IT Security News Daily Summary 2025-04-11

167 posts were published in the last hour

• 21:4 : Week in Review: Fake ChatGPT passport, Apple appeals UK encryption, Oracle’s obsolete servers
• 20:37 : Stanford-Report: Warum KI immer größeren Einfluss auf unser Leben hat – und wie wir damit umgehen
• 20:37 : Zauberer von Oz: Warum Google 90 Prozent des Filmklassikers mithilfe von KI verändert
• 20:37 : Windows-95-Startsound wird besondere Ehre zuteil
• 20:36 : News alert: INE Security highlights why hands-on labs can help accelerate CMMC 2.0 compliance
• 20:5 : IT Security News Hourly Summary 2025-04-11 21h : 12 posts
• 19:36 : Florida’s New Social Media Bill Says the Quiet Part Out Loud and Demands an Encryption Backdoor
• 19:4 : Cybersecurity Community Must Not Remain Silent On Executive Order Attacking Former CISA Director
• 18:32 : Russia’s Storm-2372 Hits Orgs with MFA Bypass via Device Code Phishing
• 18:32 : Tycoon 2FA Phishing Kit Uses Advanced Evasion Techniques to Bypass Endpoint Detection Systems
• 18:32 : Threat Actors Exploit Legitimate Crypto Packages to Deliver Malicious Code
• 18:32 : Hackers Exploit Router Flaws in Ongoing Attacks on Enterprise Networks
• 18:32 : Threat Actors Launch Active Attacks on Semiconductor Firms Using Zero-Day Exploits
• 18:32 : Threat Actors Leverage Email Bombing to Evade Security Tools and Conceal Malicious Activity
• 18:5 : Fortinet Warns Attackers Retain FortiGate Access Post-Patching via SSL-VPN Symlink Exploit
• 18:5 : Beware of Fake mParivahan App Attacking Mobile Users Via WhatsApp to Steal Sensitive Data
• 18:5 : Rapid7 Reveals RCE Path in Ivanti VPN Appliance After Silent Patch Debacle
• 18:5 : Microsoft Moves Forward With Controversial Recall Feature
• 18:5 : Hackers exploit old FortiGate vulnerabilities, use symlink trick to retain limited access to patched devices
• 17:35 : BentoML Vulnerability Allows Remote Code Execution on AI Servers
• 17:35 : APT32 Hackers Weaponizing GitHub to Attack Cybersecurity Professionals & Enterprises
• 17:35 : Overcoming The Skills Shortage in Cybersecurity Through A ‘Trusted’ Approach.
• 17:35 : Can AI Be Your Trusted Partner in Securing Your Extended Business Ecosystem?
• 17:35 : The Role of AI In Cybersecurity: Enhancing Defense And Adapting To Threats
• 17:35 : Securing The AI Frontier: Addressing Emerging Threats In AI-Powered Software Development
• 17:35 : Smart Meter Security: Best Practices and Emerging Regulations
• 17:5 : IT Security News Hourly Summary 2025-04-11 18h : 8 posts
• 17:2 : BSidesLV24 – Breaking Ground – Redis Or Not: Argo CD & GitOps From An Attacker’s Perspective
• 17:2 : Ethical Hacking: The Cyber Shield Organizations Need
• 16:37 : Anzeige: Fortgeschrittenes Penetration Testing mit CPENT Certificate
• 16:36 : How OSCP Holders Can Lead Their Teams to Greater Cybersecurity Resilience
• 16:36 : Meta Launches New Llama 4 AI Models
• 16:36 : Krebs probed, Nissan Leaf hack, Typhoon tariff warning
• 16:7 : Hackers post stolen data on Telegram
• 16:6 : The Pall Mall Pact and why it matters
• 15:32 : Laboratory Services Cooperative Data Breach – 1.6 Million People Impacted
• 15:32 : CISA Releases 10 ICS Advisories Covering Vulnerabilities & Exploits
• 15:32 : The Rise of Cyber Warfare and Its Global Implications
• 15:32 : NVD Revamps Operations as Vulnerability Reporting Surges
• 15:5 : Smart Buses, Smarter Threats | Securing the Future of Connected Transit
• 15:5 : Harmony SaaS Delivers Next-Level SaaS Security for Google Cloud Customers
• 15:5 : What is Active Directory (AD)?
• 15:5 : How GenAI Is Revolutionizing HR Analytics for CHROs and Business Leaders
• 14:37 : BSI warnt Windows-10-Nutzer: Warum ihr schon jetzt auf ein anderes Betriebssystem umsteigen solltet
• 14:37 : ChatGPT erinnert sich an alles: Neues Memory-Feature sorgt für Diskussionen
• 14:37 : Menschen statt KI: Wie ein Gründer Investoren und Kunden mit seiner App getäuscht haben soll
• 14:37 : Messenger schlägt Telefon: Warum 40 Prozent der Deutschen lieber Nachrichten verschicken als anzurufen
• 14:37 : Thunderbird Pro: Wie Mozilla Gmail und Outlook Konkurrenz machen will
• 14:35 : Amazon CEO Says Sellers May Pass Tariff Costs Onto Consumers
• 14:35 : Protect yourself from tax season scams
• 14:35 : Fortinet Releases Advisory on New Post-Exploitation Technique for Known Vulnerabilities
• 14:35 : Palo Alto warns of brute-force login attempts on PAN-OS GlobalProtect gateways indicating possible upcoming attacks
• 14:35 : Hackers Breach Morocco’s Social Security Database
• 14:7 : EU und Nato: Europäische Telcos fordern Schutz ihrer Seekabel vom Militär
• 14:5 : Google Cuts Hundreds Of Android, Pixel Staff – Report
• 14:5 : Hands-On Labs: The Key to Accelerating CMMC 2.0 Compliance
• 14:5 : A Security Leader’s Perspective on The Real Business Risks of Secrets Managers Redundancy
• 14:5 : IT Security News Hourly Summary 2025-04-11 15h : 5 posts
• 13:37 : Einigung auf Koalitionsvertrag: Wie geht es weiter?
• 13:37 : Google Workspace: Google gibt US-Behörden enormen Rabatt
• 13:35 : It?s All In the Cards: Preventing Payment Abuse for Retailers
• 13:35 : What Is DNSSEC, and How Does It Work?
• 13:35 : Cloud Migration Strategy: The Step-By-Step Framework and Benefits
• 13:35 : Biometrics vs. passcodes: What lawyers recommend if you’re worried about warrantless phone searches
• 13:35 : Malicious NPM Packages Targeting PayPal Users
• 13:35 : Paper Werewolf Deploys PowerModul Implant in Targeted Cyberattacks on Russian Sectors
• 13:6 : Sonicwall: Schwachstellen im Netextender Windows-Client
• 13:5 : Monocam: Regulärer Betrieb der ersten Handyblitzer startet
• 13:5 : Calix Pre-Auth RCE on TCP Port 6998 Allow Arbitrary Code Execution as Root User
• 13:5 : Sensata Technologies Hacked – Ransomware Attack Disrupts Operations
• 13:5 : WordPress Plugin Vulnerability Exposes Sites to Critical File Inclusion Attacks
• 12:38 : Sonicwall Netextender: Sicherheitslecks gefährden Windows-Client
• 12:37 : China Hits Back At Trump, Raises US Tariffs To 125 Percent
• 12:37 : Vulnerability in OttoKit WordPress Plugin Exploited in the Wild
• 12:4 : (g+) Passwortsicherheit: Dicht wie ein Sieb – die Shell
• 12:4 : Strafverfolgung: FBI tarnt sich als Geldwäscher namens “Elon Musk”
• 12:4 : [NEU] [niedrig] QT: Schwachstelle ermöglicht Denial of Service
• 12:3 : Sensata Technologies Breached: Ransomware Attack Key Systems
• 12:3 : CISA Issues 10 ICS Advisories Addressing Critical Vulnerabilities and Exploits
• 12:3 : Privileged access management: Best practices, implementation, and tools
• 12:3 : In Other News: Scattered Spider Still Active, EncryptHub Unmasked, Rydox Extraditions
• 12:3 : KELA Digital Cyber Analysts improves security teams’ efficiency
• 12:3 : Span Cyber Security Arena 2025: Infosec leaders to discuss the future of digital defense
• 12:3 : Initial Access Brokers Shift Tactics, Selling More for Less
• 12:3 : Google Cloud: Top 5 Priorities for Cybersecurity Leaders Today
• 11:31 : Künstliche Intelligenz: OpenAI verkürzt Sicherheitstests von Monaten auf Tage
• 11:5 : Sex-Fantasy Chatbots Are Leaking a Constant Stream of Explicit Messages
• 11:5 : IT Security News Hourly Summary 2025-04-11 12h : 19 posts
• 11:5 : Microsoft Enhances Exchange & SharePoint Server Security With New Windows Antimalware Scan
• 11:5 : SonicWall Patches High-Severity Vulnerability in NetExtender
• 11:4 : Seeing the Big Picture in Phishing Defense: IRONSCALES & CrowdStrike
• 10:39 : [NEU] [mittel] MediaWiki: Mehrere Schwachstellen
• 10:39 : [UPDATE] [mittel] Red Hat OpenShift Container Platform: Schwachstelle ermöglicht Denial of Service
• 10:39 : [UPDATE] [mittel] Red Hat Enterprise Linux (Gatekeeper): Mehrere Schwachstellen ermöglichen Denial of Service
• 10:39 : [UPDATE] [mittel] Golang Go: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen
• 10:38 : China Admitted to US That It Conducted Volt Typhoon Attacks: Report
• 10:2 : ISC Stormcast For Friday, April 11th, 2025 https://isc.sans.edu/podcastdetail/9404, (Fri, Apr 11th)
• 9:34 : Verkehrssicherheit: Nissan gehackt und Lenkung über das Internet manipuliert
• 9:34 : USA: Pentagon streicht zwei Milliarden US-Dollar für IT-Services
• 9:34 : [UPDATE] [mittel] Mattermost Mobile: Schwachstelle ermöglicht Denial of Service
• 9:33 : [UPDATE] [hoch] Mattermost: Mehrere Schwachstellen
• 9:33 : TROX Stealer Harvests Sensitive Data Including Stored Credit Cards and Browser Credentials
• 9:32 : Ransomware Reaches A Record High, But Payouts Are Dwindling
• 9:32 : MIWIC25: Katie Beecroft, Associate Director Risk & Security, Fidelity International
• 9:32 : Ivanti 0-day RCE Vulnerability Exploitation Details Disclosed
• 9:32 : Jenkins Docker Images Vulnerability Let Attackers Insert Themselves in Network Path
• 9:32 : AMD CPU Signature Verification Vulnerability Let Attackers Load Malicious Microcode
• 9:32 : SpyNote, BadBazaar, MOONSHINE Malware Target Android and iOS Users via Fake Apps
• 9:32 : Palo Alto Networks Warns of Brute-Force Attempts Targeting PAN-OS GlobalProtect Gateways
• 9:8 : [UPDATE] [mittel] OpenSSL: Mehrere Schwachstellen
• 9:8 : [UPDATE] [mittel] OpenSSL: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen
• 9:7 : Microsoft Boosts Exchange and SharePoint Security with Updated Antimalware Scan
• 9:7 : Calix Devices Vulnerable to Pre-Auth RCE on Port 6998, Root Access Possible
• 9:7 : Chinese eCrime Group Targets Users in 120+ Countries to Steal Banking Credentials
• 9:7 : Ransomware crims hammering UK more than ever as British techies complain the board just doesn’t get it
• 8:37 : Hat künstliche Intelligenz ein Wertesystem? MIT-Studie zeigt, ob die Tools ihrer Meinung treu bleiben
• 8:37 : Duolingo: Hilft der KI-gestützte Videocall tatsächlich beim Sprachen lernen?
• 8:37 : Google Workspace: Wie ihr aus Dokumenten bald Podcasts machen könnt
• 8:37 : [NEU] [mittel] Flowise: Schwachstelle ermöglicht Manipulation von Dateien
• 8:37 : [NEU] [mittel] IBM Installation Manager: Mehrere Schwachstellen
• 8:37 : [NEU] [hoch] Pixel Patchday April 2025: Mehrere Schwachstellen
• 8:36 : Windows Defender Antivirus Bypassed Using Direct Syscalls & XOR Encryption
• 8:36 : Cybercrime Group Changes Plans: Drops Ransomware, Focuses on Data Theft
• 8:36 : New WhatsApp Feature Allows Users to Control Media Auto-Saving
• 8:6 : Pixel Patchday April 2025: Mehrere Schwachstellen
• 8:6 : Palo Alto Networks: Entwickler patchen PAN-OS und GlobalProtect App
• 8:5 : AMD CPU Signature Verification Vulnerability Enables Unauthorized Microcode Execution
• 8:5 : Cyble Urges Critical Vulnerability Fixes Affecting Industrial Systems
• 8:5 : IT Security News Hourly Summary 2025-04-11 09h : 1 posts
• 7:33 : Koalitionsvertrag 2025: Mehr Sicherheit für Deutschland
• 7:33 : Notfallupdate für Microsoft Office
• 7:33 : Palo Alto Networks: Schwachstellen in PAN-OS gefährden Firewalls
• 7:32 : March Madness: Don’t Let Cyber Scammers Attack Your Bracket Blind Spot
• 7:32 : Gamaredon targeted the military mission of a Western country based in Ukraine
• 7:32 : President fires Krebs, Nissan Leaf hack, Typhoon tariff warning
• 7:6 : Vendetta: Trump entzieht IT-Sicherheitsfirma Sicherheitsfreigaben
• 7:6 : Maryland Community Colleges to Host Ribbon Cutting Events as Maryland’s Cyber Workforce Accelerator Program Ramps Up
• 7:5 : Smart TVs and security risks: What you need to know
• 7:5 : Ivanti 0-Day RCE Flaw Exploitation Details Revealed
• 7:5 : Researchers Exploit Windows Defender with XOR and System Calls
• 7:5 : Microsoft Issues Urgent Patch to Resolve Office Update Crashes
• 7:5 : iOS 18.4 Update Introduces Critical Bug in Dynamic Symbol Resolution
• 7:5 : OpenAI Shuts Down Spammer | New RAT Threatens Windows | WordPress Bug Exploited
• 6:34 : RansomHouse ransomware steals 2TB data from telecom giant
• 5:37 : Volt Typhoon: China gesteht Cyberangriffe auf die USA angeblich indirekt ein
• 5:37 : Jenkins Docker Vulnerability Allows Hackers to Hijack Network Traffic
• 5:36 : Why security culture is crypto’s strongest asset
• 5:36 : OttoKit WordPress Plugin Admin Creation Vulnerability Under Active Exploitation
• 5:5 : IT Security News Hourly Summary 2025-04-11 06h : 1 posts
• 5:4 : Anzeige: IT-Security-Vorfälle – so gehen Sofortmaßnahmen und Forensik
• 5:3 : Microsoft Issues Urgent Patch to Fix Office Update Crash
• 5:3 : Why remote work is a security minefield (and what you can do about it)
• 5:3 : Ransomware groups push negotiations to new levels of uncertainty
• 4:35 : Europol-Studie ordnet biometrische Identifizierung kritisch ein
• 4:35 : Gericht nennt Details zu Angriffen auf 1223 WhatsApp-User mit Pegasus-Spyware
• 4:34 : iOS devices face twice the phishing attacks of Android
• 4:2 : New infosec products of the week: April 11, 2025
• 1:36 : Ex-Meta exec tells Senate Zuck dangled US citizen data in bid to enter China
• 1:36 : Ex-Meta exec tells Senate Zuck’s biz dangled US citizen data in bid to enter China
• 1:6 : Reimagining Democracy
• 23:6 : Certbot 4.0: Long Live Short-Lived Certs!
• 23:5 : IT Security News Hourly Summary 2025-04-11 00h : 1 posts
• 22:55 : IT Security News Daily Summary 2025-04-10
• 22:7 : Celebrating the Fortinet Training Institute’s 2025 ATC Award Winners
• 22:7 : BSidesLV24 – Breaking Ground – BOLABuster: Harnessing LLMs For Automating BOLA Detection
• 22:7 : Trump Strips Security Clearances of Ex-CISA Head Krebs, SentinelOne
• 22:7 : The ultimate guide to Microsoft Security at RSAC 2025