Vorfall bei DigiCert: Malware-Autoren klauten Zertifikate (2026-05-04 12:39 UTC)
Kurz: Zuerst infizierten Kriminelle Kundendienstmitarbeiter mit Schadsoftware, dann stahlen sie mehr als zwanzig Zertifikate. Die CA hat reagiert – Microsoft auch?
Weaver E-cology critical bug exploited in attacks since March (2026-05-04 22:12 UTC)
Kurz: Hackers have been exploiting a critical vulnerability (CVE-2026-22679) in the Weaver E-cology office automation since mid-March to run discovery commands. […]
Amazon SES increasingly abused in phishing to evade detection (2026-05-04 20:03 UTC)
Kurz: The Amazon Simple Email Service (SES) is being increasingly abused to send convincing phishing emails that can bypass standard security filters and render reputation-based blocks ineffective. […]
Kurz: A malicious version of the PyTorch Lightning package published on the Python Package Index (PyPI) delivers a credential-stealing payload targeting browsers, environment files, and cloud services. […]
Phishing Campaign Hits 80+ Orgs Using SimpleHelp and ScreenConnect RMM Tools (2026-05-04 18:06 UTC)
Kurz: An active phishing campaign has been observed targeting multiple vectors since at least April 2025 with legitimate Remote Monitoring and Management (RMM) software as a way to establish persistent remote access to compromised hosts. The acti…
Kurz: Progress Software has released updates to address two security flaws in MOVEit Automation, including a critical bug that could result in an authentication bypass. MOVEit Automation (formerly Central) is a secure, server-based managed file t…
⚡ Weekly Recap: AI-Powered Phishing, Android Spying Tool, Linux Exploit, GitHub RCE & More (2026-05-04 14:23 UTC)
Kurz: This week, the shadows moved faster than the patches. While most teams were still triaging last month’s alerts, attackers had already turned control panels into kill switches, kernels into open doors, and open-source pipelines into silent d…