Attackers who target developers through malicious packages hosted on the npm repository are using a new persistence technique that involves backdooring legitimate packages already installed in victims’ local environments. This tactic complicates incident response and infection clean-up efforts because it allows attackers to maintain access to the compromised development environments even after the malicious npm package is discovered and removed. “While there was a drop in instances of malware discovered on open-source repositories like npm and PyPI in 2024, threat actors have not lost interes ..read more

width="2490" height="1400" sizes="(max-width: 2490px) 100vw, 2490px">Obwohl Sicherheitsforscher Hinweise für einen Datendiebstahl bei Oracle entdeckt haben, streitet das Unternehmen den Vorfall ab. JHVEPhoto – shutterstock.com Sicherheitsforscher von CloudSEK haben kürzlich entdeckt, dass im Darknet sensible Daten von mehr als 140.000 Oracle-Kunden zum Verkauf stehen. Diese Informationen sollen aus einer Cyberattacke auf die Oracle Cloud stammen. Angriff möglicherweise über alte Sicherheitslücke Die Forscher gehen davon aus, dass der Angreifer sich über eine seit langem bekannte Sicherhei ..read more

Secret codes have been around for hundreds of years. Everyone from pirates to diplomats have used them to lock away messages from prying eyes. In recent years, mathematicians have built even better algorithms that are harder than ever to break. Along the way, mathematicians also started discovering that the algorithms could do more than secure a message or protect the location of treasure. They could enforce complex rules and synchronize people who were working together. The best algorithms now take on many roles beyond just protecting a message. Some can stop cheating. Others can ensure fair ..read more

srcset="https://b2b-contenthub.com/wp-content/uploads/2025/03/shutterstock_2491155871.jpg?quality=50&strip=all 12500w, https://b2b-contenthub.com/wp-content/uploads/2025/03/shutterstock_2491155871.jpg?resize=300%2C200&quality=50&strip=all 300w, https://b2b-contenthub.com/wp-content/uploads/2025/03/shutterstock_2491155871.jpg?resize=768%2C512&quality=50&strip=all 768w, https://b2b-contenthub.com/wp-content/uploads/2025/03/shutterstock_2491155871.jpg?resize=1024%2C683&quality=50&strip=all 1024w, https://b2b-contenthub.com/wp-content/uploads/2025/03/shutterstock_24911 ..read more

Troy Hunt, the security researcher behind the popular “Have I Been Pwned?” data breach notification site has fallen victim to a phishing attack that exposed the email addresses of subscribers to updates of his personal blog. Hunt received an email purportedly from email marketing platform Mailchimp falsely claiming that his account had been restricted due to a spam complaint. In response, Hunt entered his login details and submitted a one-time passcode to a fake site posing as Mailchimp. The security researcher quickly realized his mistake and changed his login details but not before attacker ..read more

Microsoft führt KI-Agenten ein, um die Cybersicherheit angesichts zunehmender Bedrohungen zu automatisieren. Denis Linine – shutterstock.com KI-Agenten, die in der Lage sind, Code auszuführen und Websuchen durchzuführen, gewinnen in der gesamten Tech-Branche an Bedeutung. Ein weiteres Feld, welches immer wichtiger wird, ist automatisierte Sicherheit. Diese Tools sind geeignet für Aufgaben wie Phishing-Erkennung, Datenschutz und Identitätsmanagement. Hierbei handelt es sich um Bereiche, in denen Angreifer unvermindert Schwachstellen in großem Umfang ausnutzen. Dies hat auch Microsoft erkan ..read more

Viele Unternehmen haben nicht auf dem Schirm, welche Sicherheitsprobleme durch die Nutzung von GenAI entstehen. Teerachai Jampanak – Shutterstock.com Einer Analyse von Netskope zufolge sind GenAI-Daten-Uploads in Unternehmen innerhalb eines Jahres um das 30-Fache gestiegen. Darunter befinden sich demnach auch sensible Informationen wie Quellcodes, regulierte Daten, Passwörter und Schlüssel sowie geistiges Eigentum. Zudem nutzen drei von vier Unternehmen Apps mit integrierten GenAI-Funktionen. „GenAI wird zunehmend in alles integriert, von speziellen Anwendungen bis hin zu Backend-Integration ..read more

Broadcom is warning customers of a high-severity, authentication bypass flaw, now fixed, affecting VMWare Tools for Windows. Tracked as CVE-2025-22230, the issue stems from improper access control and could allow privilege escalation on the affected system. “An authentication bypass vulnerability in VMware Tools for Windows was privately reported to VMware,” said Broadcom in a security advisory. “Updates are available to remediate this vulnerability in the affected VMware products.” VMware Tools for Windows is a suite of utilities designed for the performance and functionality of Windows-base ..read more

In the fast-paced world of cybersecurity, 2025 is shaping up to be a crucial year for the implementation of new regulations aimed at strengthening the European Union’s digital resilience. From the transposition of the NIS2 Directive to the entry into force of the DORA Regulation and the National 5G Network and Service Security Scheme, both private companies and public entities face an increasingly demanding regulatory landscape, and it is essential to understand and anticipate the challenges and opportunities that this new legislation presents. Transposition of the NIS2 Directive: a new horiz ..read more

Detection engineering, which was once a niche practice among mostly large companies, appears to have evolved into a capability that organizations across industries now consider essential to their security operations. What is detection engineering? Detection engineering is about creating and implementing systems to identify potential security threats within an organization’s specific technology environment without drowning in false alarms. It’s about writing smart rules that can tell when something potentially suspicious or malicious is happening in an organization’s networks or systems a ..read more