1Kosmos announced 1Kosmos 1Key for shared account login environments. With FIDO-compliant biometric authentication, 1Kosmos 1Key addresses the pressing need for security, accountability, and auditability in settings where multiple users access shared accounts, such as operational technology (OT) systems, hospitality services,…
APTs have been using zero-day Windows shortcut exploit for eight years (ZDI-CAN-25373)
State-sponsored threat actors and cybercrime groups from North Korea, Iran, Russia, and China have been exploiting a zero-day Windows vulnerability with no fix in sight for the last eight years, researchers with Trend Micro’s Zero Day Initiative have warned on…
Vanta unveils features and capabilities to strengthen security collaboration
Vanta announced a series of new features and capabilities to help security and GRC teams seamlessly collaborate across their organization and extended network. These releases—including team-based collaboration and granular user access, an integrated Vanta Exchange for vendor security reviews, enhanced…
Report: The State of Secrets Sprawl 2025
GitGuardian’s State of Secrets Sprawl 2025 report shows no progress in combating secrets sprawl, with 23.8 million secrets leaked on public GitHub repositories in 2024—a 25% year-over-year increase. Despite GitHub Push Protection’s efforts, secrets sprawl is accelerating, especially with generic…
752,000 Browser Phishing Attacks Mark 140% Increase YoY
A surge in browser-based phishing attacks has been recorded over the past year, with a 140% increase compared to 2023 according to Menlo Security This article has been indexed from www.infosecurity-magazine.com Read the original article: 752,000 Browser Phishing Attacks Mark…
IT Security News Hourly Summary 2025-03-19 15h : 18 posts
18 posts were published in the last hour 13:35 : Firmware angreifbar: Kritische BMC-Lücke lässt Hacker fremde Serversysteme kapern 13:34 : mySCADA myPRO RCE Vulnerabilities Expose ICS Devices to Remote Control 13:34 : Elastic expands partnership with Tines to scale…
Firmware angreifbar: Kritische BMC-Lücke lässt Hacker fremde Serversysteme kapern
Eine kritische Schwachstelle in der BMC-Firmware gefährdet zahlreiche Server. Hacker können Malware einschleusen und sogar Hardware beschädigen. (Sicherheitslücke, Lenovo) Dieser Artikel wurde indexiert von Golem.de – Security Lesen Sie den originalen Artikel: Firmware angreifbar: Kritische BMC-Lücke lässt Hacker fremde Serversysteme…
mySCADA myPRO RCE Vulnerabilities Expose ICS Devices to Remote Control
Supervisory Control and Data Acquisition (SCADA) systems play a pivotal role in managing critical infrastructure across sectors like energy, manufacturing, and more. However, this digital transformation also brings with it a heightened vulnerability to cyber threats. Recent research by our…
Elastic expands partnership with Tines to scale security operations
Elastic announced an expanded partnership with an integrated offering that includes Tines Workflow Automation and the Elastic Search AI Platform to simplify security and observability workflow automation. The partnership equips security teams with security orchestration, automation and response (SOAR) and…
AI In Software Development: Balancing Innovation and Security in An Era of Lowered Barriers
AI is reshaping software development. The advent of sophisticated AI models such as DeepSeek and Ghost GPT has democratized access to powerful AI-assisted coding tools, pushing the boundaries of innovation… The post AI In Software Development: Balancing Innovation and Security…
Attackers Hide Malicious Word Files Inside PDFs to Evade Detection
A newly identified cybersecurity threat involves attackers embedding malicious Word files within PDFs to deceive detection systems. This technique, confirmed by JPCERT/CC, exploits the fact that files created using MalDoc in PDF can be opened in Microsoft Word, even though…
Sante PACS Server Flaws Allow Remote Attackers to Download Arbitrary Files
Recently, several critical vulnerabilities were discovered in Sante PACS Server version 4.1.0, leaving it susceptible to severe security breaches. These vulnerabilities, identified by CVE-2025-2263, CVE-2025-2264, CVE-2025-2265, and CVE-2025-2284, expose the server to potential attacks that can lead to unauthorized access, data breaches, and denial-of-service…
Is Firebase Phishing a Threat to Your Organization?
Check Point researchers have uncovered a sophisticated credential harvesting attack that leverages Firebase, a popular web application hosting service. This attack involves the creation of highly convincing and professionally designed phishing web pages that impersonate well-known services. The attackers also…