Jan 07, 2026The Hacker NewsEnterprise Security / Artificial Intelligence Non-human employees are becoming the future of cybersecurity, and enterprises need to prepare accordingly. As organizations scale Artificial Intelligence (AI) and cloud automation, there is exponential growth in Non-Human Identities (NHIs),… Read More "The Future of Cybersecurity Includes Non-Human Employees"
Der Ransomware-Dienst Ransomhouse nutzt jetzt eine komplexe Dual-Schlüssel-Verschlüsselung und automatisierte Angriffe auf VMware ESXi. Suttipun – shutterstock.com Sicherheitsexperten haben kürzlich festgestellt, dass die Ransomware-Gruppe Jolly Scorpius ihren RaaS-(Ransomware as a Service)-Dienst Ransomhouse massiv verbessert hat. Wie das Threat-Intelligence-Team von Palo… Read More "Neue Ransomware-Bedrohung zielt auf deutsche Unternehmen"
A malicious Windows packer known as pkr_mtsi has been identified as a flexible malware loader used in large-scale malvertising and SEO-poisoning campaigns, according to new research. First observed in the wild by ReversingLabs (RL) on April 24 2025, the tool has… Read More "Versatile Malware Loader pkr_mtsi Delivers Diverse Payloads"
If you boil it down to the most basic difference between GitHub and Bitbucket, it is that GitHub is focused around public code and Bitbucket is for private. GitHub has a huge open-source community and Bitbucket tends to have mostly… Read More "Bitbucket vs GitHub (Updated for 2026)"
Jan 07, 2026Ravie LakshmananVulnerability / Automation Cybersecurity researchers have disclosed details of yet another maximum-severity security flaw in n8n, a popular workflow automation platform, that allows an unauthenticated remote attacker to gain complete control over susceptible instances. The vulnerability, tracked… Read More "Critical n8n Vulnerability (CVSS 10.0) Allows Unauthenticated Attackers to Take Full Control"
Wenn sich ein User mit einem bösartigen Server verbindet, was durch Social Engineering leicht möglich ist, kann dieser Server eine SSE mit ausführbarem JavaScript senden. Dieses Skript hat vollen Zugriff auf den Speicher des Browsers, einschließlich des JWT, welches zur… Read More "Bug in Open WebUI macht Kostenlos-Tool zur Backdoor"
A new wave of Android malware has been enabling cybercriminals to carry out unauthorized tap-to-pay transactions without physical access to victims’ bank cards. The activity, documented in an advisory published today by Group-IB researchers, involves NFC-enabled applications sold and promoted within… Read More "Ghost Tap Malware Fuels Surge in Remote NFC Payment Fraud"
In an ambitious effort to improve the Nation’s security posture, President Joe Biden has instituted an Executive Order to improve cyber threat information sharing between the U.S Government and the Private Sector. The goal is to align cybersecurity initiatives between… Read More "How to be Compliant with Biden’s Cybersecurity Executive Order"
Jan 07, 2026Ravie LakshmananVulnerability / Cloud Security Open-source workflow automation platform n8n has warned of a maximum-severity security flaw that, if successfully exploited, could result in authenticated remote code execution (RCE). The vulnerability, which has been assigned the CVE identifier… Read More "n8n Warns of CVSS 10.0 RCE Vulnerability Affecting Self-Hosted and Cloud Versions"
The rising use of generative AI tools like Large Language Models (LLMs) in the workplace is increasing the risk of cyber-security violations as organizations struggle to keep tabs on how employees are using them. One of the key challenges IT… Read More "Personal LLM Accounts Drive Shadow AI Data Leak Risks"
