IT‑Sicherheits‑Digest (2026-02-20)

Aktuelle Security‑News

Love-Scam: Liebesbetrug-Masche wegen KI immer erfolgreicher (2026-02-20 06:00 UTC)
- Kurz: Liebesschwindel im Netz – immer mehr Menschen werden von Love-Scammern um viel Geld gebracht. KI erleichtert Tätern, ihre Opfer zu täuschen.
- Quelle: Link
Auslegungssache 153: Minderjährige - schutzlos im Netz? (2026-02-20 05:10 UTC)
- Kurz: Thema im c’t-Datenschutz-Podcast: Die DSGVO soll Minderjährige besonders schützen, doch in der Praxis klafft eine Lücke zwischen Anspruch und Wirklichkeit.
- Quelle: Link
Betrugsmasche: Falsche „Gemini“-Chatbots verkaufen falschen „Google Coin“ (2026-02-19 13:51 UTC)
- Kurz: Eine neue Betrugsmasche beruht auf angepassten KI-Chatbots. Diese drängen Opfer dazu, wertlose Kryptowährungen zu kaufen.
- Quelle: Link

PromptSpy is the first known Android malware to use generative AI at runtime (2026-02-19 22:36 UTC)
- Kurz: Researchers have discovered the first known Android malware to use generative AI in its execution flow, using Google’s Gemini model to adapt its persistence across different devices. […]
- Quelle: Link
Flaw in Grandstream VoIP phones allows stealthy eavesdropping (2026-02-19 17:16 UTC)
- Kurz: A critical vulnerability in Grandstream GXP1600 series VoIP phones allows a remote, unauthenticated attacker to gain root privileges and silently eavesdrop on communications. […]
- Quelle: Link
Google blocked over 1.75 million Play Store app submissions in 2025 (2026-02-19 17:00 UTC)
- Kurz: Google says that through 2025, it blocked more than 255,000 Android apps from obtaining excessive access to sensitive user data and rejected over 1.75 million apps from being published on Google Play due to policy violations. […]
- Quelle: Link

Three Former Google Engineers Indicted Over Trade Secret Transfers to Iran (2026-02-20 05:27 UTC)
- Kurz: Two former Google engineers and one of their husbands have been indicted in the U.S. for allegedly committing trade secret theft from the search giant and other tech firms and transferring the information to unauthorized locations, includin…
- Quelle: Link
PromptSpy Android Malware Abuses Gemini AI to Automate Recent-Apps Persistence (2026-02-19 17:52 UTC)
- Kurz: Cybersecurity researchers have discovered what they say is the first Android malware that abuses Gemini, Google’s generative artificial intelligence (AI) chatbot, as part of its execution flow and achieves persistence. The malware has been …
- Quelle: Link
INTERPOL Operation Red Card 2.0 Arrests 651 in African Cybercrime Crackdown (2026-02-19 17:50 UTC)
- Kurz: An international cybercrime operation against online scams has led to 651 arrests and recovered more than $4.3 million as part of an effort led by law enforcement agencies from 16 African countries. The initiative, codenamed Operation Red C…
- Quelle: Link

CVE-2025-11725 — CVSS 6.5 (MEDIUM)
- Kurz: The Aruba HiSpeed Cache plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability checks on the multiple functions in all versions up to, and including, 3.0.2. This makes it poss…
- Quelle: Link
CVE-2025-11706 — CVSS 6.1 (MEDIUM)
- Kurz: The Aruba HiSpeed Cache plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the dbstatus parameter in all versions up to, and including, 3.0.2 due to insufficient input sanitization and output escapi…
- Quelle: Link
CVE-2026-23545 — CVSS n/a
- Kurz: Missing Authorization vulnerability in Aruba.it Dev Aruba HiSpeed Cache aruba-hispeed-cache allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Aruba HiSpeed Cache: from n/a through…
- Quelle: Link

CVE‑Treffer sind ein Frühwarn‑Check (NVD) und müssen für eure exakten Versionen/Deployments gegengeprüft werden (Vendor Advisory/Patches).