IT Security News Daily Summary 2025-04-30

210 posts were published in the last hour

21:33 : Elektronische Patientenakte: Hacker findet erneut Lücke, Gematik reagiert fix
21:32 : Strengthen your digital defenses on World Password Day
21:3 : Russia-linked group Nebulous Mantis targets NATO-related defense organizations
21:3 : BSidesLV24 – Ground Truth – Hacking Things That Think
21:3 : Israel’s 77 Years Of Independence
20:32 : Navigating the SaaS Attack Chain: Mitigating Risks with AppOmni
20:5 : IT Security News Hourly Summary 2025-04-30 21h : 8 posts
20:3 : E-Patientenakte: CCC findet erneut Lücken, Gematik reagiert mit “Sofortmaßnahme”
20:2 : Online Child Exploitation Network 764 Busted; 2 US Leaders Arrested
19:32 : Critical Craft CMS Flaws Exploited in Wild: 300+ Servers Breached, Experts Warn
19:32 : AI Code Hallucinations Increase the Risk of ‘Package Confusion’ Attacks
19:32 : When AI Becomes the Weak Link: Rethinking Supply Chain Security
19:3 : Ex-CISA chief decries cuts as Trump demands loyalty above all else
19:2 : Commvault Confirms 0-Day Exploit Allowed Hackers Access to Its Azure Environment
19:2 : Maryland man pleads guilty to outsourcing US govt work to North Korean dev in China
19:2 : 14 secure coding tips: Learn from the experts at Microsoft Build
18:32 : Co-op IT System Partly Shutdown After Hack Attempt – Report
18:32 : Apple notifies new victims of spyware attacks across the world
18:32 : Maryland man pleads guilty to outsourcing US gov work to North Korean dev in China
18:32 : Randall Munroe’s XKCD ‘Chess Position’
18:3 : Elektronische Patientenakte: CCC hackt auch den neuen Schutz der ePA
18:2 : How to use AWS Transfer Family and GuardDuty for malware protection
17:32 : From TV5Monde to Govt: France Blames Russia’s APT28 for Cyberattacks
17:32 : Sick of AI slop on Pinterest? These two new features should help bring back real pins
17:32 : End users can code with AI, but IT must be wary
17:32 : Researchers Demonstrate How MCP Prompt Injection Can Be Used for Both Attack and Defense
17:5 : IT Security News Hourly Summary 2025-04-30 18h : 13 posts
17:4 : ChoiceJacking: Forscher umgehen USB-Sperre bei Android und iOS
17:3 : Cybersecurity Experts Urge Trump To Halt “Political Persecution” Of Chris Krebs
17:3 : CEO Pichai Says Google Hopes To Reach Gemini Deal With Apple In 2025
17:3 : SAP Zero-Day Vulnerability Exploited – Posing Business Risks
17:3 : Phishing Kit Attacks: How Businesses Can Stop Them Early
17:2 : 42,000 Phishing Domains Linked to the LabHost PhaaS Service Disclosed by FBI
17:2 : Vulnerability Summary for the Week of April 21, 2025
16:41 : ChatGPT schleimt sich ein: OpenAI zieht Update zurück und erklärt das Problem
16:41 : Neuerung für Windows 11: So einfach könnt ihr bald über das Startmenü auf euer Smartphone zugreifen
16:41 : Machen die KI-Chatbots von WordPress.com und Wix Webdesigner arbeitslos?
16:41 : Anzeige: Penetration Testing lernen und Sicherheitslücken schließen
16:40 : Sneaky WordPress Malware Disguised as Anti-Malware Plugin
16:40 : Nitrogen Ransomware Uses Cobalt Strike and Log Wiping in Targeted Attacks on Organizations
16:40 : AiTM Phishing Kits Bypass MFA by Hijacking Credentials and Session Tokens
16:40 : Trellix Launches Phishing Simulator to Help Organizations Detect and Prevent Attacks
16:40 : The Growing Threat of Ransomware-as-a-Service (RaaS) on Healthcare Infrastructure
16:40 : Microsoft CEO Nadella: 20% to 30% of Our Code Was Written by AI
16:40 : Apple Passwords Review (2025): Features, Pricing, and Security
16:40 : 23 Apple AirPlay Vulnerabilities ‘Could Have Far-Reaching Impacts’
16:40 : AWS Defaults Silently Introduce New Attack Paths That Let Hackers Escalate Privilege & Account Compromise
16:39 : Tech Giants Propose Standard For End-of-Life Security Disclosures
16:39 : BSidesLV24 – Ground Truth – Looking For Smoke Signals In Financial Statements, For Cyber
16:39 : RansomHub Refines Extortion Strategy as RaaS Market Fractures
15:33 : NetApp Enhances Data Storage Security with 99.9% Cyber Protection for Unmatched Resilience
15:33 : Researchers Reveal Threat Actor TTP Patterns and DNS Abuse in Investment Scams
15:33 : I tested 10 AI content detectors – and these 5 correctly identified AI text every time
15:33 : Key Takeaways from the 2025 Global Threat Landscape Report
15:33 : The CISO’s Guide to Managing Cyber Risk in Hybrid Workplaces
15:33 : Critical Viasat Firmware Vulnerability Let Attackers Execute Remote Code
15:33 : China-Nexus Hackers Attacking Organizations Infrastructure & High-Value Customers
15:33 : AI-Powered Threats – How CISOs Can Stay Ahead of the Curve
15:33 : Why Your CISO Should Report to the CEO, Not the CIO
15:33 : FBI steps in amid rash of politically charged swattings
15:33 : Revived CryptoJS library is a crypto stealer in disguise
15:33 : Trump Claims Administration Learnt to Avoid Signal After Group Chat Leak
15:33 : Cybercriminals Behind DOGE Big Balls Ransomware Demand $1 Trillion, Troll Elon Musk
15:4 : Triada: ein Trojaner, der auf Android-Smartphones vorinstalliert und sofort einsatzbereit ist | Offizieller Blog von Kaspersky
15:3 : UK Unveils Draft Rules For Crypto Industry
15:3 : Mitigating Insider Threats – A CISO’s Practical Approach
15:3 : The CISO’s Guide to Effective Cloud Security Strategies
15:3 : How CISOs Can Strengthen Supply Chain Security in 2025
15:3 : GPT-4o update gets recalled by OpenAI for being too agreeable
15:3 : France links Russian APT28 to attacks on dozen French entities
15:3 : DataSurgeon – Fast, Flexible Data Extraction and Transformation Tool for Linux
15:3 : Understanding the Deep Web, Dark Web, and Darknet (2025 Guide)
15:3 : Microsoft Expands Cloud, AI Footprint Across Europe
14:33 : Mehr als 400 IT-Sicherheitsexperten springen Chris Krebs bei
14:32 : Security Policy Development Codifying NIST CSF For Enterprise Adoption
14:32 : Fake Social Security Statement emails trick users into installing remote tool
14:6 : EFF sammelt über 400 Unterschriften für Chris Krebs
14:6 : [UPDATE] [mittel] Apache Tomcat: Mehrere Schwachstellen
14:6 : [UPDATE] [mittel] Mozilla Thunderbird und Thunderbird ESR: Mehrere Schwachstellen
14:6 : [UPDATE] [niedrig] GNU libc: Schwachstelle ermöglicht Denial of Service
14:5 : What Is QR Code Phishing? How to Protect Yourself from This QR Code Scam
14:5 : Toyota ‘Collaboration’ With Waymo For Autonomous Cars
14:5 : Researchers Uncovered RansomHub Operation and it’s Relation With Qilin Ransomware
14:5 : SonicWALL Connect Tunnel Vulnerability Could Allow Attackers to Trigger DoS Attacks
14:5 : IT Security News Hourly Summary 2025-04-30 15h : 9 posts
14:5 : TheWizards Deploy ‘Spellbinder Hacking Tool’ for Global Adversary-in-the-Middle Attack
14:4 : Cato Networks macOS Client Vulnerability Enables Low-Privilege Code Execution
14:4 : April 2025 Web Server Survey
14:4 : UK retail giant Co-op warns of disruption as it battles cyberattack
14:4 : Indian Court ordered to block email service Proton Mail
14:4 : Embracing the Future of Work with Innovations in Prisma SASE
14:4 : Introducing XSIAM 3.0
14:4 : Deploy Bravely with Prisma AIRS
14:4 : Hackers Exploit MS Equation Editor Vulnerability to Deploy XLoader Malware
14:4 : Securing Boardroom Buy-In for Your Cybersecurity Budget
14:4 : Outlaw Cybergang Attacking Linux Environments Worldwide With New Malware
14:4 : Konni APT Hackers Using Multi-Stage Malware to Attack Organizations
14:4 : OpenAI Rolled Out Last Week’s GPT-4o Update Causing Flattering Issues
14:4 : Firewalls and VPNs Under Siege as Businesses Report Growing Cyber Intrusions
14:4 : Photos: RSAC 2025
14:3 : RidgeSphere streamlines security validation operations
13:33 : Dussmann Service: Oliver Vellage wird neuer Geschäftsführer
13:33 : UK Retail Giant Co-op Shuts Down IT Systems After Cyberattack Attempt
13:32 : Cybercriminals Trick Tenants into Sending Rent to Fraudulent Accounts
13:32 : Researchers Turned Azure Storage Wildcards into a Stealthy Internal SOCKS5 Backdoor
13:32 : Age Verification in the European Union: The Commission’s Age Verification App
13:32 : Download: Edgescan 2025 Vulnerability Statistics Report
13:32 : Airplay-enabled devices open to attack via “AirBorne” vulnerabilities
13:32 : UK Retailer Co-op Confirms Hack, Reports “Small Impact” to Its Systems
13:3 : Praktikum
13:3 : Over 90% of Cybersecurity Leaders Worldwide Report Cloud-Targeted Cyberattacks
13:3 : Ruby on Rails Vulnerability Allows CSRF Protection Bypass
13:3 : New WordPress Malware Disguised as Anti-Malware Plugin Takes Full Control of Websites
13:3 : Structify raises $4.1M seed to turn unstructured web data into enterprise-ready datasets
13:2 : DHS Head Accuses CISA of Acting Like “the Ministry of Truth”
12:32 : Google Introduces Agentic AI to Combat Cybersecurity Threats
12:32 : Chinese Hackers Abuse IPv6 SLAAC for AitM Attacks via Spellbinder Lateral Movement Tool
12:32 : [Free Webinar] Guide to Securing Your Entire Identity Lifecycle Against AI-Powered Threats
12:3 : Firefox 138 Released With Fix for Multiple High-Severity Vulnerabilities
12:3 : Samsung MagicINFO Vulnerability Allows Remote Code Execution Without Valid User
12:3 : New Germlin Stealer Advertised on Hacker Forums Steals Credit Card Data & Login Credentials
12:3 : Key Breakthroughs from RSA Conference 2025 – Day 1
12:3 : RSA Conference 2025 Announcement Summary (Day 2)
12:3 : Property renters targeted in simple BEC scam
11:33 : [UPDATE] [mittel] Oracle Java SE: Mehrere Schwachstellen
11:33 : [UPDATE] [mittel] Linux Kernel: Mehrere Schwachstellen ermöglichen nicht spezifizierten Angriff
11:32 : Amazon’s Project Kuiper Launches To Challenge Musk’s Starlink
11:32 : China Hackers Used Trojanized UyghurEditPP App to Target Uyghur Activists
11:32 : Microsoft Telnet Server Flaw Lets Attackers Bypass Guest Login Restrictions
11:32 : WhatsApp Case Against NSO Group Progressing
11:32 : Meta Releases Llama AI Open Source Protection Tools
11:5 : IT Security News Hourly Summary 2025-04-30 12h : 21 posts
11:4 : Dell schützt PowerProtect Data Manager und Laptops vor möglichen Attacken
11:4 : Nach Durows Festnahme: Telegram gibt immer mehr Nutzerdaten an Behörden raus
11:4 : [UPDATE] [mittel] Linux Kernel: Mehrere Schwachstellen
11:3 : Firefox 138 Launches with Patches for Several High-Severity Flaws
11:2 : Customer Account Takeovers: The Multi-Billion Dollar Problem You Don’t Know About
11:2 : US House Approves Bill to Assess Security Threats Posed by Foreign-Made Routers
10:33 : KI statt Kanzlei: Warum Laien eher ChatGPT vertrauen als echten Anwälten
10:33 : Digitales Foto für Personalausweis und Reisepass: Was sich ab dem 1. Mai ändert
10:33 : [NEU] [mittel] Docker Desktop: Mehrere Schwachstellen
10:33 : [NEU] [mittel] IBM Operational Decision Manager: Schwachstelle ermöglicht Cross-Site Scripting
10:32 : 4chan Is Back Online After Cyberattack, But With Issues
10:32 : AI Security Report 2025: Understanding threats and building smarter defenses
10:32 : Industry Moves for the week of April 28, 2025 – SecurityWeek
10:32 : France Blames Russia for Cyberattacks on Dozen Entities
10:32 : RansomHub Went Dark April 1; Affiliates Fled to Qilin, DragonForce Claimed Control
10:3 : Google Chrome: Mehrere Schwachstellen
10:3 : [UPDATE] [mittel] Linux Kernel: Mehrere Schwachstellen ermöglichen Denial of Service
10:3 : [UPDATE] [mittel] Ghostscript: Mehrere Schwachstellen
10:3 : [UPDATE] [hoch] bluez: Schwachstelle ermöglicht Codeausführung
10:3 : [UPDATE] [mittel] Ghostscript: Schwachstelle ermöglicht Codeausführung und DoS
10:3 : [UPDATE] [hoch] Ghostscript: Schwachstelle ermöglicht Denial of Service
10:2 : Anthropic Report Reveals Growing Risks from Misuse of Generative AI Misuse
9:33 : Mozilla Firefox, Firefox ESR, Thunderbird and Thunderbird ESR: Mehrere Schwachstellen
9:33 : [NEU] [hoch] Mozilla Firefox, Firefox ESR, Thunderbird and Thunderbird ESR: Mehrere Schwachstellen
9:33 : [UPDATE] [mittel] IBM WebSphere Application Server Liberty: Schwachstelle ermöglicht Denial of Service
9:33 : [UPDATE] [mittel] Apache Kafka: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen
9:32 : Ghost in the shell script: Boffins reckon they can catch bugs before programs run
9:32 : Frontegg releases identity management platform for AI agent builders
9:32 : Legit leverages AI in ASPM platform to find, fix, and prevent vulnerabilities
9:32 : JPMorgan CISO Urges SaaS Security Reset
9:5 : Zero-Click-Lücken entdeckt: Millionen Airplay-Geräte per Wi-Fi hackbar
9:5 : [UPDATE] [mittel] Python: Schwachstelle ermöglicht Denial of Service
9:5 : [UPDATE] [mittel] docker: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen
9:5 : [UPDATE] [hoch] Oracle Java SE: Mehrere Schwachstellen
9:5 : [UPDATE] [hoch] Red Hat OpenShift Container Platform: Mehrere Schwachstellen
9:5 : [UPDATE] [mittel] Python: Schwachstelle ermöglicht Manipulation von Dateien
9:4 : Earth Kasha Updates TTPs in Latest Campaign Targeting Taiwan and Japan
9:4 : Link11 brings three brands together on one platform with new branding
9:4 : AWS Defaults Open Stealthy Attack Paths Enabling Privilege Escalation and Account Compromise
9:4 : Researchers Exploit OAuth Misconfigurations to Gain Unrestricted Access to Sensitive Data
9:4 : Enhancing Security and Compliance With AI-Powered Monitoring in Billing Systems
9:3 : HPE strengthens hybrid cloud and connectivity with Aruba Networking and GreenLake security upgrades
9:3 : BigID AI Data Lineage delivers transparency and control for AI
9:3 : France Slams Russia’s APT28 for Four-Year Cyber-Espionage Campaign
8:33 : China-Linked Hackers Targeting Organizational Infrastructure and High-Value Clients
8:33 : CISA Warns SAP 0-day Vulnerability Exploited in the Wild
8:33 : WhatsApp Introduces AI Tools With Promise of Full Message Secrecy
8:33 : Hackers Leveraging GetShared to Deploy Malware Bypassing Defenses
8:33 : Cloud doesn’t mean secure: How Intruder finds what others miss
8:33 : AirPlay Vulnerabilities Expose Apple Devices to Zero-Click Takeover
8:33 : Securonix brings autonomous decision-making to security operations
8:33 : Skyhigh Security adds data protection solutions for Microsoft Copilot and ChatGPT Enterprise
8:5 : IT Security News Hourly Summary 2025-04-30 09h : 12 posts
8:4 : Domain-Hijacking: Angriff auf verwaiste Assets
8:3 : Docker Registry Vulnerability Lets macOS Users Access Any Registry Without Authorization
8:3 : This month in security with Tony Anscombe – April 2025 edition
8:3 : Chrome 136, Firefox 138 Patch High-Severity Vulnerabilities
8:3 : Torii launches agentic SaaS Management Platform
8:3 : Arkose Labs launches Edge and Scraping Protection to secure enterprise digital borders
8:3 : Meta Launches LlamaFirewall Framework to Stop AI Jailbreaks, Injections, and Insecure Code
7:33 : Rüstungsunternehmen: Briten warnen vor Spionage durch China-Elektroautos
7:32 : Verizon 2025 Report Alarming Rise in Cyberattacks Via Third-Parties
7:32 : Avast Antivirus Vulnerability Let Attackers Escalate Privileges
7:32 : Saviynt ISPM provides insights into an organization’s identity and access posture
7:32 : Apple Airplay-Enabled Devices Can Be Hacked, Google tracked 75 zero days, France ties Russian APT28 hackers to 12 cyberattacks
7:3 : Marktübersicht Arbeitskleidung: Sicherheit beginnt bei der Ausstattung
7:3 : Südkorea: Provider ersetzt nach Cyberangriff 25 Millionen Sim-Karten
7:2 : Almost half of US teenagers think social media negatively impacts their peers
7:2 : PowerDNS DNSdist Vulnerability Let Attackers Trigger Denial-of-Service
7:2 : AirBorne flaws can lead to fully hijack Apple devices
6:35 : Frankreich wirft Russland Cyberattacken zur Destabilisierung vor
6:32 : Cloud Security Challenges in Hybrid Environments: Navigating the Complexities of the Cloud
6:32 : WhatsApp Unveils New AI Features While Ensuring Full Message Secrecy
6:32 : Unpatched Windows Shortcut Vulnerability Let Attackers Execute Remote Code – PoC Released
6:32 : Product showcase: Ledger Flex secure crypto wallet
6:32 : Trellix DLP Endpoint Complete prevents data leaks in Windows and macOS
6:32 : Cybersecurity Incidents: Musk’s Staffers, Canadian Power Utility Attack, and Massive Password Leak
6:3 : DragonForce Ransomware behind Mark and Spencer digital outage

Post navigation