Tag: software
-
GitHub Confirms Breach, 4K Internal Repos Stolen
Open source software giant GitHub confirmed a data breach this week involving the theft of thousands of repos. One threat actor, TeamPCP, took credit. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/github-confirms-breach-4k-internal-repos-stolen
-
Microsoft disrupts cybercrime operation that hid behind legitimate software
The Fox Tempest malware-signing-as-a-service operation was linked to numerous ransomware attacks. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/microsoft-disrupts-cybercrime-hid-legitimate-software/820724/
-
GitHub says internal repositories were impacted in poisoned VS Code extension attack
GitHub said late Tuesday that internal repositories were exfiltrated after an employee device was compromised through a poisoned Visual Studio Code extension, an incident that underscores the growing risks facing software development platforms and the ecosystems built around third-party developer tools. The Microsoft-owned company said in posts on X that it detected and contained the…
-
Critical flaw in software powering a third of the internet is already being exploited free checker now available
A critical security vulnerability in NGINX, the web server software underpinning more than 30% of all websites globally, has been confirmed as actively exploited in the wild, less than a week after its public disclosure. The flaw, tracked as CVE-2026-42945 and dubbed ‘NGINX Rift’, carries a severity score of 9.8 out of 10. It affects…
-
Identity Alone Isn’t Enough: Why Device Security Has to Share the Load
Identity checks alone can’t stop attackers using stolen session tokens and compromised devices. Specops Software outlines why Zero Trust strategies increasingly depend on continuous device verification. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/identity-alone-isnt-enough-why-device-security-has-to-share-the-load/
-
Microsoft DurableTask Python Client Targeted in TeamPCP Cyberattack
The ongoing TeamPCP software supply chain campaign has compromised the official Microsoft DurableTask Python client, a widely used package for orchestrating workflows in Python applications. Three versions of the durabletask package on PyPI, 1.4.1, 1.4.2, and 1.4.3, were identified as malicious and subsequently quarantined by PyPI after analysis by Wiz researchers. This incident highlights how attackers are…
-
Verizon DBIR: AI Helped Hackers Exploit Vulnerabilities in 31% of Recent Breaches
Verizon DBIR 2026 reveals software vulnerabilities overtook stolen passwords in cyberattacks, with AI helping hackers exploit flaws within hours. First seen on hackread.com Jump to article: hackread.com/verizon-dbir-ai-hackers-exploit-vulnerabilities-breaches/
-
DataAIModule von Veeam macht Prozesse der Datenresilienz leistungsfähiger und intelligenter
Veeam Software, das Unternehmen für Data- und AI-Trust, hat auf der <<VeeamON 2026" in New York City eine exklusive Vorschau auf seine neueste Plattform vorgestellt: die Veeam-Data-Platform v13.1 sowie ein neues DataAI-Resilience-Module in der Veeam-DataAI- Command-Platform. Die Veeam-Data-Platform v13.1 treibt die Modernisierung und Datenresilienz voran mit portabler Sicherung über mehrere Hypervisoren hinweg, einer verbesserten […]…
-
DataAIModule von Veeam macht Prozesse der Datenresilienz leistungsfähiger und intelligenter
Veeam Software, das Unternehmen für Data- und AI-Trust, hat auf der <<VeeamON 2026" in New York City eine exklusive Vorschau auf seine neueste Plattform vorgestellt: die Veeam-Data-Platform v13.1 sowie ein neues DataAI-Resilience-Module in der Veeam-DataAI- Command-Platform. Die Veeam-Data-Platform v13.1 treibt die Modernisierung und Datenresilienz voran mit portabler Sicherung über mehrere Hypervisoren hinweg, einer verbesserten […]…
-
Fox Tempest Linked to Malware-Signing Service Abusing Microsoft Artifact Signing
Tags: cyber, cybercrime, group, intelligence, malicious, malware, microsoft, ransomware, service, software, threatFox Tempest, a financially motivated threat actor, has been linked to a large-scale malware-signing-as-a-service (MSaaS) operation that abused Microsoft’s Artefact Signing platform to enable cybercriminals to distribute malicious software that appeared to be trusted. According to Microsoft Threat Intelligence, the group enabled ransomware campaigns and malware distribution by generating fraudulent but valid code-signing certificates, allowing…
-
A malicious VS code extension just breached GitHub ‘s internal repositories
One employee installed a trojanized VS Code extension. Result: ~3,800 GitHub internal repositories exfiltrated. TeamPCP claims credit, wants $50K. There is something almost ironic about GitHub, the platform that hosts the code for most of the world’s software, getting breached through a trojanized plugin for a code editor. But that is exactly what happened, and…
-
Verizon DBIR: Vulnerability Exploits Overtake Credentials as Top Access Vector
Verizon DBIR finds 31% of data breaches began with software flaws last year First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/verizon-dbir-exploits-top-access/
-
Single-Letter Go Module Typosquat Drops DNS-Based Backdoor
A newly uncovered software supply chain attack targeting Go developers demonstrates how a single-character typo can silently introduce a persistent backdoor. A malicious Go module, github.com/shopsprint/decimal, designed to impersonate the widely trusted github.com/shopspring/decimal library used for high-precision arithmetic in financial and analytics applications. The legitimate package is heavily adopted across the Go ecosystem, with more than 38,000 known…
-
Wurm Mini-Shai-Hulud kapert populäre AntV-Software
Eine neue Welle des Mini-Shai-Hulud-Wurms infiziert über ein kompromittiertes npm-Konto Hunderte Pakete des AntV-Ökosystems mit Credential-Stealern. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/wurm-mini-shai-hulud-antv-software
-
Home Office sitting on data about scale of eVisa errors
The Home Office holds data on the scale of errors and software issues with its electronic visa system, but is yet to release the information First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366643357/Home-Office-sitting-on-data-about-scale-of-eVisa-errors
-
What to Look for When Choosing an ASPM Platform
Application security posture management (ASPM) has become a foundational capability for software-as-a-service (SaaS) and software companies building increasingly complex, artificial intelligence-assisted applications. As engineering velocity increases and AI-generated code becomes part of everyday development workflows, security teams are under pressure to unify visibility, reduce fragmented tooling, and improve how risk isidentifiedand prioritized across the software…
-
Microsoft dismantled malware-signing network Fox Tempest
Microsoft disrupted Fox Tempest, a malware-signing-as-a-service (MSaaS) that allowed attackers to sign malware with fake trusted certificates. Microsoft said it disrupted a cybercrime operation run by a threat actor named Fox Tempest, which helped threat actors sign malware with short-lived certificates to make malicious software appear legitimate. The service abused Microsoft Artifact Signing and supported…
-
The Invisible Workforce: Why Your Household Apps Now Have Their Own Digital IDs
Most people understand what it means to protect a human identity because the dangers of someone impersonating you online or stealing and cloning your card are immediately obvious. Today, organisations rely on thousands of non-human identities that belong to software applications, cloud workloads, APIs, bots, and now AI agents as well, which can affect almost…
-
How Parts Inventory Management Software Fixes Inventory Challenges
Why do maintenance teams struggle? Is it because they lack skills? Or do they need more advanced resources?… First seen on hackread.com Jump to article: hackread.com/parts-inventory-management-software-inventory-challenges/
-
Pwn2Own Berlin 2026 Closes With $1.3 Million in Zero-Day Payouts
Cybersecurity researchers successfully demonstrated 47 unique zero-day exploits at Pwn2Own Berlin 2026, targeting major enterprise software and AI platforms. First seen on hackread.com Jump to article: hackread.com/pwn2own-berlin-2026-closes-zero-day-payouts/
-
Pwn2Own Berlin 2026 Closes With $1.3 Million in Zero-Day Payouts
Cybersecurity researchers successfully demonstrated 47 unique zero-day exploits at Pwn2Own Berlin 2026, targeting major enterprise software and AI platforms. First seen on hackread.com Jump to article: hackread.com/pwn2own-berlin-2026-closes-zero-day-payouts/
-
6 Milliarden gestohlene Passwörter Warum Unternehmen 2026 noch immer dieselben Fehler machen
Trotz jahrelanger Security-Awareness-Kampagnen, komplexer Passwortregeln und wachsender MFA-Verbreitung bleibt eine der ältesten Schwachstellen der IT erschreckend aktuell: schwache und wiederverwendete Passwörter. Der aktuelle ‘2026 Breached Password Report” von Specops Software analysiert mehr als sechs Milliarden durch Malware gestohlene Zugangsdaten und zeichnet ein alarmierendes Bild moderner Identitätssicherheit. Die zentrale Erkenntnis: Nicht Brute-Force-Angriffe sind heute das […]…
-
Mini Shai-Hulud returns, compromising hundreds of npm packages
Another malware wave is washing through open-source software repos, stealing publishing tokens, installing OS”‘level backdoors and persisting in developer tools and CI pipelines. First seen on cyberscoop.com Jump to article: cyberscoop.com/mini-shai-hulud-malware-npm-packages-compromised-again/
-
Microsoft disrupts cybercrime service that abused software verification systems en masse
Fox Tempest, a financially-motivated threat group, allowed ransomware operators and other cybercriminals to slip malware-laced software past security controls. First seen on cyberscoop.com Jump to article: cyberscoop.com/microsoft-digital-crimes-unit-disrupts-fox-tempest/
-
Analysis: Amid Claude Mythos FUD, Don’t Forget About Identity
While updating your patching practices will be essential amid powerful AI vulnerability discovery technologies such as Anthropic’s Claude Mythos, preventing attackers from fully utilizing software flaws will require identity hardening as well. First seen on crn.com Jump to article: www.crn.com/news/security/2026/analysis-amid-claude-mythos-fud-don-t-forget-about-identity
-
Verizon Breach Report: Vulnerability Exploitation Surges
Tags: access, breach, data, data-breach, exploit, hacker, Hardware, ransomware, software, update, vulnerabilityPatch Rollout Slows and Ransomware Incident Volume Rises, Finds Latest Verizon DBIR. The frequency of hackers exploiting vulnerabilities in hardware and software to gain initial access to a victim’s environment continues to surge, and half of all successful breaches also now involve some type of ransomware action, according Verizon’s 2026 Data Breach Investigations Report. First…
-
Internet Explorer may be dead, but its ghost still runs malware
A legacy Windows tool that refuses to die: Bitdefender’s findings suggest MSHTA remains attractive because it checks several boxes attackers like. These include it being Microsoft-signed, preinstalled on Windows, capable of in-memory execution, and still implicitly trusted in many environments.Other sophisticated campaigns picked it up too. Bitdefender detailed PurpleFox using MSHTA to launch ‘msiexec’ commands…
-
Betrugsversuche zur Fußball-WM 2026 Check Point entdeckt Tausende Scams zu Tickets, Fanartikeln und Wetten
Check Point Software Technologies warnt Fußball-Fans und Unternehmen vor einer massiven Zunahme cyberkrimineller Aktivitäten im Vorfeld der FIFA Fußball-WM 2026. Die Sicherheitsforscher von Check Point Research (CPR) haben einen beispiellosen Anstieg betrügerischer Domain-Registrierungen, gefälschter Online-Shops für vermeintliche Ticketverkäufe und Fanartikel sowie manipulierte Wettplattformen entdeckt, die gezielt die Vorfreude auf das Turnier ausnutzen. Die wichtigsten Ergebnisse…
-
KI-Modell ‘Mythos” stellt Vertrauen in E-Mail-Kommunikation grundlegend infrage
Künstliche Intelligenz verändert die IT-Sicherheitslandschaft nachhaltig. Mit ‘Mythos”, einem neuen Modell von Anthropic, können Schwachstellen in Software deutlich schneller und komplexer identifiziert werden als bisher. Dies verschärft nicht nur die Bedrohungslage, sondern erhöht auch den Druck auf Unternehmen, ihre Sicherheitsstrategien grundlegend zu überdenken. Besonders kritisch bleibt der Angriffsvektor E-Mail. Während das Kommunikationsmittel weiterhin ein zentrales…

