Desolate FCC-Vorgabe: „Freedom Router“ für US-Verbraucher (2026-04-03 05:30 UTC)
Kurz: Ab sofort lassen die USA für Verbraucher nur noch im Inland hergestellte Router zu. Die Vorgaben des FCC sind jedoch unrealistisch und sicherheitsmäßig heikel.
Auslegungssache 156: Datenschutz-Dauerbrenner Microsoft 365 (2026-04-03 04:10 UTC)
Kurz: Im c’t-Datenschutz-Podcast nehmen sich die Hosts mit einem Experten die aktuellen datenschutzrechtlichen Baustellen von Microsoft 365 vor – wieder einmal.
LinkedIn secretely scans for 6,000+ Chrome extensions, collects data (2026-04-03 20:40 UTC)
Kurz: A new report dubbed “BrowserGate” warns that Microsoft’s LinkedIn is using hidden JavaScript scripts on its website to scan visitors’ browsers for installed extensions and collect device data. […]
Hims & Hers warns of data breach after Zendesk support ticket breach (2026-04-03 17:41 UTC)
Kurz: Telehealth giant Hims & Hers Health is warning that it suffered a data breach after support tickets were stolen from a third-party customer service platform. […]
Die Linke German political party confirms data stolen by Qilin ransomware (2026-04-03 16:36 UTC)
Kurz: The Qilin ransomware group has claimed responsibility for an attack against Die Linke (‘The Left’), forcing an IT systems outage at the political party, and threatening sensitive data leak. […]
China-Linked TA416 Targets European Governments with PlugX and OAuth-Based Phishing (2026-04-03 17:34 UTC)
Kurz: A China-aligned threat actor has set its sights on European government and diplomatic organizations since mid-2025, following a two-year period of minimal targeting in the region. The campaign has been attributed to TA416, a cluster of acti…
Microsoft Details Cookie-Controlled PHP Web Shells Persisting via Cron on Linux Servers (2026-04-03 15:32 UTC)
Kurz: Threat actors are increasingly using HTTP cookies as a control channel for PHP-based web shells on Linux servers and to achieve remote code execution, according to findings from the Microsoft Defender Security Research Team. “Instead of exp…
UNC1069 Social Engineering of Axios Maintainer Led to npm Supply Chain Attack (2026-04-03 11:04 UTC)
Kurz: The maintainer of the Axios npm package has confirmed that the supply chain compromise was the result of a highly-targeted social engineering campaign orchestrated by North Korean threat actors tracked as UNC1069. Maintainer Jason Saayman s…
Kurz: A improper access control vulnerability in Fortinet FortiClientEMS 7.4.5 through 7.4.6 may allow an unauthenticated attacker to execute unauthorized code or commands via crafted requests.