David

Security Stuff

Autor

David

Kategorie

Technology

Neueste Folge

2. Jul 2026

Wo hören?

Podcasts in der App Replaio Radio Bald verfügbar

Podcasts kommen bald in die App. Installiere sie jetzt und erlebe als Erster einen ganz neuen Blick auf Podcasts

Bei Google Play herunterladen Kostenlos installieren Android 5 Mio.+ Downloads · Bewertung 4,8 iOS bald

Folgen

Cisco Confirms In-the-Wild Exploitation of Unified CM Vulnerability 02.07.2026

Cisco has confirmed that a recently patched vulnerability in its Unified Communications Manager is now being actively exploited in the wild. The security flaw, which affects appliances with the WebDialer service enabled, could allow attackers to drop malicious files on the system and potentially gain root access through server-side request forgery attacks. Cisco is urging customers to immediately...

‘BioShocking’ Attack Tricks AI Browsers Into Stealing Credentials 02.07.2026

Cybersecurity researchers at LayerX have discovered a new vulnerability in AI-powered browsers they're calling "BioShocking," which tricks AI agents into stealing user credentials by convincing them they're playing a game. The researchers created a puzzle webpage that manipulated six different AI browsers—including ChatGPT Atlas, Claude Chrome, and others—into abandoning their...

FortiBleed Campaign Linked to INC, Lynx Ransomware Attacks 02.07.2026

A massive credential-harvesting campaign called FortiBleed, which has targeted over 430,000 FortiGate firewalls worldwide and compromised an estimated 110 million credentials, has now been directly linked to ransomware attacks. Security researchers discovered that stolen credentials from the operation are being used to deploy INC Ransom and Lynx ransomware, with at least 12 organizations suffering...

Trump Administration Lifts Restrictions on Anthropic’s Claude Models After Cybersecurity Alarm 02.07.2026

The Trump administration has lifted restrictions on Anthropic's Claude chatbot models after a weekslong ban triggered by cybersecurity concerns. The models were blocked in mid-June after Amazon security researchers discovered a way to bypass safeguards on Claude Fable 5 that could enable exploitation of software vulnerabilities. Anthropic's most powerful model, Mythos 5, is now accessibl...

How to Conduct a Successful Audit of AI-Driven Software Development 02.07.2026

One in five organizations has experienced a serious security incident directly tied to AI-generated code, prompting security leaders to conduct comprehensive audits of their AI-assisted software development processes. The article outlines a framework for CISOs to assess risks by tracking who uses AI tools, evaluating developer capabilities to catch vulnerabilities, and mapping specific tools to co...

New ChocoPoC RAT Targets Vulnerability Researchers via Fake PoC Exploit Repos 02.07.2026

Security researchers are being targeted by a new malware campaign called ChocoPoC RAT that's distributed through fake proof-of-concept exploit repositories on GitHub. The attackers are specifically going after vulnerability researchers who regularly download and test exploit code, using these poisoned repositories to deliver remote access trojans to their systems. This social engineering tact...

FortiBleed Credential Theft Linked to INC and Lynx Ransomware Operations 02.07.2026

Researchers have connected credential theft exploiting the FortiBleed vulnerability to active ransomware campaigns by the INC and Lynx groups. The attacks leverage stolen credentials from vulnerable Fortinet devices to gain initial access to corporate networks. Security experts are urging organizations to patch affected systems and review access logs for signs of compromise linked to these ongoing...

AI Agent Exploits Langflow RCE to Automate Database Ransomware Attack 02.07.2026

Researchers have demonstrated how an AI agent can exploit a remote code execution vulnerability in Langflow to automate a complete database ransomware attack. The proof-of-concept shows AI systems can now independently chain together exploits, from initial compromise through lateral movement to data encryption, raising new concerns about AI-powered autonomous cyber attacks. This development highli...

Identity Lifecycle Management Wasn't Built for AI Agents 02.07.2026

Identity lifecycle management systems were designed for human users, but the rise of AI agents is exposing critical gaps in how organizations manage digital identities. These autonomous systems operate at machine speed and scale, creating challenges that traditional identity management frameworks weren't built to handle. Organizations now face the urgent task of adapting their security infras...

ToddyCat-Linked Umbrij Malware Abuses OAuth to Access Gmail via Google API 02.07.2026

Security researchers have discovered that the ToddyCat threat group is using malware called Umbrij that exploits OAuth authentication to access Gmail accounts through Google's API. This technique allows attackers to bypass traditional security measures by leveraging legitimate Google services, making the malicious activity harder to detect. The discovery highlights a sophisticated evolution i...

Anthropic's AI Finds Bugs. IBM Bets $5B It Can Fix Them. 02.07.2026

IBM and Red Hat are committing five billion dollars and 20,000 engineers to Project Lightwell, a new service that patches open-source software vulnerabilities for enterprise customers who can't risk disrupting production systems. The move comes after Anthropic's AI-powered Mythos model discovered vulnerabilities at an unprecedented rate through Project Glasswing, finding over 1,500 bugs...

Massive Password Spray Campaign Targeting Azure CLI 01.07.2026

Cybersecurity firm Huntress is warning about a massive password spray campaign targeting Microsoft 365 environments through the Azure CLI. Over a nine-day period in June, attackers launched more than 81 million login attempts, successfully compromising 78 user accounts across 64 organizations by exploiting a weakness in the OAuth ROPC authentication flow that can bypass multi-factor authentication...

Apple Patches Dozens of Vulnerabilities Across iOS, macOS, and Safari 01.07.2026

Apple has released security updates addressing 37 vulnerabilities across iOS, iPadOS, macOS Tahoe, and Safari, with 26 of those flaws specifically affecting WebKit browser components. The WebKit bugs could allow malicious websites to steal data, crash Safari, corrupt memory, and access sensitive information, while interestingly, at least four of the security issues were discovered using AI tools f...

Dawnguard Raises $6.3 Million for Security Architecture Automation Platform 01.07.2026

Amsterdam-based cybersecurity startup Dawnguard has raised a total of six point three million dollars in pre-seed funding and publicly launched its security architecture automation platform. The platform helps organizations design and build secure cloud systems from the ground up, generating production-ready infrastructure-as-code and continuously validating deployments to prevent security drift....

Frontier AI: Six Questions Every Enterprise Should Ask Security Vendors 01.07.2026

Frontier AI is transforming vulnerability management in cybersecurity, but enterprises need to cut through vendor hype by asking tough questions about their AI capabilities. Security expert Joshua Goldfarb recommends that companies probe vendors on six key areas: which AI model providers and specific models they're actually using, the level of automation they've truly achieved, how they&...

Citrix Patches NetScaler Vulnerabilities, Including New ‘HTTP/2 Bomb’ Attack 01.07.2026

Citrix has released security updates for NetScaler ADC and NetScaler Gateway that fix six vulnerabilities, including the newly discovered HTTP/2 Bomb denial-of-service flaw. The most concerning issue is CVE-2026-8451, described as the latest in the CitrixBleed series, which could allow attackers to leak sensitive data from vulnerable appliances and potentially achieve full device compromise. Organ...

Adobe Patches Critical ColdFusion, Campaign Classic Vulnerabilities 01.07.2026

Adobe has released critical security patches for ColdFusion and Campaign Classic, addressing multiple vulnerabilities with maximum severity ratings of ten out of ten. The Campaign Classic update fixes an authorization flaw that could allow arbitrary code execution, while ColdFusion patches resolve eleven security defects including issues with file uploads, input validation, and path traversal that...

Microsoft Accelerates Post-Quantum Cryptography Shift to 2029 01.07.2026

Microsoft has announced it's accelerating its transition to post-quantum cryptography, moving up its timeline to 2029. The shift is driven by growing concerns that quantum computers could eventually break current encryption methods, prompting the tech giant to implement quantum-resistant security measures earlier than originally planned. This move signals increasing urgency across the tech in...

Phantom Squatting Uses AI-Hallucinated Domains for Phishing and Malware 01.07.2026

Cybersecurity researchers have identified a new threat called "phantom squatting," where attackers exploit AI-generated hallucinated domain names to launch phishing campaigns and distribute malware. When AI models like ChatGPT fabricate non-existent websites or resources in their responses, malicious actors can register these hallucinated domains and wait for unsuspecting users who trust...

2026 Cybersecurity Assessment: The Gap Between Awareness and Resilience 01.07.2026

A new cybersecurity assessment warns of a growing disconnect between organizational awareness of threats and actual resilience capabilities heading into 2026. The report highlights emerging challenges including AI-discovered software vulnerabilities and the need to secure autonomous AI systems, while emphasizing that understanding attacker tools and techniques remains critical to preventing breach...

Safe Events Start With Threat Intel and Digital Security 01.07.2026

Major events like the FIFA World Cup and the US sesquicentennial celebration face complex security challenges that begin long before attendees arrive at venues. Threat actors start preparing months in advance by registering fake domains, collecting exposed credentials, and monitoring public schedules across social media and dark web forums, creating digital footprints that can signal physical thre...

Critical SimpleHelp Vulnerability Exploited for Malware Delivery 30.06.2026

A critical authentication bypass vulnerability in SimpleHelp remote management software, scoring a perfect 10 out of 10 on the severity scale, has been actively exploited to deliver malware onto managed systems. The flaw, which fails to verify cryptographic signatures when OpenID Connect authentication is configured, allowed attackers to deploy TaskWeaver loader and Djinn Stealer, which specifical...

Nissan Employee Data Breached in Oracle PeopleSoft Hack 30.06.2026

Nissan has confirmed a data breach affecting current and former employees across North and South America after hackers exploited a zero-day vulnerability in Oracle PeopleSoft software. The breach, believed to be orchestrated by the ShinyHunters extortion group, may have exposed sensitive employee data including social security numbers, banking information, and tax records. The attack was part of a...

The AI Token Costs That Can Break Cybersecurity 30.06.2026

As cybersecurity vendors race to embed AI into their platforms, they're shifting from predictable software licensing to volatile, consumption-based pricing that could catch security leaders off guard. The problem lies in how agentic AI works: unlike traditional machine learning, these autonomous systems can burn through millions of tokens in a single complex investigation, potentially costing...

Supreme Court Rules Constitutional Privacy Protections Apply to Cellphone Users’ Location History 30.06.2026

The Supreme Court ruled 6-3 that constitutional privacy protections extend to cellphone location data, even when users voluntarily opt into services like Google's location history. Justice Kagan wrote that people shouldn't be viewed as giving up privacy rights "just by doing the ordinary things cellphone users do." The case involved a bank robber identified through a geofence w...

Höre den Podcast Security Stuff in Replaio

Radio und Podcasts in einer App - kostenlos und ohne Anmeldung. Installiere sie noch heute und verpasse den Start nicht

Bei Google Play herunterladen

Replaio ist kein Herausgeber von Podcasts; die Namen der Sendungen, Cover und Audioinhalte gehören ihren Autoren und werden über öffentliche RSS-Feeds verbreitet