Patchday Microsoft: Kritische DNS-Client-Lücke bedroht Windows (2026-05-13 05:27 UTC)
Kurz: Microsoft hat wichtige Sicherheitsupdates für unter anderem Azure, Edge, Office und Windows veröffentlicht. Viele Lücken wurden mit KI-Agenten entdeckt.
Dobrindt: „Abschrecken, abwehren und abschalten“ in Kürze (2026-05-12 14:43 UTC)
Kurz: Innenminister Alexander Dobrindt kündigt gesetzliche Befugnisse für das BKA an, um die Infrastruktur von Cyberkriminellen aktiv stören und abschalten zu können.
US govt seeks Instructure testimony on massive Canvas cyberattack (2026-05-12 23:09 UTC)
Kurz: The U.S. House Committee on Homeland Security is calling on Instructure executives to testify about two cyberattacks by the ShinyHunters extortion group that targeted the company’s Canvas platform, allowing threat actors to steal student da…
UK fines water supplier $1.3M for exposing data of 664k customers (2026-05-12 20:17 UTC)
Kurz: The Information Commissioner’s Office has fined South Staffordshire Water Plc and parent company South Staffordshire Plc £963,900 ($1.3 million) over a cyberattack that exposed the personal data of 663,887 customers and employees. […]
Webinar: Fixing the gaps in network incident response (2026-05-12 19:46 UTC)
Kurz: IT teams often struggle to quickly coordinate responses across disparate systems during network incidents. This upcoming webinar explores how automation and AI-assisted workflows can reduce response times and help prevent outages. […]
New Exim BDAT Vulnerability Exposes GnuTLS Builds to Potential Code Execution (2026-05-12 16:44 UTC)
Kurz: Exim has released security updates to address a severe security issue affecting certain configurations that could enable memory corruption and potential code execution. Exim is an open-source Mail Transfer Agent (MTA) designed for Unix-like…
RubyGems Suspends New Signups After Hundreds of Malicious Packages Are Uploaded (2026-05-12 14:47 UTC)
Kurz: RubyGems, the standard package manager for the Ruby programming language, has temporarily paused account sign ups following what has been described as a “major malicious attack.” “We’re dealing with a major malicious attack on Ruby Gems rig…
New TrickMo Variant Uses TON C2 and SOCKS5 to Create Android Network Pivots (2026-05-12 12:50 UTC)
Kurz: Cybersecurity researchers have flagged a new version of the TrickMo Android banking trojan that uses The Open Network (TON) for command-and-control (C2). The new variant, observed by ThreatFabric between January and February 2026, has been …
Kurz: A out-of-bounds write vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2.0 through 7.2.11 allows attacker to execute unauthorized code or commands via specially crafted packet…
Kurz: An improper neutralization of special elements used in an SQL Command (“SQL Injection&”) vulnerability [CWE-89] vulnerability in Fortinet FortiMail 7.6.0 through 7.6.3, FortiMail 7.4.0 through 7.4.5, FortiMail 7.2.0 thro…
Kurz: An improper neutralization of special elements used in an OS command (“OS Command Injection”) vulnerability [CWE-78] vulnerability in Fortinet FortiAP 7.6.0 through 7.6.2, FortiAP 7.4.0 through 7.4.5, FortiAP 7.2 all ver…
Kurz: An improper neutralization of special elements used in an os command (‘os command injection’) vulnerability in Fortinet FortiAP 7.6.0 through 7.6.2, FortiAP 7.4.0 through 7.4.5, FortiAP 7.2 all versions, FortiAP 7.0 all …
Kurz: An improper neutralization of special elements used in an sql command (‘sql injection’) vulnerability in Fortinet FortiNDR 7.6.0 through 7.6.2, FortiNDR 7.4.0 through 7.4.9, FortiNDR 7.2 all versions, FortiNDR 7.1 all ve…
Kurz: A use of potentially dangerous function vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.8, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer 6.4 al…
Kurz: Incorrect implementation of authentication algorithm in Microsoft SSO Plugin for Jira & Confluence allows an unauthorized attacker to elevate privileges over a network.