Tag: software
-
Cybersicherheit: Vier kritische Bedrohungen erfordern dringenden Handlungsbedarf
Mehrschichtige Sicherheitsstrategien können helfen, Bedrohungen durch Prompt-Injection-Angriffe, Deepfakes und Kompromittierung von KI-Anwendungen und Software-Lieferketten abzuwehren. Gartner, ein Unternehmen für Wirtschafts- und Technologieanalysen, hat vier kritische und schwer vorhersehbare Bedrohungen identifiziert, bei denen Angreifer derzeit einen deutlichen Vorteil haben und Schwachstellen in Unternehmen besonders erfolgreich ausnutzen können. Dazu zählen Deepfakes, die Kompromittierung von KI-Anwendungen, Prompt-Injection-Angriffe… First…
-
Project Glasswing Grows as Anthropic Extends Claude Mythos Preview Program
Anthropic has expanded its Project Glasswing initiative, significantly scaling access to its Claude Mythos Preview model as part of a broader effort to strengthen global software security. The program, first launched in April 2026 with around 50 organizations, has now grown to include approximately 200 partners worldwide, marking a major shift in how artificial intelligence…
-
6 Best IT Asset Management (ITAM) Software in 2026
Find the perfect IT asset management solution for your business needs in 2026. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/products/it-asset-management-software/
-
7 Best Vulnerability Scanning Tools Software in 2026
Compare the top vulnerability scanners in 2026. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/networks/vulnerability-scanning-tools/
-
Russia claims foreign spy agencies hacked officials’ phones
In a statement, Russia’s Federal Security Service (FSB) said it had uncovered what it described as a “large-scale operation” involving malicious software installed on the mobile devices of senior Russian officials. First seen on therecord.media Jump to article: therecord.media/russia-claims-foreign-spy-agencies-hacked-gov-officials
-
Red Hat removes tainted packages after software pipeline compromise
According to the company’s preliminary analysis, a compromised GitHub account was used to push the malicious code out to customers, hitting 32 packages downloaded roughly 117,000 times a week. First seen on therecord.media Jump to article: therecord.media/red-hat-removes-tainted-packages-after-software-pipeline-compromise
-
Foreign Spyware Found on Phones of Top Russian Officials
Russian authorities have disclosed a suspected large-scale cyber espionage operation targeting the mobile devices of senior government officials, raising fresh concerns over advanced spyware campaigns and mobile surveillance threats. The Federal Security Service (FSB) announced on Tuesday that it had identified and disrupted an alleged effort by foreign intelligence agencies to deploy malicious software on…
-
KDE Linux security audit cuts kernel modules and unused packages
KDE Linux, the in-progress operating system from the KDE community, removed several kernel modules and software packages after a security audit of the components shipped with … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/06/02/kde-linux-security-audit-update/
-
Red Hat Cloud Services npm Packages Hijacked in Credential-Theft Malware Campaign
A large-scale software supply chain attack has compromised multiple official npm packages under the @redhat-cloud-services scope, exposing thousands of developers and CI/CD environments to credential theft. Security researchers at Aikido confirmed that 96 malicious versions across 32 packages were published on June 1, 2026, with combined weekly downloads exceeding 116,000. Red Hat Cloud Services npm…
-
Red Hat Cloud Services npm Packages Hijacked in Credential-Theft Malware Campaign
A large-scale software supply chain attack has compromised multiple official npm packages under the @redhat-cloud-services scope, exposing thousands of developers and CI/CD environments to credential theft. Security researchers at Aikido confirmed that 96 malicious versions across 32 packages were published on June 1, 2026, with combined weekly downloads exceeding 116,000. Red Hat Cloud Services npm…
-
Why Firms Struggle With Vendor Security After They Sign
Study: Monitoring Vendor Risk Remains Much Harder Than Onboarding Third Parties. Healthcare organizations are getting better vetting third-party vendors, including suppliers of medical devices, software and other products. But once these vendors are on board, healthcare firms still struggle with monitoring their security posture and ensuring they keep their promises. First seen on govinfosecurity.com Jump…
-
MegadolonKampagne erschüttert Software-Lieferkette
Tausende Github-Repositorys wurden mit Malware infiziert, die Anmeldedaten stiehlt. Die neueste Bedrohungskampagne von Megadolon erschüttert die ohnehin schon stark belastete Software-Lieferkette. Ein Kommentar von Shane Barney, CISO von Keeper Security <<Die Megalodon-Kampagne zeigt, wo das Risiko in der Software-Lieferkette tatsächlich liegt. Innerhalb von nur sechs Stunden schoben Angreifer bösartige Commits in über 5.500 Github-Repositorys ein…
-
The Security Growth Platform: Why MSPs Are Moving Beyond vCISO Tools
Three years ago, the practical question for an MSP building a cybersecurity practice was which “vCISO platform” to buy. The term was good shorthand for the work at the time: assessments, advisory, reporting, maybe a compliance module bolted on the side. The work has since outgrown the descriptor.A Security Growth Platform is the more precise…
-
Palo Alto Warns High-Severity Bug Is Being Actively Exploited
A vulnerability in Palo Alto Networks’ PAN-OS software is being exploited in attacks First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/palo-alto-highseverity-bug/
-
Viren und Malware – Wie schützt ihr euch, wart ihr betroffen und wie kam es dazu?
Wie haltet ihr euer System frei von Viren und Malware? Nutzt ihr Software abseits des Windows Defenders? Und wart ihr schon mal betroffen? First seen on computerbase.de Jump to article: www.computerbase.de/news/apps/viren-und-malware-wie-schuetzt-ihr-euch-wart-ihr-betroffen-und-wie-kam-es-dazu.97613
-
TeamPCP Compromised LiteLLM in AI Supply Chain Attack
TeamPCP used malicious LiteLLM packages to steal AI and cloud credentials in a software supply chain attack. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/teampcp-compromised-litellm-in-ai-supply-chain-attack/
-
Socket Raises $60M for Wider Software Supply-Chain Defense
Funding at $1B Valuation Will Expand Controls Across Developer and AI Ecosystems. Socket raised $60 million in a Thrive Capital-led Series C at a $1 billion valuation to expand its supply-chain security platform beyond package managers as AI coding tools increase enterprise exposure to malicious dependencies, browser extensions and developer tooling. First seen on govinfosecurity.com…
-
Oncology Firm Says Vendor Hack Compromised Patient Data
Breach Is Among Several Recent Major Incidents Involving Billing Software Providers. A publicly traded cancer treatment firm notified investors that a yet-undisclosed number of patients’ information was compromised in a 2025 cybersecurity incident involving a third-party billing software vendor. The Oncology Institute provides cancer treatment care to nearly 2 million patients. First seen on govinfosecurity.com…
-
The AI Era Is Creating a Bug-Hunting Arms Race
As attackers ramp up their AI exploit development, the search for software vulnerabilities is changing rapidly. First seen on wired.com Jump to article: www.wired.com/story/the-ai-era-is-creating-a-bug-hunting-arms-race/
-
Claude Mythos AI Identified 10,000+ Software Vulnerabilities in One Month
Anthropic says its Claude Mythos AI identified more than 10,000 software vulnerabilities in one month, including critical flaws in open-source code. First seen on hackread.com Jump to article: hackread.com/claude-mythos-ai-vulnerabilities-one-month/
-
Anthropic: Mythos finds more than 10,000 software flaws in first month
Early results show a tenfold jump in bug discovery at some partners, and a widening gap between finding flaws and fixing them. First seen on cyberscoop.com Jump to article: cyberscoop.com/anthropic-mythos-software-flaws-glasswing/
-
Prüfung des KI-Reifegrads in Unternehmen
Veeam Software, das Unternehmen für Data- und AI-Trust, hat die Einführung seines ‘Data and AI Trust Maturity Model” bekanntgegeben. Dabei handelt es sich um ein wissenschaftlich fundiertes und von Kunden validiertes Rahmenwerk zur Prüfung des KI-Reifegrads in Unternehmen. Es hilft Unternehmen, die Effektivität ihrer KI-Steuerung und -Operationalisierung zu bewerten, zu vergleichen und zu verbessern. Denn…
-
Anthropic: Claude Mythos identified 10,000+ software flaws
Anthropic and its Project Glasswing partners have identified more than 10,000 high- or critical-severity vulnerabilities in critical software systems, the company announced in … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/05/26/anthropic-project-glasswing-update/
-
Software and services shift benefits Westcon-Comstor
Distributor shares full-year numbers as it continues to look for higher-value business and areas that deliver recurring revenues First seen on computerweekly.com Jump to article: www.computerweekly.com/microscope/news/366643572/Software-and-services-shift-benefits-Westcon-Comstor
-
Quasar RAT Hits Developers With Fileless Linux Attacks
Quasar Linux (QLNX) is a new, stealthy Linux Remote Access Trojan that quietly turns developer and DevOps workstations into high”‘value beachheads for software supply”‘chain attacks, using fileless execution, an eBPF rootkit, PAM backdoors, and a P2P C2 mesh to evade conventional defenses. Despite its name, it is unrelated to the Windows”‘focused QuasarRAT family. It is…
-
Iranian Hackers Deploy MiniFast and MiniJunk V2 via Phishing and SEO Poisoning
The Iranian state-sponsored threat actor known as Nimbus Manticore (aka Screening Serpens and UNC1549) has been attributed to a fresh campaign using lures impersonating organizations in the aviation and software sectors across the U.S., Europe, and the Middle East following the joint U.S.-Israeli military campaign against the country in late February 2026.The activity, besides embracing…
-
Megalodon Supply Chain Attack Hits 5,500+ GitHub Repositories in Six Hours
A large-scale software supply chain attack dubbed “Megalodon” has compromised more than 5,500 repositories on GitHub, raising fresh concerns about the growing abuse of automated development pipelines and GitHub Actions workflows. The incident, uncovered by SafeDep, involved thousands of malicious commits that injected credential-stealing payloads into repositories over a short period of time. First seen…
-
Megalodon Supply Chain Attack Hits 5,500+ GitHub Repositories in Six Hours
A large-scale software supply chain attack dubbed “Megalodon” has compromised more than 5,500 repositories on GitHub, raising fresh concerns about the growing abuse of automated development pipelines and GitHub Actions workflows. The incident, uncovered by SafeDep, involved thousands of malicious commits that injected credential-stealing payloads into repositories over a short period of time. First seen…
-
Third-Party Cyberattack Impacts Patient Information at The Oncology Institute
The Oncology Institute disclosed a data breach tied to a third-party vendor, potentially exposing patient information after a 2025 cyberattack. The Oncology Institute has confirmed that patient information was impacted in a cybersecurity incident involving a third-party software provider. The healthcare network first disclosed the security breach in November 2025 while the vendor’s investigation was…
-
The AI Era Is Creating a Bug Hunting Arms Race
As attackers ramp up their AI exploit development, the search for software vulnerabilities is changing rapidly. First seen on wired.com Jump to article: www.wired.com/story/the-ai-era-is-creating-a-bug-hunting-arms-race/

