IT‑Sicherheits‑Digest (2026-04-08)

Aktuelle Security‑News

heise security

  • Anthropics neues KI-Modell Mythos: Zu gefährlich für die Öffentlichkeit (2026-04-08 05:03 UTC)
    • Kurz: Anthropics neues KI-Modell Mythos soll so effektiv im Finden und Ausnutzen von Sicherheitslücken sein, dass es nur IT-Infrastruktur absichern soll.
    • Quelle: Link
  • Warnung aus UK: Russische Cyberkriminelle kapern Router zum Passwort-Klau (2026-04-07 19:17 UTC)
    • Kurz: Das britische Cybersicherheitszentrum NCSC meldet Cyberangriffe auf Internetrouter. Die Bande aus Russland ist auch mehrerer Attacken in Deutschland verdächtig.
    • Quelle: Link
  • Darknet Diaries Deutsch: Fahrraddieben auf der Spur - Teil 1 (2026-04-07 14:02 UTC)
    • Kurz: In dieser Folge tauchen wir ein in die Welt der gestohlenen Fahrräder. Bryan hilft mit seinem Dienst Bike Index, gestohlene Fahrräder wiederzufinden.
    • Quelle: Link

BleepingComputer

  • Hackers exploit critical flaw in Ninja Forms WordPress plugin (2026-04-07 22:03 UTC)
    • Kurz: A critical vulnerability in the Ninja Forms File Uploads premium add-on for WordPress allows uploading arbitrary files without authentication, which can lead to remote code execution. […]
    • Quelle: Link
  • FBI: Americans lost a record $21 billion to cybercrime last year (2026-04-07 20:41 UTC)
    • Kurz: U.S. victims lost nearly $21 billion to cyber-enabled crimes last year, driven primarily by investment scams, business email compromise, tech support fraud, and data breaches, the Federal Bureau of Investigation says. […]
    • Quelle: Link
  • Snowflake customers hit in data theft attacks after SaaS integrator breach (2026-04-07 19:39 UTC)
    • Kurz: Over a dozen companies have suffered data theft attacks after a SaaS integration provider was breached and authentication tokens stolen. […]
    • Quelle: Link

The Hacker News

  • Iran-Linked Hackers Disrupt U.S. Critical Infrastructure by Targeting Internet-Exposed PLCs (2026-04-08 04:23 UTC)
    • Kurz: Iran-affiliated cyber actors are targeting internet-facing operational technology (OT) devices across critical infrastructures in the U.S., including programmable logic controllers (PLCs), cybersecurity and intelligence agencies warned Tues…
    • Quelle: Link
  • Russian State-Linked APT28 Exploits SOHO Routers in Global DNS Hijacking Campaign (2026-04-07 16:48 UTC)
    • Kurz: The Russia-linked threat actor known as APT28 (aka Forest Blizzard) has been linked to a new campaign that has compromised insecure MikroTik and TP-Link routers and modified their settings to turn them into malicious infrastructure under th…
    • Quelle: Link
  • [Webinar] How to Close Identity Gaps in 2026 Before AI Exploits Enterprise Risk (2026-04-07 16:29 UTC)
    • Kurz: In the rapid evolution of the 2026 threat landscape, a frustrating paradox has emerged for CISOs and security leaders: Identity programs are maturing, yet the risk is actually increasing. According to new research from the Ponemon Institute…
    • Quelle: Link

Neue CVEs (letzte 24h, NVD‑Abgleich)

Fortinet FortiGate (7.4.x)

  • Keine neuen Treffer in den letzten 24h.

Atlassian (Jira/Confluence)

  • Keine neuen Treffer in den letzten 24h.

HPE/Aruba Switches

  • CVE-2026-23818 — CVSS 8.8 (HIGH)
    • Kurz: A vulnerability has been identified in the graphical user interface (GUI) of HPE Aruba Networking Private 5G Core On-Prem that could allow an attacker to abuse an open redirect vulnerability in the login flow using a cra…
    • Quelle: Link

VMware ESXi/vCenter (7.x)

  • (NVD‑Abfrage fehlgeschlagen für ‘VMware’: HTTP Error 429: Too Many Requests)

VMware ESXi/vCenter (7.x)

  • Keine neuen Treffer in den letzten 24h.

Hinweis

  • CVE‑Treffer sind ein Frühwarn‑Check (NVD) und müssen für eure exakten Versionen/Deployments gegengeprüft werden (Vendor Advisory/Patches).