Oracle pushes emergency fix for critical Identity Manager RCE flaw
Oracle has released an out-of-band security update to fix a critical unauthenticated remote code execution vulnerability in Identity Manager and Web Services Manager tracked as CVE-2026-21992. [...]
Trivy Security Scanner GitHub Actions Breached, 75 Tags Hijacked to Steal CI/CD Secrets
Trivy, a popular open-source vulnerability scanner maintained by Aqua Security, was compromised a second time within the span of a month to deliver malware that stole sensitive CI/CD secrets. The latest incident impacted GitHub Actions "aquasecurity/trivy-action" and "aquasecurity/setup-trivy," which are used to scan Docker container images for vulnerabilities and set up GitHub Actions workflow
Police take down 373,000 fake CSAM sites in Operation Alice
An international law enforcement action called Operation Alice has shut down over 373,000 dark web sites that offered fake CSAM packages. [...]
Cyber OpSec Fail: Beast Gang Exposes Ransomware Server
Files on a central cloud server used by the ransomware group highlight a systematic, aggressive attack on network backups as a key TTP.
In Other News: New Android Safeguards, Operation Alice, UK Toughens Cyber Reporting
Other noteworthy stories that might have slipped under the radar: vulnerabilities found in KVM devices, Claudy Day Claude vulnerabilities, The Gentlemen ransomware group.
The post In Other News: New Android Safeguards, Operation Alice, UK Toughens Cyber Reporting appeared first on SecurityWeek.
Studie: Mehrheit der DACH-Unternehmen hält Cloud-Abschaltung für realistisch
83 Prozent der Unternehmen halten eine einseitige Abschaltung durch Cloud-Provider für realistisch. Fast die Hälfte hat keine Exit-Strategie.
Critical Langflow Flaw CVE-2026-33017 Triggers Attacks within 20 Hours of Disclosure
A critical security flaw impacting Langflow has come under active exploitation within 20 hours of public disclosure, highlighting the speed at which threat actors weaponize newly published vulnerabilities. The security defect, tracked as CVE-2026-33017 (CVSS score: 9.3), is a case of missing authentication combined with code injection that could result in remote code execution. "The POST /api/v1
CISA orders feds to patch max-severity Cisco flaw by Sunday
The Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal agencies to patch a maximum-severity vulnerability, CVE-2026-20131, in Cisco Secure Firewall Management Center (FMC) by Sunday, March 22. [...]
3 Men Charged With Conspiring to Smuggle US Artificial Intelligence to China
The men violated U.S. export controls laws by scheming to divert massive quantities of the high-performance servers assembled in the United States to China.
The post 3 Men Charged With Conspiring to Smuggle US Artificial Intelligence to China appeared first on SecurityWeek.
How CISOs Can Survive the Era of Geopolitical Cyberattacks
Geopolitical tensions are driving destructive cyberattacks designed to disrupt operations, not demand ransom. CISOs must limit lateral movement and contain breaches to reduce the impact of wiper campaigns. [...]
Eclypsium Raises $25 Million for Device Supply Chain Security
The company will use the investment to expand its platform’s capabilities and grow channel partnerships.
The post Eclypsium Raises $25 Million for Device Supply Chain Security appeared first on SecurityWeek.
Interlock Ransomware Targets Cisco Enterprise Firewalls
The ransomware gang, known for double-extortion attacks, had access to a critical Cisco firewall vulnerability weeks before it was publicly disclosed.
US Confirms Handala Link to Iran Government Amid Takedown of Hackers’ Sites
The US has seized several domains used by Handala in cyber-enabled psychological operations.
The post US Confirms Handala Link to Iran Government Amid Takedown of Hackers’ Sites appeared first on SecurityWeek.
Diverse Attacken auf Dell Secure Connect Gateway Policy Manager möglich
Mehrere Sicherheitslücken gefährden Systeme mit Dell Secure Connect Gateway Policy Manager. Eine reparierte Version steht zum Download bereit.
Cape Raises $100 Million for Protection Against Cellular Security Threats
Cape offers a privacy-focused mobile virtual network operator (MVNO) service for consumers, enterprises, and governments.
The post Cape Raises $100 Million for Protection Against Cellular Security Threats appeared first on SecurityWeek.
Navia Data Breach Impacts 2.7 Million
Between late December 2025 and mid-January 2026, hackers stole personal and health plan information from Navia’s environment.
The post Navia Data Breach Impacts 2.7 Million appeared first on SecurityWeek.
OpenWrt: Service-Releases schließen kritische Sicherheitslücken
Die Service-Releases 25.12.1 und 24.10.6 des Router-Betriebssystems OpenWrt dichten als kritisch eingestufte Sicherheitslücken ab.
Google Adds 24-Hour Wait for Unverified App Sideloading to Reduce Malware and Scams
Google on Thursday announced a new "advanced flow" for Android sideloading that requires a mandatory 24-hour wait period to install apps from unverified developers in an attempt to balance openness with safety. The new changes come against the backdrop of a developer verification mandate the tech giant announced last year that requires all Android apps to be registered by verified developers to
Thousands of Magento Sites Hit in Ongoing Defacement Campaign
The attacks started on February 27 and have targeted e-commerce platforms, global brands, and government services.
The post Thousands of Magento Sites Hit in Ongoing Defacement Campaign appeared first on SecurityWeek.
The Importance of Behavioral Analytics in AI-Enabled Cyber Attacks
Artificial Intelligence (AI) is changing how individuals and organizations conduct many activities, including how cybercriminals carry out phishing attacks and iterate on malware. Now, cybercriminals are using AI to generate personalized phishing emails, deepfakes and malware that evade traditional detection by impersonating normal user activity and bypassing legacy security models. As a result,
„Operation Alice“: Internationaler Schlag gegen Pädokriminelle
Internationale Strafverfolger haben mehr als 373.000 Darknet-Domains bei „Operation Alice“ gegen Pädokriminalität abgeschaltet.
Musician admits to $10M streaming royalty fraud using AI bots
North Carolina musician Michael Smith has pleaded guilty to collecting over $10 million in royalty payments through a massive streaming royalty fraud scheme on Spotify, Apple Music, Amazon Music, and YouTube Music. [...]
Magento PolyShell Flaw Enables Unauthenticated Uploads, RCE and Account Takeover
Sansec is warning of a critical security flaw in Magento's REST API that could allow unauthenticated attackers to upload arbitrary executables and achieve code execution and account takeover. The vulnerability has been codenamed PolyShell by Sansec owing to the fact that the attack hinges on disguising malicious code as an image. There is no evidence that the shortcoming has been exploited in
Allure Security Raises $17 Million for Online Brand Protection
The company will invest in expanding its digital brand protection platform and in scaling its go-to-market efforts.
The post Allure Security Raises $17 Million for Online Brand Protection appeared first on SecurityWeek.
Lücke in CampusNet: Adressen von über einer Million Studierenden standen im Netz
Über geschickte Suchfilter hätten Angreifer die Adressen aller Studierenden zusammenpuzzeln können. Hersteller und Hochschulen reagierten prompt.
Windows-Update-Probleme: Login in private Microsoft-Konten schlägt fehl
Microsoft führt eine seit kurzem bekannte Störung von Apps und Diensten mit Privatkonten auf die Windows-Updates vom März-Patchday zurück.
IBM QRadar SIEM: SSH-Sessions kompromittierbar
Es sind wichtige Sicherheitsupdates für IBM App Connect Enterprise und QRadar SIEM erschienen.
Critical Langflow Vulnerability Exploited Hours After Public Disclosure
Because attacker-supplied flow data is used in public flows, the bug leads to unauthenticated remote code execution.
The post Critical Langflow Vulnerability Exploited Hours After Public Disclosure appeared first on SecurityWeek.
Oracle Identity Manager: Update außer der Reihe gegen Codeschmuggel-Lücke
Oracle hat ein Notfall-Update für Identity Manager und Web Services Manager zum Schließen einer Codeschmuggel-Lücke herausgegeben.
International joint action disrupts world’s largest DDoS botnets
Authorities from the United States, Germany, and Canada have taken down Command and Control (C2) infrastructure used by the Aisuru, KimWolf, JackSkid, and Mossad botnets to infect Internet of Things (IoT) devices. [...]
Microsoft: March Windows updates break Teams, OneDrive sign-ins
Microsoft says the March Windows 11 update breaks sign-ins with Microsoft accounts across multiple Microsoft apps, including Teams and OneDrive. [...]
Aisuru and Kimwolf DDoS Botnets Disrupted in International Operation
The lesser-known JackSkid and Mossad botnets have also been targeted in the operation.
The post Aisuru and Kimwolf DDoS Botnets Disrupted in International Operation appeared first on SecurityWeek.
Chrome: Google schließt 26 Sicherheitslücken im Webbrowser
Das in der Nacht zum Donnerstag veröffentlichte Chrome-Update schließt 26 Sicherheitslücken, darunter drei kritische.
Ex-data analyst stole company data in $2.5M extortion scheme
A North Carolina man was found guilty of extorting a D.C.-based technology company while still being employed as a data analyst contractor. [...]
DoJ Disrupts 3 Million-Device IoT Botnets Behind Record 31.4 Tbps Global DDoS Attacks
The U.S. Department of Justice (DoJ) on Thursday announced the disruption of command-and-control (C2) infrastructure used by several Internet of Things (IoT) botnets like AISURU, Kimwolf, JackSkid, and Mossad as part of a court-authorized law enforcement operation. The effort also saw authorities from Canada and Germany targeting the operators behind these botnets, with a number of private
Aisuru, KimWolf & Co.: Behörden „stören“ vier gefährliche Botnets
Über drei Millionen infizierte IT-Geräte wurden zuletzt für besonders mächtige DDoS-Attacken benutzt. Nun gab es angeblich eine Aktion gegen die Infrastruktur.
Visa Agentic Ready: KI-Agenten übernehmen Zahlungen im Test mit Banken
Visa startet mit Banken einen Test: KI-Agenten kaufen im Auftrag der Nutzer ein. Was das für den Alltag beim Bezahlen bedeuten kann.
Apple Warns Older iPhones Vulnerable to Coruna, DarkSword Exploit Kit Attacks
Apple is urging users who are still running an outdated version of iOS to update their iPhones to secure against web-based attacks carried out via powerful exploit kits like Coruna and DarkSword. These attacks employ malicious web content to target out-of-date versions of iOS, triggering an infection chain that leads to the theft of sensitive data. "For example, if you're using an older
Auslegungssache 155: Der Spion auf der Nase
Im c't-Datenschutz-Podcast geht es diesmal um die Frage, wann aus einem praktischen Assistenten wie Metas Ray-Ban-Brille eine mobile Überwachungskamera wird.
Feds Disrupt IoT Botnets Behind Huge DDoS Attacks
The U.S. Justice Department joined authorities in Canada and Germany in dismantling the online infrastructure behind four highly disruptive botnets that compromised more than three million Internet of Things (IoT) devices, such as routers and web cameras. The feds say the four botnets — named Aisuru, Kimwolf, JackSkid and Mossad — are responsible for a series of recent record-smashing distributed denial-of-service (DDoS) attacks capable of knocking nearly any target offline.
Image: Shutterstock, @Elzicon.
The Justice Department said the Department of Defense Office of Inspector General’s (DoDIG) Defense Criminal Investigative Service (DCIS) executed seizure warrants targeting multiple U.S.-registered domains, virtual servers, and other infrastructure involved in DDoS attacks against Internet addresses owned by the DoD.
The government alleges the unnamed people in control of the four botnets used their crime machines to launch hundreds of thousands of DDoS attacks, often demanding extortion payments from victims. Some victims reported tens of thousands of dollars in losses and remediation expenses.
The oldest of the botnets — Aisuru — issued more than 200,000 attacks commands, while JackSkid hurled at least 90,000 attacks. Kimwolf issued more than 25,000 attack commands, the government said, while Mossad was blamed for roughy 1,000 digital sieges.
The DOJ said the law enforcement action was designed to prevent further infection to victim devices and to limit or eliminate the ability of the botnets to launch future attacks. The case is being investigated by the DCIS with help from the FBI’s field office in Anchorage, Alaska, and the DOJ’s statement credits nearly two dozen technology companies with assisting in the operation.
“By working closely with DCIS and our international law enforcement partners, we collectively identified and disrupted criminal infrastructure used to carry out large-scale DDoS attacks,” said Special Agent in Charge Rebecca Day of the FBI Anchorage Field Office.
Aisuru emerged in late 2024, and by mid-2025 it was launching record-breaking DDoS attacks as it rapidly infected new IoT devices. In October 2025, Aisuru was used to seed Kimwolf, an Aisuru variant which introduced a novel spreading mechanism that allowed the botnet to infect devices hidden behind the protection of the user’s internal network.
On January 2, 2026, the security firm Synthient publicly disclosed the vulnerability Kimwolf was using to propagate so quickly. That disclosure helped curtail Kimwolf’s spread somewhat, but since then several other IoT botnets have emerged that effectively copy Kimwolf’s spreading methods while competing for the same pool of vulnerable devices. According to the DOJ, the JackSkid botnet also sought out systems on internal networks just like Kimwolf.
The DOJ said its disruption of the four botnets coincided with “law enforcement actions” conducted in Canada and Germany targeting individuals who allegedly operated those botnets, although no further details were available on the suspected operators.
In late February, KrebsOnSecurity identified a 22-year-old Canadian man as a core operator of the Kimwolf botnet. Multiple sources familiar with the investigation told KrebsOnSecurity the other prime suspect is a 15-year-old living in Germany.
What do you feel about this post?
Like
Love
Happy
Haha
Sad
