@guardian360.bsky.social
Microsoft heeft een aanpassing doorgevoerd in de verwerking van Windows-snelkoppelingen. Het probleem, dat sinds 2017 werd misbruikt door meerdere statelijke groepen, maakte het mogelijk om schadelijke code te verbergen in het Target-veld van .lnk-bestanden.
December 9, 2025 at 8:30 AM
Microsoft heeft een aanpassing doorgevoerd in de verwerking van Windows-snelkoppelingen. Het probleem, dat sinds 2017 werd misbruikt door meerdere statelijke groepen, maakte het mogelijk om schadelijke code te verbergen in het Target-veld van .lnk-bestanden.
A critical security flaw in the Sneeit Framework plugin for WordPress is being actively exploited in the wild, per data from Wordfence.
December 8, 2025 at 6:30 PM
A critical security flaw in the Sneeit Framework plugin for WordPress is being actively exploited in the wild, per data from Wordfence.
Over 30 security vulnerabilities have been disclosed in various artificial intelligence (AI)-powered Integrated Development Environments (IDEs) that combine prompt injection primitives with legitimate features to achieve data exfiltration and remote code execution.
December 8, 2025 at 5:00 PM
Over 30 security vulnerabilities have been disclosed in various artificial intelligence (AI)-powered Integrated Development Environments (IDEs) that combine prompt injection primitives with legitimate features to achieve data exfiltration and remote code execution.
Amid the news that one of Iran's premier espionage groups attacked major Israeli organizations using new malware was an interesting tidbit: the advanced persistent threat (APT) used a loader that masquerades as a retro video game to skirt by security tools.
December 5, 2025 at 7:15 PM
Amid the news that one of Iran's premier espionage groups attacked major Israeli organizations using new malware was an interesting tidbit: the advanced persistent threat (APT) used a loader that masquerades as a retro video game to skirt by security tools.
A maximum-severity vulnerability in React, a widely used open source software library, could enable remote code execution (RCE) in a massive number of cloud environments, sparking grave concern within the cybersecurity community. www.darkreading.com/vulnerab...
Critical React Flaw Triggers Calls for Immediate Action
The vulnerability, which was assigned two CVEs with maximum CVSS scores of 10, may affect more than a third of cloud service providers.
www.darkreading.com
December 4, 2025 at 5:45 PM
A maximum-severity vulnerability in React, a widely used open source software library, could enable remote code execution (RCE) in a massive number of cloud environments, sparking grave concern within the cybersecurity community. www.darkreading.com/vulnerab...
There are now nearly 250 deep dives into Venture in Security, many of which are essential for understanding the market, whether you are a CISO, a security professional, founder, investor, or anyone else interested in building a well-rounded view of security.
December 4, 2025 at 4:00 PM
There are now nearly 250 deep dives into Venture in Security, many of which are essential for understanding the market, whether you are a CISO, a security professional, founder, investor, or anyone else interested in building a well-rounded view of security.
North Korea's 'Contagious Interview' campaign to target job seekers has expanded yet again, this time with a persistent npm package-poisoning game that runs like a well-oiled machine.
December 4, 2025 at 3:15 PM
North Korea's 'Contagious Interview' campaign to target job seekers has expanded yet again, this time with a persistent npm package-poisoning game that runs like a well-oiled machine.
Volgens de Nederlandse resultaten van Cisco’s Cybersecurity Readiness Index 2025 bevindt 16% van de mkb-bedrijven zich in de ‘beginner’-fase van hun beveiligingsstrategie.
December 4, 2025 at 12:00 PM
Volgens de Nederlandse resultaten van Cisco’s Cybersecurity Readiness Index 2025 bevindt 16% van de mkb-bedrijven zich in de ‘beginner’-fase van hun beveiligingsstrategie.
The Shai-hulud self-replicating worm's dangerous new variant is burrowing into new territories in its latest attack, flaunting features that threaten not only the npm code repository, but also GitHub and the cloud ecosystem — and to boot, it features new wiper functionality.
December 4, 2025 at 8:00 AM
The Shai-hulud self-replicating worm's dangerous new variant is burrowing into new territories in its latest attack, flaunting features that threaten not only the npm code repository, but also GitHub and the cloud ecosystem — and to boot, it features new wiper functionality.
As a new AI-powered Web browser brings agentics closer to the masses, questions remain regarding whether prompt injections, the signature LLM attack type, could get even worse.
ChatGPT Atlas is OpenAI's large language model (LLM)-powered Web browser launched Oct.
ChatGPT Atlas is OpenAI's large language model (LLM)-powered Web browser launched Oct.
December 3, 2025 at 10:00 AM
As a new AI-powered Web browser brings agentics closer to the masses, questions remain regarding whether prompt injections, the signature LLM attack type, could get even worse.
ChatGPT Atlas is OpenAI's large language model (LLM)-powered Web browser launched Oct.
ChatGPT Atlas is OpenAI's large language model (LLM)-powered Web browser launched Oct.
Check Point heeft een ernstige kwetsbaarheid ontdekt in OpenAI Codex. De fout maakt het mogelijk dat ogenschijnlijk onschuldige operationele bestanden schadelijke opdrachten uitvoeren zodra de tool wordt gestart.
December 3, 2025 at 8:00 AM
Check Point heeft een ernstige kwetsbaarheid ontdekt in OpenAI Codex. De fout maakt het mogelijk dat ogenschijnlijk onschuldige operationele bestanden schadelijke opdrachten uitvoeren zodra de tool wordt gestart.
Google on Monday released monthly security updates for the Android operating system, including two vulnerabilities that it said have been exploited in the wild.
December 2, 2025 at 5:30 PM
Google on Monday released monthly security updates for the Android operating system, including two vulnerabilities that it said have been exploited in the wild.
A threat actor known as ShadyPanda has been linked to a seven-year-long browser extension campaign that has amassed over 4.3 million installations over time.
December 2, 2025 at 4:00 PM
A threat actor known as ShadyPanda has been linked to a seven-year-long browser extension campaign that has amassed over 4.3 million installations over time.
Vanaf 1 januari 2026 gelden nieuwe beveiligingsregels voor bedrijven die overheidsopdrachten uitvoeren waarbij gevoelige of staatsgeheime informatie wordt verwerkt.
December 1, 2025 at 5:00 PM
Vanaf 1 januari 2026 gelden nieuwe beveiligingsregels voor bedrijven die overheidsopdrachten uitvoeren waarbij gevoelige of staatsgeheime informatie wordt verwerkt.
Het Nationaal Coördinator Terrorismebestrijding en Veiligheid heeft het Cybersecuritybeeld Nederland 2025 gepubliceerd. Het rapport schetst een divers en onvoorspelbaar dreigingslandschap, waarin cyberaanvallen geavanceerder worden en digitale afhankelijkheden toenemen.
November 27, 2025 at 3:15 PM
Het Nationaal Coördinator Terrorismebestrijding en Veiligheid heeft het Cybersecuritybeeld Nederland 2025 gepubliceerd. Het rapport schetst een divers en onvoorspelbaar dreigingslandschap, waarin cyberaanvallen geavanceerder worden en digitale afhankelijkheden toenemen.
The North Korea-linked operators of a malware family known as FlexibleFerret are continuing to refine and adapt their credential-theft campaign targeting macOS users using fake job-recruitment workflows.
November 26, 2025 at 4:00 PM
The North Korea-linked operators of a malware family known as FlexibleFerret are continuing to refine and adapt their credential-theft campaign targeting macOS users using fake job-recruitment workflows.
A critical flaw in Oracle's Identity Manager has been exploited in the wild, marking the latest threat for customers of the enterprise software giant.
CVE-2025-61757 is a remote code execution (RCE) vulnerability in the Identity Manager solution for Oracle Fusion Middleware.
CVE-2025-61757 is a remote code execution (RCE) vulnerability in the Identity Manager solution for Oracle Fusion Middleware.
November 25, 2025 at 5:30 PM
A critical flaw in Oracle's Identity Manager has been exploited in the wild, marking the latest threat for customers of the enterprise software giant.
CVE-2025-61757 is a remote code execution (RCE) vulnerability in the Identity Manager solution for Oracle Fusion Middleware.
CVE-2025-61757 is a remote code execution (RCE) vulnerability in the Identity Manager solution for Oracle Fusion Middleware.
The Shai-hulud self-replicating worm, which targets open source repositories, has reemerged with a new, more dangerous variant.
Shai-hulud first emerged in September as self-replicating malware that spread across NPM packages.
Shai-hulud first emerged in September as self-replicating malware that spread across NPM packages.
November 25, 2025 at 4:00 PM
The Shai-hulud self-replicating worm, which targets open source repositories, has reemerged with a new, more dangerous variant.
Shai-hulud first emerged in September as self-replicating malware that spread across NPM packages.
Shai-hulud first emerged in September as self-replicating malware that spread across NPM packages.
For more than half a decade now, a Chinese state-aligned threat actor has been spying on Chinese organizations by infecting their trusted software updates.
November 25, 2025 at 1:00 PM
For more than half a decade now, a Chinese state-aligned threat actor has been spying on Chinese organizations by infecting their trusted software updates.
In a near replica of a separate campaign this summer, hackers connected to the ShinyHunters extortion operation have once again breached many organizations' Salesforce instances via a third-party integration.
November 25, 2025 at 8:30 AM
In a near replica of a separate campaign this summer, hackers connected to the ShinyHunters extortion operation have once again breached many organizations' Salesforce instances via a third-party integration.
Artificial intelligence (AI) is doing exactly what security teams hoped it would do: eliminate the repetitive, low-value work that has long burned out junior analysts. But in solving this problem, it may be creating another one that could have a long-lasting impact.
Log review.
Log review.
November 24, 2025 at 11:04 AM
Artificial intelligence (AI) is doing exactly what security teams hoped it would do: eliminate the repetitive, low-value work that has long burned out junior analysts. But in solving this problem, it may be creating another one that could have a long-lasting impact.
Log review.
Log review.
Containerization technology makes software development and cloud deployment easier, but the images that are the foundation of the ecosystem commonly have unnecessary components and hundreds of vulnerabilities.
November 24, 2025 at 9:35 AM
Containerization technology makes software development and cloud deployment easier, but the images that are the foundation of the ecosystem commonly have unnecessary components and hundreds of vulnerabilities.
Under the radar, Google has added features that allow Gmail to access all private messages and attachments for training its AI models.
If you use Gmail, you need to be aware of an important change that’s quietly rolling out.
If you use Gmail, you need to be aware of an important change that’s quietly rolling out.
November 22, 2025 at 8:40 AM
Under the radar, Google has added features that allow Gmail to access all private messages and attachments for training its AI models.
If you use Gmail, you need to be aware of an important change that’s quietly rolling out.
If you use Gmail, you need to be aware of an important change that’s quietly rolling out.
De roep om minder afhankelijk te worden van Amerikaanse cloudproviders en om meer grip te krijgen op onze data en systemen klinkt steeds luider, zowel in Nederland als in de rest van Europa.
November 21, 2025 at 10:00 AM
De roep om minder afhankelijk te worden van Amerikaanse cloudproviders en om meer grip te krijgen op onze data en systemen klinkt steeds luider, zowel in Nederland als in de rest van Europa.