IT Security News Daily Summary 2025-04-24

210 posts were published in the last hour

• 21:32 : 3 EUC security topics I’ll be looking for at RSAC 2025
• 21:4 : Der Chatbot drückt nicht den Knopf zum „Feuerbefehl“: Über die Verantwortung im Krieg, wenn KI im Einsatz ist
• 21:3 : Zencoder buys Machinet to challenge GitHub Copilot as AI coding assistant consolidation accelerates
• 21:3 : 8 simple ways Mac users can better protect their privacy
• 21:3 : How fraudsters abuse Google Forms to spread scams
• 21:3 : SSNs and more on 5.5M+ patients feared stolen from Yale Health
• 20:5 : Backdoor Found in Official XRP Ledger NPM Package
• 20:5 : New Linux Rootkit
• 20:5 : Six Years of Dangerous Misconceptions Targeting Ola Bini and Digital Rights in Ecuador
• 20:5 : Client-Side Security Breach Alert: Blue Shield of California Exposes 4.7 Million Members’ Health Data Through Web Analytics Configuration
• 20:5 : RSAC Fireside Chat: The NDR evolution story—from open source start to kill chain clarity
• 20:5 : IT Security News Hourly Summary 2025-04-24 21h : 5 posts
• 19:5 : Yale New Haven Health (YNHHS) data breach impacted 5.5 million patients
• 18:33 : Threat Actors Taking Advantage of Unsecured Kubernetes Clusters for Cryptocurrency Mining
• 18:6 : Lessons from Ted Lasso for cybersecurity success
• 18:6 : OpenAI Would Buy Google’s Chrome, Executive Tells Judge
• 18:6 : Microsoft mystery folder fix might need a fix of its own
• 17:35 : Lazarus APT Targets Organizations by Exploiting One-Day Vulnerabilities
• 17:35 : Verizon DBIR Report: Small Businesses Identified as Key Targets in Ransomware Attacks
• 17:34 : Bruce Byrd on Public-Private Partnerships in Cybersecurity
• 17:34 : New whitepaper outlines the taxonomy of failure modes in AI agents
• 17:10 : Blue Shield Leaked Millions of Patient Info to Google for Years
• 17:10 : Weaponized SVG Files Used by Threat Actors to Redirect Users to Malicious Sites
• 17:10 : Hackers Exploit Ivanti Connect Secure 0-Day to Deploy DslogdRAT and Web Shell
• 17:10 : New Steganography Campaign Exploits MS Office Vulnerability to Distribute AsyncRAT
• 17:10 : Threat Actors Exploiting Unsecured Kubernetes Clusters for Crypto Mining
• 17:10 : ToyMaker Hackers Compromise Numerous Hosts via SSH and File Transfer Tools
• 17:10 : DLP vs. DSPM: What’s the difference?
• 17:10 : CISA Releases Seven Industrial Control Systems Advisories
• 17:9 : Johnson Controls ICU
• 17:9 : RSA Conference 2025 – Pre-Event Announcements Summary (Part 1)
• 17:9 : ARMO: io_uring Interface Creates Security ‘Blind Spot’ in Linux
• 17:9 : Symantec Links Betruger Backdoor Malware to RansomHub Ransomware Attacks
• 17:9 : Over 16,000 Fortinet Devices Infected With the Symlink Backdoor
• 17:9 : ELENOR-corp Ransomware Targets Healthcare Sector
• 17:5 : IT Security News Hourly Summary 2025-04-24 18h : 20 posts
• 16:34 : Anzeige: IT-Grundschutz mit BSI-Methodik – so geht’s
• 16:33 : Gmail’s New Encrypted Messages Feature Opens a Door for Scams
• 16:33 : Jericho Security Gets $15 Million for AI-Powered Awareness Training
• 16:32 : Data in Danger: Detecting Cross-Site Scripting in Grafana
• 16:32 : Harness Adds Traceable WAAP to Secure Web Apps and APIs
• 16:7 : Wie verbreitet ist Secure-by-Design in Deutschland?
• 16:6 : Alphabet’s Google Notifies Staff Of Job Threat Over Remote Working
• 16:6 : Assassin’s Creed maker faces GDPR complaint for forcing single-player gamers online
• 16:6 : ALBEDO Telecom Net.Time – PTP/NTP Clock
• 16:6 : Schneider Electric Modicon Controllers
• 16:6 : Linux io_uring Security Blind Spot Let Attackers Stealthily Deploy Rootkits
• 16:6 : CISA Confirms Continued Support for CVE Program, No Funding Issues
• 16:6 : New Stego Campaign Leverages MS Office Vulnerability to Deliver AsyncRAT
• 16:6 : ToyMaker Hackers Compromised Multitude Hosts Using SSH & File Transfer Tools
• 16:5 : Zoom attack tricks victims into allowing remote access to install malware and steal money
• 16:5 : Lazarus Hits 6 South Korean Firms via Cross EX, Innorix Flaws and ThreatNeedle Malware
• 15:32 : FBI confirms $16.6 billion losses to cyber-crime in 2024
• 15:32 : The danger of data breaches — what you really need to know
• 15:12 : Googles KI erfindet Erklärungen für ausgedachte Sprichwörter
• 15:12 : Mysteriöser Ordner in Windows 10 und 11: Neue Sicherheitslücke statt zusätzlicher Schutz
• 15:12 : Wenn in der Praxis niemand abhebt: Braucht es eine Pflicht zur Online-Terminvergabe?
• 15:10 : Attacks against Teltonika Networks SMS Gateways, (Thu, Apr 24th)
• 15:10 : Microsoft’s patch for CVE-2025–21204 symlink vulnerability introduces another symlink vulnerability
• 15:10 : Trump’s Meme Coin Value Surges After Dinner Invitation
• 15:10 : Microsoft Resumes Recall Feature Rollout After Privacy Backlash, Adds Security Functions
• 15:10 : RSA Conference 2025
• 15:10 : 8 Best Cloud Access Security Broker (CASB) Solutions for 2025
• 15:9 : Speak at TechCrunch Disrupt 2025: Applications now open
• 15:9 : Zyxel RCE Vulnerability Allows Arbitrary Query Execution Without any Authentication
• 15:9 : Citrix NetScaler Console Vulnerability Enables Admin Access – PoC Released
• 15:9 : Hackers Exploited Ivanti Connect Secure 0-Day to Install DslogdRAT & Web Shell
• 15:9 : NVIDIA NeMo Framework Vulnerability Let Attackers Execute Remote Code
• 15:9 : One Vendor Delivers 100% Protection And 100% Detection Visibility in MITRE ATT&CK Evaluation
• 15:9 : Verizon DBIR Flags Major Patch Delays on VPNs, Edge Appliances
• 15:9 : HYCU Tackles SaaS Data Protection With New R-Shield Solution
• 15:9 : Blue Shield of California Data Breach Affects 4.7 Million Members
• 14:33 : MIWIC25: Jess Matthews, Compliance Governance Officer at Acacium Group
• 14:33 : MIWIC25: Helen Oluyemi, Information Security Manager at Pollinate International Limited
• 14:33 : Android malware turns phones into malicious tap-to-pay machines
• 14:32 : Beyond Backups: Building a Ransomware Response Playbook That Works
• 14:32 : Lazarus Hits 6 South Korean Firms via Cross EX, Innorix Zero-Day and ThreatNeedle Malware
• 14:32 : Blue Shield of California shared private data,FBI IC3 report, Ex-Army sergeant jailed
• 14:5 : Wordfence Intelligence Weekly WordPress Vulnerability Report (April 14, 2025 to April 20, 2025)
• 14:5 : TSMC Reveals A14 Tech To Meet AI Chip Capacity
• 14:5 : dRPC Launches NodeHaus to Streamline Blockchain and Web3 Infrastructure
• 14:5 : NVIDIA NeMo Vulnerability Enables Remote Exploits
• 14:5 : 4.7 million customers’ data accidentally leaked to Google by Blue Shield of California
• 14:5 : Cyber Vigilantes Strike Again as Anonymous Reportedly Leaks 10TB of Sensitive Russian Data
• 14:5 : Highest-Risk Security Flaw Found in Commvault Backup Solutions
• 14:5 : IT Security News Hourly Summary 2025-04-24 15h : 22 posts
• 13:35 : Lünendonk-Studie: Kunden fordern Managed Services
• 13:34 : Check Point and Illumio Partner to Accelerate Zero Trust with Proactive Threat Prevention and Microsegmentation
• 13:34 : Securing the Hybrid Workforce in the Age of AI: 5 Priorities for 2025
• 13:34 : Cyber Criminals Exploit Pope Francis Death to Launch Global Scams
• 13:33 : Change is in the wind for SecOps: Are you ready?
• 13:33 : How to Defend Against the 10 Most Dangerous Privileged Attack Vectors
• 13:33 : Effective Privileged Access Management Implementation: A Step-by-Step Guide
• 13:33 : Critical Langflow Vulnerability Allows Malicious Code Injection – Technical Details Revealed
• 13:33 : Commvault RCE Vulnerability Let Attackers Breach Vault – PoC Released
• 13:33 : Cisco Confirms Multiple Products Impacted by Erlang/OTP SSH Server RCE Vulnerability
• 13:33 : Threat Actors Turn More Sophisticated & Exploiting Zero-Day Vulnerabilities – Google Warns
• 13:33 : GitGuardian Joins Health-ISAC: Strengthening Cybersecurity in Healthcare Through Secrets Detection
• 13:33 : 159 CVEs Exploited in Q1 2025 — 28.3% Within 24 Hours of Disclosure
• 13:33 : Linux io_uring PoC Rootkit Bypasses System Call-Based Threat Detection Tools
• 13:4 : WhatsApp: “Advanced Chat Privacy” liefert Schutz der Privatsphäre
• 13:3 : The Illusion of Truth: The Risks and Responses to Deepfake Technology
• 13:3 : New SessionShark Phishing Kit Bypasses MFA to Steal Office 365 Logins
• 13:3 : Commvault RCE Vulnerability Exploited—PoC Released
• 13:3 : Multiple Cisco Tools at Risk from Erlang/OTP SSH Remote Code Execution Flaw
• 13:3 : Crooks exploit the death of Pope Francis
• 13:3 : Push Security Raises $30 Million in Series B Funding
• 12:35 : Google Chrome und Microsoft Edge: Mehrere Schwachstellen
• 12:35 : Moodle: Mehrere Schwachstellen
• 12:35 : Nvidia Treiber: Mehrere Schwachstellen
• 12:35 : WhatsApp: “Advanced Chat Privacy” soll sensible Kommunikation schützen
• 12:35 : [UPDATE] [hoch] Linux Kernel: Mehrere Schwachstellen
• 12:34 : Redis DoS Vulnerability: Attackers Can Exhaust Server Memory or Cause Crashes
• 12:33 : Critical Commvault RCE vulnerability fixed, PoC available (CVE-2025-34028)
• 12:33 : AVX ONE PQC Tool delivers crypto inventory, risk insights, and readiness scoring
• 12:33 : Darcula Adds GenAI to Phishing Toolkit, Lowering the Barrier for Cybercriminals
• 12:33 : Data breach exposes 21 Million employee screenshots from a workplace surveillance tool
• 12:7 : Erlang/OTP SSH: Namhafte Hersteller von kritischer Lücke betroffen
• 12:7 : (g+) Registermodernisierung: Torwächter für vertrauliche Daten
• 12:5 : Zyxel RCE Flaw Lets Attackers Run Commands Without Authentication
• 12:5 : SecLytics Rebrands as Augur Security, Raises $7M in Seed Funding
• 12:5 : DirectDefense launches Security Essentials to protect growing SMBs
• 11:33 : Meta AI Access On Ray-Ban Glasses Expands In Europe
• 11:33 : Securing Fintech Operations Through Smarter Controls and Automation
• 11:32 : Skyhawk Security brings preemptive cloud app defense to RSAC 2025
• 11:32 : Critical Commvault Command Center Flaw Enables Attackers to Execute Code Remotely
• 11:32 : Automating Zero Trust in Healthcare: From Risk Scoring to Dynamic Policy Enforcement Without Network Redesign
• 11:32 : Verizon DBIR: Small Businesses Bearing the Brunt of Ransomware Attacks
• 11:5 : IT Security News Hourly Summary 2025-04-24 12h : 20 posts
• 11:4 : Wegen Taurus: Prorussische Hacker attackieren Deutschland
• 11:4 : [NEU] [mittel] Drupal Extensions: Mehrere Schwachstellen
• 11:3 : Deployments to Dollars: Turning Services into Recurring Revenue
• 11:3 : Elusive Comet Attack: Hackers Use Zoom Remote-Control to Steal Crypto
• 11:3 : WhatsApp introduces Advanced Chat Privacy to protect sensitive communications
• 11:3 : GitLab Security Update – Patch for XSS, DoS & Account Takeover Vulnerabilities
• 11:3 : AI-Powered Polymorphic Phishing Is Changing the Threat Landscape
• 10:34 : Sonicwall warnt vor DoS-Lücke in SSLVPN
• 10:34 : [NEU] [hoch] GitLab: Mehrere Schwachstellen
• 10:33 : CISA Suspends Use of VirusTotal and Censys, Signaling Potential Setbacks for Cyber Defense Efforts
• 10:33 : Fortra’s Offensive & Defensive Approach to Channel Security
• 10:33 : Q4 2024 Cyber Attacks Statistics
• 10:33 : M&S takes systems offline as ‘cyber incident’ lingers
• 10:33 : FBI: Cybercrime Losses Surpassed $16.6 Billion in 2024
• 10:32 : Ransomware Attacks Fall Sharply in March
• 10:9 : [NEU] [UNGEPATCHT] [niedrig] BusyBox: Mehrere Schwachstellen
• 10:8 : The Role of SSL Certificates in Website Security and Performance
• 10:8 : DeepSeek Transferred Data Without Consent, Says South Korea
• 10:8 : Redis DoS Flaw Allows Attackers to Crash Servers or Drain Memory
• 10:8 : AI-Enabled Darcula-Suite Makes Phishing Kits More Accessible, Easier to Deploy
• 10:8 : Heimdal Awarded Patent for Predictive DNS™ Technology
• 10:8 : Admin Rights in Action: How Hackers Target Privileged Accounts
• 10:8 : Swimlane CAR solution automates compliance control mapping
• 10:8 : AuditBoard RegComply helps organizations with ongoing regulatory updates
• 10:8 : Understanding 2024 cyber attack trends
• 10:7 : ETSI Unveils New Baseline Requirements for Securing AI
• 9:34 : Sicherheitslücken: Schwachstellenscanner Nessus ist angreifbar
• 9:34 : Github: Forscher macht aus gelöschten Dateien 64.000 US-Dollar
• 9:33 : [NEU] [mittel] IBM InfoSphere Information Server: Mehrere Schwachstellen
• 9:32 : Your vendor may be the weakest link: Percentage of third-party breaches doubled in a year
• 9:32 : Heimdal Awarded Patent for Predictive DNS™ Technology
• 9:32 : Veracode platform enhancements improve software security
• 9:32 : Metomic AI Data Protection prevents data leakage in AI tools
• 9:7 : Kostet Millionen, lohnt sich dennoch: Warum du ChatGPT Trinkgeld geben solltest
• 9:7 : KI-Drohnen im Kriegseinsatz: Wie weit sind die autonomen Schwärme?
• 9:7 : [NEU] [niedrig] Proxmox Virtual Environment: Schwachstelle ermöglicht Manipulation von Dateien
• 9:7 : [NEU] [mittel] Redis: Schwachstelle ermöglicht Denial of Service
• 9:6 : Critical Langflow Flaw Enables Malicious Code Injection – Technical Breakdown Released
• 9:6 : Google Warns: Threat Actors Growing More Sophisticated, Exploiting Zero-Day Vulnerabilities
• 9:6 : Heimdal Awarded Patent for Predictive DNS™ Technology
• 9:6 : Blue Shield Leaked Health Info of 4.7M patients with Google Ads
• 9:6 : SonicWall SSLVPN Vulnerability Let Remote Attackers Crash Firewall Appliances
• 9:6 : Threat Actors Using Weaponized SVG Files to Redirect Users to Malicious Websites
• 9:6 : Blue Shield of California Data Breach Impacts 4.7 Million People
• 9:6 : Adversary-in-the-Middle Attacks Persist – Strategies to Lessen the Impact
• 9:6 : Ofcom Lays Down the Law with Child Safety Rules for Tech Giants
• 8:34 : Datenleck bei Gravy Analytics: So schützt du deine Standortdaten | Offizieller Blog von Kaspersky
• 8:34 : [UPDATE] [hoch] ffmpeg: Mehrere Schwachstellen
• 8:34 : [UPDATE] [mittel] Eclipse Jetty: Schwachstelle ermöglicht Denial of Service
• 8:34 : [UPDATE] [mittel] Eclipse IDE: Schwachstelle ermöglicht Offenlegung von Informationen
• 8:34 : [UPDATE] [hoch] Eclipse Jetty: Mehrere Schwachstellen ermöglichen Denial of Service
• 8:34 : [UPDATE] [mittel] Eclipse Jetty: Mehrere Schwachstellen
• 8:33 : GitLab Releases Critical Patch for XSS, DoS, and Account Takeover Bugs
• 8:33 : Scams 2.0: How Technology Is Powering the Next Generation of Fraud
• 8:33 : Heimdal Awarded Patent for Predictive DNS™ Technology
• 8:33 : Cisco Confirms Some Products Impacted by Critical Erlang/OTP Flaw
• 8:32 : Why Smart Retrieval is Critical for Compliance Success
• 8:6 : Sonos: Sicherheitslücken gefährden mehrere Speaker-Systeme
• 8:5 : Detecting Multi-Stage Infection Chains Madness
• 8:5 : SonicWall SSLVPN Flaw Allows Hackers to Crash Firewalls Remotely
• 8:5 : Heimdal Awarded Patent for Predictive DNS™ Technology
• 8:5 : The Human Advantage in the Age of Technological Uncertainties
• 8:5 : IT Security News Hourly Summary 2025-04-24 09h : 11 posts
• 7:34 : Anlagenmodernisierung: Sicherheit beim Retrofit
• 7:33 : Hackers Use 1000+ IP Addresses to Target Ivanti VPN Vulnerabilities
• 7:33 : Heimdal Awarded Patent for Predictive DNS™ Technology
• 7:33 : 1000+ Unique IPs Attacking Ivanti Connect Secure Systems to Exploit Vulnerabilities
• 7:33 : Microsoft to Offer Rewards Up to $30,000 for AI Vulnerabilities
• 7:33 : Booby-trapped Alpine Quest Android app geolocates Russian soldiers
• 7:33 : 5.5 Million Patients Affected by Data Breach at Yale New Haven Health
• 7:33 : Exposed and unaware: The state of enterprise security in 2025
• 7:32 : April 24, 2025
• 7:6 : Preisvergleich: Cyberangriff trifft Guenstiger.de
• 7:5 : Heimdal Awarded Patent for Predictive DNS™ Technology
• 6:33 : Blue Shield Exposed Health Data of 4.7 Million via Google Ads
• 6:33 : Heimdal Awarded Patent for Predictive DNS™ Technology
• 6:33 : Building a Cyber-Aware Culture – CISO’s Step-by-Step Plan
• 6:33 : Beyond Compliance – How VPs of Security Drive Strategic Cybersecurity Initiatives
• 6:33 : Binarly Transparency Platform 3.0 prioritizes vulnerabilities based on active exploitation
• 6:10 : Microsoft: Windows-Update schafft neue Schwachstelle
• 6:10 : Microsoft Offers $30,000 Bounties for AI Security Flaws