Kommentar: Das BSI darf nicht zum Zero-Day-Hoflieferanten des BND werden (2026-07-11 06:20 UTC)
Kurz: Der Entwurf zur Nachrichtendienstrecht-Reform würde das BSI verpflichten, Zero-Days an den BND zu leiten. Das darf nicht passieren, findet Dennis-Kenji Kipker.
RedHook Android malware now uses Wireless ADB for shell access (2026-07-12 14:27 UTC)
Kurz: A new version of the RedHook Android malware abuses the Android Wireless Debugging (Wireless ADB) mechanism in a novel way to gain shell-level privileges without requiring a computer connection. […]
Australia warns of global campaign targeting vulnerable CMS platforms (2026-07-11 14:18 UTC)
Kurz: The Australian Cyber Security Centre (ACSC) issued an alert about a global exploitation campaign targeting vulnerable content management systems (CMS) and plugins. […]
‘Ghostcommit’ hides prompt injection in images to fool AI agents, steal secrets (2026-07-11 09:03 UTC)
Kurz: A PNG hiding a prompt injection could steal your repo’s secrets, researchers demonstrate. The technique, dubbed ‘Ghostcommit,’ slipped past AI code reviewers CodeRabbit and Bugbot, which never open image files at all, then convinced a codin…
Kurz: The jscrambler npm package was compromised, and simply installing its 8.14.0 release runs an infostealer on your machine. Published on July 11, 2026, the malicious version carries a preinstall hook that drops and executes a native binary, o…
Kurz: Cybersecurity researchers have disclosed details of sustained cyber espionage activity against several Pakistani law enforcement organizations undertaken by suspected China- and India-aligned threat actors between February 2024 and April 20…
Critical Zimbra Flaw Could Let Crafted Emails Run Malicious Code in User Sessions (2026-07-11 06:45 UTC)
Kurz: Zimbra is urging customers to apply updates to address a critical security vulnerability impacting the Classic Web Client that could result in arbitrary code execution. The vulnerability has been described as a case of stored cross-site scr…