15. Dezember 2025 A new variation of the ClickFix scam tries to get around phishing defenses by capturing an employee’s OAuth authentication token for Microsoft logins (ConsentFix vulnerability) Researchers at Push Security this week outlined the tactic, which they call ConsentFix, in a blog, calling it “a dangerous evolution of ClickFix and consent phishing that is incredibly hard for traditional security tools to detect and…
11. Dezember 2025 Fortinet on Tuesday announced patches for 18 vulnerabilities across its products, including two flaws that could allow attackers to bypass authentication. Tracked as CVE-2025-59718 and CVE-2025-59719 (CVSS score of 9.8), the two bugs are described as improper verification of cryptographic signature issues. They impact FortiOS, FortiWeb, FortiProxy, and FortiSwitchManager. According to Fortinet, the weaknesses allow attackers to send crafted SAML response messages…
10. Dezember 2025 Microsoft on Tuesday announced patches for 57 vulnerabilities as part of its December 2025 security updates. Three of the bugs are zero-days, but only one is under active exploitation. The exploited zero-day, tracked as CVE-2025-62221 (CVSS score of 7.8), is described as a use-after-free issue in the Windows Cloud Files Mini Filter Driver. According to Microsoft, the successful exploitation of the security…
09. Dezember 2025 Eine Sicherheitslücke in der Javascript-Bibliothek react.js wird aktiv von China ausgenutzt Just days after the disclosure of the React2Shell critical vulnerability, tracked as CVE-2025-55182, threat actors are actively exploiting the flaw in react.js in the wild. The vulnerability carries a CVSS v3.1 score of 10, the highest possible severity rating. Amazon Web Services (AWS) has confirmed that threat groups including Earth Lamia and Jackpot Panda,…
08. Dezember 2025 Die CISA und die NSA warnen vor einem hochentwickelten Angriff auf Technik von VMware, mit dem sich Akteure aus China einen dauerhaften Zugang sichern könnten (VMWARE ESX) Die Cybersicherheitsagenturen der USA und Kanadas sowie die NSA warnen vor einem hochentwickelten Angriff auf VMware vSphere, bei dem sich Akteure in Diensten der Volksrepublik China dauerhafte Zugriffe auf Systeme von Regierungen und IT-Firmen sichern. Die…
05. Dezember 2025 Russland geht gegen Apple vor Russia has blocked Apple’s (AAPL.O), opens new tab video-calling app FaceTime, the state communications watchdog said on Thursday, as part of an accelerating clampdown on foreign tech platforms that authorities allege are being used for criminal activity. The move follows restrictions against Google’s YouTube, Meta’s (META.O), opens new tab WhatsApp and the Telegram messaging service. The Reuters Tariff Watch newsletter is…
04. Dezember 2025 4,3 Millionen Geräte per Update mit Malware infiziert Hacker haben über mehrere Jahre hinweg zunächst harmlose Erweiterungen für Chrome und Edge veröffentlicht. Doch dann sind Updates mit Schadcode gekommen.Sicherheitsforscher von Koi haben Malware-Kampagnen einer Hackergruppe namens Shadypanda aufgedeckt, die über Jahre hinweg bei Chrome- und Edge-Nutzern mit mehreren Browsererweiterungen Vertrauen aufgebaut hat, um am Ende per Update eine Backdoor oder Spyware nachzurüsten….
03. Dezember 2025 Microsoft veröffentlicht heimlich Security-Patch Microsoft has silently mitigated an exploited LNK vulnerability with its November 2025 security updates, Acros Security says. Tracked as CVE-2025-9491 (CVSS score of 7.0), the security defect allowed threat actors to obfuscate the purpose of malicious LNK files by hiding code from the user’s view. The bug was disclosed in March by Trend Micro’s Zero Day Initiative (ZDI), which warned…
02. Dezember 2025 Microsoft patcht Dutzende Fehler in Windows 11 Microsoft has released the KB5070311 preview cumulative update for Windows 11 systems, which includes 49 changes, including fixes for File Explorer freezes and search issues. KB5070311 is an optional preview update that delivers updates at the end of each month, enabling IT admins to test Windows bug fixes, improvements, and new features that will roll out during next…
03. Dezember 2025 Google veröffentlicht Android Security-Patch Dezember 2025 Google on Monday released monthly security updates for the Android operating system, including two vulnerabilities that it said have been exploited in the wild.The patch addresses a total of 107 security flaws spanning different components, including Framework, System, Kernel, as well as those from Arm, Imagination Technologies, MediaTek, Qualcomm, and Unison.The two high-severity shortcomings that have been exploited…
Notifications
