IT‑Sicherheits‑Digest (2026-03-03)

Aktuelle Security‑News

heise security

  • 6G als riesiges Radarsystem: ETSI sieht Gefahren für Privatsphäre und Sicherheit (2026-03-02 14:28 UTC)
    • Kurz: 6G-Funk soll nicht nur Daten übertragen, sondern die Umgebung aktiv ausleuchten. ETSI warnt vor Gefahren für Sicherheit und Privatsphäre durch dieses „Sensing“.
    • Quelle: Link
  • IPFire 2.29 Core Update 200: Linux 6.18 LTS und DBL-Preview (2026-03-02 14:16 UTC)
    • Kurz: IPFire 2.29 Core Update 200 bringt Linux 6.18 LTS, das neue Domain-Blocklist-System, zahlreiche Paket‑Updates und wichtige Leistungsverbesserungen.
    • Quelle: Link
  • Hunderte infizierte FreePBX-Instanzen im Netz (2026-03-02 09:35 UTC)
    • Kurz: Anfang Februar warnte die CISA vor Angriffen auf FreePBX-Instanzen. Aktuell stehen Hunderte kompromittierte Installationen im Netz.
    • Quelle: Link

BleepingComputer

  • CyberStrikeAI tool adopted by hackers for AI-powered attacks (2026-03-03 00:06 UTC)
    • Kurz: Researchers warn that a newly identified open-source AI security testing platform called CyberStrikeAI was used by the same threat actor behind a recent campaign that breached hundreds of Fortinet FortiGate firewalls. […]
    • Quelle: Link
  • Fake Google Security site uses PWA app to steal credentials, MFA codes (2026-03-02 20:23 UTC)
    • Kurz: A phishing campaign is using a fake Google Account security page to deliver a web-based app capable of stealing one-time passcodes, harvesting cryptocurrency wallet addresses, and proxying attacker traffic through victims’ browsers. […]
    • Quelle: Link
  • Alabama man pleads guilty to hacking, extorting hundreds of women (2026-03-02 18:54 UTC)
    • Kurz: A 22-year-old Alabama man pleaded guilty to extortion, cyberstalking, and computer fraud charges after hijacking the social media accounts of hundreds of young women (including minors). […]
    • Quelle: Link

The Hacker News

  • New Chrome Vulnerability Let Malicious Extensions Escalate Privileges via Gemini Panel (2026-03-02 17:08 UTC)
    • Kurz: Cybersecurity researchers have disclosed details of a now-patched security flaw in Google Chrome that could have permitted attackers to escalate privileges and gain access to local files on the system. The vulnerability, tracked as CVE-2026…
    • Quelle: Link
  • Google Develops Merkle Tree Certificates to Enable Quantum-Resistant HTTPS in Chrome (2026-03-02 16:52 UTC)
    • Kurz: Google has announced a new program in its Chrome browser to ensure that HTTPS certificates are secure against the future risk posed by quantum computers. “To ensure the scalability and efficiency of the ecosystem, Chrome has no immediate pl…
    • Quelle: Link
  • ⚡ Weekly Recap: SD-WAN 0-Day, Critical CVEs, Telegram Probe, Smart TV Proxy SDK and More (2026-03-02 13:26 UTC)
    • Kurz: This week is not about one big event. It shows where things are moving. Network systems, cloud setups, AI tools, and common apps are all being pushed in different ways. Small gaps in access control, exposed keys, and normal features are bei…
    • Quelle: Link

Neue CVEs (letzte 24h, NVD‑Abgleich)

Fortinet FortiGate (7.4.x)

  • Keine neuen Treffer in den letzten 24h.

Atlassian (Jira/Confluence)

  • Keine neuen Treffer in den letzten 24h.

HPE/Aruba Switches

  • CVE-2026-23600 — CVSS n/a
    • Kurz: A remote authentication bypass vulnerability exists in HPE AutoPass License Server (APLS).
    • Quelle: Link

VMware ESXi/vCenter (7.x)

  • Keine neuen Treffer in den letzten 24h.

Hinweis

  • CVE‑Treffer sind ein Frühwarn‑Check (NVD) und müssen für eure exakten Versionen/Deployments gegengeprüft werden (Vendor Advisory/Patches).