IT‑Sicherheits‑Digest (2026-03-09)

Aktuelle Security‑News

heise security

  • Proton: Nutzeridentifizierung durchs FBI bringt Schweizer Datenschutz ins Wanken (2026-03-07 16:32 UTC)
    • Kurz: Dank Rechtshilfe gelangten US-Ermittler an Zahlungsdaten eines anonym geglaubten Proton-Accounts. Der Dienst verweist auf die strikte Schweizer Rechtslage.
    • Quelle: Link
  • KI Claude findet in zwei Wochen über 100 Firefox-Bugs (2026-03-06 16:59 UTC)
    • Kurz: In einem internen Test fand Anthropics KI Claude Opus 4.6 binnen zwei Wochen mehr Schwachstellen im Browser Firefox als die Community in zwei Monaten.
    • Quelle: Link
  • Social Media: Länder fordern strikten Jugendschutz und IP-Speicherung (2026-03-06 16:17 UTC)
    • Kurz: Die Ministerpräsidentenkonferenz will Plattformen in die Pflicht nehmen, pocht auf Altersgrenzen und fordert die zügige Einführung der Vorratsdatenspeicherung.
    • Quelle: Link

BleepingComputer

  • EU court adviser says banks must immediately refund phishing victims (2026-03-08 15:25 UTC)
    • Kurz: Athanasios Rantos, the Advocate General of the Court of Justice of the EU (CJEU), has issued a formal opinion suggesting that banks must immediately refund account holders affected by unauthorized transactions, even when it’s their fault. […
    • Quelle: Link
  • Hackers abuse .arpa DNS and ipv6 to evade phishing defenses (2026-03-08 14:12 UTC)
    • Kurz: Threat actors are abusing the special-use “.arpa” domain and IPv6 reverse DNS in phishing campaigns that more easily evade domain reputation checks and email security gateways. […]
    • Quelle: Link
  • Termite ransomware breaches linked to ClickFix CastleRAT attacks (2026-03-07 16:14 UTC)
    • Kurz: Ransomware threat actors tracked as Velvet Tempest are using the ClickFix technique and legitimate Windows utilities to deploy the DonutLoader malware and the CastleRAT backdoor. […]
    • Quelle: Link

The Hacker News

  • OpenAI Codex Security Scanned 1.2 Million Commits and Found 10,561 High-Severity Issues (2026-03-07 16:28 UTC)
    • Kurz: OpenAI on Friday began rolling out Codex Security, an artificial intelligence (AI)-powered security agent that’s designed to find, validate, and propose fixes for vulnerabilities. The feature is available in a research preview to ChatGPT Pr…
    • Quelle: Link
  • Anthropic Finds 22 Firefox Vulnerabilities Using Claude Opus 4.6 AI Model (2026-03-07 11:21 UTC)
    • Kurz: Anthropic on Friday said it discovered 22 new security vulnerabilities in the Firefox web browser as part of a security partnership with Mozilla. Of these, 14 have been classified as high, seven have been classified as moderate, and one has…
    • Quelle: Link
  • Transparent Tribe Uses AI to Mass-Produce Malware Implants in Campaign Targeting India (2026-03-06 15:11 UTC)
    • Kurz: The Pakistan-aligned threat actor known as Transparent Tribe has become the latest hacking group to embrace artificial intelligence (AI)-powered coding tools to strike targets with various implants. The activity is designed to produce a “hi…
    • Quelle: Link

Neue CVEs (letzte 24h, NVD‑Abgleich)

Fortinet FortiGate (7.4.x)

  • Keine neuen Treffer in den letzten 24h.

Atlassian (Jira/Confluence)

  • Keine neuen Treffer in den letzten 24h.

HPE/Aruba Switches

  • Keine neuen Treffer in den letzten 24h.

VMware ESXi/vCenter (7.x)

  • Keine neuen Treffer in den letzten 24h.

Hinweis

  • CVE‑Treffer sind ein Frühwarn‑Check (NVD) und müssen für eure exakten Versionen/Deployments gegengeprüft werden (Vendor Advisory/Patches).