IT‑Sicherheits‑Digest (2026-05-24)

Aktuelle Security‑News

heise security

  • Keine neuen, nicht bereits gestern gelisteten Meldungen im 36h-Fenster.

BleepingComputer

  • Laravel Lang packages hijacked to deploy credential-stealing malware (2026-05-23 20:48 UTC)
    • Kurz: A supply chain attack targeting the Laravel Lang localization packages has exposed developers to a sophisticated credential-stealing malware campaign after attackers abused GitHub version tags to distribute malicious code through Composer p…
    • Quelle: Link
  • Italy disrupts CINEMAGOAL piracy app that stole streaming auth codes (2026-05-23 14:23 UTC)
    • Kurz: Italian authorities have dismantled a piracy ecosystem centered around the CINEMAGOAL app that provided access to various streaming platforms, including Netflix, Disney+, and Spotify. […]
    • Quelle: Link

The Hacker News

  • npm Adds 2FA-Gated Publishing and Package Install Controls Against Supply Chain Attacks (2026-05-23 16:35 UTC)
    • Kurz: GitHub has rolled out new controls for npm to improve the security of the software supply chain, giving maintainers the ability to explicitly approve a release prior to the packages becoming publicly available for installation. Called stage…
    • Quelle: Link
  • Packagist Supply Chain Attack Infects 8 Packages Using GitHub-Hosted Linux Malware (2026-05-23 16:07 UTC)
    • Kurz: A new “coordinated” supply chain attack campaign has impacted eight packages on Packagist including malicious code designed to run a Linux binary retrieved from a GitHub Releases URL. “Although the affected packages were all Composer packag…
    • Quelle: Link
  • Claude Mythos AI Finds 10,000 High-Severity Flaws in Widely Used Software (2026-05-23 11:55 UTC)
    • Kurz: Anthropic on Friday disclosed that Project Glasswing has helped uncover more than 10,000 high- or critical-severity vulnerabilities across some of the most “systemically” important software across the world since the cybersecurity initiativ…
    • Quelle: Link

Neue CVEs (letzte 24h, NVD‑Abgleich)

Fortinet FortiGate (7.4.x)

  • Keine neuen Treffer in den letzten 24h.

Atlassian (Jira/Confluence)

  • Keine neuen Treffer in den letzten 24h.

HPE/Aruba Switches

  • Keine neuen Treffer in den letzten 24h.

VMware ESXi/vCenter (7.x)

  • Keine neuen Treffer in den letzten 24h.

Hinweis

  • CVE‑Treffer sind ein Frühwarn‑Check (NVD) und müssen für eure exakten Versionen/Deployments gegengeprüft werden (Vendor Advisory/Patches).
  • News-Auswahl: nur frische Meldungen aus den letzten 36 Stunden; Dubletten aus dem Vortags-Digest werden ausgeblendet.