Tag: software
-
DeepSeek a threat to national security, warns Czech cyber agency
The AI products from Chinese company DeepSeek present unacceptable national security risks, Czechia said in banning the software from government use. First seen on therecord.media Jump to article: therecord.media/deepseek-security-czech-cyber-agency-warning
-
Palo Alto Networks GlobalProtect Vulnerability Enabling Root-Level Access
Palo Alto Networks has disclosed a significant security vulnerability in its Autonomous Digital Experience Manager software that could allow attackers to gain root-level access on macOS systems. The vulnerability, tracked as CVE-2025-0139, affects versions 5.6.0 through 5.6.6 of the software and has been assigned a CVSS base score of 6.3, though the company’s internal scoring…
-
Malware-Report Juni 2025
Check Point hat seine Übersicht über Malware-Angriffe im Juni 2025 vorgelegt. Es geht dabei um Trends, welche Ransomware-Gruppen und Malware-Familien am häufigsten beobachtet werden. Der Infostealer Formbook ist für 15 Prozent aller Malware-Attacken in Deutschland verantwortlich. Sicherheitsanbieter Check Point® Software … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/07/11/malware-report-juni-2025/
-
Vibe Hacking Not Yet Possible
AI Models Mostly Fail in Full Track of Vulnerability Research to Exploit. The rise of code-illiterate but AI-enabled script kiddies able to wreak havoc by weaponizing software vulnerabilities into automated exploits, thanks to expert-level assistance from large language models, remains but a future possibility, based on exploit-writing tests of 50 LLMs. First seen on govinfosecurity.com…
-
Schneider Electric Flaws Expose Systems to OS Command Injection Attacks
Tags: advisory, attack, cyber, data, flaw, injection, monitoring, software, technology, vulnerabilitySchneider Electric, a global leader in industrial technology and sustainability, has issued a critical security notification revealing multiple vulnerabilities in its EcoStruxure IT Data Center Expert (DCE) software, a scalable monitoring solution for data center equipment. Released on July 8, 2025, under document reference SEVD-2025-189-01, the advisory details six severe flaws affecting versions 8.3 and…
-
Hackers Exploit GitHub to Distribute Malware Disguised as VPN Software
CYFIRMA has discovered a sophisticated cyberattack campaign in which threat actors are using GitHub to host and disseminate malware masquerading as genuine software. Masquerading as “Free VPN for PC” and “Minecraft Skin Changer,” these malicious payloads are designed to trick users into downloading a dangerous malware dropper named Launch.exe. Hosted on the GitHub repository github[.]com/SAMAIOEC,…
-
Why your AppSec Tool Stack Is Failing in the Age of AI
The world of software development is changing fast. AI isn’t just influencing software it’s reshaping how software is written and the components it’s made of. First, AI-generated code is accelerating development. Code is produced faster, in larger volumes, and often without the same level of review or accountability as human-written code. Second, teams are.. First…
-
FBI’s CJIS demystified: Best practices for passwords, MFA & access control
FBI’s Criminal Justice Information Services (CJIS) compliance isn’t optional when handling law enforcement data. From MFA to password hygiene, see how Specops Software helps meet FBI standards while also securing your Windows Active Directory. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/fbis-cjis-demystified-best-practices-for-passwords-mfa-and-access-control/
-
FBI’s CJIS demystified: Best practices for passwords, MFA & access control
FBI’s Criminal Justice Information Services (CJIS) compliance isn’t optional when handling law enforcement data. From MFA to password hygiene, see how Specops Software helps meet FBI standards while also securing your Windows Active Directory. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/fbis-cjis-demystified-best-practices-for-passwords-mfa-and-access-control/
-
What Security Leaders Need to Know About AI Governance for SaaS
Generative AI is not arriving with a bang, it’s slowly creeping into the software that companies already use on a daily basis. Whether it is video conferencing or CRM, vendors are scrambling to integrate AI copilots and assistants into their SaaS applications. Slack can now provide AI summaries of chat threads, Zoom can provide meeting…
-
Critical Ruckus Wireless Flaws Threaten Enterprise Wi”‘Fi Security
Tags: authentication, cyber, flaw, healthcare, network, remote-code-execution, risk, software, vulnerabilityMultiple critical vulnerabilities discovered in Ruckus Wireless management products pose severe security risks to enterprise networks, with issues ranging from authentication bypass to remote code execution that could lead to complete system compromise. The vulnerabilities affect Virtual SmartZone (vSZ) and Network Director (RND) software used to manage large-scale wireless deployments across schools, hospitals, and smart…
-
GitPhish: New Tool Automates GitHub Device Code Phishing Attacks
Security researchers revealed the dangers of GitHub Device Code Phishing”, a technique that leverages the OAuth 2.0 Device Authorization Grant flow. This method can turn a simple eight-digit code and a phone call into a full compromise of an organization’s GitHub repositories and software supply chain. Despite its simplicity, executing these attacks at scale has…
-
Global software supply chain visibility remains critically low
Only 23% of organizations are confident that they have very high visibility of their software supply chain, according to LevelBlue’s Data Accelerator. The limited visibility … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/07/10/low-global-software-supply-chain-visibility/
-
McDonald’s AI Hiring Bot Exposed Millions of Applicants’ Data to Hackers Using the Password ‘123456’
Basic security flaws left the personal info of tens of millions of McDonald’s job-seekers vulnerable on the “McHire” site built by AI software firm Paradox.ai. First seen on wired.com Jump to article: www.wired.com/story/mcdonalds-ai-hiring-chat-bot-paradoxai/
-
McDonald’s AI Hiring Bot Exposed Millions of Applicants’ Data to Hackers Using the Password ‘123456’
Basic security flaws left the personal info of tens of millions of McDonald’s job-seekers vulnerable on the “McHire” site built by AI software firm Paradox.ai. First seen on wired.com Jump to article: www.wired.com/story/mcdonalds-ai-hiring-chat-bot-paradoxai/
-
Verified, featured, and malicious: RedDirection campaign reveals browser marketplace failures
Browser hijacking and phishing risks: According to their research, the malicious code was embedded in each extension’s background service worker and used browser APIs to monitor tab activity. Captured data, including URLs and unique tracking IDs, was sent to attacker-controlled servers, which in turn provided redirect instructions.The setup enabled several attack scenarios, including redirection to…
-
Cyberangriff auf ein Online-Forum von Fußballfans aus Schottland
The Forum’s server and software was victim to a cyber-attack last week. First seen on facebook.com Jump to article: www.facebook.com/TheMortonForum/posts/pfbid02XtdySzZ81JMvvABZ6zaD4EfDJ8yXtsUrjqHxjoiPwCZofFjrnXfseck3i7GnP9QTl
-
IT-Ausfall in deutschen Kliniken (7.-8. Juli 2025); Ameos betroffen was ist da los (Citrix Bleed 2)?
Tags: softwareIch kippe jetzt doch mal die Frage in den Blog, in der Hoffnung, dass aus der Leserschaft Rückmeldungen kommen. Zum 5. Juli 2025 hatte ich über Hinweise berichtet, dass die Klinik-Software Orbis massive Probleme mache. Jetzt höre ich, dass Kliniken … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/07/08/it-ausfall-in-deutschen-kliniken-8-juli-2025-was-ist-da-los/
-
Black Duck Sets New Standard with Polaris, First AppSec SaaS Hosted in Saudi Arabia
Leading global application security provider Black Duck has reinforced its commitment to the Saudi Arabian market with the introduction of the Black Duck Polaris® Platform as the first application security software as a service (SaaS) platform hosted in the Kingdom of Saudi Arabia. Polaris is purpose-built to help enterprises streamline and strengthen their application security programmes…
-
Black Duck Sets New Standard with Polaris, First AppSec SaaS Hosted in Saudi Arabia
Leading global application security provider Black Duck has reinforced its commitment to the Saudi Arabian market with the introduction of the Black Duck Polaris® Platform as the first application security software as a service (SaaS) platform hosted in the Kingdom of Saudi Arabia. Polaris is purpose-built to help enterprises streamline and strengthen their application security programmes…
-
Supply Chain Attack Unleashed via Compromised VS Code Extension
Tags: attack, blockchain, crypto, cyber, github, malicious, open-source, software, supply-chain, threat, toolA sophisticated supply chain attack targeting cryptocurrency developers through the compromise of ETHcode, a legitimate Visual Studio Code extension with nearly 6,000 installations. The attack, executed through a malicious GitHub pull request, demonstrates how threat actors can weaponize trusted development tools using minimal code changes, raising serious concerns about open-source software security in the blockchain…
-
Microsoft Patch Tuesday July 2025: 130 Vulnerabilities Patched, Including 1 Zero-Day and 41 RCE Flaws
Tags: cyber, flaw, microsoft, rce, remote-code-execution, risk, software, update, vulnerability, zero-dayMicrosoft released its July 2025 Patch Tuesday security updates on July 8, 2025, addressing 130 vulnerabilities across its software ecosystem, including one publicly disclosed zero-day vulnerability and numerous critical security flaws that pose significant risks to organizations worldwide. The July 2025 security update represents a substantial patch cycle, with 14 vulnerabilities rated as >>Critical
-
Hackers Use Leaked Shellter Tool License to Spread Lumma Stealer and SectopRAT Malware
In yet another instance of threat actors repurposing legitimate tools for malicious purposes, it has been discovered that hackers are exploiting a popular red teaming tool called Shellter to distribute stealer malware.The company behind the software said a company that had recently purchased Shellter Elite licenses leaked their copy, prompting malicious actors to weaponize the…
-
IT-Ausfall in deutschen Kliniken (7.-8. Juli 2025) was ist da los (Citrix Bleed 2)?
Tags: softwareIch kippe jetzt doch mal die Frage in den Blog, in der Hoffnung, dass aus der Leserschaft Rückmeldungen kommen. Zum 5. Juli 2025 hatte ich über Hinweise berichtet, dass die Klinik-Software Orbis massive Probleme mache. Jetzt höre ich, dass Kliniken … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/07/08/it-ausfall-in-deutschen-kliniken-8-juli-2025-was-ist-da-los/
-
Hunderte Restaurants betroffen – Datenleck bei Gastro-Software-Anbieter Karvi
First seen on security-insider.de Jump to article: www.security-insider.de/datenleck-karvi-solutions-restaurants-betroffen-a-def108da50cb4845be4918933a3f9e67/
-
KI-Agenten gegen Hacker
Cycode hat in seiner AI-Native Application-Security-Platform eingeführt, ein agentenbasiertes KI-Framework für die Anwendungssicherheit. Die neuen KI-Agenten dienen der Abwehr komplexer Cyberattacken auf die Software-Supply-Chain.”‹ Die Verbreitung autonomer Systeme und KI-Agenten, die den Software-Development-Lifecycle (SDLC) adressieren, nimmt rasant zu. Dieser Shift definiert auch die Risikolandschaft neu und bedarf eines neuen Sicherheitsansatzes, der genauso schnell, […] First…
-
Zero-Trust per SIM-Karte für IoT und OT
Zscaler erweitert die KI-gestützte Zscaler-Zero-Trust-Exchange-Plattform mit .. Dieser einfach zu implementierende Service ermöglicht Zero-Trust-Kommunikation für IoT- und OT-Geräte durch eine Mobilfunk-SIM-Karte ohne zusätzliche Software oder VPN-Verbindungen. Zscaler-Cellular bietet stabile und sichere Konnektivität, da sich IoT-/OT-Geräte automatisch mit jedem Mobilfunknetz weltweit verbinden. Die zwischengeschaltete Zscaler-Sicherheitsplattform sorgt für den isolierten Datenverkehr, ohne dass eine Angriffsfläche geboten […]…
-
SAP July”¯2025 Patch Day: Fixes for 27 Flaws, Including 7 Critical
SAP released critical security updates on July 8, 2025, addressing 27 vulnerabilities across its enterprise software portfolio, with seven classified as critical-severity flaws. The monthly Security Patch Day also included three updates to previously released security notes, underscoring the ongoing security challenges facing enterprise software environments. The most severe vulnerability, CVE-2025-30012, affects SAP Supplier Relationship Management’s…
-
How talent-strapped CISOs can tap former federal government cyber pros
Tags: cio, ciso, cyber, cybersecurity, government, jobs, risk, service, skills, software, switch, technology, threat, vulnerability, vulnerability-managementLuring federal talent to the private sector: In the past, the federal government represented a stable career path. Many highly skilled people spent their entire careers within the federal government. But the current shakeup makes some of that talent, trusted and honed by federal agencies, available to industry CISOs.Federal workers may look to state and…
-
How talent-strapped CISOs can tap former federal government cyber pros
Tags: cio, ciso, cyber, cybersecurity, government, jobs, risk, service, skills, software, switch, technology, threat, vulnerability, vulnerability-managementLuring federal talent to the private sector: In the past, the federal government represented a stable career path. Many highly skilled people spent their entire careers within the federal government. But the current shakeup makes some of that talent, trusted and honed by federal agencies, available to industry CISOs.Federal workers may look to state and…