IT Security News Daily Summary 2025-05-14

210 posts were published in the last hour

• 21:31 : FIPS 140-3: The Security Standard That Protects Our Federal Data
• 21:5 : European Vulnerability Database is Live: What This ‘Essential Tool’ Offers Security Experts
• 21:5 : Google Cracks Down on Fake ‘Unpaid Toll’ Text Scams with New Android Update
• 21:5 : U.S. CISA adds Microsoft Windows flaws to its Known Exploited Vulnerabilities catalog
• 21:5 : Identity Theft Surges as Criminals Deploy Advanced Tactics to Steal Personal Data
• 21:5 : Metal maker meltdown: Nucor stops production after cyber-intrusion
• 20:32 : The Internet’s Biggest-Ever Black Market Just Shut Down Amid a Telegram Purge
• 20:32 : BSidesLV24 – GroundFloor – A Quick Story Of Security Pitfalls With Exec Commands In Software Integrations
• 20:5 : IT Security News Hourly Summary 2025-05-14 21h : 7 posts
• 20:4 : SSOJet LLM-Friendly Documentation
• 19:33 : 10,000 WordPress Sites Affected by Remote Code Execution Vulnerability in UiPress lite WordPress Plugin
• 19:33 : Understanding IEEE 802.11(Wi-Fi) Encryption and Authentication: Write Your Own Custom Packet Sniffer
• 19:32 : Hackers Exploit Software Flaws within Hours Forcing Urgent Push for Faster Patches
• 19:32 : Hacking the Hardware Brains of Computers is the Ultimate Cyberattack
• 19:7 : RaaS Explained: How Cybercriminals Are Scaling Attacks Like Startups
• 19:7 : White House scraps plan to block data brokers from selling Americans’ sensitive data
• 19:7 : Ivanti fixed two EPMM flaws exploited in limited attacks
• 18:33 : CISA Adds Five Known Exploited Vulnerabilities to Catalog
• 18:33 : CISA Adds One Known Exploited Vulnerability to Catalog
• 18:33 : Why CVSS is failing us and what we can do about it
• 18:33 : Google Ships Android ‘Advanced Protection’ Mode to Thwart Surveillance Spyware
• 18:32 : MCP, OAuth 2.1, PKCE, and the Future of AI Authorization
• 18:32 : BianLian and RansomExx Exploit SAP NetWeaver Flaw to Deploy PipeMagic Trojan
• 18:32 : Samsung Patches CVE-2025-4632 Used to Deploy Mirai Botnet via MagicINFO 9 Exploit
• 18:2 : Uncle Sam pulls $2.4B Leidos deal to support CISA after rival alleges foul play
• 17:32 : CFPB Quietly Kills Rule to Shield Americans From Data Brokers
• 17:32 : Global Powers Intensify Cyber Warfare with Covert Digital Strikes on Critical Systems
• 17:32 : Top 5 WMIC Commands Used By Malware
• 17:32 : Marbled Dust leverages zero-day in Output Messenger for regional espionage
• 17:32 : Technical Advisory Committees Election Results
• 17:7 : Google testet KI-Button auf der Startseite – welches Feature dafür verschwinden könnte
• 17:7 : Tiktoks neue KI-Funktion macht aus euren Fotos animierte Videos – doch es gibt einen Haken
• 17:7 : Google Chrome: Was ein Gerichtsverfahren über neue KI-Funktionen im Browser verrät
• 17:7 : Kommt endlich Schwung in die digitale Verwaltung? Was Bundeskanzler Merz verspricht
• 17:7 : ChatGPT erweitert Deep Research um eine praktische PDF-Funktion
• 17:5 : North Korean Hackers Stole $88M by Posing as US Tech Workers
• 17:5 : What is business resilience?
• 17:5 : CFBP Quietly Kills Rule to Shield Americans From Data Brokers
• 17:5 : Ivanti patches two zero-days under active attack as intel agency warns customers
• 17:5 : Xinbi Telegram Market Tied to $8.4B in Crypto Crime, Romance Scams, North Korea Laundering
• 17:5 : IT Security News Hourly Summary 2025-05-14 18h : 16 posts
• 16:32 : India Issues Alert On Pakistan-Based Malware “Dance of the Hillary”
• 16:32 : Horabot Unleashed: A Stealthy Phishing Threat
• 16:32 : Google strengthens secure enterprise access from BYOD Android devices
• 16:6 : Angeblicher Steam-Hack: Datenleck enthält SMS-Sendeprotokolle
• 16:6 : Anzeige: Microsoft 365 Copilot sicher administrieren und integrieren
• 16:5 : Weaponized Google Calendar Invites Delivers Malicious Payload With Just One Character
• 16:5 : Critical Adobe Illustrator Vulnerability Let Attackers Execute Malicious Code
• 16:5 : Meta’s still violating GDPR rules with latest plan to train AI on EU user data, says noyb
• 16:5 : As US CVE Database Fumbles, EU ‘Replacement’ Goes Live
• 16:5 : Marks & Spencer Cyberattack Fallout May Last Months Amid Growing Threat from Scattered Spider
• 16:5 : Vulnerability Summary for the Week of May 5, 2025
• 16:5 : Android Enterprise Launches Device Trust For Enhanced Security
• 15:32 : The Evolving Nature of DDoS Attacks: A Smokescreen for More Dangerous Threats
• 15:32 : Google Threat Intelligence Releases Actionable Threat Hunting Technique for Malicious .desktop Files
• 15:32 : TA406 Hackers Target Government Entities to Steal Login Credentials
• 15:32 : Threat Actors Leverage Weaponized HTML Files to Deliver Horabot Malware
• 15:32 : Pakistan’s ‘Dance of the Hillary’ Malware Targets Indians—Here’s How to Safeguard Yourself
• 15:8 : Cyberkriminelle änderten Bankverbindungen bei der Bundesagentur für Arbeit
• 15:7 : Severe Adobe Illustrator Flaw Allows Remote Code Execution
• 15:7 : New Adobe Photoshop Vulnerability Enables Arbitrary Code Execution
• 15:7 : Meet AlphaEvolve, the Google AI that writes its own code—and just saved millions in computing costs
• 15:7 : Entro Security and Wiz Announce Integration for Improved Non-Human Identity & Cloud Security
• 15:7 : Adobe Photoshop Vulnerability Let Attackers Execute Arbitrary Code
• 15:7 : Samsung MagicINFO 9 Server Vulnerability Let Attackers Write Arbitrary File
• 15:7 : Is AI Use in the Workplace Out of Control?
• 15:7 : Agentic AI and Ransomware: How Autonomous Agents Are Reshaping Cybersecurity Threats
• 14:35 : Intel: Ein weiterer Angriff umgeht alle bisherigen CPU-Schutzmaßnahmen
• 14:35 : Datenbank für Sicherheitslücken: EU startet Europäische Schwachstellendatenbank
• 14:33 : ‘Admin’ and ‘123456’ Still Among Most Used Passwords in FTP Attacks
• 14:33 : New HTTPBot Botnet Rapidly Expands to Target Windows Machines
• 14:33 : Researchers Unveil New Mechanism to Track Compartmentalized Cyber Threats
• 14:33 : LastPass can now monitor employees’ rogue reliance on shadow SaaS – including AI tools
• 14:33 : Windows 10 and Microsoft 365 support deadlines didn’t change – why this story just won’t die
• 14:33 : VPN Secure parent company CEO explains why he had to axe thousands of ‘lifetime’ deals
• 14:33 : Chipmaker Patch Tuesday: Intel, AMD, Arm Respond to New CPU Attacks
• 14:33 : CTM360 Identifies Surge in Phishing Attacks Targeting Meta Business Users
• 14:6 : Fortinet dichtet mehrere Lücken ab, Angriffe auf FortiVoice beobachtet
• 14:6 : Critical Microsoft Outlook Flaw Enables Remote Execution of Arbitrary Code
• 14:6 : Critical Vulnerability in Windows Remote Desktop Gateway Allows Denial-of-Service Attacks
• 14:6 : Katz Stealer Malware Hits 78+ Chromium and Gecko-Based Browsers
• 14:5 : How to Stay Compliant with the New HIPAA Security Rule Updates
• 14:5 : Windows Remote Desktop Gateway Vulnerability Let Attackers Trigger Dos Condition
• 14:5 : Researchers Detailed New Threat-Hunting Techniques to Detect Azure Managed Identity Abuse
• 14:5 : Foxit Smart Redact Server automates the redaction of sensitive data
• 14:5 : CISA Reverses Decision on Cybersecurity Advisory Changes
• 14:5 : IT Security News Hourly Summary 2025-05-14 15h : 10 posts
• 13:33 : Verbrechernetzwerk ausgehoben: Online-Investmentbetrüger festgenommen
• 13:32 : Threat Actors Exploit AI and LLM Tools for Offensive Cyber Operations
• 13:32 : Healthcare Cyberattacks in 2024 Expose 276 Million Patient Records Compromised
• 13:32 : Microsoft Defender Vulnerability Allows Unauthorized Privilege Gain
• 13:32 : Block Webcam Spying Fast and Forever for $10
• 13:32 : Obsidian’s browser extension manages shadow SaaS and AI tools
• 13:32 : McAfee’s Scam Detector identifies scams across text, email, and video
• 13:9 : Nachhaltiges Recycling von Rauchwarnmeldern
• 13:8 : Unlock New Growth Opportunities with Akamai Campaign Builder
• 13:8 : Nation-State Actors Target Healthcare Institutions to Sabotage IT and OT Systems
• 13:8 : Become a Cyber Security Industry Expert with Check Point’s New Course Catalog
• 13:8 : Patronus AI debuts Percival to help enterprises monitor failing AI agents at scale
• 13:8 : DLP in the GenAI Era: Shadow data and DLP product churn
• 13:8 : Unit 42 Develops Agentic AI Attack Framework
• 13:8 : Outlook RCE Vulnerability Allows Attackers to Execute Arbitrary Code
• 13:8 : Earth Ammit Hackers Attacking Using New Tools to Attack Drones Used in Military Sectors
• 12:33 : Verdächtige verhaftet: Fake-Investitionsplattform beschert Betrügerbande Millionen
• 12:33 : Patch Tuesday, May 2025 Edition
• 12:32 : Go ahead and ignore Patch Tuesday – it might improve your security
• 12:32 : Kosovar Administrator of Cybercrime Marketplace Extradited to US
• 12:32 : Strengthening Cloud Security: API Posture Governance, Threat Detection, and Attack Chain Visibility with Salt Security and Wiz
• 12:32 : Data Breach Exposes Personal Information of Hundreds of Thousands
• 12:5 : Apple to Pay $95 Million in Siri Snooping Lawsuit – Here’s How to Apply
• 12:5 : Chinese Hackers Exploit SAP NetWeaver 0-Day Vulnerability To Attack Critical Infrastructures
• 12:5 : Smart Electric Vehicles Face Hidden Cyber Vulnerabilities Exposing Drivers to Risks
• 12:5 : EU Cybersecurity Agency ENISA Launches European Vulnerability Database
• 12:5 : New Fortinet and Ivanti Zero Days Exploited in the Wild
• 11:32 : Google’s Advanced Protection Now on Android
• 11:32 : ENISA Launches European Vulnerability Database to Bolster EU Cyber Resilience
• 11:32 : A week in security (May 4 – May 10)
• 11:32 : Horabot Malware Targets 6 Latin American Nations Using Invoice-Themed Phishing Emails
• 11:32 : Learning How to Hack: Why Offensive Security Training Benefits Your Entire Security Team
• 11:32 : Earth Ammit Breached Drone Supply Chains via ERP in VENOM, TIDRONE Campaigns
• 11:6 : Adobe Creative Cloud Applikationen: Mehrere Schwachstellen
• 11:6 : ChatGPT im Generationscheck: Wie das Alter das Nutzungsverhalten beeinflusst
• 11:5 : KI-Agenten ohne Coding erstellen: Wir haben Langflow ausprobiert
• 11:5 : Die Zukunft von Apple Intelligence? Diese neuen KI-Modelle könnten iPhones und Vision Pro nützlicher machen
• 11:5 : Neuer Look für Android 16 und Wear OS 6: Was sich durch Material 3 Expressive für dich verändert
• 11:5 : Umfrage: Viele fallen auf Fake-Shops im Internet herein
• 11:5 : [NEU] [hoch] Adobe Connect: Mehrere Schwachstellen ermöglichen Cross-Site Scripting und Rechteerweiterung
• 11:5 : [NEU] [mittel] Adobe Dreamweaver: Schwachstelle ermöglicht Codeausführung
• 11:5 : [UPDATE] [mittel] NGINX und NGINX Plus: Mehrere Schwachstellen ermöglichen Denial of Service
• 11:5 : [NEU] [mittel] Adobe Creative Cloud Applikationen: Mehrere Schwachstellen
• 11:5 : [NEU] [mittel] Red Hat Enterprise Linux (exiv2): Schwachstelle ermöglicht Codeausführung
• 11:5 : IT Security News Hourly Summary 2025-05-14 12h : 22 posts
• 11:4 : Tesla Sees ‘Slow Demand’ For New Model Y
• 11:4 : Intel Chief ‘Focusing On Existing Strategy’
• 11:4 : General Motors Touts ‘Groundbreaking’ Lower-Cost EV Batteries
• 11:3 : Samsung Unveils Thin, Lightweight Flagship Smartphone
• 11:3 : White House Cuts Tariffs For Small E-Commerce Parcels
• 11:3 : The Forgotten Threat: How Supply Chain Attacks Are Targeting Small Businesses
• 11:3 : Microsoft Patch Tuesday security updates for May 2025 fixed 5 actively exploited zero-days
• 11:3 : Vulnerabilities Patched by Juniper, VMware and Zoom
• 11:3 : New ‘Chihuahua’ Infostealer Targets Browser Data and Crypto Wallet Extensions
• 10:36 : Insyde UEFI Firmware: Mehrere Schwachstellen ermöglichen Denial of Service
• 10:36 : Microsoft Patchday Mai 2025
• 10:36 : Adobe Photoshop: Mehrere Schwachstellen ermöglichen Codeausführung
• 10:36 : Zoom: Videokonferenzsoftware mit teils hochriskanten Lücken
• 10:36 : [NEU] [mittel] screen: Mehrere Schwachstellen
• 10:35 : [NEU] [hoch] Xerox FreeFlow Print Server: Mehrere Schwachstellen
• 10:35 : [NEU] [mittel] Red Hat Enterprise Linux (Aardvark-dns): Schwachstelle ermöglicht Denial of Service
• 10:35 : [NEU] [mittel] Ivanti Neurons for MDM: Schwachstelle ermöglicht Manipulation von Dateien
• 10:35 : [NEU] [mittel] Insyde UEFI Firmware: Mehrere Schwachstellen ermöglichen Denial of Service
• 10:34 : Another day, another phishing campaign abusing google.com open redirects, (Wed, May 14th)
• 10:34 : DarkCloud Stealer: Comprehensive Analysis of a New Attack Chain That Employs AutoIt
• 10:34 : Microsoft Alerts on AD CS Flaw Enabling Remote Denial-of-Service Attacks
• 10:33 : Weaponized PyPI Package Targets Developers to Steal Source Code
• 10:33 : Bitwarden vs Dashlane: Comparing Password Managers
• 10:33 : North Korean IT Workers Are Being Exposed on a Massive Scale
• 10:33 : When Visibility Meets Action in NHS Cybersecurity
• 10:5 : Intel Graphics Driver: Mehrere Schwachstellen
• 10:5 : Intel Prozessoren: Mehrere Schwachstellen
• 10:5 : Ivanti: Lücken in EPMM attackiert, kritisches Leck in Neurons entdeckt
• 10:5 : Cloudnutzer besonders gefährdet: Lücke in Intel-CPUs ermöglicht Datenklau
• 10:5 : [NEU] [kritisch] Fortinet FortiVoice, FortiMail und FortiRecorder: Schwachstelle ermöglicht Codeausführung
• 10:5 : [NEU] [mittel] Intel Ethernet Controller (Network Adapter und Connections Boot): Mehrere Schwachstellen ermöglichen Privilegieneskalation
• 10:5 : [NEU] [mittel] Intel Graphics Driver: Mehrere Schwachstellen
• 10:5 : [NEU] [mittel] Intel Prozessoren: Mehrere Schwachstellen
• 10:5 : [NEU] [mittel] Intel Server Board D50DNP und M50FCP: Mehrere Schwachstellen
• 10:4 : 82,000+ WordPress Sites Exposed to Remote Code Execution Attacks
• 10:4 : Hacking Abusing GovDelivery For TxTag ‘Toll Charges’ Phishing Attack
• 10:4 : Microsoft Warns of AD CS Vulnerability Let Attackers Deny Service Over a Network
• 10:3 : Google Threat Intelligence Launches Actionable Technique To Hunt for Malicious .Desktop Files
• 10:3 : Microsoft Defender Vulnerability Allows Attackers to Elevate Privileges
• 10:3 : Fortinet Patches Zero-Day Exploited Against FortiVoice Appliances
• 10:3 : INE Security Alert: Continuous CVE Practice Closes Critical Gap Between Vulnerability Alerts and Effective Defense
• 10:3 : European Police Bust €3m Investment Fraud Ring
• 9:32 : Job Seekers Targeted as Scammers Pose as Government Agencies on WhatsApp
• 9:32 : Windows CLFS Zero-Day Vulnerability Actively Exploited in the Wild
• 9:32 : Researchers Unveil New Threat-Hunting Techniques to Detect Azure Managed Identity Abuse
• 9:32 : Chinese Hackers Exploit SAP NetWeaver Zero-Day Vulnerability to Target Critical Infrastructure
• 9:32 : Everyone’s deploying AI, but no one’s securing it – what could go wrong?
• 9:32 : Nobara Linux 42 brings performance boost and better hardware support
• 9:11 : [NEU] [hoch] Microsoft Office: Mehrere Schwachstellen
• 9:11 : [UPDATE] [mittel] Red Hat Enterprise Linux (yelp): Schwachstelle ermöglicht Offenlegung von Informationen
• 9:9 : Critical Samsung MagicINFO 9 Server Flaw Allows Arbitrary File Writes
• 9:8 : Rebooting your phone daily is your best defense against zero-click attacks – here’s why
• 9:8 : Fortinet fixed actively exploited FortiVoice zero-day
• 9:8 : The Trojan Sysadmin: How I Got an AI to Build a Wolf in Sheep’s Clothing
• 9:8 : Advancing Security Training With Human Risk Management
• 9:8 : Microsoft Fixes 78 Flaws, 5 Zero-Days Exploited; CVSS 10 Bug Impacts Azure DevOps Server
• 8:36 : Betrugsmails von staatlichen Adressen: US-Portal für Scam missbraucht
• 8:35 : VMware Aria Automation: Sicherheitslücke ermöglicht Sitzungsübernahme
• 8:35 : Baden-Württemberg: Persönliche Daten von Grundstückseigentümern geleakt
• 8:35 : [NEU] [hoch] Microsoft Developer Tools: Mehrere Schwachstellen
• 8:35 : [NEU] [hoch] Microsoft Dataverse: Mehrere Schwachstellen
• 8:33 : Windows Ancillary for WinSock 0-Day Vulnerability Actively Exploited to Gain Admin Access
• 8:33 : NSFOCUS WAF Selected in the 2025 Gartner® Market Guide for Cloud Web Application and API Protection
• 8:33 : SecuX releases Bitcoin self-managed solution for SMBs
• 8:33 : Resilience helps businesses understand their cyber risk in financial terms
• 8:33 : Microsoft Fixes Seven Zero-Days in May Patch Tuesday
• 8:8 : Patchday Adobe: Schadcode-Attacken auf InDesign und Photoshop möglich
• 8:7 : [NEU] [hoch] Microsoft Azure: Mehrere Schwachstellen
• 8:5 : Earth Ammit Hackers Deploy New Tools to Target Military Drones
• 8:5 : Ivanti Patches Two EPMM Zero-Days Exploited to Hack Customers
• 8:5 : IT Security News Hourly Summary 2025-05-14 09h : 6 posts
• 7:35 : Chubb Deutschland: Patrick Schwarz wird zweiter Geschäftsführer
• 7:35 : Patchday: Angreifer attackieren Windows über fünf Sicherheitslücken
• 7:35 : Jetzt patchen: Gefährliche Windows-Lücken werden aktiv ausgenutzt
• 7:35 : Murena Pixel Tablet im Test: Das Privacy-Tablet mit Google-Sperre
• 7:35 : [NEU] [mittel] Microsoft PC Manager App: Schwachstelle ermöglicht Privilegieneskalation
• 7:33 : New Windows RDP Vulnerability Enables Network-Based Attacks
• 7:33 : Critical Microsoft Office Vulnerabilities Enable Malicious Code Execution