Security News

Anthropic's AI tool Claude Code Security analyzes code contextually rather than based on rules. The stock market reacts nervously, with share prices falling.

Dell's backup solution PowerProtect Data Manager is vulnerable to malware attacks, among other things. Security patches are available for download.

The cyber gang Lapsus$ claims in an underground forum to have copied data from Adidas from an external service provider.

The patchday updates close a vulnerability in the Windows Editor that allowed the injection of malicious code. Details about the leak are now available.

The Federal Office for Information Security (BSI) and IT researchers warn of widespread attacks on Ivanti EPMM.

Google had to remove significantly fewer malicious programs from the Play Store in 2025 – a success of intensified security measures and AI-powered controls.

Attackers can, in the worst case, attack systems with Atlassian applications with malware.

Jürgen Schmidt long spoke out against offensive cyber operations. Russia's sabotage attack on Poland's energy supply has changed his mind.

A new scam relies on customized AI chatbots. These urge victims to buy worthless cryptocurrencies.

TÜV SÜD warns that the registration deadline for NIS2-obligated companies at the BSI ends in two weeks. Around 29,000 German companies are affected.

In France, attackers gained access to a national database and read out data from 1.2 million bank accounts.

Nvidia developers have closed code-vulnerability loopholes in Megatron Bridge and NeMo Framework, among others.

Mozilla had planned to end support for Firefox on Windows 7, 8, and 8.1 in 2024. Extended support now ends in February.

The US cybersecurity agency warns of observed attacks on Chrome, Zimbra, ThreatSonar, and an ActiveX module.

Microsoft has released the preview of the Security Dashboard for AI. It provides an overview of AI risks in the company.

Important security updates have been released for Dell RecoverPoint for Virtual Machines and Avamar Server, among others. Attacks are already occurring.

Notepad++ improves security mechanisms and closes a new vulnerability that allows attackers to execute malicious code.

In Windows Admin Center, attackers can escalate their privileges. Microsoft classifies this as critical and advises admins to update.

The DENIC domain query publicly displays the name, address, and contact details for corporate domains. This is due to the NIS2 directive.

In view of the Football World Cup, Mexico is upgrading its security technology. The venue Monterrey presents robot dogs for the police.

IT researchers from ETH Zurich have investigated widely used password managers and found ways to view passwords.

Attackers can inject and execute malicious code on systems within the context of OpenClaw, among other things. Security patches are available.

The funding for DHS that expired over the weekend also affects the IT security authority CISA. It is now operating in emergency mode.

IT researchers examined 32.000 Chrome extensions and caught 287, some of them popular apps, spying on users.

The kernel of older Tails versions contains security vulnerabilities. Version 7.4.2 of the anonymizing Linux distribution closes them.

IT researchers have traced numerous Chrome extensions back to a campaign that jeopardizes the information of 260.000 users.

Google released an emergency update for the Chrome web browser over the weekend. It closes a vulnerability that is already being exploited.

Data analysis provider Palantir wants to obtain a counterstatement in court – and triggers a wave of solidarity for a small Swiss magazine.

The IPFire developers have released DBL, a categorized domain blocklist. It aims to block malware, phishing, and trackers.

Security patches for Qnap's NAS operating systems QTS and QuTS hero close several vulnerabilities.

Attackers are exploiting a critical vulnerability in BeyondTrust Remote Support and Privileged Remote Access. Security patches are available.

In 2025, the email providers Mailbox.org and Posteo rejected numerous authority requests, mostly because the authority requests arrived unencrypted.

Attackers can target Fortinet firewalls, among other things. Security updates are available for download.

On the February Patch Day, SAP is addressing several security issues in its software portfolio.

The backup solutions Dell Avamar and NetWorker and the server remote management iDRAC are vulnerable.

Microsoft announces significantly stricter security measures for Windows – which are at least questionable to counterproductive, analyzes Moritz Förster.

Microsoft announces two new security initiatives for Windows: Baseline Security Mode and User Transparency and Consent are intended to protect users better.

Security patches close several vulnerabilities in Adobe applications. So far, there are no reports of attacks.

Important security updates have been released for Exchange Server, Hyper-V, Office, and Windows, among others. There are already attacks.

Two remote support solutions from BeyondTrust are vulnerable. Security updates close a critical gap.