Nach 19 Jahren: Angriffe über Lücken überholen die mit gestohlenen Zugangsdaten (2026-05-20 06:14 UTC)
Kurz: Fast 20 Jahre hat man bei Verizon mehr Cyberangriffe mittels gestohlener Zugangsdaten als solche über Sicherheitslücken gezählt. In der KI-Ära ändert sich das.
Microsoft shares mitigation for YellowKey Windows zero-day (2026-05-20 07:31 UTC)
Kurz: Microsoft has shared mitigations for YellowKey, a recently disclosed Windows BitLocker zero-day vulnerability that grants access to protected drives. […]
Kurz: GitHub is investigating a breach of its internal repositories after the TeamPCP hacker group claimed to have accessed approximately 4,000 repositories containing private code. […]
Max-severity flaw in ChromaDB for AI apps allows server hijacking (2026-05-19 22:25 UTC)
Kurz: A max-severity vulnerability in the latest Python FastAPI version of the ChromaDB project allows unauthenticated attackers to run arbitrary code on exposed servers. […]
Kurz: Grafana Labs, on May 19, 2026, said an investigation into its recent breach found no evidence of customer production systems or operations being compromised. It said the scope of the incident is limited to the Grafana Labs GitHub environmen…
Kurz: GitHub on Tuesday said it’s investigating unauthorized access to its internal repositories after the notorious threat actor known as TeamPCP listed the platform’s source code and internal organizations for sale on a cybercrime forum. “While…
Trapdoor Android Ad Fraud Scheme Hit 659 Million Daily Bid Requests Using 455 Apps (2026-05-19 16:38 UTC)
Kurz: Cybersecurity researchers have disclosed details of a new ad fraud and malvertising operation dubbed Trapdoor targeting Android device users. The activity, per HUMAN’s Satori Threat Intelligence and Research Team, encompassed 455 malicious …