Wie Unternehmen sich gegen neue KI-Gefahren wappnen – CSO Online
KI ist nicht nur ein Tool für Hacker, sondern kann auch selbst zur Gefahr werden. inray27 – Shutterstock.com In der Welt der Cybersicherheit gibt es ein grundlegendes Prinzip, das auf…
Cyber
Developers urged to immediately upgrade React, Next.js – CSO Online
Developers using the React 19 library for building application interfaces are urged to immediately upgrade to the latest version because of a critical vulnerability that can be easily exploited by…
RCE flaw in OpenAI’s Codex CLI highlights new risks to dev environments – CSO Online
In a new example of how AI tools expand the attack surface of development machines, researchers found a serious remote code execution flaw in OpenAI’s Codex CLI, one of the…
‘ShadyPanda’ Hackers Weaponize Millions of Browsers – Dark Reading
The China-based cyber-threat group has been quietly using malicious extensions on the Google Chrome and Microsoft Edge marketplaces to spy on millions of users. – Read More
Critical React Flaw Triggers Calls for Immediate Action – Dark Reading
The vulnerability, which was assigned two CVEs with maximum CVSS scores of 10, may affect more than a third of cloud service providers. – Read More
Arizona AG Sues Temu Over ‘Stealing’ User Data – Dark Reading
The suit alleges the Chinese retailer’s app secretly accesses and harvests users’ sensitive information without their knowledge or consent. – Read More
Critical RSC Bugs in React and Next.js Allow Unauthenticated Remote Code Execution – The Hacker News
A maximum-severity security flaw has been disclosed in React Server Components (RSC) that, if successfully exploited, could result in remote code execution. The vulnerability, tracked as CVE-2025-55182, carries a CVSS…
Microsoft Silently Patches Windows LNK Flaw After Years of Active Exploitation – The Hacker News
Microsoft has silently plugged a security flaw that has been exploited by several threat actors since 2017 as part of the company’s November 2025 Patch Tuesday updates, according to ACROS…
WordPress King Addons Flaw Under Active Attack Lets Hackers Make Admin Accounts – The Hacker News
A critical security flaw impacting a WordPress plugin known as King Addons for Elementor has come under active exploitation in the wild. The vulnerability, CVE-2025-8489 (CVSS score: 9.8), is a…
Hybrid 2FA phishing kits are making attacks harder to detect – CSO Online
Some 2FA-phishing attacks are becoming significantly harder to spot as threat actors blend two previously distinct phishing-as-a-service (PhaaS) kits: Salty2FA and Tycoon2FA, into a single hybrid strain. Researchers at Any.Run…
[Dark Reading Virtual Event] Cybersecurity Outlook 2026 – Dark Reading
Post Content – Read More
Brazil Hit by Banking Trojan Spread via WhatsApp Worm and RelayNFC NFC Relay Fraud – The Hacker News
The threat actor known as Water Saci is actively evolving its tactics, switching to a sophisticated, highly layered infection chain that uses HTML Application (HTA) files and PDFs to propagate…
Get poetic in prompts and AI will break its guardrails – CSO Online
Poetry can be a perplexing art form for humans to decipher at times, and apparently AI is being tripped up by it too. Researchers from Icaro Lab (part of the…
The Ransomware Holiday Bind: Burnout or Be Vulnerable – Dark Reading
Ransomware groups target enterprises during off-hours, weekends, and holidays when security teams are stretched thin and response times lag. – Read More
Neue bösartige Browser-Erweiterungen entdeckt – CSO Online
Cyberangreifer nutzen Chrome- und Edge-Add-ons zur Datenerfassung, Suchmanipulation und als Backdoor. Ascannio – shutterstock.com Forscher des Security-Anbieters Koi haben eine Cyberbande namens „ShadyPanda“ dabei ertappt, wie sie vertrauenswürdige Browser-Erweiterungen für…