Patch now! In Germany, 11,000 WatchGuard firewalls are still vulnerableSecurity researchers warn that more than 117,000 WatchGuard firewalls of the Firebox series worldwide are still without a security update.
"Karvi-geddon": Deficient security architecture at delivery service platformA security analysis published on Github reveals serious deficiencies at Karvi Solutions. Tens of thousands of restaurant customers are affected.
Security patches: DoS attacks on IBM App Connect Enterprise possibleIBM's integration software offering, App Connect Enterprise, is vulnerable. In recent versions, developers have closed a security gap.
Hard drive finds in the boiler room: Municipality explains itselfWe reported on data carriers stored unsecured by a municipality. The mayor now admits that he cannot rule out data leakage.
BIOS security vulnerability: Malware attacks on Dell servers possibleVarious models of Dell's PowerEdge server line are vulnerable. Security patches are available.
Federal Trojan: BND to be allowed to enter apartments to install spywareChancellery reforms BND law: more powers, including entering apartments to install spy software.
Foxit PDF: Updates close highly risky security vulnerabilitiesUpdates for Foxit PDF Editor and Reader for macOS and Windows close security vulnerabilities. Attackers can inject malicious code as a result.
Patch now! Attackers push malware onto WatchGuard FireboxAttackers are currently targeting WatchGuard Firebox series firewalls. Security patches are available for download.
Out-of-band update: Microsoft fixes Message Queuing issuesWindows security updates cause disruptions to Windows 10 and Server up to 2019 Message Queuing (MSMQ). Emergency updates resolve this.
Fractions of a second betray North KoreansThe keystrokes of an external employee were suspiciously delayed. Amazon.com identified him as North Korean.
Phishing attempt at Outfittery: data leak at the clothing retailer?The Berlin-based clothing retailer asked customers to update their payment details. However, the link in the email led to a phishing page.
France investigates 'foreign interference' after malware found on ferryFrench police have arrested two crew members on a ferry. They intended to gain access to data processing systems.
EMBA 2.0: Firmware analyzer achieves 95 percent emulation successIn version 2.0, the firmware analysis tool EMBA achieves an emulation success rate of 95 percent, leaving older tools far behind.
Apache Commons Text: Code injection vulnerability in older versionsApache Commons Text is used for processing character strings in Java apps. A critical vulnerability allows the injection of malicious code.
Security gaps: Nvidia equips AI and robotics software against potential attacksImportant security updates close multiple vulnerabilities in Nvidia Isaac Lab, NeMo Framework, and Resiliency Extension.
SSH server Dropbear allows privilege escalationThe lean SSH server Dropbear is closing a privilege escalation vulnerability with an updated version, among other things.
Attacks on Zero-Day Vulnerabilities: Cisco, Sonicwall, and Asus Live UpdateCISA warns of observed attacks on Cisco, Sonicwall, and Asus security vulnerabilities. Updates are partially available.
Docker Inc. makes hardened images available for freeHardened Docker images are reduced to a minimum, leaving as little attack surface as possible. Docker Inc. is now making these available free of charge.
Spyware unmasked: How Belarus monitors journalists with "ResidentBat"Researchers have identified an Android spyware that has been used directly against media actors in Belarus for years. It relies on blatant deception.
Pornhub Premium Users: Cyber Gang ShinyHunters Threatens PublicationCybercriminals have stolen data from Pornhub Premium users. The ransomware gang ShinyHunters is now threatening publication.
Countless security vulnerabilities in IBM DataPower Gateway closedAttackers can attack IBM's security and integration platform DataPower Gateway through various means.
Microsoft Sweeps RC4 Remnants from KerberosRC4 encryption has been cracked for over a decade. Now Microsoft is slowly sweeping the last remnants, such as in Kerberos, away.
HPE OneView: Critical vulnerability allows code smuggling from the networkIn HPE's OneView, malicious actors can inject malicious code from the network without authentication. An update is available.
Patch now! Attackers bypass authentication in Fortinet productsCurrently, attackers are exploiting an SSO vulnerability in certain Fortinet products. Security patches are available.
UpdateWhatsApp and Signal: Privacy vulnerable, tracker software availableThe WhatsApp and Signal messengers reveal user information through confirmation runtimes. A setting helps.
Google discontinues Dark Web ReportGoogle is discontinuing its Dark Web Report and will delete all stored data. As an alternative, the company recommends Passkeys and the Password Manager.
Smartphone Security Tips from CERT-FR and CISA – Little PracticalThe IT security organizations CERT-FR and CISA have compiled tips for securing smartphones. They go a bit too far.
security gaps: HPE ProLiant servers with Intel QuickAssist are vulnerableSecurity patches close multiple vulnerabilities in HPE ProLiant. However, servers are only attackable under certain conditions.
Cybercriminals copy personal data from SoundCloud and Pornhub usersSoundCloud and Pornhub have independently reported IT security incidents. In these incidents, attackers were able to access internal data.
Update iOS and macOS: Warning of Attacks on Apple Vulnerabilities and GladinetCISA warns of ongoing attacks on vulnerabilities in Apple's iOS and macOS, as well as on Gladinet CentreStack and Triofox.
IT outage in the Bundestag: Great nervousness during Ukraine negotiationsThe German Bundestag experienced a significant IT outage, with network, email, and shared drives affected. Cause remains unclear.
BSI checks email programsThe Federal Office for Information Security has tested how secure email programs are. They are apparently okay.
Pentest Linux Kali 2025.4 with New Desktops, Wayland, and Halloween ModeThe developers of Kali Linux for pentesters, which evolved from Backtrack, have released version 2025.4. It updates the desktops.
Attackers can attack PCs managed with TeamViewer DEXSecurity patches close several vulnerabilities in the remote maintenance platform TeamViewer DEX.
React2Shell patch insufficient, attacks widenUpdates to close a critical vulnerability in React servers are incomplete. More and more attackers are exploiting the leak.
Patchday Problem: Message Queuing issues in Windows 10, Server 2016, and 2019The December security updates are disrupting Message Queuing in Windows 10, Server 2016, and 2019, leading to error messages.
Android: Developer option against espionage with accessibility optionsGoogle has added a flag to Android 16 that allows app developers to block malware that spies through accessibility features.
More than 10,000 Docker Hub Images Contain Secret CredentialsOn Docker Hub, there are thousands of container images – and more than 10,000 of them actually contain secret credentials.
GitLab: Attackers can create wiki pages with malwareSecurity patches close multiple vulnerabilities in the GitLab development environment.
Remote Maintenance ScreenConnect: Critical vulnerability allows code executionIn the remote maintenance software Connectwise ScreenConnect, authenticated attackers can inject malicious code. An update is available.
