"Comment stuffing" in an HTML phishing attachment as a mechanism for evading AI-based detection?, (Fri, Jul 10th)
Anyone who deals with phishing messages caught by basic security filters knows that most phishing samples tend to blend into one another, since only a small set of techniques and approaches keeps reappearing in them. Tha
Attackers Exploit 'Ill Bloom' Vulnerability to Drain $3.1 Million From Cryptocurrency Wallets
Security firm Coinspect has disclosed a crypto wallet flaw it calls Ill Bloom, and attackers are already using it. The flaw is in how some wallet software generated its recovery phrase, the words that cont
Former ransomware negotiator gets 4 years for BlackCat attacks
A former employee of cybersecurity incident response company DigitalMint was sentenced to 70 months in prison for targeting U.S. companies in BlackCat (ALPHV) ransomware attacks. [...]
Ransomware Negotiator Gets 70 Months in Prison for Aiding BlackCat Attacks
A 41-year-old former ransomware negotiator has been sentenced to nearly six years (i.e., 70 months) in prison in the U.S. for their role in conspiring with the now-defunct BlackCat ransomware operators to extort multiple
Anzeige: Microsoft 365 mit Zero Trust absichern
Microsoft 365 Zero Trust verlangt klare Kontrollen für Identitäten, Daten und Geräte. Ein Online-Workshop zeigt, wie Schutzmechanismen und Monitoring strukturiert umgesetzt werden. (<a href="https://www.golem.de/specials
Auslegungssache 163: Datenschutz-Alltag im Krankenhaus
Im c't-Datenschutz-Podcast berichtet die Datenschutzbeauftragte eines Klinikverbunds aus ihrem Alltag. Zuvor gibt es klare Worte zu Reformplänen der Regierung.
ISC Stormcast For Friday, July 10th, 2026 https://isc.sans.edu/podcastdetail/10002, (Fri, Jul 10th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
OpenMandriva Linux says contributor tried to sabotage the project
The OpenMandriva Linux project announced that it was the target of an attempted act of internal sabotage after a dispute among contributors. [...]
Injective SDK on npm infected with cryptocurrency wallet stealer
Hackers compromised the Injective Labs SDK project's GitHub repository and used it to publish a malicious package on the Node Package Manager (npm) that stole cryptocurrency wallet private keys and mnemonic seed phrases.
Operation „First Light 2026“: 5.800 Verdächtige weltweit festgenommen
In einer weltweiten Aktion gegen Social-Engineering-Betrug wurden Tausende Verdächtige inhaftiert und Beträge in Millionenhöhe sichergestellt.
Dormant GitHub Accounts Help Attackers Blend In While Mapping Corporate Orgs
Datadog Security Labs is warning of "several overlapping campaigns" that are systematically enumerating corporate GitHub organizations, repositories, and user accounts through the GitHub API. "Operators rely on auto
New GigaWiper Windows Backdoor Bundles Disk Wiping, Fake Ransomware, and Spyware
Microsoft has taken apart a destructive Windows backdoor it calls GigaWiper. What stands out is how it is built: not one tool but three older destructive programs bolted into one, offered as commands the operator can cho
New Helix vishing group emerges in SharePoint data theft attacks
A new data-extortion group called Helix is using identity-focused tactics such as voice phishing (vishing), device code phishing, and multi-factor authentication (MFA) abuse to steal data from SharePoint environments. [.
Microsoft expects more Windows security updates from AI-discovered flaws
Microsoft says Windows users should expect to see an increase in security updates as the company increasingly relies on artificial intelligence to discover vulnerabilities in its codebase. [...]
npm 12 Disables Install Scripts by Default to Reduce Supply Chain Risk
GitHub has officially announced the release of npm version 12 with install scripts disabled by default, along with deprecating granular access tokens (GATs) designed to bypass two-factor authentication (2FA). The Microso
ThreatsDay: Cloud Bucket Hijacking, Windows LPE Chain, Global Fraud Bust + 17 More Stories
Most security mess starts as admin work. A link gets clicked. A tool gets trusted. A bucket name gets reused. A setting stays loose because nobody wants to touch it. This week is full of that kind of damage. Not lou
GigaWiper: Anatomy of a destructive backdoor assembled from multiple malware
GigaWiper is a destructive backdoor that combines multiple wiping and ransomware-like capabilities into a single operational platform. This blog analyzes how the malware incorporates code from several previously separate
Abstimmung im EU-Parlament: Die anlasslose Chatkontrolle ist wieder da
Das umstrittene Vorgehen der christdemokratischen EVP-Fraktion hat dazu geführt, dass die Chatkontrolle trotz ablehnender Mehrheit verlängert wird. (<a href="https://www.golem.de/specials/chatkontrolle/">Chatkontrolle</a
New Forg365 phishing platform uses AI to target Microsoft 365 accounts
A new phishing-as-a-service (PhaaS) operation called Forg365 focuses on stealing Microsoft 365 accounts by combining adversary-in-the-middle (AiTM) and device code methods with AI-assisted lure generation. [...]
n8n: CERT-Bund veröffentlicht Warnmeldung zu kürzlich beseitigten Schwachstellen
Kritisch ist keine der jüngst gefixten Lücken in der Automatisierungslösung n8n. Dennoch betont eine Warnmeldung des BSI die hohe Update-Relevanz.
Ohne Weltraumschrott: Blendwaffe macht Satelliten temporär unbrauchbar
Das System kann gezielt Spionage- und Kommunikationssatelliten unbrauchbar machen, ohne sie zu zerstören. Es ist jetzt einsatzbereit. (<a href="https://www.golem.de/specials/spionage/">Spionage</a>, <a href="https://www.
The Hidden Security Risks of Reduced Summer IT Coverage
Security operations don't slow down when IT teams take vacation, but staffing levels often do. Kaseya explains how AI-driven automation can help organizations maintain consistent security operations and reduce reliance o
AI Attacks Move in Minutes. Join This Webinar on Building a Defense That Keeps Up
AI has changed how fast attacks move. Work that once took an attacker days now takes minutes. Using models like Mythos, attackers write tailored bait, pick targets, test what lands, and jump to the next host before your
Chrome-Browser & ChromeOS LTS : Updates schließen teils kritische Lücken
Fur Windows, macOS, Linux und die Android-Version des Chrome-Browsers sind Sicherheitsupdates verfügbar. Auch die LTS-Fassung von ChromeOS wurde abgedichtet.
(g+) Open Source, Zero Knowledge: So gelingt Passwortmanagement mit Bitwarden
Bitwarden soll Kontrolle über Passwörter, Identitäten und Zugänge geben. Die wichtigste Entscheidung ist jedoch nicht, ob dieser Passworttresor läuft, sondern wo. Eine Analyse von Fabian Deitelhoff (<a href="https://www.
Microsoft to retire the OWA Light client in Exchange Server
Microsoft has announced plans to disable Outlook Web Access (OWA) Light, the lightweight version of the Outlook Web App email client, in a future Exchange Server update. [...]
Summer of Clearinghouses
Everyone seems to have announced a clearinghouse over the past few weeks. We did too. Ours is called Athena, and the main thing that sets it apart is that it was already real and running when we announced it — built quie
GodDamn Ransomware Uses PoisonX Driver to Disable Endpoint Defenses
Cybersecurity researchers have flagged a new ransomware family called GodDamn that employs the PoisonX kernel driver to neutralize security software as part of its defense evasion strategy. According to a new report publ
RoguePlanet-Zero-Day: Microsoft legt neuen Windows-Patch nach
Für eine zuvor nur rudimentär abgedichtete Schwachstelle aus dem Exploit-Fundus von "Nightmare Eclipse" gibt es jetzt einen neuen, (hoffentlich) finalen Patch.
Police arrests 5,800 suspects in global anti-fraud crackdown
Law enforcement agencies have arrested 5,811 suspects and seized $293 million in illicit assets in a global anti-fraud operation spanning 97 countries. [...]
Microsoft Patches RoguePlanet Defender Flaw That Can Grant SYSTEM Privileges
Microsoft has released security updates for a Defender vulnerability known as RoguePlanet, nearly a month after details of the flaw became public. The vulnerability, tracked as CVE-2026-50656 (CVSS score: 7.8), is a priv
Produktion lahmgelegt: Cyberangriff treibt Textilbetrieb in die Insolvenz
Ein Cyberangriff hat im März die Produktion eines deutschen Textilveredlers für mehrere Wochen beeinträchtigt. Jetzt ist das Unternehmen pleite. (<a href="https://www.golem.de/specials/cybercrime/">Cybercrime</a>, <a hre
Schwachstelle in Coding-Agenten: Zugriff auf beliebige Dateien über Symlinks
Angreifer könnten über ein Repository mit Schadcode auch Zugriff auf Dateien außerhalb einer Sandbox erhalten.
AssuranceAmerica data breach exposes records of 6.9 million drivers
American insurance company AssuranceAmerica has disclosed a data breach impacting nearly 7 million drivers after attackers gained access to its systems earlier this year. [...]
Offizieller Signal-Chat taucht im Messenger auf iOS auf
Der einzige offizielle Chat von Signal erscheint mit blauem Verifikationshaken und warnt vor Nachahmern. Der Grund: Feature-Parität mit Android und Desktops.
Meta's New AI Image Tool Lets Others Use Your Public Instagram Photos in AI Images
Meta has announced that its new artificial intelligence (AI) model Muse Image lets people use public Instagram posts and reels to generate AI content, and it's enabled by default. "You can also @-mention Instagram accoun
Update gegen Rogueplanet: Microsoft reagiert auf gefährlichen Defender-Exploit
Der Rogueplanet-Exploit verleiht Angreifern unter Windows weitreichende Systemrechte. Ein Update für den Microsoft Defender soll schützen. (<a href="https://www.golem.de/specials/sicherheitsluecke/">Sicherheitslücke</a>,
Microsoft patches RoguePlanet Defender zero-day vulnerability
Microsoft has released a security patch to address a Defender zero-day vulnerability known as "RoguePlanet," disclosed after the June 2026 Patch Tuesday. [...]
Top AI Agents Built to Catch Malicious Code Can Be Tricked Into Running It
Ask an AI coding agent to scan open-source code for security holes, and it might run the attacker's code on your own machine instead. That is the finding in a proof-of-concept published Wednesday by the AI Now
GhostApproval Symlink Flaws Could Let Malicious Repos Run Code in AI Coding Agents
Researchers at Wiz found that a flaw in six popular AI coding assistants lets a booby-trapped code project quietly take control of a developer's computer. The assistant asks permission to edit one harmless-look
Wird alle 30 Minuten aktualisiert · CH/DE: BACS Schweiz, BSI, Allianz Cyber-Sicherheit, Heise Security, Golem · EN: BleepingComputer, The Hacker News, Fortinet, SANS ISC, Microsoft Security, Krebs on Security, Kaspersky