IT‑Sicherheits‑Digest (2026-05-02)

Aktuelle Security‑News

heise security

  • Signal-Angriffe: Politische Realität beißt den IT-Admin (2026-05-01 14:46 UTC)
    • Kurz: Erfolgreiche Phishing-Attacken auf Signal zeigen: Politik ist kein Konzern. Die IT-Strukturen im Bundestag sind komplex und durch das freie Mandat begrenzt.
    • Quelle: Link
  • Canonical-Server: Massive Cyberattacke läuft (2026-05-01 12:02 UTC)
    • Kurz: Ein laufender Angriff auf die Canonical-Server beeinträchtigt den Snapstore und andere wichtige Komponenten.
    • Quelle: Link
  • Auslegungssache 158: Die Databroker Files (2026-05-01 04:10 UTC)
    • Kurz: Im c’t-Datenschutz-Podcast berichtet Ingo Dachwitz von netzpolitik.org, wie ein Recherche-Team Milliarden Standortdaten von Datenhändlern erhielt.
    • Quelle: Link

BleepingComputer

  • Microsoft tests modern Windows Run, says it’s faster than legacy dialog (2026-05-02 00:18 UTC)
    • Kurz: Microsoft has confirmed that Windows 11 is getting a new modern Run dialog with dark mode support and faster performance in a new preview build. […]
    • Quelle: Link
  • Edu tech firm Instructure discloses cyber incident, probes impact (2026-05-01 23:43 UTC)
    • Kurz: Instructure, the company behind the widely used Canvas learning platform, has disclosed that it recently suffered a cybersecurity incident and is now investigating its impact. […]
    • Quelle: Link
  • 15-year-old detained over French govt agency data breach (2026-05-01 17:52 UTC)
    • Kurz: French authorities have detained a 15-year-old suspected of selling data stolen in a cyberattack on France Titres (ANTS), the country’s agency for issuing and managing administrative documents. […]
    • Quelle: Link

The Hacker News

  • 30,000 Facebook Accounts Hacked via Google AppSheet Phishing Campaign (2026-05-01 18:09 UTC)
    • Kurz: A newly discovered Vietnamese-linked operation has been observed using a Google AppSheet as a “phishing relay” to distribute phishing emails with an aim to compromise Facebook accounts. The activity has been codenamed AccountDumpling by Gua…
    • Quelle: Link
  • Cybercrime Groups Using Vishing and SSO Abuse in Rapid SaaS Extortion Attacks (2026-05-01 14:26 UTC)
    • Kurz: Cybersecurity researchers are warning of two cybercrime groups that are carrying out “rapid, high-impact attacks” operating almost within the confines of SaaS environments, while leaving minimal traces of their actions. The clusters, Cordia…
    • Quelle: Link
  • China-Linked Hackers Target Asian Governments, NATO State, Journalists, and Activists (2026-05-01 14:02 UTC)
    • Kurz: Cybersecurity researchers have disclosed details of a new China-aligned espionage campaign targeting government and defense sectors across South, East, and Southeast Asia, along with one European government belonging to NATO. Trend Micro ha…
    • Quelle: Link

Neue CVEs (letzte 24h, NVD‑Abgleich)

Fortinet FortiGate (7.4.x)

  • Keine neuen Treffer in den letzten 24h.

Atlassian (Jira/Confluence)

  • Keine neuen Treffer in den letzten 24h.

HPE/Aruba Switches

  • Keine neuen Treffer in den letzten 24h.

VMware ESXi/vCenter (7.x)

  • Keine neuen Treffer in den letzten 24h.

Hinweis

  • CVE‑Treffer sind ein Frühwarn‑Check (NVD) und müssen für eure exakten Versionen/Deployments gegengeprüft werden (Vendor Advisory/Patches).