27.11.2025

Heise Security 27.11.2025 04:04
Drei Bezirksverwaltungen in London haben nach Cyberangriffen die IT abgeschaltet, was behördliche Dienstleistungen einschränkt. Details gibt es noch keine.

CSO Online 27.11.2025 00:59
The recent ransomware attacks on organizations with SonicWall SSL VPNs may teach more lessons than just the need for patch management and identity and access control. Some of the victim firms had vulnerable SonicWall devices on their IT networks as legacies of past mergers or acquisitions, suggesting infosec leaders need to be more involved in preparing for M&A deals or risk their organizations being stung by hackers.
That’s the conclusion from a report this week by researchers at ReliaQuest.

CSO Online 27.11.2025 00:12
Researchers have demonstrated another indirect prompt injection attack against AI-powered browsers and browser assistants that could lead to phishing, sensitive data exfiltration, credential theft, or malware downloads. The attack, dubbed HashJack, relies on rogue prompts added to URLs after the hash (#) symbol, also known as a named anchor or URL fragment.
“HashJack is the first known indirect prompt injection that can weaponize any legitimate website to manipulate AI browser assistants,” researchers from Cato Networks said in the report. “As a result, AI browsers —  including Comet (Perplexity), Copilot for Edge (Microsoft), and Gemini for Chrome (Google) — can be used to enable a wide range of malicious attacks.”

CSO Online 26.11.2025 11:55
Attackers behind the ToddyCat advanced persistent threat (APT) toolkit have adapted to stealing Outlook mail data and Microsoft 365 Access tokens.
According to Kaspersky Labs’ findings, the APT group has refined its toolkit in late 2024 and early 2025 to capture not only browser credentials, as previously seen, but also victims’ actual email archives and access tokens.

Heise Security 26.11.2025 10:24
Angreifer können unter anderem an einer kritischen Sicherheitslücke in Nvidias KI-Computer DGX Spark ansetzen.

CSO Online 26.11.2025 07:00
A seasonal surge in malicious activity combined with alliances between ransomware groups led to a 41% increase in attacks between September and October. Cybercriminal group Qilin continues to be the most active ransomware paddlers, responsible for 170 of 594 attacks (29%) in October, NCC Group reports.
Sinobi and Akira followed with 15% of ransomware attacks rounding up the top three most active ransomware groups in October 2025.