IT‑Sicherheits‑Digest (2026-05-26)

Aktuelle Security‑News

heise security

  • Keine neuen, nicht bereits gestern gelisteten Meldungen im 36h-Fenster.

BleepingComputer

  • Microsoft: Domain Controller lookup may fail on Windows Server 2016 (2026-05-26 07:41 UTC)
    • Kurz: Microsoft has confirmed a new known issue affecting Windows Server 2016 systems that causes domain controller lookups to fail after installing the KB5087537 May 2026 security update. […]
    • Quelle: Link
  • 7-Eleven data breach exposes personal information of 185,000 people (2026-05-26 07:01 UTC)
    • Kurz: The ShinyHunters extortion gang stole the personal information of over 183,000 people after hacking the systems of convenience store chain giant 7-Eleven in April, according to data breach notification service Have I Been Pwned. […]
    • Quelle: Link
  • Anthropic’s restricted Claude Mythos model may be coming to Claude Code (2026-05-25 17:07 UTC)
    • Kurz: Anthropic appears to be preparing for the public rollout of the Mythos model, which was announced in April as a restricted model that poses major security risks to private and public software. […]
    • Quelle: Link

The Hacker News

  • KnowledgeDeliver LMS Flaw Exploited to Deploy Godzilla and Cobalt Strike (2026-05-26 05:19 UTC)
    • Kurz: A now-patched high-severity security flaw affecting Digital Knowledge KnowledgeDeliver, a Learning Management System (LMS) popular in Japan, was exploited as a zero-day to deliver the Godzilla web shell and ultimately facilitate the deploym…
    • Quelle: Link
  • ⚡ Weekly Recap: Linux Flaws, Defender 0-Days, Router Botnets, and Supply Chain Chaos (2026-05-25 14:13 UTC)
    • Kurz: Monday recap. Same mess, new week. A sketchy dev tool got people pwned, old bugs came back from the dead, and security products somehow needed protecting from themselves. A bunch of companies spent the week checking old boxes and forgotten …
    • Quelle: Link
  • Ghost CMS CVE-2026-26980 Exploited to Hijack 700+ Sites for ClickFix Attacks (2026-05-25 12:02 UTC)
    • Kurz: Threat actors are exploiting a recently disclosed critical security flaw in Ghost CMS to inject malicious JavaScript code with an aim to fuel ClickFix attacks. According to QiAnXin XLab, the activity involves the exploitation of CVE-2026-26…
    • Quelle: Link

Neue CVEs (letzte 24h, NVD‑Abgleich)

Fortinet FortiGate (7.4.x)

  • Keine neuen Treffer in den letzten 24h.
  • Hinweis: NVD‑Abfrage fehlgeschlagen für ‘FortiOS’: The read operation timed out

Atlassian (Jira/Confluence)

  • Keine neuen Treffer in den letzten 24h.

HPE/Aruba Switches

  • Keine neuen Treffer in den letzten 24h.

VMware ESXi/vCenter (7.x)

  • Keine neuen Treffer in den letzten 24h.

Hinweis

  • CVE‑Treffer sind ein Frühwarn‑Check (NVD) und müssen für eure exakten Versionen/Deployments gegengeprüft werden (Vendor Advisory/Patches).
  • News-Auswahl: nur frische Meldungen aus den letzten 36 Stunden; Dubletten aus dem Vortags-Digest werden ausgeblendet.