Tag: software
-
SmarterMail Auth Bypass Exploited in the Wild Two Days After Patch Release
A new security flaw in SmarterTools SmarterMail email software has come under active exploitation in the wild, two days after the release of a patch.The vulnerability, which currently does not have a CVE identifier, is tracked by watchTowr Labs as WT-2026-0001. It was patched by SmarterTools on January 15, 2026, with Build 9511, following responsible…
-
Securing the Future: Practical Approaches to Digital Sovereignty in Google Workspace
Tags: access, attack, ciso, cloud, compliance, computing, container, control, data, defense, dora, email, encryption, GDPR, google, Hardware, healthcare, identity, infrastructure, law, malware, network, privacy, regulation, resilience, risk, service, software, strategy, zero-trustSecuring the Future: Practical Approaches to Digital Sovereignty in Google Workspace madhav Thu, 01/22/2026 – 04:35 In today’s rapidly evolving digital landscape, data privacy and sovereignty have become top priorities for organizations worldwide. With the proliferation of cloud services and the tightening of global data protection regulations, security professionals face mounting pressure to ensure their…
-
North Korean PurpleBravo Campaign Targeted 3,136 IP Addresses via Fake Job Interviews
Tags: ai, crypto, finance, intelligence, jobs, middle-east, north-korea, programming, service, softwareAs many as 3,136 individual IP addresses linked to likely targets of the Contagious Interview activity have been identified, with the campaign claiming 20 potential victim organizations spanning artificial intelligence (AI), cryptocurrency, financial services, IT services, marketing, and software development sectors in Europe, South Asia, the Middle East, and Central America.The new findings First seen…
-
North Korean PurpleBravo Campaign Targeted 3,136 IP Addresses via Fake Job Interviews
Tags: ai, crypto, finance, intelligence, jobs, middle-east, north-korea, programming, service, softwareAs many as 3,136 individual IP addresses linked to likely targets of the Contagious Interview activity have been identified, with the campaign claiming 20 potential victim organizations spanning artificial intelligence (AI), cryptocurrency, financial services, IT services, marketing, and software development sectors in Europe, South Asia, the Middle East, and Central America.The new findings First seen…
-
North Korean PurpleBravo Campaign Targeted 3,136 IP Addresses via Fake Job Interviews
Tags: ai, crypto, finance, intelligence, jobs, middle-east, north-korea, programming, service, softwareAs many as 3,136 individual IP addresses linked to likely targets of the Contagious Interview activity have been identified, with the campaign claiming 20 potential victim organizations spanning artificial intelligence (AI), cryptocurrency, financial services, IT services, marketing, and software development sectors in Europe, South Asia, the Middle East, and Central America.The new findings First seen…
-
ERP isn’t dead yet but most execs are planning the wake
Tags: software7 out of 10 C-suite cats reckon software category’s best days are behind it, but can’t agree what’s next First seen on theregister.com Jump to article: www.theregister.com/2026/01/19/erp_survey_rimini_street/
-
CI/CD Under Attack: What the AWS CodeBuild “CodeBreach” Flaw Reveals About Modern Supply Chain Risk
A recent disclosure revealed a critical flaw in AWS CodeBuild that could allow attackers to abuse CI/CD pipelines and inject malicious code into trusted software builds by exploiting weaknesses in webhook validation, according to WebProNews. Rather than targeting production systems directly, the issue exposed how attackers can compromise software supply chains by manipulating trusted automation.…
-
GitLab warns of high-severity 2FA bypass, denial-of-service flaws
GitLab has patched a high-severity two-factor authentication bypass impacting community and enterprise editions of its software development platform. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/gitlab-warns-of-high-severity-2fa-bypass-denial-of-service-flaws/
-
Hackers Weaponize 2,500+ Security Tools to Disable Endpoint Defenses Before Ransomware Attacks
A sophisticated campaign has weaponized over 2,500 variants of a legitimate security driver to disable endpoint protection before deploying ransomware and remote access trojans. Attackers are abusing truesight.sys, a kernel-mode driver from Adlice Software’s RogueKiller antivirus suite. The legacy version 2.0.2 contains a critical vulnerability allowing arbitrary process termination via IOCTL command 0x22E044. This enables…
-
PRTG im Siemens-Industrial-Edge-Marketplace verfügbar
Die Netzwerk-Monitoring-Lösung PRTG von Paessler ist ab sofort auch im Industrial-Edge-Marketplace verfügbar. Die moderne IIoT-Plattform von Siemens ermöglicht die Bereitstellung von Software, die sich in großen Maschinen- und Produktionslinien einfach ausrollen und per Fernzugriff verwalten lässt. Diese Partnerschaft hilft dabei, die Lücke zwischen IT- und OT-Umgebungen mit ganzheitlichem Monitoring zu schließen. So erhalten Unternehmen in…
-
Best of British: UK’s infosec envoys include Cisco, Palo Alto, and Accenture
Minister unwraps ambassadors of the Software Security Code of Practice First seen on theregister.com Jump to article: www.theregister.com/2026/01/21/uk_security_code_practice/
-
Linux users targeted by crypto thieves via hijacked apps on Snap Store
Cryptocurrency thieves have found a new way to turn trusted software packages for Linux on the Snap Store into crypto-stealing malware, Ubuntu contributor and former Canonical … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/01/21/linux-malware-snap-store/
-
New EU Vulnerability Platform GCVE Goes Live, Reducing Reliance on Global Systems
Europe’s long-running conversation about digital autonomy quietly crossed a milestone with the launch of a new public vulnerability platform. The EU Vulnerability Database, created under the GCVE initiative, is now live. This signals a deliberate shift in how software weaknesses are identified, cataloged, and shared across Europe. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/eu-launches-gcve-vulnerability-database/
-
How Check Point Has Built Its AI Security Platform With M&A
CEO Nadav Zafrir Discusses Lakera and Veriti Buys, Wiz Pact and AI Strategy Shift. Check Point Software is doubling down on AI security through the acquisitions of Lakera and Veriti and platform integration with Wiz. CEO Nadav Zafrir explains how the firm is shifting from point products to a holistic approach and why it’s investing…
-
Mass Spam Attacks Leverage Zendesk Instances
The CRM vendor advised ignoring or deleting suspicious emails and said the attacks were not tied to any breach or software vulnerability. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/mass-spam-attacks-zendesk-instances
-
EU Launches GCVE to Track Vulnerabilities Without Relying on US
The new EU-funded GCVE project is breaking dependence on US databases to track software flaws. Discover how this decentralised system aims to ensure global cybersecurity. First seen on hackread.com Jump to article: hackread.com/eu-launches-gcve-track-vulnerabilities-us/
-
Fünf Chrome-Erweiterungen, die Unternehmenssitzungen kapern
Forscher haben fünf bösartige Chrome-Erweiterungen entdeckt.Forscher des Security-Anbieters Socket haben eine koordinierte Kampagne entdeckt, die auf bösartigen Chrome-Add-ons basiert. Die Angreifer haben die Abwehrmechanismen des Chrome Web Stores umgangen und Erweiterungen als Produktivitätswerkzeuge beworben.’Die Erweiterungen arbeiten zusammen, um Authentifizierungs-Token zu stehlen, Incident-Response-Funktionen zu blockieren und durch Session-Hijacking die vollständige Übernahme von Konten zu ermöglichen”, erklären…
-
Fünf Chrome-Erweiterungen, die Unternehmenssitzungen kapern
Forscher haben fünf bösartige Chrome-Erweiterungen entdeckt.Forscher des Security-Anbieters Socket haben eine koordinierte Kampagne entdeckt, die auf bösartigen Chrome-Add-ons basiert. Die Angreifer haben die Abwehrmechanismen des Chrome Web Stores umgangen und Erweiterungen als Produktivitätswerkzeuge beworben.’Die Erweiterungen arbeiten zusammen, um Authentifizierungs-Token zu stehlen, Incident-Response-Funktionen zu blockieren und durch Session-Hijacking die vollständige Übernahme von Konten zu ermöglichen”, erklären…
-
When Language Becomes the Attack Surface: Inside the Google Gemini Calendar Exploit
Tags: ai, attack, cybersecurity, data-breach, exploit, flaw, google, LLM, malicious, software, vulnerabilitySecurity teams have spent decades hardening software against malicious input, yet a recent vulnerability involving Google Gemini demonstrates how those assumptions begin to fracture when language itself becomes executable. The issue, disclosed by cybersecurity researchers at Miggo Security, exposed a subtle but powerful flaw in how natural language interfaces like AI LLMs interact with privileged…
-
Evelyn Stealer Malware Abuses VS Code Extensions to Steal Developer Credentials and Crypto
Cybersecurity researchers have disclosed details of a malware campaign that’s targeting software developers with a new information stealer called Evelyn Stealer by weaponizing the Microsoft Visual Studio Code (VS Code) extension ecosystem.”The malware is designed to exfiltrate sensitive information, including developer credentials and cryptocurrency-related data. Compromised developer First seen on thehackernews.com Jump to article: thehackernews.com/2026/01/evelyn-stealer-malware-abuses-vs-code.html
-
Secure web browsers for the enterprise compared: How to pick the right one
Tags: access, ai, android, api, attack, browser, business, chrome, cloud, computer, control, corporate, data, encryption, endpoint, fortinet, gartner, google, guide, identity, linux, login, malicious, malware, mfa, mobile, monitoring, network, okta, phishing, saas, service, siem, software, technology, threat, tool, training, vpn, windows, zero-trustEnable MFA at the beginning of any browser session by default.Handle isolation controls both with respect to the user’s session and to isolate any application from cross-infection. This means controlling the movement of data between the browser, your particular endpoint and the web application or applications involved.Control access to web destinations, either to allow or…
-
When Space Isn’t Safe: Inside the European Space Agency’s Massive Cyberattack
In late 2025 and early 2026, one of the world’s most advanced scientific organizations, the European Space Agency (ESA), faced a string of cyberattacks that exposed severe weaknesses in its cybersecurity posture. Hackers stole hundreds of gigabytes of data. Among the data stolen were proprietary software, credentials, and mission documents. As a final act, the……
-
Critical AVEVA Software Flaws Allow Remote Code Execution With SYSTEM Privileges
AVEVA has disclosed seven critical and high-severity vulnerabilities in its Process Optimization software (formerly ROMeo) that could enable attackers to execute remote code with SYSTEM privileges and completely compromise industrial control systems. The security bulletin, published on January 13, 2026, affects AVEVA Process Optimization version 2024.1 and all prior versions. The most severe vulnerability, tracked…
-
Google Ads Exploited to Deliver TamperedChef Through Malicious PDF Editor
A sophisticated malvertising campaign tracked as TamperedChef has compromised over 100 organizations across 19 countries by distributing weaponized PDF editing software through Google Ads. Sophos Managed Detection and Response (MDR) teams discovered the operation in September 2025, revealing a multi-layered attack infrastructure designed to steal browser credentials and establish persistent backdoor access on Windows systems.…
-
Top 10 HIPAA Compliance Software Solutions
Key Takeaways Healthcare breaches have cost an eye”‘watering $7.42 million per incident in 2025, and it’s not surprising that regulators are dialing up new requirements like multi”‘factor authentication, encryption for all ePHI, and yearly audits. Small practices may be able to get by with basic tools, but larger organizations need more robust systems. The best……
-
Aikido Gets $60M Series B to Scale, Automate AI Pen Testing
5x Revenue Growth, $1B Valuation Fuel Investment in Code Security Innovation. Backed by DST Global, Aikido Security’s $60 million Series B will fund global expansion and boost its AI-powered security tools. CEO Willem Delbare said the firm’s autonomous pen testing and code remediation cuts cost, boosts software resilience and already outperforms humans. First seen on…
-
OverAir Software Updates Pose Risks to Vehicles
eSync Alliance Chair Shrikant Acharya on How Standardization Can Prevent Breaches. Over-the-air updates are an irreplaceable part of software-defined vehicles, giving manufacturers a convenient way of remotely fixing and upgrading vehicles. If not appropriately secured, over-the-air updates can become a gateway for data theft, malware injection, vehicle theft and even injury. First seen on govinfosecurity.com…
-
HHS Urges Health Sector to Harden Security of PHI, Devices
Feds Pushing HIPAA Regulated Entities to Bolster Security Risk Management. Federal regulators are advising regulated healthcare firms and their third-party vendors to harden systems, software and medical devices to better safeguard protected health information. Hardening is a necessary measure for protecting data privacy security – but also in protecting patient safety. First seen on govinfosecurity.com…