ARTIKEL SUCHE
Threat Feed QueryDurchsuche alle aggregierten Security-Artikel nach Schlagworten, CVE-IDs und Quellen.
Securing Generative AI – Mitigating Data Leakage Risks
<html><body><p>Generative artificial intelligence (GenAI) has emerged as a transformative force across industries, enabling content creation, data analysis, and decision-making breakthroughs. However, its rapid adoption
VMware ESXi, Firefox, Red Hat Linux & SharePoint 0-Day Vulnerabilities Exploited – Pwn2Own Day 2
<html><body><p>Security researchers uncovered critical zero-day vulnerabilities across major enterprise platforms during the second day of Pwn2Own Berlin 2025, earning a staggering $435,000 in bounties. The competition,
Communications Backdoor in Chinese Power Inverters
<html><body><p>This is a <a href="https://www.msn.com/en-us/news/world/ar-AA1EMfHP">weird story</a>:</p> <blockquote><p>U.S. energy officials are reassessing the risk posed by Chinese-made devices that play a critical ro
SSH Auth Keys Reuse Exposes Sophisticated Targeted Phishing Attack
<html><body><p>A coordinated phishing campaign targeting Kuwait’s critical sectors has been exposed through a distinctive operational security lapse: the consistent reuse of SSH authentication keys across multiple attack
Linux Kernel Patching and Preventing Exploits in 2025
<html><body><p>As the Linux kernel continues to power everything from cloud infrastructure to embedded devices, its security remains critical. In 2025, patching strategies face unprecedented challenges: a 3,529% year-ove
Multiple Ivanti Endpoint Mobile Manager Vulnerabilities Allows Remote Code Execution
<html><body><p>Critical security flaws have been uncovered in Ivanti Endpoint Manager Mobile (EPMM), a widely used mobile device management (MDM) solution, exposing organizations to the risk of unauthenticated remote cod
Windows 10 KB5058379 Update Boots PCs into Windows Recovery and Require BitLocker key
<html><body><p>Multiple users and IT administrators are reporting that Microsoft’s latest security update KB5058379, released on May 13, 2025, is causing widespread issues with BitLocker recovery prompts and system boot
Hackers Attacking Industrial Automation Systems With 11,600+ Malware Families
<html><body><p>Industrial automation systems worldwide are facing an unprecedented scale of cyber threats, with security researchers detecting a staggering 11,679 distinct malware families targeting critical infrastructu
Jenkins Security Update Released With the Fixes for the Vulnerabilities that Exploit CI/CD Pipelines
<html><body><p>The Jenkins project has issued a critical security advisory detailing vulnerabilities in five widely used plugins: Cadence vManager, DingTalk, Health Advisor by CloudBees, OpenID Connect Provider, and WSO2
Windows Defender Best Practices – Optimizing Endpoint Protection
<html><body><p>As cyberthreats grow in sophistication, organizations must prioritize robust endpoint protection strategies. Microsoft Defender for Endpoint has emerged as a critical tool in this landscape, offering AI-dr
SonicWall SMA1000 Vulnerability Let Attackers to Exploit Encoded URLs To Gain Internal Systems Access Remotely
<html><body><p>SonicWall has issued a high-priority security advisory (SNWLID-2025-0010) revealing a critical Server-Side Request Forgery (SSRF) vulnerability in its SMA1000 Appliance Work Place interface. Tracked as CVE
CISA Warns of Five Actively Exploited Windows 0-Day Vulnerabilities
<html><body><p>CISA has issued an urgent alert after adding five new Microsoft Windows zero-day vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. Th
Windows Defender Application Control Bypassed Using Operationalizing Browser Exploits
<html><body><p>Researchers have uncovered a sophisticated technique to bypass Windows Defender Application Control (WDAC), a critical Windows security feature designed to prevent unauthorized code execution. The bypass l
U.S. officials Investigating Rogue Communication Devices in Solar Power Inverters
<html><body><p>U.S. energy officials have launched an investigation after discovering unauthorized communication equipment embedded within Chinese-manufactured solar power inverters connected to critical infrastructure g
Xerox Issues April 2025 Security Patch Update for FreeFlow Print Server v2
<html><body><p>Xerox has announced the release of its April 2025 Security Patch Update for the FreeFlow® Print Server v2 running on Windows® 10, reinforcing the company’s commitment to robust cybersecurity for its produc
TransferLoader Malware Allows Attackers to Execute Arbitrary Commands on Compromised System
<html><body><p>A newly identified malware loader dubbed TransferLoader has emerged as a critical threat, enabling attackers to execute arbitrary commands on compromised systems and deliver payloads such as the Morpheus r
Hackers Disguised Remote Access Malware as Microsoft Edge service
<html><body><p>A sophisticated backdoor campaign in which attackers cleverly disguised remote access malware as a legitimate Microsoft Edge service. The malicious Mesh agent, masquerading under the path C:\Program Files\
Russian Hackers Exploiting MDaemon 0-Day Vulnerability to Hack Webmail Servers
<html><body><p>A recently uncovered cyber-espionage campaign linked to Russian state-sponsored actors has been targeting enterprise webmail servers using a critical zero-day vulnerability in MDaemon, a widely used email
Node.js Vulnerability Allows Attackers to Crash the Process & Halt Services
<html><body><p>The Node.js project has issued urgent security updates after disclosing a high-severity vulnerability that could allow remote attackers to crash Node.js processes, potentially halting critical services and
U.S. CISA adds a Fortinet flaw to its Known Exploited Vulnerabilities catalog
<html><body><p>U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a Fortinet vulnerability to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) a