A critical security vulnerability affecting the JumpCloud Remote Assist for Windows agent has been identified, exposing managed endpoints to local privilege escalation and denial-of-service (DoS) attacks. The flaw, tracked as CVE-2025-34352, affects all versions of the agent released before 0.317.0… Read More "JumpCloud Windows Agent Flaw Enables Local Privilege Escalation"
Dec 16, 2025Ravie LakshmananNetwork Security / Vulnerability Threat actors have begun to exploit two newly disclosed security flaws in Fortinet FortiGate devices, less than a week after public disclosure. Cybersecurity company Arctic Wolf said it observed active intrusions involving malicious… Read More "Fortinet FortiGate Under Active Attack Through SAML SSO Authentication Bypass"
Versteckte Skripte in „Privatsphäre” Neben dem Angebot eines VPN-Dienstes setzt Urban VPN Proxy „Executor”-Skripte ein, die aktiviert werden, wenn ein Benutzer im Browser KI-Chat-Plattformen wie ChatGPT, Claude, Gemini, Perplexity und Grok ansteuert. „Jede Plattform hat ihr eigenes dediziertes Skript –… Read More "Urban VPN beim Diebstahl privater KI-Chats erwischt"
Dec 16, 2025Ravie LakshmananCloud Security / Vulnerability Amazon’s threat intelligence team has disclosed details of a “years-long” Russian state-sponsored campaign that targeted Western critical infrastructure between 2021 and 2025. Targets of the campaign included energy sector organizations across Western nations,… Read More "Amazon Exposes Years-Long GRU Cyber Campaign Targeting Energy and Cloud Infrastructure"
Am Montagnachmittag konnten die Nutzer im Bundestag nicht mehr auf Internet, Intranet, E-Mail-Postfächer und Dateien zugreifen. Matthias Wehnert – shutterstock.com Der zeitweise flächendeckende Ausfall des Computernetzwerks des Bundestags war nicht die Folge eines Hackerangriffs. “Auslöser war eine Überlastungssituation zwischen den… Read More "Internet-Ausfall im Bundestag wohl kein Cyberangriff"
A Russian state-sponsored malicious campaign that has been targeting critical infrastructure organizations in Western countries for years has shifted its tactics from vulnerability exploitation to compromising misconfigured customer network edge devices. While the threat actor remains unidentified, Amazon has attributed… Read More "Amazon Warns Russian GRU Hackers Target Western Firms via Edge Devices"
AI-assisted coding and AI app generation platforms have created an unprecedented surge in software development. Companies are now facing rapid growth in both the number of applications and the pace of change within those applications. Security and privacy teams are… Read More "Why Data Security and Privacy Need to Start in Code"
According to Koi Security’s findings, urban VPN injects scripts that activate whenever users interact with popular AI platforms, capturing both prompts and responses, even when VPN features are disabled. Hidden scripts in “privacy” armor Apart from offering a VPN service,… Read More "‘Featured’ Urban VPN caught stealing private AI chats"
A US fintech firm with thousands of car dealership clients has revealed a data breach impacting 5.8 million end customers. Michigan-headquartered 700Credit provides credit reporting, identity verification and other services to over 20,000 dealers across the US. It revealed in a… Read More "Millions of Car Owners Hit By Credit700 Data Breach"
Internet users have been warned to stay alert to increasingly sophisticated online scams this festive season, after experts observed a torrent of AI-powered content. Check Point claimed to have detected 33,500 unique Christmas-themed phishing emails and over 10,000 seasonal social… Read More "Phishing Messages and Social Ads Flood Users Ahead of Christmas"
