Privilegienausweitung in Linux: Lokale Nutzer können fremde Dateien lesen (2026-05-15 17:31 UTC)
Kurz: Die Sicherheitslücke ist seit Jahren bekannt, behoben wurde sie erst am Donnerstag. Nur Stunden später gibt es einen Exploit, derweil rüstet das Kernelteam auf.
Haftbefehl abgelehnt: KI-Treffer ist für Richter nur ein vager Hinweis (2026-05-15 14:50 UTC)
Kurz: Ein Amtsgericht bremst den Einsatz von Gesichtserkennung und stärkt die Rechte von Beschuldigten gegenüber undurchsichtigen IT-Ermittlungswerkzeugen.
Kurz: A critical vulnerability in the Funnel Builder plugin for WordPress is being actively exploited to inject malicious JavaScript snippets into WooCommerce checkout pages. […]
Microsoft Exchange, Windows 11 hacked on second day of Pwn2Own (2026-05-15 17:47 UTC)
Kurz: During the second day of Pwn2Own Berlin 2026, competitors collected $385,750 in cash awards after exploiting 15 unique zero-day vulnerabilities in multiple products, including Windows 11, Microsoft Exchange, and Red Hat Enterprise Linux fo…
Popular node-ipc npm package compromised to steal credentials (2026-05-15 17:10 UTC)
Kurz: Hackers have injected credential-stealing malware into newly published versions of node-ipc, a popular inter-process communication package, in a new supply chain attack targeting npm. […]
Turla Turns Kazuar Backdoor Into Modular P2P Botnet for Persistent Access (2026-05-15 17:10 UTC)
Kurz: The Russian state-sponsored hacking group known as Turla has transformed its custom backdoor Kazuar into a modular peer-to-peer (P2P) botnet that’s engineered for stealth and persistent access to compromised hosts. Turla, per the U.S. Cyber…
Four OpenClaw Flaws Enable Data Theft, Privilege Escalation, and Persistence (2026-05-15 13:35 UTC)
Kurz: Cybersecurity researchers have disclosed a set of four security flaws in OpenClaw that could be chained to achieve data theft, privilege escalation, and persistence. The vulnerabilities, collectively dubbed Claw Chain by Cyera, can permit a…
What 45 Days of Watching Your Own Tools Will Tell You About Your Real Attack Surface (2026-05-15 11:00 UTC)
Kurz: In Your Biggest Security Risk Isn’t Malware — It’s What You Already Trust, we made a simple argument: the most dangerous activity inside most organizations no longer looks like an attack. It looks like administration. PowerShell, WMIC, nets…
Kurz: VMware Fusion contains a TOCTOU (Time-of-check Time-of-use) vulnerability that occurs during an operation performed by a SETUID binary. A malicious actor with local non-administrative user privileges may exploit this vul…