30.09.2025

The Hacker News 30.09.2025 05:41
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a critical security flaw impacting the Sudo command-line utility for Linux and Unix-like operating systems to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild.
The vulnerability in question is CVE-2025-32463 (CVSS score: 9.3), which affects Sudo versions prior to

The Hacker News 29.09.2025 16:36
Threat actors have been observed using seemingly legitimate artificial intelligence (AI) tools and software to sneakily slip malware for future attacks on organizations worldwide.
According to Trend Micro, the campaign is using productivity or AI-enhanced tools to deliver malware targeting various regions, including Europe, the Americas, and the Asia, Middle East, and Africa (AMEA) region.

CSO Online 29.09.2025 12:30
Mit dem SaaS Security Capability Framework (SSCF) hat die Cloud Security Alliance (CSA) einen neunen Sicherheitsstandart festgelegt.
Das SaaS Security Capability Framework (SSCF) der Cloud Security Alliance (CSA) soll SaaS-Anbietern dabei helfen, Zero-Trust-Prinzipien in ihre Umgebungen zu integrieren und Kunden angesichts steigender Risiken durch Dritte konsistentere Sicherheitskontrollen zu bieten. Die Veröffentlichung der Leitlinien folgt auf die jüngsten Angriffe auf Salesforce-SaaS-Anwendungen, die die Aufmerksamkeit der Security-Branche erregt haben.

CSO Online 29.09.2025 12:28
A Chinese state-sponsored hacker group called RedNovember has conducted a global espionage campaign targeting critical infrastructure between June 2024 and July 2025, compromising defense contractors, government agencies, and major corporations while exploiting vulnerabilities faster than organizations could deploy security patches.
The attacks included breaches of at least two US defense contractors and more than 30 Panamanian government agencies as part of a systematic targeting across the US, Europe, Asia, and South America, according to cybersecurity firm Recorded Future.

Heise Security 29.09.2025 12:22
Nach einem Cyberangriff auf Jaguar Land Rover hilft die britische Regierung dem Autohersteller mit einem Milliardenkredit. Die Produktion steht weiter still.

Golem 29.09.2025 09:04
Die Cybererpresser verbessern die Verschleierung ihrer Malware und Erschweren die Wiederherstellung verschlüsselter Dateien. (Ransomware, Malware)