Kurz: CVSS ad absurdum: Zwei „Low“-Lücken in Apache Tomcat wären dank äußerst eigenwilligem CISA-Vulnrichment beinahe zu heisec-Alert-Kandidaten geworden.
Kurz: Mehrere Produkte aus Ubiquitis UniFi-Ökosystem sind von teils kritischen Lücken betroffen. Admins sollten die abgesicherten Versionen zügig einspielen.
NetNut proxy network disrupted, 2 million infected devices cut off (2026-07-03 17:50 UTC)
Kurz: A joint operation involving Google has disrupted NetNut, a residential proxy network that gave access to millions of compromised Android devices, including smart TVs and streaming boxes. […]
Kurz: A new phishing-as-a-service (PhaaS) platform dubbed “ARToken” appears to operate as an affiliate of the EvilTokens phishing platform, giving researchers a glimpse into an extensive toolkit designed to compromise Microsoft 365. […]
Unpatched Flaws Disclosed in Filesystem Bundled Into Millions of Embedded Devices (2026-07-03 20:19 UTC)
Kurz: Security firm runZero has disclosed seven vulnerabilities in FatFs, a small filesystem library that lets a device read and write the FAT and exFAT formats used on USB drives and SD cards. The flaws matter because FatFs is nearly everywhere.…
New “Bad Epoll” Linux Kernel Flaw Lets Unprivileged Users Gain Root, Hits Android (2026-07-03 19:40 UTC)
Kurz: A newly disclosed Linux kernel flaw called Bad Epoll (CVE-2026-46242) lets an ordinary user with no special access take full control of a machine as root. It affects Linux desktops, servers, and Android, and a fix is out. Bad Epoll sits in …
Kurz: Cybersecurity researchers have discovered a previously undocumented modular malware framework codenamed Avalon that’s distributed by means of a multi-stage phishing chain capable of bypassing traditional security controls. Avalon combines c…