US court system hacked - witness information compromised
A targeted attack on the US federal court system's electronic records management system PACER has led to a potential data leak. Particularly critical: in addition to internal documents, information about protected witnesses may also have become public. Initial analyses point to a state-supported hacker group.
🔗 Politico: Federal court filing system hit in sweeping hack
Data leak at Air France & KLM via third-party tool
Attackers were able to access frequent flyer data such as names, email addresses and bonus numbers via a compromised customer service tool. Although credit card or travel data was not affected, the incident underlines the importance of secure third-party management.
🔗 SecurityWeek: Hackers Accessed Air France-KLM Customer Data
New Exchange vulnerability (CVE-2025-53786) jeopardizes hybrid environments
Microsoft warns of a critical vulnerability in on-premise Exchange servers that allows privilege escalation in conjunction with hybrid configurations. Administrators should check whether their systems are correctly secured and patched.
🔗 SecurityWeek: Exchange flaw in hybrid setups
PXA Stealer: New Linux malware targets passwords and payment data
A new Python-based infostealer threatens Linux systems and systematically extracts browser data, logins and wallet information. The malware is currently being traded in underground forums and actively tested in campaigns.
🔗 Cybersecurity Review: PXA Stealer for Linux
AI outperforms humans in red teaming: Claude from Anthropic impresses in CTFs
In recent capture-the-flag simulations, the AI model "Claude" from Anthropic showed that it can outperform human red teams in terms of analysis speed and pattern recognition. At the same time, Microsoft announced "Project Ire", an autonomous AI tool for malware detection.
🔗 Axios: Anthropic's Claude outperforms humans in hacking challenges
Those who are prepared are safe
The events of the week show Threats are becoming increasingly networked, multi-layered and technologically sophisticated. Particularly striking are the attack surfaces via third-party providers, cloud platforms and hybrid IT infrastructures - often underestimated, but highly critical.
With penetration tests, risk analyses and awareness measures (e.g. phishing & ransomware simulations), we support companies in identifying precisely these vulnerabilities at an early stage and securing them effectively.
Would you like to put your security strategy to the test?
Book your free initial consultation now - you will find the link in the first comment.
