IT‑Sicherheits‑Digest (2026-02-27) Aktuelle Security‑News heise security Junos OS Evolved: Update außer der Reihe stopft Codeschmuggel-Lücke (2026-02-27 06:49 UTC) Kurz: In Junos OS Evolved der PTX-Serie von Juniper Networks klafft eine kritische Sicherheitslücke. Ein ungeplantes Update schließt sie. Quelle: Link Kommentar: KI-Müll treibt curls Bug-Bounty-Programm vor sich her (2026-02-26 14:34 UTC) Kurz: Erst weg von HackerOne, vier Wochen später zurück – curl reagiert erratisch auf die Flut wertloser und belastender KI-Beiträge. Quelle: Link Betrug über Telegram steigt um 233 Prozent – Fake-Jobs sind das größte Problem (2026-02-26 12:46 UTC) Kurz: Trotz vieler Betrugsversuche auf Meta-Plattformen ist die am schnellsten wachsende Quelle für Scams Telegram. Besonders der Betrug mit Fake-Jobs boomt. Quelle: Link BleepingComputer Previously harmless Google API keys now expose Gemini AI data (2026-02-26 20:55 UTC) Kurz: Google API keys for services like Maps embedded in accessible client-side code could be used to authenticate to the Gemini AI assistant and access private data. […] Quelle: Link Trend Micro warns of critical Apex One code execution flaws (2026-02-26 17:58 UTC) Kurz: Trend Micro has patched two critical Apex One vulnerabilities that allow attackers to gain remote code execution (RCE) on vulnerable Windows systems. […] Quelle: Link European DYI chain ManoMano data breach impacts 38 million customers (2026-02-26 17:35 UTC) Kurz: DIY store chain ManoMano is notifying customers of a data breach personal data, which was caused by hackers compromising a third-party service provider. […] Quelle: Link The Hacker News Aeternum C2 Botnet Stores Encrypted Commands on Polygon Blockchain to Evade Takedown (2026-02-26 18:00 UTC) Kurz: Cybersecurity researchers have disclosed details of a new botnet loader called Aeternum C2 that uses a blockchain-based command-and-control (C2) infrastructure to make it resilient to takedown efforts. “Instead of relying on traditional ser… Quelle: Link UAT-10027 Targets U.S. Education and Healthcare with Dohdoor Backdoor (2026-02-26 15:17 UTC) Kurz: A previously undocumented threat activity cluster has been attributed to an ongoing malicious campaign targeting education and healthcare sectors in the U.S. since at least December 2025. The campaign is being tracked by Cisco Talos under t… Quelle: Link ThreatsDay Bulletin: Kali Linux + Claude, Chrome Crash Traps, WinRAR Flaws, LockBit & 15+ Stories (2026-02-26 14:28 UTC) Kurz: Nothing here looks dramatic at first glance. That’s the point. Many of this week’s threats begin with something ordinary, like an ad, a meeting invite, or a software update. Behind the scenes, the tactics are sharper. Access happens faster.… Quelle: Link Neue CVEs (letzte 24h, NVD‑Abgleich) Fortinet FortiGate (7.4.x) Keine neuen Treffer in den letzten 24h. Atlassian (Jira/Confluence) Keine neuen Treffer in den letzten 24h. HPE/Aruba Switches Keine neuen Treffer in den letzten 24h. VMware ESXi/vCenter (7.x) CVE-2026-22715 — CVSS 5.9 (MEDIUM) Kurz: VMWare Workstation and Fusion contain a logic flaw in the management of network packets. Known attack vectors: A malicious actor with administrative privileges on a Guest VM may be able to interrupt or intercept network … Quelle: Link Hinweis CVE‑Treffer sind ein Frühwarn‑Check (NVD) und müssen für eure exakten Versionen/Deployments gegengeprüft werden (Vendor Advisory/Patches).

IT‑Sicherheits‑Digest (2026-02-26) Aktuelle Security‑News heise security Claude: KI-Chatbot für Cyberangriff auf mexikanische Regierung genutzt (2026-02-25 22:06 UTC) Kurz: Ein unbekannter Cyberkrimineller dringt mittels des KI-Chatbots von Anthropic in mexikanische Behördennetzwerke ein. Das folgt einem besorgniserregenden Trend. Quelle: Link Diverse VMware-Produkte über mehrere Sicherheitslücken angreifbar (2026-02-25 13:50 UTC) Kurz: Unter anderem VMware Cloud Foundation ist verwundbar. Admins sollten die verfügbaren Sicherheitsupdates installieren. Quelle: Link Manager bei Rüstungskonzern: 87 Monate Gefängnis für den Verkauf von Zero-Days (2026-02-25 13:33 UTC) Kurz: Der Rüstungskonzern L3Harris sammelt auch Zero-Day-Exploits für ausgewählte Regierungen. Ein Manager hat solche an einen Russen verkauft und muss nun in Haft. Quelle: Link BleepingComputer Medical device maker UFP Technologies warns of data stolen in cyberattack (2026-02-25 23:02 UTC) Kurz: American manufacturer of medical devices, UFP Technologies, has disclosed that a cybersecurity incident has compromised its IT systems and data. […] Quelle: Link Fake Next.js job interview tests backdoor developer’s devices (2026-02-25 21:47 UTC) Kurz: The Microsoft Defender team has discovered a coordinated campaign targeting software developers through malicious repositories posing as legitimate Next.js projects and technical assessment materials, including recruiting coding tests. […… Quelle: Link Critical Cisco SD-WAN bug exploited in zero-day attacks since 2023 (2026-02-25 18:01 UTC) Kurz: Cisco is warning that a critical authentication bypass vulnerability in Cisco Catalyst SD-WAN, tracked as CVE-2026-20127, was actively exploited in zero-day attacks that allowed remote attackers to compromise controllers and add malicious r… Quelle: Link The Hacker News Cisco SD-WAN Zero-Day CVE-2026-20127 Exploited Since 2023 for Admin Access (2026-02-26 06:13 UTC) Kurz: A newly disclosed maximum-severity security flaw in Cisco Catalyst SD-WAN Controller (formerly vSmart) and Catalyst SD-WAN Manager (formerly vManage) has come under active exploitation in the wild as part of malicious activity that dates ba… Quelle: Link Google Disrupts UNC2814 GRIDTIDE Campaign After 53 Breaches Across 42 Countries (2026-02-25 17:46 UTC) Kurz: Google on Wednesday disclosed that it worked with industry partners to disrupt the infrastructure of a suspected China-nexus cyber espionage group tracked as UNC2814 that breached at least 53 organizations across 42 countries. “This prolifi… Quelle: Link Claude Code Flaws Allow Remote Code Execution and API Key Exfiltration (2026-02-25 17:00 UTC) Kurz: Cybersecurity researchers have disclosed multiple security vulnerabilities in Anthropic’s Claude Code, an artificial intelligence (AI)-powered coding assistant, that could result in remote code execution and theft of API credentials. “The v… Quelle: Link Neue CVEs (letzte 24h, NVD‑Abgleich) Fortinet FortiGate (7.4.x) Keine neuen Treffer in den letzten 24h. Atlassian (Jira/Confluence) CVE-2026-1662 — CVSS 7.5 (HIGH) Kurz: GitLab has remediated an issue in GitLab CE/EE affecting all versions from 14.4 before 18.7.5, 18.8 before 18.8.5, and 18.9 before 18.9.1 that could have allowed an unauthenticated user to cause Denial of Service by send… Quelle: Link HPE/Aruba Switches Keine neuen Treffer in den letzten 24h. VMware ESXi/vCenter (7.x) CVE-2026-22719 — CVSS 8.1 (HIGH) Kurz: VMware Aria Operations contains a command injection vulnerability. A malicious unauthenticated actor may exploit this issue to execute arbitrary commands which may lead to remote code execution in VMware Aria Operations … Quelle: Link CVE-2026-22720 — CVSS 8.0 (HIGH) Kurz: VMware Aria Operations contains a stored cross-site scripting vulnerability. A malicious actor with privileges to create custom benchmarks may be able to inject script to perform administrative actions in VMware Aria Ope… Quelle: Link CVE-2026-22721 — CVSS 6.2 (MEDIUM) Kurz: VMware Aria Operations contains a privilege escalation vulnerability. A malicious actor with privileges in vCenter to access Aria Operations may leverage this vulnerability to obtain administrative access in VMware Aria … Quelle: Link Hinweis CVE‑Treffer sind ein Frühwarn‑Check (NVD) und müssen für eure exakten Versionen/Deployments gegengeprüft werden (Vendor Advisory/Patches).

IT‑Sicherheits‑Digest (2026-02-25) Aktuelle Security‑News heise security Zeitersparnis durch KI – doch viele befürchten Datenlecks (2026-02-25 05:55 UTC) Kurz: Smarte Spartipps, Betrugsschutz, blitzschnelle Baufinanzierung: KI soll Bankgeschäfte erleichtern. Wie sicher sind die Daten wirklich? Die Skepsis ist groß. Quelle: Link Microsoft-Anleitung für Secure-Boot-Zertifikate von Windows Servern (2026-02-24 13:25 UTC) Kurz: Microsofts Secure-Boot-Zertifikate laufen im Juni aus und müssen ersetzt werden. Microsoft gibt Server-Admins eine Handreichung. Quelle: Link iOS 26.4 Beta 2: Apple testet RCS-Verschlüsselung mit Android (2026-02-24 10:28 UTC) Kurz: Apple hat eine neue Entwicklerbeta fürs iPhone freigegeben. Damit lassen sich erstmals verschlüsselte RCS-Gespräche in Richtung Android testen – und mehr. Quelle: Link BleepingComputer Phishing campaign targets freight and logistics orgs in the US, Europe (2026-02-24 23:57 UTC) Kurz: A financially motivated threat group dubbed “Diesel Vortex” is stealing credentials from freight and logistics operators in the U.S. and Europe in phishing attacks using 52 domains. […] Quelle: Link Wynn Resorts confirms employee data breach after extortion threat (2026-02-24 21:51 UTC) Kurz: Wynn Resorts has confirmed that a hacker stole employee data from its systems after the company was listed on the ShinyHunters extortion gang’s data leak site. […] Quelle: Link 1Campaign platform helps malicious Google ads evade detection (2026-02-24 21:45 UTC) Kurz: A newly identified cybercrime service known as 1Campaign is enabling threat actors to run malicious Google Ads that remain online for extended periods while evading scrutiny from security researchers. […] Quelle: Link The Hacker News CISA Confirms Active Exploitation of FileZen CVE-2026-25108 Vulnerability (2026-02-25 05:23 UTC) Kurz: The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a recently disclosed vulnerability in FileZen to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerability,… Quelle: Link RoguePilot Flaw in GitHub Codespaces Enabled Copilot to Leak GITHUB_TOKEN (2026-02-24 18:52 UTC) Kurz: A vulnerability in GitHub Codespaces could have been exploited by bad actors to seize control of repositories by injecting malicious Copilot instructions in a GitHub issue. The artificial intelligence (AI)-driven vulnerability has been code… Quelle: Link UAC-0050 Targets European Financial Institution With Spoofed Domain and RMS Malware (2026-02-24 14:21 UTC) Kurz: A Russia-aligned threat actor has been observed targeting a European financial institution as part of a social engineering attack to likely facilitate intelligence gathering or financial theft, signaling a possible expansion of the threat a… Quelle: Link Neue CVEs (letzte 24h, NVD‑Abgleich) Fortinet FortiGate (7.4.x) Keine neuen Treffer in den letzten 24h. Atlassian (Jira/Confluence) Keine neuen Treffer in den letzten 24h. HPE/Aruba Switches Keine neuen Treffer in den letzten 24h. VMware ESXi/vCenter (7.x) Keine neuen Treffer in den letzten 24h. Hinweis CVE‑Treffer sind ein Frühwarn‑Check (NVD) und müssen für eure exakten Versionen/Deployments gegengeprüft werden (Vendor Advisory/Patches).

IT‑Sicherheits‑Digest (2026-02-24) Aktuelle Security‑News heise security Mit ChatGPT erstellte Passwörter sind nicht sicher (2026-02-23 13:45 UTC) Kurz: Wer KI-Chatbots auffordert, starke Passwörter zu erstellen, erhält zwar sicher erscheinende Ergebnisse, jedoch sind die Passwörter leicht zu knacken. Quelle: Link Sicherheitsupdate: Schadcode-Attacken auf GIMP möglich (2026-02-23 10:36 UTC) Kurz: Angreifer können PCs, auf denen das Grafikprogramm GIMP installiert ist, attackieren. Dafür müssen Opfer aber mitspielen. Quelle: Link CarGurus: Have I Been Pwned integriert Daten von 12,5 Millionen Kunden (2026-02-23 09:53 UTC) Kurz: Have I Been Pwned ist um 12,5 Millionen Einträge von CarGurus-Nutzern und -Nutzerinnen reicher. Die haben ShinyHunters geklaut. Quelle: Link BleepingComputer Android mental health apps with 14.7M installs filled with security flaws (2026-02-23 22:59 UTC) Kurz: Several mental health mobile apps with millions of downloads on Google Play contain security vulnerabilities that could expose users’ sensitive medical information. […] Quelle: Link Spain arrests suspected hacktivists for DDoSing govt sites (2026-02-23 21:59 UTC) Kurz: Spanish authorities have arrested four alleged members of a hacktivist group believed to have carried out cyberattacks targeting government ministries, political parties, and various public institutions. […] Quelle: Link Microsoft says bug in classic Outlook hides the mouse pointer (2026-02-23 19:40 UTC) Kurz: Microsoft is investigating a known issue that causes the mouse pointer to disappear in the classic Outlook desktop email client for some users. […] Quelle: Link The Hacker News APT28 Targeted European Entities Using Webhook-Based Macro Malware (2026-02-23 19:41 UTC) Kurz: The Russia-linked state-sponsored threat actor tracked as APT28 has been attributed to a new campaign targeting specific entities in Western and Central Europe. The activity, per S2 Grupo’s LAB52 threat intelligence team, was active between… Quelle: Link Wormable XMRig Campaign Uses BYOVD Exploit and Time-Based Logic Bomb (2026-02-23 17:59 UTC) Kurz: Cybersecurity researchers have disclosed details of a new cryptojacking campaign that uses pirated software bundles as lures to deploy a bespoke XMRig miner program on compromised hosts. “Analysis of the recovered dropper, persistence trigg… Quelle: Link ⚡ Weekly Recap: Double-Tap Skimmers, PromptSpy AI, 30Tbps DDoS, Docker Malware & More (2026-02-23 13:00 UTC) Kurz: Security news rarely moves in a straight line. This week, it feels more like a series of sharp turns, some happening quietly in the background, others playing out in public view. The details are different, but the pressure points are famili… Quelle: Link Neue CVEs (letzte 24h, NVD‑Abgleich) Fortinet FortiGate (7.4.x) Keine neuen Treffer in den letzten 24h. Atlassian (Jira/Confluence) Keine neuen Treffer in den letzten 24h. HPE/Aruba Switches CVE-2026-23694 — CVSS n/a Kurz: Aruba HiSpeed Cache (aruba-hispeed-cache) WordPress plugin versions prior to 3.0.5 contain a cross-site request forgery (CSRF) vulnerability affecting multiple administrative AJAX actions. The handlers for ahsc_reset_opt… Quelle: Link VMware ESXi/vCenter (7.x) Keine neuen Treffer in den letzten 24h. Hinweis CVE‑Treffer sind ein Frühwarn‑Check (NVD) und müssen für eure exakten Versionen/Deployments gegengeprüft werden (Vendor Advisory/Patches).

IT‑Sicherheits‑Digest (2026-02-23) Aktuelle Security‑News heise security Anthropic launcht Claude Code Security – Cybersecurity-Aktien verlieren (2026-02-21 15:53 UTC) Kurz: Das KI-Tool Claude Code Security von Anthropic analysiert Code kontextbasiert statt regelbasiert. Die Börse reagiert nervös, Aktienkurse geben nach. Quelle: Link Zahlreiche Kernel-Lücken in Dell PowerProtect Data Manager geschlossen (2026-02-20 12:16 UTC) Kurz: Dells Backuplösung PowerProtect Data Manager ist unter anderem für Schadcode-Attacken anfällig. Sicherheitspatches stehen zum Download bereit. Quelle: Link Kommentar: Russlands Cyber-Angriffe erfordern eine Reaktion (2026-02-20 12:07 UTC) Kurz: Jürgen Schmidt sprach sich lange Zeit gegen offensive Cyber-Aktionen aus. Russlands Sabotage-Angriff auf Polens Energieversorgung hat seine Meinung geändert. Quelle: Link BleepingComputer Arkanix Stealer pops up as short-lived AI info-stealer experiment (2026-02-22 15:33 UTC) Kurz: An information-stealing malware operation named Arkanix Stealer, promoted on multiple dark web forums towards the end of 2025, was likely developed as an AI-assisted experiment. […] Quelle: Link Predator spyware hooks iOS SpringBoard to hide mic, camera activity (2026-02-21 16:13 UTC) Kurz: Intellexa’s Predator spyware can hide iOS recording indicators while secretly streaming camera and microphone feeds to its operators. […] Quelle: Link Amazon: AI-assisted hacker breached 600 Fortinet firewalls in 5 weeks (2026-02-21 13:50 UTC) Kurz: Amazon is warning that a Russian-speaking hacker used multiple generative AI services as part of a campaign that breached more than 600 FortiGate firewalls across 55 countries in five weeks. […] Quelle: Link The Hacker News AI-Assisted Threat Actor Compromises 600+ FortiGate Devices in 55 Countries (2026-02-21 14:49 UTC) Kurz: A Russian-speaking, financially motivated threat actor has been observed taking advantage of commercial generative artificial intelligence (AI) services to compromise over 600 FortiGate devices located in 55 countries. That’s according to n… Quelle: Link Anthropic Launches Claude Code Security for AI-Powered Vulnerability Scanning (2026-02-21 07:58 UTC) Kurz: Artificial intelligence (AI) company Anthropic has begun to roll out a new security feature for Claude Code that can scan a user’s software codebase for vulnerabilities and suggest patches. The capability, called Claude Code Security, is cu… Quelle: Link CISA Adds Two Actively Exploited Roundcube Flaws to KEV Catalog (2026-02-21 07:21 UTC) Kurz: The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added two security flaws impacting Roundcube webmail software to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulne… Quelle: Link Neue CVEs (letzte 24h, NVD‑Abgleich) Fortinet FortiGate (7.4.x) Keine neuen Treffer in den letzten 24h. Atlassian (Jira/Confluence) Keine neuen Treffer in den letzten 24h. HPE/Aruba Switches Keine neuen Treffer in den letzten 24h. VMware ESXi/vCenter (7.x) Keine neuen Treffer in den letzten 24h. Hinweis CVE‑Treffer sind ein Frühwarn‑Check (NVD) und müssen für eure exakten Versionen/Deployments gegengeprüft werden (Vendor Advisory/Patches).

IT‑Sicherheits‑Digest (2026-02-22) Aktuelle Security‑News heise security Anthropic launcht Claude Code Security – Cybersecurity-Aktien verlieren (2026-02-21 15:53 UTC) Kurz: Das KI-Tool Claude Code Security von Anthropic analysiert Code kontextbasiert statt regelbasiert. Die Börse reagiert nervös, Aktienkurse geben nach. Quelle: Link Zahlreiche Kernel-Lücken in Dell PowerProtect Data Manager geschlossen (2026-02-20 12:16 UTC) Kurz: Dells Backuplösung PowerProtect Data Manager ist unter anderem für Schadcode-Attacken anfällig. Sicherheitspatches stehen zum Download bereit. Quelle: Link Kommentar: Russlands Cyber-Angriffe erfordern eine Reaktion (2026-02-20 12:07 UTC) Kurz: Jürgen Schmidt sprach sich lange Zeit gegen offensive Cyber-Aktionen aus. Russlands Sabotage-Angriff auf Polens Energieversorgung hat seine Meinung geändert. Quelle: Link BleepingComputer Predator spyware hooks iOS SpringBoard to hide mic, camera activity (2026-02-21 16:13 UTC) Kurz: Intellexa’s Predator spyware can hide iOS recording indicators while secretly streaming camera and microphone feeds to its operators. […] Quelle: Link Amazon: AI-assisted hacker breached 600 Fortinet firewalls in 5 weeks (2026-02-21 13:50 UTC) Kurz: Amazon is warning that a Russian-speaking hacker used multiple generative AI services as part of a campaign that breached more than 600 FortiGate firewalls across 55 countries in five weeks. […] Quelle: Link Japanese tech giant Advantest hit by ransomware attack (2026-02-20 18:30 UTC) Kurz: Advantest Corporation disclosed that its corporate network has been targeted in a ransomware attack that may have affected customer or employee data. […] Quelle: Link The Hacker News AI-Assisted Threat Actor Compromises 600+ FortiGate Devices in 55 Countries (2026-02-21 14:49 UTC) Kurz: A Russian-speaking, financially motivated threat actor has been observed taking advantage of commercial generative artificial intelligence (AI) services to compromise over 600 FortiGate devices located in 55 countries. That’s according to n… Quelle: Link Anthropic Launches Claude Code Security for AI-Powered Vulnerability Scanning (2026-02-21 07:58 UTC) Kurz: Artificial intelligence (AI) company Anthropic has begun to roll out a new security feature for Claude Code that can scan a user’s software codebase for vulnerabilities and suggest patches. The capability, called Claude Code Security, is cu… Quelle: Link CISA Adds Two Actively Exploited Roundcube Flaws to KEV Catalog (2026-02-21 07:21 UTC) Kurz: The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added two security flaws impacting Roundcube webmail software to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulne… Quelle: Link Neue CVEs (letzte 24h, NVD‑Abgleich) Fortinet FortiGate (7.4.x) Keine neuen Treffer in den letzten 24h. Atlassian (Jira/Confluence) Keine neuen Treffer in den letzten 24h. HPE/Aruba Switches Keine neuen Treffer in den letzten 24h. VMware ESXi/vCenter (7.x) Keine neuen Treffer in den letzten 24h. Hinweis CVE‑Treffer sind ein Frühwarn‑Check (NVD) und müssen für eure exakten Versionen/Deployments gegengeprüft werden (Vendor Advisory/Patches).

IT‑Sicherheits‑Digest (2026-02-21) Aktuelle Security‑News heise security Zahlreiche Kernel-Lücken in Dell PowerProtect Data Manager geschlossen (2026-02-20 12:16 UTC) Kurz: Dells Backuplösung PowerProtect Data Manager ist unter anderem für Schadcode-Attacken anfällig. Sicherheitspatches stehen zum Download bereit. Quelle: Link Kommentar: Russlands Cyber-Angriffe erfordern eine Reaktion (2026-02-20 12:07 UTC) Kurz: Jürgen Schmidt sprach sich lange Zeit gegen offensive Cyber-Aktionen aus. Russlands Sabotage-Angriff auf Polens Energieversorgung hat seine Meinung geändert. Quelle: Link Adidas bezieht Stellung zu möglichem Datenleck bei externem Dienstleister (2026-02-20 11:20 UTC) Kurz: Die Cybergang Lapsus$ behauptet in einem Untergrundforum, Daten von Adidas bei einem externen Dienstleister kopiert zu haben. Quelle: Link BleepingComputer Japanese tech giant Advantest hit by ransomware attack (2026-02-20 18:30 UTC) Kurz: Advantest Corporation disclosed that its corporate network has been targeted in a ransomware attack that may have affected customer or employee data. […] Quelle: Link CISA: BeyondTrust RCE flaw now exploited in ransomware attacks (2026-02-20 17:02 UTC) Kurz: Hackers are actively exploiting the CVE-2026-1731 vulnerability in the BeyondTrust Remote Support product, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) warns. […] Quelle: Link Data breach at French bank registry impacts 1.2 million accounts (2026-02-20 16:20 UTC) Kurz: The French Ministry of Finance has published an announcement informing of a cybersecurity incident that has impacted 1.2 million accounts. […] Quelle: Link The Hacker News BeyondTrust Flaw Used for Web Shells, Backdoors, and Data Exfiltration (2026-02-20 15:45 UTC) Kurz: Threat actors have been observed exploiting a recently disclosed critical security flaw impacting BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA) products to conduct a wide range of malicious actions, including deploying … Quelle: Link Cline CLI 2.3.0 Supply Chain Attack Installed OpenClaw on Developer Systems (2026-02-20 14:20 UTC) Kurz: In yet another software supply chain attack, the open-source, artificial intelligence (AI)-powered coding assistant Cline CLI was updated to stealthily install OpenClaw, a self-hosted autonomous AI agent that has become exceedingly popular … Quelle: Link ClickFix Campaign Abuses Compromised Sites to Deploy MIMICRAT Malware (2026-02-20 11:55 UTC) Kurz: Cybersecurity researchers have disclosed details of a new ClickFix campaign that abuses compromised legitimate sites to deliver a previously undocumented remote access trojan (RAT) called MIMICRAT (aka AstarionRAT). “The campaign demonstrat… Quelle: Link Neue CVEs (letzte 24h, NVD‑Abgleich) Fortinet FortiGate (7.4.x) Keine neuen Treffer in den letzten 24h. Atlassian (Jira/Confluence) Keine neuen Treffer in den letzten 24h. HPE/Aruba Switches Keine neuen Treffer in den letzten 24h. VMware ESXi/vCenter (7.x) Keine neuen Treffer in den letzten 24h. Hinweis CVE‑Treffer sind ein Frühwarn‑Check (NVD) und müssen für eure exakten Versionen/Deployments gegengeprüft werden (Vendor Advisory/Patches).

IT‑Sicherheits‑Digest (2026-02-20) Aktuelle Security‑News heise security Love-Scam: Liebesbetrug-Masche wegen KI immer erfolgreicher (2026-02-20 06:00 UTC) Kurz: Liebesschwindel im Netz – immer mehr Menschen werden von Love-Scammern um viel Geld gebracht. KI erleichtert Tätern, ihre Opfer zu täuschen. Quelle: Link Auslegungssache 153: Minderjährige - schutzlos im Netz? (2026-02-20 05:10 UTC) Kurz: Thema im c’t-Datenschutz-Podcast: Die DSGVO soll Minderjährige besonders schützen, doch in der Praxis klafft eine Lücke zwischen Anspruch und Wirklichkeit. Quelle: Link Betrugsmasche: Falsche „Gemini“-Chatbots verkaufen falschen „Google Coin“ (2026-02-19 13:51 UTC) Kurz: Eine neue Betrugsmasche beruht auf angepassten KI-Chatbots. Diese drängen Opfer dazu, wertlose Kryptowährungen zu kaufen. Quelle: Link BleepingComputer PromptSpy is the first known Android malware to use generative AI at runtime (2026-02-19 22:36 UTC) Kurz: Researchers have discovered the first known Android malware to use generative AI in its execution flow, using Google’s Gemini model to adapt its persistence across different devices. […] Quelle: Link Flaw in Grandstream VoIP phones allows stealthy eavesdropping (2026-02-19 17:16 UTC) Kurz: A critical vulnerability in Grandstream GXP1600 series VoIP phones allows a remote, unauthenticated attacker to gain root privileges and silently eavesdrop on communications. […] Quelle: Link Google blocked over 1.75 million Play Store app submissions in 2025 (2026-02-19 17:00 UTC) Kurz: Google says that through 2025, it blocked more than 255,000 Android apps from obtaining excessive access to sensitive user data and rejected over 1.75 million apps from being published on Google Play due to policy violations. […] Quelle: Link The Hacker News Three Former Google Engineers Indicted Over Trade Secret Transfers to Iran (2026-02-20 05:27 UTC) Kurz: Two former Google engineers and one of their husbands have been indicted in the U.S. for allegedly committing trade secret theft from the search giant and other tech firms and transferring the information to unauthorized locations, includin… Quelle: Link PromptSpy Android Malware Abuses Gemini AI to Automate Recent-Apps Persistence (2026-02-19 17:52 UTC) Kurz: Cybersecurity researchers have discovered what they say is the first Android malware that abuses Gemini, Google’s generative artificial intelligence (AI) chatbot, as part of its execution flow and achieves persistence. The malware has been … Quelle: Link INTERPOL Operation Red Card 2.0 Arrests 651 in African Cybercrime Crackdown (2026-02-19 17:50 UTC) Kurz: An international cybercrime operation against online scams has led to 651 arrests and recovered more than $4.3 million as part of an effort led by law enforcement agencies from 16 African countries. The initiative, codenamed Operation Red C… Quelle: Link Neue CVEs (letzte 24h, NVD‑Abgleich) Fortinet FortiGate (7.4.x) Keine neuen Treffer in den letzten 24h. Atlassian (Jira/Confluence) Keine neuen Treffer in den letzten 24h. HPE/Aruba Switches CVE-2025-11725 — CVSS 6.5 (MEDIUM) Kurz: The Aruba HiSpeed Cache plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability checks on the multiple functions in all versions up to, and including, 3.0.2. This makes it poss… Quelle: Link CVE-2025-11706 — CVSS 6.1 (MEDIUM) Kurz: The Aruba HiSpeed Cache plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the dbstatus parameter in all versions up to, and including, 3.0.2 due to insufficient input sanitization and output escapi… Quelle: Link CVE-2026-23545 — CVSS n/a Kurz: Missing Authorization vulnerability in Aruba.it Dev Aruba HiSpeed Cache aruba-hispeed-cache allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Aruba HiSpeed Cache: from n/a through… Quelle: Link VMware ESXi/vCenter (7.x) Keine neuen Treffer in den letzten 24h. Hinweis CVE‑Treffer sind ein Frühwarn‑Check (NVD) und müssen für eure exakten Versionen/Deployments gegengeprüft werden (Vendor Advisory/Patches).

IT‑Sicherheits‑Digest (2026-02-19) Aktuelle Security‑News heise security Für Galaxy S25 und weitere: Samsung verteilt wieder Play-Dienste-Updates (2026-02-18 14:34 UTC) Kurz: Nach mehrmonatiger Pause hat Samsung die Verteilung von Play-Dienste-Updates für seine Galaxy-Smartphones und -Tablets wieder aufgenommen. Quelle: Link Website und App der Deutschen Bahn nach DDoS-Attacke zeitweise gestört (2026-02-18 11:26 UTC) Kurz: Eine DDoS-Attacke auf die IT-Systeme der Deutschen Bahn hat das Buchungssystem gestört. Bahn.de und DB Navigator waren betroffen. Quelle: Link Jetzt patchen! Angreifer attackieren Dell RecoverPoint for Virtual Machines (2026-02-18 09:59 UTC) Kurz: Es sind wichtige Sicherheitsupdates für unter anderem Dell RecoverPoint for Virtual Machines und Avamar Server erschienen. Es gibt bereits Attacken. Quelle: Link BleepingComputer Critical infra Honeywell CCTVs vulnerable to auth bypass flaw (2026-02-18 20:58 UTC) Kurz: The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning of a critical vulnerability in multiple Honeywell CCTV products that allows unauthorized access to feeds or account hijacking. […] Quelle: Link AI platforms can be abused for stealthy malware communication (2026-02-18 20:18 UTC) Kurz: AI assistants like Grok and Microsoft Copilot with web browsing and URL-fetching capabilities can be abused to intermediate command-and-control (C2) activity. […] Quelle: Link Telegram channels expose rapid weaponization of SmarterMail flaws (2026-02-18 16:27 UTC) Kurz: Underground Telegram channels shared SmarterMail exploit PoCs and stolen admin credentials within days of disclosure. Flare explains how monitoring these communities reveals rapid weaponization of CVE-2026-24423 and CVE-2026-23760 tied to r… Quelle: Link The Hacker News Citizen Lab Finds Cellebrite Tool Used on Kenyan Activist’s Phone in Police Custody (2026-02-18 17:30 UTC) Kurz: New research from the Citizen Lab has found signs that Kenyan authorities used a commercial forensic extraction tool manufactured by Israeli company Cellebrite to break into a prominent dissident’s phone, making it the latest case of abuse … Quelle: Link Grandstream GXP1600 VoIP Phones Exposed to Unauthenticated Remote Code Execution (2026-02-18 16:35 UTC) Kurz: Cybersecurity researchers have disclosed a critical security flaw in the Grandstream GXP1600 series of VoIP phones that could allow an attacker to seize control of susceptible devices. The vulnerability, tracked as CVE-2026-2329, carries a … Quelle: Link Critical Flaws Found in Four VS Code Extensions with Over 125 Million Installs (2026-02-18 13:16 UTC) Kurz: Cybersecurity researchers have disclosed multiple security vulnerabilities in four popular Microsoft Visual Studio Code (VS Code) extensions that, if successfully exploited, could allow threat actors to steal local files and execute code re… Quelle: Link Neue CVEs (letzte 24h, NVD‑Abgleich) Fortinet FortiGate (7.4.x) Keine neuen Treffer in den letzten 24h. Atlassian (Jira/Confluence) Keine neuen Treffer in den letzten 24h. HPE/Aruba Switches CVE-2025-71232 — CVSS n/a Kurz: In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Free sp in error path to fix system crash System crash seen during load/unload test in a loop, [61110.449331] qla2xxx [0000:27:00.0]-0042… Quelle: Link CVE-2025-71236 — CVSS n/a Kurz: In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Validate sp before freeing associated memory System crash with the following signature [154563.214890] nvme nvme2: NVME-FC{1}: controller… Quelle: Link VMware ESXi/vCenter (7.x) CVE-2026-23215 — CVSS n/a Kurz: In the Linux kernel, the following vulnerability has been resolved: x86/vmware: Fix hypercall clobbers Fedora QA reported the following panic: BUG: unable to handle page fault for address: 0000000040003e54 #PF: superviso… Quelle: Link Hinweis CVE‑Treffer sind ein Frühwarn‑Check (NVD) und müssen für eure exakten Versionen/Deployments gegengeprüft werden (Vendor Advisory/Patches).

IT‑Sicherheits‑Digest (2026-02-17) Aktuelle Security‑News heise security Sicherheitsbedenken: EU-Parlament deaktiviert KI-Tools auf Diensthandys (2026-02-17 05:49 UTC) Kurz: EU-Abgeordnete und ihre Angestellte können auf dienstlichen Smartphones und Tablets keine KI-Funktionen mehr nutzen. Man wisse zu wenig zur Datensicherheit. Quelle: Link Mexiko: Roboterhund-Brigade für die Fußball-WM (2026-02-16 21:41 UTC) Kurz: Im Hinblick auf die Fußball-Weltmeisterschaft rüstet Mexiko bei der Sicherheitstechnik auf. Der Spielort Monterrey präsentiert Roboterhunde für die Polizei. Quelle: Link Populäre Chrome-Erweiterungen spähen Nutzer aus (2026-02-16 12:29 UTC) Kurz: IT-Forscher haben 32.000 Chrome-Erweiterungen untersucht und dabei 287 teils populäre Apps beim Ausspähen der User erwischt. Quelle: Link BleepingComputer Washington Hotel in Japan discloses ransomware infection incident (2026-02-16 21:10 UTC) Kurz: The Washington Hotel brand in Japan has announced that that its servers were compromised in a ransomware attack, exposing various business data. […] Quelle: Link Eurail says stolen traveler data now up for sale on dark web (2026-02-16 19:19 UTC) Kurz: Eurail B.V., the operator that provides access to 250,000 kilometers of European railways, confirmed that data stolen in a breach earlier this year is being offered for sale on the dark web. […] Quelle: Link Man arrested for demanding reward after accidental police data leak (2026-02-16 19:13 UTC) Kurz: Dutch authorities arrested a 40-year-old man after he downloaded confidential documents that had been mistakenly shared by the police and refused to delete them unless he received “something in return.” […] Quelle: Link The Hacker News Infostealer Steals OpenClaw AI Agent Configuration Files and Gateway Tokens (2026-02-16 18:43 UTC) Kurz: Cybersecurity researchers disclosed they have detected a case of an information stealer infection successfully exfiltrating a victim’s OpenClaw (formerly Clawdbot and Moltbot) configuration environment. “This finding marks a significant mil… Quelle: Link Study Uncovers 25 Password Recovery Attacks in Major Cloud Password Managers (2026-02-16 18:06 UTC) Kurz: A new study has found that multiple cloud-based password managers, including Bitwarden, Dashlane, and LastPass, are susceptible to password recovery attacks under certain conditions. “The attacks range in severity from integrity violations … Quelle: Link Weekly Recap: Outlook Add-Ins Hijack, 0-Day Patches, Wormable Botnet & AI Malware (2026-02-16 12:55 UTC) Kurz: This week’s recap shows how small gaps are turning into big entry points. Not always through new exploits, often through tools, add-ons, cloud setups, or workflows that people already trust and rarely question. Another signal: attackers are… Quelle: Link Neue CVEs (letzte 24h, NVD‑Abgleich) Fortinet FortiGate (7.4.x) Keine neuen Treffer in den letzten 24h. Atlassian (Jira/Confluence) Keine neuen Treffer in den letzten 24h. HPE/Aruba Switches Keine neuen Treffer in den letzten 24h. VMware ESXi/vCenter (7.x) Keine neuen Treffer in den letzten 24h. Hinweis CVE‑Treffer sind ein Frühwarn‑Check (NVD) und müssen für eure exakten Versionen/Deployments gegengeprüft werden (Vendor Advisory/Patches).