Seite wählen

07.11.2025

9

Malicious npm packages contain Vidar infostealer

CSO Online 07.11.2025 02:34
Malicious code continues to be uploaded to open source repositories, making it a challenge for responsible developers to trust what’s there, and for CISOs to trust applications that include open source code.
The latest example comes from researchers at Datadog Security, who said that last month they found 17 packages (23 releases) in the npm repository that contained downloader malware for Windows systems that executes via a postinstall script.

9

Cisco fixes critical flaws in Unified Contact Center Express

CSO Online 07.11.2025 01:45
Cisco released patches for two critical vulnerabilities in its Unified Contact Center Express (CCX) that could allow attackers to bypass authentication and execute commands as root on the underlying system.
The company also warned today about a new attack variation targeting two previously patched vulnerabilities in its Secure Firewall Adaptive Security Appliance (ASA) and Secure Firewall Threat Defense (FTD) software. The flaws were exploited in the wild by a cyberespionage group tracked as UAT4356 or Storm-1849.

9

Windows: Oktober-Sicherheitsupdates können Bitlocker-Wiederherstellung auslösen

Heise Security 06.11.2025 12:57
Die Sicherheitsupdates vom Oktober-Patchday für Windows können dazu führen, dass die Bitlocker-Wiederherstellung startet.

9

Bundestag: Koalition einigt sich bei NIS2-Richtlinien-Umsetzung

Heise Security 06.11.2025 12:31
Unions- und SPD-Fraktion haben sich nach intensiven Verhandlungen bei der Überarbeitung der Cybersicherheitsvorgaben für Kritische Infrastrukturen geeinigt.

9

Flaw in React Native CLI opens dev servers to attacks

CSO Online 06.11.2025 12:30
A critical remote-code execution (RCE) flaw in the widely used @react-native-community/cli (and its server API) lets attackers run arbitrary OS commands via the Metro development server, the default JavaScript bundler for React Native.
In essence, launching the development server through standard commands (eg, npm start or npx react-native start) could expose the machine to external attackers, because the server binds to all network interfaces by default (0.0.0.0), rather than limiting itself to “localhost” as it says in the console message.

9

Sicherheitslücken gefährden PCs mit Dell CloudLink und Command Monitor

Heise Security 06.11.2025 09:29
Patches lösen mehrere Sicherheitsprobleme mit Dell CloudLink und Command Monitor.

9

Cisco: Teils kritische Sicherheitslücken in mehreren Produkten

Heise Security 06.11.2025 07:46
Cisco hat Sicherheitsmitteilungen zu Lücken in mehreren Produkten veröffentlicht. Admins sollten die Updates zügig anwenden.