Tag: software
-
Check Point erhält BSI-C5-TypTestat für Cloud-Sicherheitslösung
Check Point Software Technologies gibt bekannt, dass es für seine Cloud-Sicherheitslösungen die BSI-C5-Typ-2-Testat erhalten hat. Die Testierung wurde vom Bundesamt für Sicherheit in der Informationstechnik (BSI) nach einer strengen Prüfung erteilt, die die Einhaltung von 114 Sicherheitskontrollen in 17 Anforderungskategorien bestätigte. BSI-C5 (Cloud Computing Compliance Criteria Catalogue) ist ein in Deutschland anerkannter Standard, der Mindestanforderungen…
-
WinRAR 0″‘Day Exploit Listed for $80K on Dark Web Forum
A sophisticated zero-day exploit targeting WinRAR, one of the world’s most popular file compression utilities, has surfaced on a dark web marketplace with a hefty price tag of $80,000. The previously unknown remote code execution (RCE) vulnerability affects both the latest and earlier versions of the widely-used software, raising significant concerns for millions of users…
-
Hacker Returns $42 Million in Stolen Crypto in Exchange for $5 Million Bounty
A security flaw in the GMX V1 software was made public, causing a significant upheaval in the decentralized finance (DeFi) ecosystem and forcing immediate action to protect user assets. GMX, a prominent perpetual futures trading platform built on blockchain technology, relies on its V1 protocol for liquidity provision through its GLP (GMX Liquidity Provider) token.…
-
Veeam ehrt die besten Partner in Deutschland
Veeam Software hat im Rahmen der jährlichen in München die Gewinner der für Deutschland bekannt gegeben. Mit diesen Auszeichnungen werden die außergewöhnlichen Leistungen und das Engagement der Partner innerhalb des Veeam-Pro-Partner-Netzwerks gewürdigt. Sie überzeugen durch erstklassige Lösungen und Support, der weit über das übliche Maß hinausgeht, und stellen damit […] First seen on netzpalaver.de Jump…
-
DeepSeek a threat to national security, warns Czech cyber agency
The AI products from Chinese company DeepSeek present unacceptable national security risks, Czechia said in banning the software from government use. First seen on therecord.media Jump to article: therecord.media/deepseek-security-czech-cyber-agency-warning
-
Identity-based attacks lead cybersecurity concerns as AI threats rise and zero trust adoption lags
Identity-based attacks have taken centre stage as the top cybersecurity concern for organisations in the coming year, according to a new survey conducted by Keeper Security at Infosecurity Europe 2025. The leading cybersecurity provider of zero-trust and zero-knowledge Privileged Access Management (PAM) software protecting passwords, passkeys, privileged accounts, secrets and remote connections, found nearly one…
-
Palo Alto Networks GlobalProtect Vulnerability Enabling Root-Level Access
Palo Alto Networks has disclosed a significant security vulnerability in its Autonomous Digital Experience Manager software that could allow attackers to gain root-level access on macOS systems. The vulnerability, tracked as CVE-2025-0139, affects versions 5.6.0 through 5.6.6 of the software and has been assigned a CVSS base score of 6.3, though the company’s internal scoring…
-
Malware-Report Juni 2025
Check Point hat seine Übersicht über Malware-Angriffe im Juni 2025 vorgelegt. Es geht dabei um Trends, welche Ransomware-Gruppen und Malware-Familien am häufigsten beobachtet werden. Der Infostealer Formbook ist für 15 Prozent aller Malware-Attacken in Deutschland verantwortlich. Sicherheitsanbieter Check Point® Software … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/07/11/malware-report-juni-2025/
-
Vibe Hacking Not Yet Possible
AI Models Mostly Fail in Full Track of Vulnerability Research to Exploit. The rise of code-illiterate but AI-enabled script kiddies able to wreak havoc by weaponizing software vulnerabilities into automated exploits, thanks to expert-level assistance from large language models, remains but a future possibility, based on exploit-writing tests of 50 LLMs. First seen on govinfosecurity.com…
-
Schneider Electric Flaws Expose Systems to OS Command Injection Attacks
Tags: advisory, attack, cyber, data, flaw, injection, monitoring, software, technology, vulnerabilitySchneider Electric, a global leader in industrial technology and sustainability, has issued a critical security notification revealing multiple vulnerabilities in its EcoStruxure IT Data Center Expert (DCE) software, a scalable monitoring solution for data center equipment. Released on July 8, 2025, under document reference SEVD-2025-189-01, the advisory details six severe flaws affecting versions 8.3 and…
-
Hackers Exploit GitHub to Distribute Malware Disguised as VPN Software
CYFIRMA has discovered a sophisticated cyberattack campaign in which threat actors are using GitHub to host and disseminate malware masquerading as genuine software. Masquerading as “Free VPN for PC” and “Minecraft Skin Changer,” these malicious payloads are designed to trick users into downloading a dangerous malware dropper named Launch.exe. Hosted on the GitHub repository github[.]com/SAMAIOEC,…
-
Why your AppSec Tool Stack Is Failing in the Age of AI
The world of software development is changing fast. AI isn’t just influencing software it’s reshaping how software is written and the components it’s made of. First, AI-generated code is accelerating development. Code is produced faster, in larger volumes, and often without the same level of review or accountability as human-written code. Second, teams are.. First…
-
FBI’s CJIS demystified: Best practices for passwords, MFA & access control
FBI’s Criminal Justice Information Services (CJIS) compliance isn’t optional when handling law enforcement data. From MFA to password hygiene, see how Specops Software helps meet FBI standards while also securing your Windows Active Directory. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/fbis-cjis-demystified-best-practices-for-passwords-mfa-and-access-control/
-
FBI’s CJIS demystified: Best practices for passwords, MFA & access control
FBI’s Criminal Justice Information Services (CJIS) compliance isn’t optional when handling law enforcement data. From MFA to password hygiene, see how Specops Software helps meet FBI standards while also securing your Windows Active Directory. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/fbis-cjis-demystified-best-practices-for-passwords-mfa-and-access-control/
-
What Security Leaders Need to Know About AI Governance for SaaS
Generative AI is not arriving with a bang, it’s slowly creeping into the software that companies already use on a daily basis. Whether it is video conferencing or CRM, vendors are scrambling to integrate AI copilots and assistants into their SaaS applications. Slack can now provide AI summaries of chat threads, Zoom can provide meeting…
-
Critical Ruckus Wireless Flaws Threaten Enterprise Wi”‘Fi Security
Tags: authentication, cyber, flaw, healthcare, network, remote-code-execution, risk, software, vulnerabilityMultiple critical vulnerabilities discovered in Ruckus Wireless management products pose severe security risks to enterprise networks, with issues ranging from authentication bypass to remote code execution that could lead to complete system compromise. The vulnerabilities affect Virtual SmartZone (vSZ) and Network Director (RND) software used to manage large-scale wireless deployments across schools, hospitals, and smart…
-
GitPhish: New Tool Automates GitHub Device Code Phishing Attacks
Security researchers revealed the dangers of GitHub Device Code Phishing”, a technique that leverages the OAuth 2.0 Device Authorization Grant flow. This method can turn a simple eight-digit code and a phone call into a full compromise of an organization’s GitHub repositories and software supply chain. Despite its simplicity, executing these attacks at scale has…
-
Global software supply chain visibility remains critically low
Only 23% of organizations are confident that they have very high visibility of their software supply chain, according to LevelBlue’s Data Accelerator. The limited visibility … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/07/10/low-global-software-supply-chain-visibility/
-
McDonald’s AI Hiring Bot Exposed Millions of Applicants’ Data to Hackers Using the Password ‘123456’
Basic security flaws left the personal info of tens of millions of McDonald’s job-seekers vulnerable on the “McHire” site built by AI software firm Paradox.ai. First seen on wired.com Jump to article: www.wired.com/story/mcdonalds-ai-hiring-chat-bot-paradoxai/
-
McDonald’s AI Hiring Bot Exposed Millions of Applicants’ Data to Hackers Using the Password ‘123456’
Basic security flaws left the personal info of tens of millions of McDonald’s job-seekers vulnerable on the “McHire” site built by AI software firm Paradox.ai. First seen on wired.com Jump to article: www.wired.com/story/mcdonalds-ai-hiring-chat-bot-paradoxai/
-
Supply Chain Attack Unleashed via Compromised VS Code Extension
Tags: attack, blockchain, crypto, cyber, github, malicious, open-source, software, supply-chain, threat, toolA sophisticated supply chain attack targeting cryptocurrency developers through the compromise of ETHcode, a legitimate Visual Studio Code extension with nearly 6,000 installations. The attack, executed through a malicious GitHub pull request, demonstrates how threat actors can weaponize trusted development tools using minimal code changes, raising serious concerns about open-source software security in the blockchain…
-
Verified, featured, and malicious: RedDirection campaign reveals browser marketplace failures
Browser hijacking and phishing risks: According to their research, the malicious code was embedded in each extension’s background service worker and used browser APIs to monitor tab activity. Captured data, including URLs and unique tracking IDs, was sent to attacker-controlled servers, which in turn provided redirect instructions.The setup enabled several attack scenarios, including redirection to…
-
Cyberangriff auf ein Online-Forum von Fußballfans aus Schottland
The Forum’s server and software was victim to a cyber-attack last week. First seen on facebook.com Jump to article: www.facebook.com/TheMortonForum/posts/pfbid02XtdySzZ81JMvvABZ6zaD4EfDJ8yXtsUrjqHxjoiPwCZofFjrnXfseck3i7GnP9QTl
-
IT-Ausfall in deutschen Kliniken (7.-8. Juli 2025); Ameos betroffen was ist da los (Citrix Bleed 2)?
Tags: softwareIch kippe jetzt doch mal die Frage in den Blog, in der Hoffnung, dass aus der Leserschaft Rückmeldungen kommen. Zum 5. Juli 2025 hatte ich über Hinweise berichtet, dass die Klinik-Software Orbis massive Probleme mache. Jetzt höre ich, dass Kliniken … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/07/08/it-ausfall-in-deutschen-kliniken-8-juli-2025-was-ist-da-los/
-
Black Duck Sets New Standard with Polaris, First AppSec SaaS Hosted in Saudi Arabia
Leading global application security provider Black Duck has reinforced its commitment to the Saudi Arabian market with the introduction of the Black Duck Polaris® Platform as the first application security software as a service (SaaS) platform hosted in the Kingdom of Saudi Arabia. Polaris is purpose-built to help enterprises streamline and strengthen their application security programmes…
-
Black Duck Sets New Standard with Polaris, First AppSec SaaS Hosted in Saudi Arabia
Leading global application security provider Black Duck has reinforced its commitment to the Saudi Arabian market with the introduction of the Black Duck Polaris® Platform as the first application security software as a service (SaaS) platform hosted in the Kingdom of Saudi Arabia. Polaris is purpose-built to help enterprises streamline and strengthen their application security programmes…
-
Microsoft Patch Tuesday July 2025: 130 Vulnerabilities Patched, Including 1 Zero-Day and 41 RCE Flaws
Tags: cyber, flaw, microsoft, rce, remote-code-execution, risk, software, update, vulnerability, zero-dayMicrosoft released its July 2025 Patch Tuesday security updates on July 8, 2025, addressing 130 vulnerabilities across its software ecosystem, including one publicly disclosed zero-day vulnerability and numerous critical security flaws that pose significant risks to organizations worldwide. The July 2025 security update represents a substantial patch cycle, with 14 vulnerabilities rated as >>Critical
-
Hackers Use Leaked Shellter Tool License to Spread Lumma Stealer and SectopRAT Malware
In yet another instance of threat actors repurposing legitimate tools for malicious purposes, it has been discovered that hackers are exploiting a popular red teaming tool called Shellter to distribute stealer malware.The company behind the software said a company that had recently purchased Shellter Elite licenses leaked their copy, prompting malicious actors to weaponize the…
-
IT-Ausfall in deutschen Kliniken (7.-8. Juli 2025) was ist da los (Citrix Bleed 2)?
Tags: softwareIch kippe jetzt doch mal die Frage in den Blog, in der Hoffnung, dass aus der Leserschaft Rückmeldungen kommen. Zum 5. Juli 2025 hatte ich über Hinweise berichtet, dass die Klinik-Software Orbis massive Probleme mache. Jetzt höre ich, dass Kliniken … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/07/08/it-ausfall-in-deutschen-kliniken-8-juli-2025-was-ist-da-los/
-
Hunderte Restaurants betroffen – Datenleck bei Gastro-Software-Anbieter Karvi
First seen on security-insider.de Jump to article: www.security-insider.de/datenleck-karvi-solutions-restaurants-betroffen-a-def108da50cb4845be4918933a3f9e67/