IT Security News Daily Summary 2025-05-02

203 posts were published in the last hour

• 21:32 : Tsunami Malware Surge: Blending Miners and Credential Stealers in Active Attacks
• 21:32 : NVIDIA Riva AI Speech Flaw Let Hackers Gain Unauthorized Access to Abuse GPU Resources & API keys
• 21:3 : The Double-Edged Sword of AI in Cybersecurity: Threats, Defenses & the Dark Web Insights Report 2025
• 21:3 : Microsoft Switches to Passkeys By Default, Pledges to Eliminate Passwords
• 21:3 : Ireland’s DPC fined TikTok €530M for sending EU user data to China
• 21:3 : How to Configure Email Security With DMARC, SPF, And DKIM
• 21:3 : Week in Review: Cybersecurity CEO busted, Cloudflare’s DDoS increase, FBI’s help request
• 20:32 : Hackers Exploit Critical NodeJS Vulnerabilities to Hijack Jenkins Agents for RCE
• 20:32 : Hackers Exploit New Eye Pyramid Offensive Tool With Python to Launch Cyber Attacks
• 20:5 : IT Security News Hourly Summary 2025-05-02 21h : 3 posts
• 20:2 : New MCP-Based Attack Techniques and Their Application in Building Advanced Security Tools
• 20:2 : Mike Waltz Has Somehow Gotten Even Worse at Using Signal
• 19:32 : Why CISOs Are Adopting DevSecOps for Secure Software Development
• 19:32 : Nebulous Mantis hackers have Deployed the RomCom RAT globally, Targeting organizations.
• 19:32 : Cyberattack Targets Iconic UK Retailer Harrods
• 19:32 : BSidesLV24 – Proving Ground – You Can Be Neurodivergent And Succeed In InfoSec
• 19:3 : DragonForce Ransomware Cartel attacks on UK high street retailers: walking in the front door
• 18:32 : CISA Adds Two Known Exploited Vulnerabilities to Catalog
• 18:31 : Privacy for Agentic AI
• 18:2 : Police Seize Dark Web Shop Pygmalion, Access User Data from 7K Orders
• 18:2 : Dating app Raw exposed users’ location data and personal information
• 17:32 : New Report Reveals Hackers Now Aim for Money, Not Chaos
• 17:32 : Think That Job Offer on LinkedIn Is Real? Not Without This Badge
• 17:5 : IT Security News Hourly Summary 2025-05-02 18h : 7 posts
• 17:2 : The CISO’s Guide to Securing AI and Machine Learning Systems
• 17:2 : AI‑Powered Security Transformation with Tactical Approach to Integration
• 17:2 : Threat Actors Attacking Critical National Infrastructure With New Malware and Infrastructure
• 17:2 : Threat Actors Bypass MFA Using AiTM Attack via Reverse Proxies
• 17:2 : New MintsLoader Drops GhostWeaver via Phishing & ClickFix Attack
• 16:33 : Claude bekommt Integrationen: Was die KI jetzt in Paypal, Jira und Confluence erledigen kann
• 16:33 : 95 Prozent bis 2030? Microsoft lässt bereits 30 Prozent seines Codes von KI schreiben
• 16:33 : Signal: Nutzt die US-Regierung einen unsicheren Klon der Messenger-App?
• 16:33 : Apple warnt Nutzer vor Spionage-Angriffen: Was Betroffene jetzt machen sollten
• 16:33 : Android 16: Diese Design-Änderungen verstecken sich schon jetzt in der Beta
• 16:33 : Anzeige: So geht die sichere Nutzung von KI in der IT-Sicherheit
• 16:32 : Microsoft To Host Elon Musk’s Grok AI Chatbot – Report
• 16:32 : UK Luxury Retailer Harrods Hit by Cyber Attack After M&S, Co-op
• 16:32 : On world password day, Microsoft says fewer passwords, more passkeys
• 16:32 : Disney Slack attack wasn’t Russian protesters, just a Cali dude with malware
• 16:2 : Irish Regulator Fines TikTok €530m For GDPR Violation
• 16:2 : Enhancing EHR Security: Best Practices for Protecting Patient Data
• 16:2 : Hacker Calls Pahalgam Incident “Inside Job” on Rajasthan Education Department Website
• 15:32 : 4chan Is Back Online After Cyberattack, But With Issues
• 15:32 : RSAC Conference 2025
• 15:32 : Generative AI makes fraud fluent – from phishing lures to fake lovers
• 15:32 : The Cloud Illusion: Why Your Database Security Might Be at Risk
• 15:3 : TikTok faces fine of €530 million for sending user data to China
• 15:3 : Optimize Deployment Pipelines for Speed, Security and Seamless Automation
• 15:3 : Treasury Moves to Ban Huione Group for Laundering $4 Billion
• 15:2 : Rhysida Ransomware Group Leaks 1.3M Files Stolen from Oregon DEQ After Failed Extortion Attempt
• 14:33 : Betrüger senden E-Mails im Namen der Steuerverwaltung
• 14:32 : New Subscription-Based Scams Attacking Users to Steal Credit Card Data
• 14:32 : New StealC V2 Expands to Include Microsoft Software Installer Packages and PowerShell Scripts
• 14:32 : New Report Warns of Ransomware Actors Building Organizational Structure For Complex Attacks
• 14:5 : IT Security News Hourly Summary 2025-05-02 15h : 11 posts
• 14:2 : Bolster Your Regulatory Compliance with Layered Security Measures
• 14:2 : Keeper Security renews Atlassian Williams Racing F1 partnership
• 14:2 : CISA Confirms Exploitation of SonicWall Vulnerabilities
• 13:33 : Kritische Infrastrukturen: Sec Con Group tritt dem BSKI bei
• 13:33 : Windows: Anmeldung mit alten Passwörtern durch RDP möglich
• 13:32 : Three Brits charged over ‘active shooter threats’ swattings in US, Canada
• 13:32 : Large-Scale Data Breach at Frederick Health Exposes Patient Records
• 13:32 : Attackers exploited old flaws to breach SonicWall SMA appliances (CVE-2024-38475, CVE-2023-44221)
• 13:4 : Windows-Log-in über RDP mit widerrufenen Passwörten möglich
• 13:3 : Microsoft sets all new accounts passwordless by default
• 13:3 : New Stealthy NodeJS Backdoor Infects Users via CAPTCHA Verifications
• 13:3 : Microsoft Exchange Online Flagging Gmail Emails as Spam – Fixes Issued
• 13:3 : Hackers Weaponizing Go Modules to Deliver Disk-Wiping Malware Leads to Data Loss
• 13:3 : ANY.RUN Unveils Q1 2025 Malware Trends Report, Highlighting Evolving Cyber Threats
• 13:3 : Raytheon, Nightwing to Pay $8.4 Million in Settlement Over Cybersecurity Failures
• 13:3 : TikTok Slammed With €530 Million GDPR Fine for Sending E.U. Data to China
• 13:3 : White House Warns China of Cyber Retaliation Over Infrastructure Hacks
• 12:32 : Apple Warns Trump’s Tariffs Will Raise Costs By $900m
• 12:32 : In Other News: NullPoint Source Code Leak, $17,500 for iPhone Flaw, BreachForums Down
• 12:3 : Sicherheitslücken bei Rehaklinik: Daten von 17.000 Patienten einsehbar
• 12:3 : IBM Cognos Analytics: Angreifer können Schadcode hochladen
• 12:2 : macOS Sandbox Escape Vulnerability Allows Keychain Deletion and Replacement
• 12:2 : Unmasking AI in Cybersecurity – From Dark-Web Tactics to Next-Gen Defenses
• 12:2 : State-Sponsored Hacktivism Attacks on The Rise, Rewrites Cyber Threat Landscape
• 11:33 : #54 – Wie sicher sind Stromnetze in Deutschland?
• 11:33 : Microsoft Edge: Schwachstelle ermöglicht Darstellen falscher Informationen
• 11:33 : Datenschutz: Tiktok soll in der EU 530 Millionen Euro Strafe zahlen
• 11:33 : Spionageangriffe erkannt: Apple warnt iPhone-Nutzer in 100 Ländern vor Spyware
• 11:33 : [UPDATE] [hoch] Linux Kernel: Mehrere Schwachstellen
• 11:32 : NCSC Guidance on “Advanced Cryptography”
• 11:32 : New Microsoft accounts will be “passwordless by default”
• 11:5 : Domain-Hijacking: Angriff auf verwaiste Assets
• 11:5 : Google Chrome und Microsoft Edge: Mehrere Schwachstellen
• 11:5 : [UPDATE] [hoch] Google Chrome und Microsoft Edge: Mehrere Schwachstellen
• 11:5 : IT Security News Hourly Summary 2025-05-02 12h : 16 posts
• 11:3 : MIWIC25: Marine Ruhamanya, Cybersecurity Senior Manager
• 11:3 : 15 Billion User Gain Passwordless Access to Microsoft Account Using Passkeys
• 11:3 : 15 PostgreSQL Monitoring Tools – 2025
• 11:3 : UK Retailers Co-op, Harrods and M&S Struggle With Cyberattacks
• 11:3 : Use AI-Driven Reconnaissance to Identify Cyber Threats
• 11:3 : How to Automate CVE and Vulnerability Advisory Response with Tines
• 10:34 : Gefährlicher Trend: So viele Nutzer vertrauen KI-Ergebnissen blind
• 10:34 : So will Microsoft das Passwort jetzt endgültig abschaffen
• 10:34 : „Hörst du mich?”: Was uns von Skype in Erinnerung bleibt
• 10:34 : Weder Utopie, noch Dystopie: Zwei Princeton-Forscher fordern neue Sichtweise auf KI
• 10:33 : Softwareupdates manipuliert: Hacker missbrauchen IPv6-Feature für Cyberattacken
• 10:32 : 200+ Fake Retail Sites Used in New Wave of Subscription Scams
• 10:32 : CISA Releases ICS Advisories Targeting Vulnerabilities & Exploits
• 10:32 : Hackers Abuse IPv6 Stateless Address For AiTM Attack Via Spellbinder Tool
• 10:32 : 7 Malicious PyPI Packages Abuse Gmail’s SMTP Protocol to Execute Malicious Commands
• 10:32 : Windows RDP Bug Allows Login With Expired Passwords – Microsoft Confirms No Fix
• 10:32 : Hackers Using New Eye Pyramid Tool to Leverage Python & Deploy Malware
• 10:32 : British govt agents step in as Harrods becomes third mega retailer under cyberattack
• 10:32 : Nova Scotia Power Says Hackers Stole Customer Information
• 10:5 : [NEU] [mittel] Elasticsearch: Schwachstelle ermöglicht Denial of Service
• 10:5 : [NEU] [hoch] IBM Cognos Analytics: Mehrere Schwachstellen
• 10:3 : Luxury department store Harrods suffered a cyberattack
• 10:3 : RSA Conference 2025 Announcement Summary (Day 3)
• 10:3 : MintsLoader Drops GhostWeaver via Phishing, ClickFix — Uses DGA, TLS for Stealth Attacks
• 10:3 : Third of Online Users Hit by Account Hacks Due to Weak Passwords
• 9:33 : Symantec Endpoint Protection (ERASER Engine): Schwachstelle ermöglicht Privilegieneskalation
• 9:33 : Datenleck bei Rehaklinik: Daten von 17.000 Patienten einsehbar
• 9:33 : Kein Fix geplant: Windows akzeptiert bei RDP-Verbindungen alte Passwörter
• 9:33 : [NEU] [mittel] LogStash: Schwachstelle ermöglicht Codeausführung
• 9:33 : [NEU] [mittel] Symantec Endpoint Protection (ERASER Engine): Schwachstelle ermöglicht Privilegieneskalation
• 9:33 : [NEU] [hoch] Microsoft Azure: Mehrere Schwachstellen
• 9:33 : [NEU] [hoch] Linux Kernel: Mehrere Schwachstellen
• 9:33 : [UPDATE] [hoch] Google Chrome: Mehrere Schwachstellen
• 9:32 : Dutch Services Disrupted by DDoS Attacks From Russian-Affiliated Hacktivists
• 9:32 : Is your Roku TV spying on you? Likely, but here’s how you can take back control
• 9:32 : Microsoft Accounts Go Passwordless by Default
• 9:32 : Harrods Latest UK Retailer to Fall Victim to Cyber-Attack in Recent Days
• 9:4 : Mozilla Firefox Focus für iOS: Schwachstelle ermöglicht Darstellen falscher Informationen
• 9:4 : [NEU] [mittel] IBM DB2: Schwachstelle ermöglicht Denial of Service
• 9:3 : [NEU] [mittel] Mozilla Firefox Focus für iOS: Schwachstelle ermöglicht Darstellen falscher Informationen
• 9:3 : [NEU] [mittel] Ruby: Schwachstelle ermöglicht Denial of Service
• 9:3 : [NEU] [mittel] Debian Linux (libuv und Node.js): Schwachstelle ermöglicht nicht spezifizierten Angriff
• 9:3 : [NEU] [hoch] Microsoft Dynamics 365: Schwachstelle ermöglicht Offenlegung von Informationen
• 9:2 : Seven Malicious Packages Exploit Gmail SMTP to Run Harmful Commands
• 9:2 : U.S. CISA adds SonicWall SMA100 and Apache HTTP Server flaws to its Known Exploited Vulnerabilities catalog
• 8:39 : Jetzt patchen! Erneut sind ältere Sonicwall-Lücken im Fokus von Angreifern
• 8:39 : [UPDATE] [mittel] IBM WebSphere Application Server: Mehrere Schwachstellen
• 8:38 : [UPDATE] [mittel] Nagios Enterprises Nagios XI: Mehrere Schwachstellen
• 8:38 : [UPDATE] [mittel] Mozilla Firefox/Thunderbird: Mehrere Schwachstellen
• 8:38 : [UPDATE] [mittel] libxml2: Mehrere Schwachstellen ermöglichen Denial of Service
• 8:37 : The Top 7 Enterprise VPN Solutions
• 8:37 : New Attack Techniques Using MCP & How It Will be Used to Build Security Tools
• 8:37 : NVIDIA TensorRT-LLM High-Severity Vulnerability Let Attackers Remote Code
• 8:37 : Ukrainian Nefilim Ransomware Affiliate Extradited to US
• 8:6 : Passkeys: Microsoft drückt Neukunden Anmeldung ohne Passwort auf
• 8:6 : Jetzt patchen! Ältere Sicherheitslücken geraten in den Fokus von Angreifern
• 8:6 : Messaging: US-Regierung nutzt potenziell unsicheren Signal-Klon
• 8:5 : IT Security News Hourly Summary 2025-05-02 09h : 10 posts
• 8:3 : CISA Issues New ICS Advisories Addressing Critical Vulnerabilities and Exploits
• 8:3 : CISA Warns of SonicWall SMA100 OS Command Injection Vulnerability Exploited in Wild
• 8:3 : LummaStealer’s FakeCAPTCHA Steals Browser Credentials Via Weaponized Microsoft Word Files
• 8:3 : Nebulous Mantis Hackers Actively Deploying RomCom RAT to Attack Organizations Worldwide
• 8:3 : Opsera improves GitHub security management
• 8:3 : Microsoft Sets Passkeys Default for New Accounts; 15 Billion Users Gain Passwordless Support
• 8:3 : UK’s Co-op cyberattack, LabHost domains released, NSO WhatsApp damages
• 7:30 : Vorbereitung auf NIS2: In 4 Schritten zum Ziel
• 7:30 : Fehlercode 0x80240069: Updatepanne verhindert Upgrades auf Windows 11 24H2
• 7:3 : NVIDIA TensorRT-LLM Vulnerability Let Hackers Run Malicious Code
• 7:3 : Windows Security in 2025: Battling Sophisticated Threats with Advanced Defenses
• 7:3 : AiTM Phishing Kits Bypassing MFA By Intercepting Credentials & Tokens
• 7:3 : Harrods Store Hit by Cyber Attack Following Marks & Spencer and Co-op
• 7:3 : Trellix Unveils New Phishing Simulator to Proactively Identify & Mitigate Phishing Attacks
• 7:2 : CISA Warns of Apache HTTP Server Escape Vulnerability Exploited in the Wild
• 6:33 : India Takes Bold Steps to Protect Citizens from Cyber Fraud: The Introduction of New Domain Names for Banks
• 6:33 : AI and automation shift the cybersecurity balance toward attackers
• 6:33 : Anviz unveils biometric access control solution
• 6:33 : Cybersecurity News Roundup: Book Deals, Retail Attacks, Apple Spyware Alerts, and More
• 6:2 : CISA Issues Alert on Actively Exploited Apache HTTP Server Escape Vulnerability
• 6:2 : Phone theft is turning into a serious cybersecurity risk
• 5:32 : Disney Hacker Admits Guilt After Stealing 1.1TB of Internal Data
• 5:32 : People know password reuse is risky but keep doing it anyway
• 5:3 : Zero Trust Implementation – A CISO’s Essential Resource Guide
• 5:3 : The CISO’s Role in Securing IoT in a Connected World
• 5:3 : How CISOs Can Leverage Threat Intelligence to Stay Proactive
• 5:3 : Building a Resilient Cyber Defense – CISO Strategies Unveiled
• 5:2 : How CISOs Can Successfully Lead Security Transformation in Hybrid Work Environments
• 4:33 : Auslegungssache 133: Transatlantisches Daten-Sturmtief
• 4:32 : Infosec products of the month: April 2025
• 4:32 : Half of red flags in third-party deals never reach compliance teams
• 3:3 : TheWizards APT group uses SLAAC spoofing to perform adversary-in-the-middle attacks
• 3:3 : The CISO’s Playbook for Managing Third-Party Vendor Risks
• 3:3 : Packet Analysis Optimization Advanced Protocols For Cybersecurity Analysts
• 3:3 : Detecting And Investigating Webshells In Compromised CMS Environments
• 3:3 : Mastering GDPR, CCPA, and More – CISO Compliance Guide
• 3:3 : How CISOs Can Build Trust with Stakeholders in a Data-Driven Era
• 2:5 : IT Security News Hourly Summary 2025-05-02 03h : 2 posts
• 2:3 : ISC Stormcast For Friday, May 2nd, 2025 https://isc.sans.edu/podcastdetail/9434, (Fri, May 2nd)
• 2:3 : PsyOps of Phishing: A Wolf in Shepherd’s Clothing
• 1:32 : Tonic.ai product updates: May 2025
• 1:2 : Best travel VPNs 2025: The top travel VPNs for avoiding geo-blocks and censorship
• 1:2 : xAI Dev Leaks API Key for Private SpaceX, Tesla LLMs
• 0:2 : Pro-Russia hacktivist group NoName057(16) is targeting Dutch organizations
• 23:5 : IT Security News Hourly Summary 2025-05-02 00h : 5 posts
• 23:2 : Washington’s Right to Repair Bill Heads to the Governor
• 23:2 : Dems look to close the barn door after top DOGE dog has bolted
• 23:2 : Application-Layer Visibility and Security | Contrast ADR vs Traditional Tools | Contrast Security
• 22:55 : IT Security News Daily Summary 2025-05-01
• 22:33 : Kostet Millionen, lohnt sich aber trotzdem: Deshalb solltest du ChatGPT Trinkgeld geben
• 22:33 : Pandemie der Einsamkeit: Mark Zuckerberg will Freunde durch KI-Chatbots ersetzen
• 22:32 : AI Agents Are Here. So Are the Threats.
• 22:2 : npm Malware Targets Crypto Wallets, MongoDB; Code Points to Turkey
• 22:2 : Strengthening Cybersecurity Governance – CISO Best Practices
• 22:2 : BSidesLV24 – Ground Truth – AI In The Human Loop: GenAI In Security Service Delivery