search engines should be extra careful. First seen on hackread.com Jump to article: hackread.com/malicious-google-ads-mac-fake-mac-cleaner/
-
EU’s answer to CVE solves dependency issue, adds fragmentation risks
Tags: access, ai, china, cisco, cve, cyber, cybersecurity, data, dos, exploit, finance, governance, grc, infrastructure, intelligence, international, nvd, open-source, risk, service, software, threat, tool, vulnerability, vulnerability-managementCoordinated disclosure: Nik Kale, principal engineer and product architect at Cisco Systems, says GCVE’s main challenge comes from building a platform that the security community can rely on for coordinated disclosure and remediation.”Viability depends far more on governance than on the data itself,” Kale says. “That includes clear attribution rules, transparent CNA processes, predictable decision-making,…
-
Armoury Crate: Windows 11 blockiert Software für Xbox-Handheld
Das Feature Smart App Control sieht die Treibersoftware von Asus nach einem Update als schädlich an und blockiert die Installation. First seen on golem.de Jump to article: www.golem.de/news/armoury-crate-windows-11-blockiert-software-fuer-xbox-handheld-2601-204752.html
-
NIST’s AI guidance pushes cybersecurity boundaries
Tags: access, ai, ciso, control, cybersecurity, data, defense, exploit, framework, intelligence, nist, risk, risk-assessment, software, threatThe limits of ‘AI is just software’: NIST’s instinct to frame AI as an extension of traditional software allows organizations to reuse familiar concepts, risk assessment, access control, logging, defense in depth, rather than starting from zero. Workshop participants repeatedly emphasized that many controls do transfer, at least in principle.But some experts argue that the…
-
SolarWinds, again: Critical RCE bugs reopen old wounds for enterprise security teams
Tags: access, attack, authentication, awareness, breach, cisco, control, credentials, cve, cybersecurity, data, exploit, flaw, fortinet, infrastructure, malicious, programming, radius, rce, remote-code-execution, software, threat, update, vulnerabilityRemote code execution and data deserialization vulnerabilities CVE-2025-40551 (critical) and CVE-2025-40553 (critical);Authentication and bypass security flaws CVE-2025-40552 (critical), CVE-2025-40554 (critical), CVE-2025-40536 (high), and CVE-2025-40537 (high).CVE-2025-40551 and CVE-2025-40553 make WHD susceptible to untrusted data deseralization that could allow attackers to run commands on the host machine. The flaw could be exploited without authentication.The other two critical…
-
Government’s new approach to software security oversight could complicate things for vendors
Software companies cheered the elimination of a government-wide attestation mandate. What comes next could be messy. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/white-house-software-security-attestation-elimination/810765/
-
Idis Surveillance Management Software Vulnerable to Hacking
Web-Based Client on Local Host Didn’t Sanitize Inputs. Video camera surveillance management software made by South Korean manufacturer Idis is susceptible to a one-click attack giving hackers the power to execute arbitrary code. The vulnerability allows an attacker to escalate beyond the browser sandbox and achieve code execution on the host. First seen on govinfosecurity.com…
-
Why RAMS Software Is Becoming Essential for Construction Safety and Compliance
Digital RAMS software helps construction teams manage risk assessments, method statements, and safety compliance across sites with real-time access. First seen on hackread.com Jump to article: hackread.com/rams-software-essential-construction-safety-compliance/
-
Critical IDIS IP Camera Vulnerability Allows Full Computer Compromise with One-Click Exploit
Tags: cctv, cloud, computer, cyber, exploit, remote-code-execution, software, vulnerability, windowsA critical vulnerability in IDIS Cloud Manager (ICM) Viewer exposes organizations using IDIS IP cameras to one-click remote code execution (RCE), potentially allowing attackers to compromise Windows systems used to monitor video surveillance fully. IDIS, a South Koreabased global video surveillance vendor, offers an end-to-end ecosystem comprising IP cameras, NVRs, video management software, and a…
-
GoTo Resolve Tool’s Background Activities Compared to Ransomware Tactics
New research from Point Wild’s Lat61 team reveals how the HEURRemoteAdmin.GoToResolve.gen tool allows silent, unattended access to PCs. Learn why this legitimate remote administration software is being flagged as a security risk and its surprising connection to ransomware tactics. First seen on hackread.com Jump to article: hackread.com/goto-resolve-activities-ransomware-tactics/
-
Apple Issues Urgent Software Fix Affecting Over 2 Billion iPhones
Apple released urgent iOS updates, including iOS 12.5.8 for older iPhones, after emergency-call issues in Australia and a 2027 certificate deadline. The post Apple Issues Urgent Software Fix Affecting Over 2 Billion iPhones appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-apple-urgent-iphone-software-update-january-2026/
-
Hackers Exploit SEO Poisoning to Target Users Seeking Legitimate Tools
Search engine optimization (SEO) poisoning techniques to trick users into downloading malicious software disguised as legitimate tools. This attack campaign involves manipulating search results to promote fake repositories and archives containing BAT executable files that impersonate popular applications. Once users execute these files, the malware establishes contact with command-and-control (C2) servers to deliver secondary payloads,…
-
Microsoft illegally installed cookies on schoolkid’s tech, data protection ruling finds
Austrian education ministry unaware of tracking software until campaigners launched case First seen on theregister.com Jump to article: www.theregister.com/2026/01/27/microsft_illegally_installed_cookies_ruling_austra_school/
-
Digitale Souveränität: Frankreich löst sich von Zoom und MS Teams
Tags: softwareUm von Software aus Drittstaaten unabhängig zu werden, führt Frankreich die heimische Videokonferenzplattform Visio für alle Behörden ein. First seen on golem.de Jump to article: www.golem.de/news/digitale-souveraenitaet-frankreich-loest-sich-von-zoom-und-ms-teams-2601-204666.html
-
OMB rescinds ‘burdensome’ Biden-era secure software memo
Russell Vought’s updated memo using a common attestation form voluntary. A critic told CyberScoop it’s the “first major policy step back” on cybersecurity under Trump. First seen on cyberscoop.com Jump to article: cyberscoop.com/omb-rescinds-burdensome-biden-era-secure-software-memo/
-
NDSS 2025 all your (data)base are belong to us: Characterizing Database Ransom(ware) Attacks
Tags: attack, authentication, conference, credentials, finance, group, Internet, network, ransom, ransomware, softwareSession 10B: Ransomware Authors, Creators & Presenters: Kevin van Liebergen (IMDEA Software Institute), Gibran Gomez (IMDEA Software Institute), Srdjan Matic (IMDEA Software Institute), Juan Caballero (IMDEA Software Institute) PAPER all your (data)base are belong to us: Characterizing Database Ransom(ware) Attacks We present the first systematic study of database ransom(ware) attacks, a class of attacks where…
-
NDSS 2025 ERW-Radar
Tags: antivirus, china, conference, defense, detection, Internet, malicious, network, ransomware, softwareAuthors, Creators & Presenters: Lingbo Zhao (Institute of Information Engineering, Chinese Academy of Sciences), Yuhui Zhang (Institute of Information Engineering, Chinese Academy of Sciences), Zhilu Wang (Institute of Information Engineering, Chinese Academy of Sciences), Fengkai Yuan (Institute of Information Engineering, CAS), Rui Hou (Institute of Information Engineering, Chinese Academy of Sciences) PAPER ERW-Radar: An Adaptive…
-
CISA Releases List of Post-Quantum Cryptography Product Categories
CISA released initial list of PQC-capable hardware and software to guide companies amid quantum threats First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/cisa-post-quantum-cryptography/
-
New DPRK Interview Campaign Uses Fake Fonts to Deliver Malware
A dangerous new iteration of the >>Contagious Interview<< campaign that weaponizes Microsoft Visual Studio Code task files to distribute sophisticated malware targeting software developers. This campaign, which began over 100 days ago, has intensified dramatically in recent weeks with 17 malicious GitHub repositories identified across 11 distinct attack variants. North Korean threat actors linked to…
-
New DPRK Interview Campaign Uses Fake Fonts to Deliver Malware
A dangerous new iteration of the >>Contagious Interview<< campaign that weaponizes Microsoft Visual Studio Code task files to distribute sophisticated malware targeting software developers. This campaign, which began over 100 days ago, has intensified dramatically in recent weeks with 17 malicious GitHub repositories identified across 11 distinct attack variants. North Korean threat actors linked to…
-
SyncFuture Campaign Abuses Enterprise Security Tools to Deploy Malware
A sophisticated, multi-stage espionage campaign targeting Indian residents through phishing emails impersonating the Income Tax Department. The attack chain, tracked as the >>SyncFuture Espionage Campaign,<< weaponizes legitimate enterprise security software as its final payload, demonstrating how threat actors repurpose trusted commercial tools to establish persistent, undetectable access to victim systems."‹ The campaign begins with targeted…