A Latvian national extradited to the United States was sentenced to 8.5 years in prison for his „cold case“ negotiator role in the Russian Karakurt ransomware group. […]
A new version of the CloudZ remote access tool (RAT) is deploying a previously unseen malicious plugin called Pheno that hijacks the Microsoft Phone Link connection to steal sensitive codes from mobile devices. […]
Ab Juni 2026 laufen zentrale Secure-Boot-Zertifikate aus. Unternehmen müssen deshalb jetzt prüfen, ob neue Zertifikate nicht nur importiert, sondern auf Clients und Servern auch wirklich vollständig aktiviert wurden.
CVE-2026-4670 & CVE-2026-5174: MOVEit Automation Flaws Enable Auth Bypass and Privilege Escalation Progress Software has disclosed and patched two vulnerabilities in MOVEit Automation, its managed file transfer automation and workflow engine. CVE-2026-4670 is an authentication bypass, and CVE-2026-5174 is a privilege escalation issue tied to improper input validation. The issues relate to MOVEit Automation’s service […]
Microsoft Edge: Passwörter landen als Klartext im SpeicherAlert3heise Security Quelle: Heise Security Ticker
Vimeo-Datenleck: 119.000 E-Mail-Adressen betroffenheise Security Quelle: Heise Security Ticker
The security defects allow unauthenticated, remote attackers to execute arbitrary code through crafted requests. The post MetInfo, Weaver E-cology Vulnerabilities in Attackers’ Crosshairs appeared first on SecurityWeek.
The North Korean hacker group APT37 has been delivering an Android version of a backdoor called BirdCall in a supply-chain attack through a video game platform. […]
The vulnerabilities were reported to Meta through its bug bounty program and were patched with updates released earlier this year. The post WhatsApp Discloses File Spoofing, Arbitrary URL Scheme Vulnerabilities appeared first on SecurityWeek.