13.11.2025

Heise Security 13.11.2025 06:06
Noch ist unklar, wer hinter dem IT-Angriff auf Ludwigshafener Verwaltung steckt. Der Innenminister appelliert an Kommunen und Unternehmen, sich zu schützen.

Heise Security 13.11.2025 05:28
Schnell ist es passiert: Hacker und andere Kriminelle kapern Computer und Datenbanken. Die Bedrohungslage ist auch hierzulande hoch.

The Hacker News 13.11.2025 04:58
Cybersecurity researchers are calling attention to a large-scale spam campaign that has flooded the npm registry with thousands of fake packages since early 2024 as part of a likely financially motivated effort.
"The packages were systematically published over an extended period, flooding the npm registry with junk packages that survived in the ecosystem for almost two years," Endor Labs

CSO Online 13.11.2025 02:36
Google is asking to a US court for help in dismantling the infrastructure behind the Lighthouse phishing-as-a-service operation, the latest effort by a technology company to use the legal system to put a dent in cybercrime.
Whether it will do more than that is an open question.

Graham Cluley Security blog 13.11.2025 00:25
Tinder has got a plan to rummage through your camera roll, and Warren Buffett keeps popping up in convincing deepfakes dishing "number one investment tips."

Meanwhile, will agentic AI replace your co-hosts before you can say "EDR for robots"? and why you should still read books.

All this, plus Lily Allen's new album and Claude Code come up for discussion in episode 443 of the "Smashing Security" podcast, with special guest Ron Eddings.

CSO Online 12.11.2025 16:35
Forscher haben neue Methoden für Angriffe über ChatGPT aufgedeckt.
Forscher des Sicherheitsunternehmens Tenable haben sieben neue Möglichkeiten entdeckt, wie Angreifer ChatGPT dazu bringen können, private Informationen aus den Chat-Verläufen der Nutzer preiszugeben. Bei den meisten dieser Angriffe handelt es sich um indirekte Prompt Injections, die die Standard-Tools und -funktionen von ChatGPT ausnutzen. Etwa die Fähigkeit, den Kontext von Unterhaltungen langfristig zu speichern oder die Web-Suchfunktionen.

The Hacker News 12.11.2025 15:48
Google has filed a civil lawsuit in the U.S. District Court for the Southern District of New York (SDNY) against China-based hackers who are behind a massive Phishing-as-a-Service (PhaaS) platform called Lighthouse that has ensnared over 1 million users across 120 countries.
The PhaaS kit is used to conduct large-scale SMS phishing attacks that exploit trusted brands like E-ZPass and USPS to

Heise Security 12.11.2025 15:41
Das Online-Buchungssystem des Miniatur Wunderlands wurde Ziel eines IT-Angriffs. Untersuchungen laufen derzeit noch.

Infosecurity Magazine 12.11.2025 15:30
GlobalLogic has notified 10,000 employees their data was stolen in the Oracle EBS campaign

Graham Cluley Security blog 12.11.2025 14:45
Many of the world's top artificial intelligence companies are making a simple but dangerous mistake. They are accidentally publishing their passwords and digital keys on GitHub, the popular code-sharing website that is used by millions of developers every day.

Read more in my article on the Fortra blog.

Infosecurity Magazine 12.11.2025 14:30
UK cyber-insurers paid 230% more to policyholders in 2024 than the year before

The Hacker News 12.11.2025 14:00
Amazon's threat intelligence team on Wednesday disclosed that it observed an advanced threat actor exploiting two then-zero-day security flaws in Cisco Identity Service Engine (ISE) and Citrix NetScaler ADC products as part of attacks designed to deliver custom malware.
"This discovery highlights the trend of threat actors focusing on critical identity and network access control infrastructure –

Heise Security 12.11.2025 13:40
In den Virenscannern von Avast und AVG konnten Angreifer ihre Rechte im System ausweiten. Updates hat der Hersteller stillschweigend verteilt.

CSO Online 12.11.2025 13:22
Der Ticketshop des Miniatur Wunderland Hamburg wurde offenbar gehackt.
Das Miniatur Wunderland Hamburg zählt zu den beliebtesten Sehenswürdigkeiten der Hansestadt und ist laut Guinness-Buch die weltweit größte Modelleisenbahn-Ausstellung. Wie Cybernews berichtet, informiert das Museum seine Besucher aktuell per E-Mail über einen Datenschutzvorfall.

CSO Online 12.11.2025 12:35
The UK government has introduced a new legislation to harden national cyber defenses across critical infrastructure, imposing turnover-based penalties and granting ministers emergency powers to intervene during major cyber incidents.
The Cyber Security and Resilience Bill, unveiled Tuesday, would require organizations in healthcare, energy, water, transport, and digital services to meet mandatory security standards and report significant cyber incidents within 24 hours.

Heise Security 12.11.2025 12:23
Intel hat auch einen Patchday veranstaltet und 30 Sicherheitsmitteilungen mit Updates veröffentlicht. Davon sind sieben hochriskant.

Schneier on Security 12.11.2025 12:01
Former DoJ attorney John Carlin writes about hackback, which he defines thus: “A hack back is a type of cyber response that incorporates a counterattack designed to proactively engage with, disable, or collect evidence about an attacker. Although hack backs can take on various forms, they are—­by definition­—not passive defensive measures.”
His conclusion:
As the law currently stands, specific forms of purely defense measures are authorized so long as they affect only the victim’s system or data.
At the other end of the spectrum, offensive measures that involve accessing or otherwise causing damage or loss to the hacker’s systems are likely prohibited, absent government oversight or authorization. And even then parties should proceed with caution in light of the heightened risks of misattribution, collateral damage, and retaliation…

CSO Online 12.11.2025 11:58
A malicious npm package named “@acitons/artifact” was found impersonating the legitimate “@actions/artifact” module, directly targeting the CI/CD pipelines within GitHub Actions workflows.
According to Veracode findings, the package was uploaded on November 7 and was designed to trigger during the build process of GitHub-owned repositories. Once executed inside a CI/CD runner, the payload captures any tokens available to that build environment and then uses those credentials to publish malicious artifacts–effectively impersonating GitHub itself.

Heise Security 12.11.2025 11:51
Mit einem neuen M365-Kit, aktualisiertem Cloud Compendium und DSFA-Vorlagen will Microsoft Unternehmen die DSGVO-Dokumentation erleichtern.

The Hacker News 12.11.2025 11:07
Active Directory remains the authentication backbone for over 90% of Fortune 1000 companies. AD's importance has grown as companies adopt hybrid and cloud infrastructure, but so has its complexity. Every application, user, and device traces back to AD for authentication and authorization, making it the ultimate target. For attackers, it represents the holy grail: compromise Active

Heise Security 12.11.2025 10:45
Microsoft hat die Passkey-Verwaltung in Windows 11 aufgebohrt. Nun können das externe Programme übernehmen – etwa 1Password und Bitwarden.

CSO Online 12.11.2025 10:43
To keep up with a quickly changing threat environment, organizations are reassessing how they assess risk. They no longer view them only as a once-a-year exercise. They recognize their value as important tools for making informed decisions.
While many still confuse gap analysis with risk assessment, the difference is important. A gap analysis measures how well a company follows a specific set of controls, often linked to frameworks like ISO or NIST. A risk assessment, on the other hand, can be customized to look at any threat. This allows security leaders to focus their assessments where they are most needed.

The Hacker News 12.11.2025 10:21
Microsoft on Tuesday released patches for 63 new security vulnerabilities identified in its software, including one that has come under active exploitation in the wild.
Of the 63 flaws, four are rated Critical and 59 are rated Important in severity. Twenty-nine of these vulnerabilities are related to privilege escalation, followed by 16 remote code execution, 11 information disclosure, three

Graham Cluley Security blog 12.11.2025 10:15
A Russian hacker accused of helping ransomware gangs break into businesses across the United States is set to plead guilty, according to recently filed federal court documents.

25-year-old Aleksey Olegovich Volkov worked as an "initial access broker", a cybercriminal specialist who focuses on the earliest stage of an attack: gaining the first foothold inside a victim's network.

Read more in my article on the Hot for Security blog.

Infosecurity Magazine 12.11.2025 10:15
Microsoft has patched a zero-day vulnerability in the Windows Kernel under active exploitation by threat actors

Infosecurity Magazine 12.11.2025 09:40
The UK government is overhauling cybersecurity laws for the first time since 2018 with the Cyber Security and Resilience Bill

Golem 12.11.2025 08:46
Einen Monat nach dem offiziellen Supportende verteilt Microsoft noch ein Notfallupdate für Windows 10. Sicherheitslücken schließt es allerdings nicht. (Windows 10, Microsoft)

Heise Security 12.11.2025 08:19
Es sind wichtige Sicherheitsupdates für unter anderem Adobe Illustrator, InCopy und Photoshop erschienen.

Heise Security 12.11.2025 07:36
Microsofts Entwickler haben Sicherheitslücken in unter anderem Azure, Office und Windows geschlossen. Es gibt bereits Attacken.

CSO Online 12.11.2025 07:00
The extent to which enterprise networks are sprawling, half-visible, and full of PC and servers running obsolete versions of operating systems and vulnerable IoT devices has been laid bare by new research.
Twenty-six percent of Linux systems and 8% of Windows systems are running on end-of-life (EOL) versions of operating systems, according to research from Palo Alto Networks.

CSO Online 12.11.2025 07:00
Almost everywhere, being a CISO means dealing with limited budgets, competing priorities, tools that don’t quite fit the problem and myriad other constraints. Most security leaders adapt, and work within those boundaries to protect their organizations as best they can. But for a few, adaptation and making do with what’s available isn’t enough. The limitations are not just a problem to get around, but an opportunity to build something new.
The motivations for making the jump can vary. For some it is closing security gaps they’ve battled for years, for others it’s about escaping corporate inertia, or proving that security can drive business value. What unites them is the desire to create rather than just defend. Paul Hadjy, Joe Silva, Chris Pierson, and Michael Coates are four security leaders who made that transition. Here’s what they built and what they learned in the process.

We Live Security 11.11.2025 10:00
From unintentional data leakage to buggy code, here’s why you should care about unsanctioned AI use in your company