Posts

IT‑Sicherheits‑Digest (2026-02-22) Aktuelle Security‑News heise security Anthropic launcht Claude Code Security – Cybersecurity-Aktien verlieren (2026-02-21 15:53 UTC) Kurz: Das KI-Tool Claude Code Security von Anthropic analysiert Code kontextbasiert statt regelbasiert. Die Börse reagiert nervös, Aktienkurse geben nach. Quelle: Link Zahlreiche Kernel-Lücken in Dell PowerProtect Data Manager geschlossen (2026-02-20 12:16 UTC) Kurz: Dells Backuplösung PowerProtect Data Manager ist unter anderem für Schadcode-Attacken anfällig. Sicherheitspatches stehen zum Download bereit. Quelle: Link Kommentar: Russlands Cyber-Angriffe erfordern eine Reaktion (2026-02-20 12:07 UTC) Kurz: Jürgen Schmidt sprach sich lange Zeit gegen offensive Cyber-Aktionen aus. Russlands Sabotage-Angriff auf Polens Energieversorgung hat seine Meinung geändert. Quelle: Link BleepingComputer Predator spyware hooks iOS SpringBoard to hide mic, camera activity (2026-02-21 16:13 UTC) Kurz: Intellexa’s Predator spyware can hide iOS recording indicators while secretly streaming camera and microphone feeds to its operators. […] Quelle: Link Amazon: AI-assisted hacker breached 600 Fortinet firewalls in 5 weeks (2026-02-21 13:50 UTC) Kurz: Amazon is warning that a Russian-speaking hacker used multiple generative AI services as part of a campaign that breached more than 600 FortiGate firewalls across 55 countries in five weeks. […] Quelle: Link Japanese tech giant Advantest hit by ransomware attack (2026-02-20 18:30 UTC) Kurz: Advantest Corporation disclosed that its corporate network has been targeted in a ransomware attack that may have affected customer or employee data. […] Quelle: Link The Hacker News AI-Assisted Threat Actor Compromises 600+ FortiGate Devices in 55 Countries (2026-02-21 14:49 UTC) Kurz: A Russian-speaking, financially motivated threat actor has been observed taking advantage of commercial generative artificial intelligence (AI) services to compromise over 600 FortiGate devices located in 55 countries. That’s according to n… Quelle: Link Anthropic Launches Claude Code Security for AI-Powered Vulnerability Scanning (2026-02-21 07:58 UTC) Kurz: Artificial intelligence (AI) company Anthropic has begun to roll out a new security feature for Claude Code that can scan a user’s software codebase for vulnerabilities and suggest patches. The capability, called Claude Code Security, is cu… Quelle: Link CISA Adds Two Actively Exploited Roundcube Flaws to KEV Catalog (2026-02-21 07:21 UTC) Kurz: The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added two security flaws impacting Roundcube webmail software to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulne… Quelle: Link Neue CVEs (letzte 24h, NVD‑Abgleich) Fortinet FortiGate (7.4.x) Keine neuen Treffer in den letzten 24h. Atlassian (Jira/Confluence) Keine neuen Treffer in den letzten 24h. HPE/Aruba Switches Keine neuen Treffer in den letzten 24h. VMware ESXi/vCenter (7.x) Keine neuen Treffer in den letzten 24h. Hinweis CVE‑Treffer sind ein Frühwarn‑Check (NVD) und müssen für eure exakten Versionen/Deployments gegengeprüft werden (Vendor Advisory/Patches).

IT‑Sicherheits‑Digest (2026-02-21) Aktuelle Security‑News heise security Zahlreiche Kernel-Lücken in Dell PowerProtect Data Manager geschlossen (2026-02-20 12:16 UTC) Kurz: Dells Backuplösung PowerProtect Data Manager ist unter anderem für Schadcode-Attacken anfällig. Sicherheitspatches stehen zum Download bereit. Quelle: Link Kommentar: Russlands Cyber-Angriffe erfordern eine Reaktion (2026-02-20 12:07 UTC) Kurz: Jürgen Schmidt sprach sich lange Zeit gegen offensive Cyber-Aktionen aus. Russlands Sabotage-Angriff auf Polens Energieversorgung hat seine Meinung geändert. Quelle: Link Adidas bezieht Stellung zu möglichem Datenleck bei externem Dienstleister (2026-02-20 11:20 UTC) Kurz: Die Cybergang Lapsus$ behauptet in einem Untergrundforum, Daten von Adidas bei einem externen Dienstleister kopiert zu haben. Quelle: Link BleepingComputer Japanese tech giant Advantest hit by ransomware attack (2026-02-20 18:30 UTC) Kurz: Advantest Corporation disclosed that its corporate network has been targeted in a ransomware attack that may have affected customer or employee data. […] Quelle: Link CISA: BeyondTrust RCE flaw now exploited in ransomware attacks (2026-02-20 17:02 UTC) Kurz: Hackers are actively exploiting the CVE-2026-1731 vulnerability in the BeyondTrust Remote Support product, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) warns. […] Quelle: Link Data breach at French bank registry impacts 1.2 million accounts (2026-02-20 16:20 UTC) Kurz: The French Ministry of Finance has published an announcement informing of a cybersecurity incident that has impacted 1.2 million accounts. […] Quelle: Link The Hacker News BeyondTrust Flaw Used for Web Shells, Backdoors, and Data Exfiltration (2026-02-20 15:45 UTC) Kurz: Threat actors have been observed exploiting a recently disclosed critical security flaw impacting BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA) products to conduct a wide range of malicious actions, including deploying … Quelle: Link Cline CLI 2.3.0 Supply Chain Attack Installed OpenClaw on Developer Systems (2026-02-20 14:20 UTC) Kurz: In yet another software supply chain attack, the open-source, artificial intelligence (AI)-powered coding assistant Cline CLI was updated to stealthily install OpenClaw, a self-hosted autonomous AI agent that has become exceedingly popular … Quelle: Link ClickFix Campaign Abuses Compromised Sites to Deploy MIMICRAT Malware (2026-02-20 11:55 UTC) Kurz: Cybersecurity researchers have disclosed details of a new ClickFix campaign that abuses compromised legitimate sites to deliver a previously undocumented remote access trojan (RAT) called MIMICRAT (aka AstarionRAT). “The campaign demonstrat… Quelle: Link Neue CVEs (letzte 24h, NVD‑Abgleich) Fortinet FortiGate (7.4.x) Keine neuen Treffer in den letzten 24h. Atlassian (Jira/Confluence) Keine neuen Treffer in den letzten 24h. HPE/Aruba Switches Keine neuen Treffer in den letzten 24h. VMware ESXi/vCenter (7.x) Keine neuen Treffer in den letzten 24h. Hinweis CVE‑Treffer sind ein Frühwarn‑Check (NVD) und müssen für eure exakten Versionen/Deployments gegengeprüft werden (Vendor Advisory/Patches).

IT‑Sicherheits‑Digest (2026-02-20) Aktuelle Security‑News heise security Love-Scam: Liebesbetrug-Masche wegen KI immer erfolgreicher (2026-02-20 06:00 UTC) Kurz: Liebesschwindel im Netz – immer mehr Menschen werden von Love-Scammern um viel Geld gebracht. KI erleichtert Tätern, ihre Opfer zu täuschen. Quelle: Link Auslegungssache 153: Minderjährige - schutzlos im Netz? (2026-02-20 05:10 UTC) Kurz: Thema im c’t-Datenschutz-Podcast: Die DSGVO soll Minderjährige besonders schützen, doch in der Praxis klafft eine Lücke zwischen Anspruch und Wirklichkeit. Quelle: Link Betrugsmasche: Falsche „Gemini“-Chatbots verkaufen falschen „Google Coin“ (2026-02-19 13:51 UTC) Kurz: Eine neue Betrugsmasche beruht auf angepassten KI-Chatbots. Diese drängen Opfer dazu, wertlose Kryptowährungen zu kaufen. Quelle: Link BleepingComputer PromptSpy is the first known Android malware to use generative AI at runtime (2026-02-19 22:36 UTC) Kurz: Researchers have discovered the first known Android malware to use generative AI in its execution flow, using Google’s Gemini model to adapt its persistence across different devices. […] Quelle: Link Flaw in Grandstream VoIP phones allows stealthy eavesdropping (2026-02-19 17:16 UTC) Kurz: A critical vulnerability in Grandstream GXP1600 series VoIP phones allows a remote, unauthenticated attacker to gain root privileges and silently eavesdrop on communications. […] Quelle: Link Google blocked over 1.75 million Play Store app submissions in 2025 (2026-02-19 17:00 UTC) Kurz: Google says that through 2025, it blocked more than 255,000 Android apps from obtaining excessive access to sensitive user data and rejected over 1.75 million apps from being published on Google Play due to policy violations. […] Quelle: Link The Hacker News Three Former Google Engineers Indicted Over Trade Secret Transfers to Iran (2026-02-20 05:27 UTC) Kurz: Two former Google engineers and one of their husbands have been indicted in the U.S. for allegedly committing trade secret theft from the search giant and other tech firms and transferring the information to unauthorized locations, includin… Quelle: Link PromptSpy Android Malware Abuses Gemini AI to Automate Recent-Apps Persistence (2026-02-19 17:52 UTC) Kurz: Cybersecurity researchers have discovered what they say is the first Android malware that abuses Gemini, Google’s generative artificial intelligence (AI) chatbot, as part of its execution flow and achieves persistence. The malware has been … Quelle: Link INTERPOL Operation Red Card 2.0 Arrests 651 in African Cybercrime Crackdown (2026-02-19 17:50 UTC) Kurz: An international cybercrime operation against online scams has led to 651 arrests and recovered more than $4.3 million as part of an effort led by law enforcement agencies from 16 African countries. The initiative, codenamed Operation Red C… Quelle: Link Neue CVEs (letzte 24h, NVD‑Abgleich) Fortinet FortiGate (7.4.x) Keine neuen Treffer in den letzten 24h. Atlassian (Jira/Confluence) Keine neuen Treffer in den letzten 24h. HPE/Aruba Switches CVE-2025-11725 — CVSS 6.5 (MEDIUM) Kurz: The Aruba HiSpeed Cache plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability checks on the multiple functions in all versions up to, and including, 3.0.2. This makes it poss… Quelle: Link CVE-2025-11706 — CVSS 6.1 (MEDIUM) Kurz: The Aruba HiSpeed Cache plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the dbstatus parameter in all versions up to, and including, 3.0.2 due to insufficient input sanitization and output escapi… Quelle: Link CVE-2026-23545 — CVSS n/a Kurz: Missing Authorization vulnerability in Aruba.it Dev Aruba HiSpeed Cache aruba-hispeed-cache allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Aruba HiSpeed Cache: from n/a through… Quelle: Link VMware ESXi/vCenter (7.x) Keine neuen Treffer in den letzten 24h. Hinweis CVE‑Treffer sind ein Frühwarn‑Check (NVD) und müssen für eure exakten Versionen/Deployments gegengeprüft werden (Vendor Advisory/Patches).

IT‑Sicherheits‑Digest (2026-02-19) Aktuelle Security‑News heise security Für Galaxy S25 und weitere: Samsung verteilt wieder Play-Dienste-Updates (2026-02-18 14:34 UTC) Kurz: Nach mehrmonatiger Pause hat Samsung die Verteilung von Play-Dienste-Updates für seine Galaxy-Smartphones und -Tablets wieder aufgenommen. Quelle: Link Website und App der Deutschen Bahn nach DDoS-Attacke zeitweise gestört (2026-02-18 11:26 UTC) Kurz: Eine DDoS-Attacke auf die IT-Systeme der Deutschen Bahn hat das Buchungssystem gestört. Bahn.de und DB Navigator waren betroffen. Quelle: Link Jetzt patchen! Angreifer attackieren Dell RecoverPoint for Virtual Machines (2026-02-18 09:59 UTC) Kurz: Es sind wichtige Sicherheitsupdates für unter anderem Dell RecoverPoint for Virtual Machines und Avamar Server erschienen. Es gibt bereits Attacken. Quelle: Link BleepingComputer Critical infra Honeywell CCTVs vulnerable to auth bypass flaw (2026-02-18 20:58 UTC) Kurz: The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning of a critical vulnerability in multiple Honeywell CCTV products that allows unauthorized access to feeds or account hijacking. […] Quelle: Link AI platforms can be abused for stealthy malware communication (2026-02-18 20:18 UTC) Kurz: AI assistants like Grok and Microsoft Copilot with web browsing and URL-fetching capabilities can be abused to intermediate command-and-control (C2) activity. […] Quelle: Link Telegram channels expose rapid weaponization of SmarterMail flaws (2026-02-18 16:27 UTC) Kurz: Underground Telegram channels shared SmarterMail exploit PoCs and stolen admin credentials within days of disclosure. Flare explains how monitoring these communities reveals rapid weaponization of CVE-2026-24423 and CVE-2026-23760 tied to r… Quelle: Link The Hacker News Citizen Lab Finds Cellebrite Tool Used on Kenyan Activist’s Phone in Police Custody (2026-02-18 17:30 UTC) Kurz: New research from the Citizen Lab has found signs that Kenyan authorities used a commercial forensic extraction tool manufactured by Israeli company Cellebrite to break into a prominent dissident’s phone, making it the latest case of abuse … Quelle: Link Grandstream GXP1600 VoIP Phones Exposed to Unauthenticated Remote Code Execution (2026-02-18 16:35 UTC) Kurz: Cybersecurity researchers have disclosed a critical security flaw in the Grandstream GXP1600 series of VoIP phones that could allow an attacker to seize control of susceptible devices. The vulnerability, tracked as CVE-2026-2329, carries a … Quelle: Link Critical Flaws Found in Four VS Code Extensions with Over 125 Million Installs (2026-02-18 13:16 UTC) Kurz: Cybersecurity researchers have disclosed multiple security vulnerabilities in four popular Microsoft Visual Studio Code (VS Code) extensions that, if successfully exploited, could allow threat actors to steal local files and execute code re… Quelle: Link Neue CVEs (letzte 24h, NVD‑Abgleich) Fortinet FortiGate (7.4.x) Keine neuen Treffer in den letzten 24h. Atlassian (Jira/Confluence) Keine neuen Treffer in den letzten 24h. HPE/Aruba Switches CVE-2025-71232 — CVSS n/a Kurz: In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Free sp in error path to fix system crash System crash seen during load/unload test in a loop, [61110.449331] qla2xxx [0000:27:00.0]-0042… Quelle: Link CVE-2025-71236 — CVSS n/a Kurz: In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Validate sp before freeing associated memory System crash with the following signature [154563.214890] nvme nvme2: NVME-FC{1}: controller… Quelle: Link VMware ESXi/vCenter (7.x) CVE-2026-23215 — CVSS n/a Kurz: In the Linux kernel, the following vulnerability has been resolved: x86/vmware: Fix hypercall clobbers Fedora QA reported the following panic: BUG: unable to handle page fault for address: 0000000040003e54 #PF: superviso… Quelle: Link Hinweis CVE‑Treffer sind ein Frühwarn‑Check (NVD) und müssen für eure exakten Versionen/Deployments gegengeprüft werden (Vendor Advisory/Patches).

IT‑Sicherheits‑Digest (2026-02-17) Aktuelle Security‑News heise security Sicherheitsbedenken: EU-Parlament deaktiviert KI-Tools auf Diensthandys (2026-02-17 05:49 UTC) Kurz: EU-Abgeordnete und ihre Angestellte können auf dienstlichen Smartphones und Tablets keine KI-Funktionen mehr nutzen. Man wisse zu wenig zur Datensicherheit. Quelle: Link Mexiko: Roboterhund-Brigade für die Fußball-WM (2026-02-16 21:41 UTC) Kurz: Im Hinblick auf die Fußball-Weltmeisterschaft rüstet Mexiko bei der Sicherheitstechnik auf. Der Spielort Monterrey präsentiert Roboterhunde für die Polizei. Quelle: Link Populäre Chrome-Erweiterungen spähen Nutzer aus (2026-02-16 12:29 UTC) Kurz: IT-Forscher haben 32.000 Chrome-Erweiterungen untersucht und dabei 287 teils populäre Apps beim Ausspähen der User erwischt. Quelle: Link BleepingComputer Washington Hotel in Japan discloses ransomware infection incident (2026-02-16 21:10 UTC) Kurz: The Washington Hotel brand in Japan has announced that that its servers were compromised in a ransomware attack, exposing various business data. […] Quelle: Link Eurail says stolen traveler data now up for sale on dark web (2026-02-16 19:19 UTC) Kurz: Eurail B.V., the operator that provides access to 250,000 kilometers of European railways, confirmed that data stolen in a breach earlier this year is being offered for sale on the dark web. […] Quelle: Link Man arrested for demanding reward after accidental police data leak (2026-02-16 19:13 UTC) Kurz: Dutch authorities arrested a 40-year-old man after he downloaded confidential documents that had been mistakenly shared by the police and refused to delete them unless he received “something in return.” […] Quelle: Link The Hacker News Infostealer Steals OpenClaw AI Agent Configuration Files and Gateway Tokens (2026-02-16 18:43 UTC) Kurz: Cybersecurity researchers disclosed they have detected a case of an information stealer infection successfully exfiltrating a victim’s OpenClaw (formerly Clawdbot and Moltbot) configuration environment. “This finding marks a significant mil… Quelle: Link Study Uncovers 25 Password Recovery Attacks in Major Cloud Password Managers (2026-02-16 18:06 UTC) Kurz: A new study has found that multiple cloud-based password managers, including Bitwarden, Dashlane, and LastPass, are susceptible to password recovery attacks under certain conditions. “The attacks range in severity from integrity violations … Quelle: Link Weekly Recap: Outlook Add-Ins Hijack, 0-Day Patches, Wormable Botnet & AI Malware (2026-02-16 12:55 UTC) Kurz: This week’s recap shows how small gaps are turning into big entry points. Not always through new exploits, often through tools, add-ons, cloud setups, or workflows that people already trust and rarely question. Another signal: attackers are… Quelle: Link Neue CVEs (letzte 24h, NVD‑Abgleich) Fortinet FortiGate (7.4.x) Keine neuen Treffer in den letzten 24h. Atlassian (Jira/Confluence) Keine neuen Treffer in den letzten 24h. HPE/Aruba Switches Keine neuen Treffer in den letzten 24h. VMware ESXi/vCenter (7.x) Keine neuen Treffer in den letzten 24h. Hinweis CVE‑Treffer sind ein Frühwarn‑Check (NVD) und müssen für eure exakten Versionen/Deployments gegengeprüft werden (Vendor Advisory/Patches).

IT‑Sicherheits‑Digest (2026-02-16) Aktuelle Security‑News heise security Sicherheit durch KI: Bruce Schneier warnt vor Monopolen und fordert Regulierung (2026-02-15 17:11 UTC) Kurz: Der renommierte Kryptologe Bruce Schneier sieht in KI das Potenzial, Software sicherer zu machen, warnt aber vor Monopolen. Er fordert eine starke Regulierung. Quelle: Link Jetzt aktualisieren! Chrome-Update schließt attackierte Lücke (2026-02-14 20:43 UTC) Kurz: Google hat zum Wochenende ein Notfall-Update für den Webbrowser Chrome veröffentlicht. Es schließt eine bereits attackierte Lücke. Quelle: Link Palantir will Gegendarstellung von Schweizer Magazin gerichtlich durchsetzen (2026-02-13 19:05 UTC) Kurz: Der Datenanalyse-Anbieter Palantir will vor Gericht eine Gegendarstellung erwirken – und löst eine Welle der Solidarität für ein kleines Schweizer Magazin aus. Quelle: Link BleepingComputer Canada Goose investigating as hackers leak 600K customer records (2026-02-16 04:45 UTC) Kurz: ShinyHunters, a well-known data extortion group, claims to have stolen more than 600,000 Canada Goose customer records containing personal and payment-related data. Canada Goose told BleepingComputer the dataset appears to relate to past cu… Quelle: Link New ClickFix attack abuses nslookup to retrieve PowerShell payload via DNS (2026-02-16 00:29 UTC) Kurz: Threat actors are now abusing DNS queries as part of ClickFix social engineering attacks to deliver malware, making this the first known use of DNS as a channel in these campaigns. […] Quelle: Link Windows 11 KB5077181 fixes boot failures linked to failed updates (2026-02-15 22:08 UTC) Kurz: Microsoft says it has resolved a Windows 11 bug that caused some commercial systems to fail to boot with an “UNMOUNTABLE_BOOT_VOLUME” error after installing recent security updates, with the fix delivered in the February 2026 Patch Tuesday … Quelle: Link The Hacker News Microsoft Discloses DNS-Based ClickFix Attack Using Nslookup for Malware Staging (2026-02-15 14:10 UTC) Kurz: Microsoft has disclosed details of a new version of the ClickFix social engineering tactic in which the attackers trick unsuspecting users into running commands that carry out a Domain Name System (DNS) lookup to retrieve the next-stage pay… Quelle: Link Google Ties Suspected Russian Actor to CANFAIL Malware Attacks on Ukrainian Orgs (2026-02-13 17:27 UTC) Kurz: A previously undocumented threat actor has been attributed to attacks targeting Ukrainian organizations with malware known as CANFAIL. Google Threat Intelligence Group (GTIG) described the hacking group as possibly affiliated with Russian i… Quelle: Link Google Links China, Iran, Russia, North Korea to Coordinated Defense Sector Cyber Operations (2026-02-13 16:23 UTC) Kurz: Several state-sponsored actors, hacktivist entities, and criminal groups from China, Iran, North Korea, and Russia have trained their sights on the defense industrial base (DIB) sector, according to findings from Google Threat Intelligence … Quelle: Link Neue CVEs (letzte 24h, NVD‑Abgleich) Fortinet FortiGate (7.4.x) Keine neuen Treffer in den letzten 24h. Atlassian (Jira/Confluence) Keine neuen Treffer in den letzten 24h. HPE/Aruba Switches Keine neuen Treffer in den letzten 24h. VMware ESXi/vCenter (7.x) Keine neuen Treffer in den letzten 24h. Hinweis CVE‑Treffer sind ein Frühwarn‑Check (NVD) und müssen für eure exakten Versionen/Deployments gegengeprüft werden (Vendor Advisory/Patches).

IT‑Sicherheits‑Digest (2026-02-15) Aktuelle Security‑News heise security Jetzt aktualisieren! Chrome-Update schließt attackierte Lücke (2026-02-14 20:43 UTC) Kurz: Google hat zum Wochenende ein Notfall-Update für den Webbrowser Chrome veröffentlicht. Es schließt eine bereits attackierte Lücke. Quelle: Link Palantir will Gegendarstellung von Schweizer Magazin gerichtlich durchsetzen (2026-02-13 19:05 UTC) Kurz: Der Datenanalyse-Anbieter Palantir will vor Gericht eine Gegendarstellung erwirken – und löst eine Welle der Solidarität für ein kleines Schweizer Magazin aus. Quelle: Link IPFire stellt freie Domain-Blockliste DBL vor (2026-02-13 12:46 UTC) Kurz: Die IPFire-Entwickler haben mit DBL eine kategorisierte Domain-Blockliste veröffentlicht. Sie soll Malware, Phishing und Tracker blockieren. Quelle: Link BleepingComputer One threat actor responsible for 83% of recent Ivanti RCE attacks (2026-02-14 16:02 UTC) Kurz: Threat intelligence observations show that a single threat actor is responsible for most of the active exploitation of two critical vulnerabilities in Ivanti Endpoint Manager Mobile (EPMM), tracked as CVE-2026-21962 and CVE-2026-24061. […… Quelle: Link Snail mail letters target Trezor and Ledger users in crypto-theft attacks (2026-02-14 15:15 UTC) Kurz: Threat actors are sending physical letters pretending to be from Trezor and Ledger, makers of cryptocurrency hardware wallets, to trick users into submitting recovery phrases in crypto theft attacks. […] Quelle: Link Fake job recruiters hide malware in developer coding challenges (2026-02-13 22:35 UTC) Kurz: A new variation of the fake recruiter campaign from North Korean threat actors is targeting JavaScript and Python developers with cryptocurrency-related tasks. […] Quelle: Link The Hacker News Google Ties Suspected Russian Actor to CANFAIL Malware Attacks on Ukrainian Orgs (2026-02-13 17:27 UTC) Kurz: A previously undocumented threat actor has been attributed to attacks targeting Ukrainian organizations with malware known as CANFAIL. Google Threat Intelligence Group (GTIG) described the hacking group as possibly affiliated with Russian i… Quelle: Link Google Links China, Iran, Russia, North Korea to Coordinated Defense Sector Cyber Operations (2026-02-13 16:23 UTC) Kurz: Several state-sponsored actors, hacktivist entities, and criminal groups from China, Iran, North Korea, and Russia have trained their sights on the defense industrial base (DIB) sector, according to findings from Google Threat Intelligence … Quelle: Link UAT-9921 Deploys VoidLink Malware to Target Technology and Financial Sectors (2026-02-13 15:23 UTC) Kurz: A previously unknown threat actor tracked as UAT-9921 has been observed leveraging a new modular framework called VoidLink in its campaigns targeting the technology and financial services sectors, according to findings from Cisco Talos. “Th… Quelle: Link Neue CVEs (letzte 24h, NVD‑Abgleich) Fortinet FortiGate (7.4.x) Keine neuen Treffer in den letzten 24h. Atlassian (Jira/Confluence) Keine neuen Treffer in den letzten 24h. HPE/Aruba Switches Keine neuen Treffer in den letzten 24h. VMware ESXi/vCenter (7.x) Keine neuen Treffer in den letzten 24h. Hinweis CVE‑Treffer sind ein Frühwarn‑Check (NVD) und müssen für eure exakten Versionen/Deployments gegengeprüft werden (Vendor Advisory/Patches).

IT‑Sicherheits‑Digest (2026-02-14) Aktuelle Security‑News heise security Palantir will Gegendarstellung von Schweizer Magazin gerichtlich durchsetzen (2026-02-13 19:05 UTC) Kurz: Der Datenanalyse-Anbieter Palantir will vor Gericht eine Gegendarstellung erwirken – und löst eine Welle der Solidarität für ein kleines Schweizer Magazin aus. Quelle: Link IPFire stellt freie Domain-Blockliste DBL vor (2026-02-13 12:46 UTC) Kurz: Die IPFire-Entwickler haben mit DBL eine kategorisierte Domain-Blockliste veröffentlicht. Sie soll Malware, Phishing und Tracker blockieren. Quelle: Link Angreifer können auf Dateisystem von QNAP-NAS zugreifen (2026-02-13 10:46 UTC) Kurz: Sicherheitspatches für die NAS-Betriebssysteme QTS und QuTS hero von Qnap schließen mehrere Lücken. Quelle: Link BleepingComputer Fake job recruiters hide malware in developer coding challenges (2026-02-13 22:35 UTC) Kurz: A new variation of the fake recruiter campaign from North Korean threat actors is targeting JavaScript and Python developers with cryptocurrency-related tasks. […] Quelle: Link Claude LLM artifacts abused to push Mac infostealers in ClickFix attack (2026-02-13 20:21 UTC) Kurz: Threat actors are abusing Claude artifacts and Google Ads in ClickFix campaigns that deliver infostealer malware to macOS users searching for specific queries. […] Quelle: Link Louis Vuitton, Dior, and Tiffany fined $25 million over data breaches (2026-02-13 18:35 UTC) Kurz: South Korea has fined luxury fashion brands Louis Vuitton, Christian Dior Couture, and Tiffany $25 million for failing to implement adequate security measures, which facilitated unauthorized access and the exposure of data belonging to more… Quelle: Link The Hacker News Google Ties Suspected Russian Actor to CANFAIL Malware Attacks on Ukrainian Orgs (2026-02-13 17:27 UTC) Kurz: A previously undocumented threat actor has been attributed to attacks targeting Ukrainian organizations with malware known as CANFAIL. Google Threat Intelligence Group (GTIG) described the hack group as possibly affiliated with Russian inte… Quelle: Link Google Links China, Iran, Russia, North Korea to Coordinated Defense Sector Cyber Operations (2026-02-13 16:23 UTC) Kurz: Several state-sponsored actors, hacktivist entities, and criminal groups from China, Iran, North Korea, and Russia have trained their sights on the defense industrial base (DIB) sector, according to findings from Google Threat Intelligence … Quelle: Link UAT-9921 Deploys VoidLink Malware to Target Technology and Financial Sectors (2026-02-13 15:23 UTC) Kurz: A previously unknown threat actor tracked as UAT-9921 has been observed leveraging a new modular framework called VoidLink in its campaigns targeting the technology and financial services sectors, according to findings from Cisco Talos. “Th… Quelle: Link Neue CVEs (letzte 24h, NVD‑Abgleich) Fortinet FortiGate (7.4.x) Keine neuen Treffer in den letzten 24h. Atlassian (Jira/Confluence) CVE-2026-22892 — CVSS 4.3 (MEDIUM) Kurz: Mattermost versions 11.1.x <= 11.1.2, 10.11.x <= 10.11.9, 11.2.x <= 11.2.1 fail to validate user permissions when creating Jira issues from Mattermost posts, which allows an authenticated attacker with access to the Jira… Quelle: Link HPE/Aruba Switches Keine neuen Treffer in den letzten 24h. VMware ESXi/vCenter (7.x) Keine neuen Treffer in den letzten 24h. Hinweis CVE‑Treffer sind ein Frühwarn‑Check (NVD) und müssen für eure exakten Versionen/Deployments gegengeprüft werden (Vendor Advisory/Patches).

IT‑Sicherheits‑Digest (2026-02-13) Aktuelle Security‑News heise security Attacken auf Systeme mit FortiSandbox und FortiOS möglich (2026-02-12 11:29 UTC) Kurz: Angreifer können unter anderem Firewalls von Fortinet attackieren. Sicherheitsupdates stehen zum Download bereit. Quelle: Link Dell schließt unzählige Sicherheitslücken in Avamar, iDRAC und NetWorker (2026-02-12 09:11 UTC) Kurz: Die Backuplösungen Dell Avamar und NetWorker und die Server-Fernverwaltung iDRAC sind verwundbar. Quelle: Link Kommentar: Neue Windows-Regeln – fraglich für die Sicherheit, nervig für Nutzer (2026-02-11 15:07 UTC) Kurz: Microsoft kündigt deutlich verschärfte Sicherheitsmaßnahmen für Windows an – die wenigstens zweifelhaft bis kontraproduktiv sind, analysiert Moritz Förster. Quelle: Link BleepingComputer Russia tries to block WhatsApp, Telegram in communication blockade (2026-02-12 22:57 UTC) Kurz: The Russian government is attempting to block WhatsApp in the country as its crackdown on communication platforms not under its control intensifies. […] Quelle: Link Bitwarden introduces ‘Cupid Vault’ for secure password sharing (2026-02-12 21:55 UTC) Kurz: Bitwarden has launched a new system called ‘Cupid Vault’ that allows users to safely share passwords with trusted email addresses. […] Quelle: Link Critical BeyondTrust RCE flaw now exploited in attacks, patch now (2026-02-12 21:34 UTC) Kurz: A critical pre-authentication remote code execution vulnerability in BeyondTrust Remote Support and Privileged Remote Access appliances is now being exploited in attacks after a PoC was published online. […] Quelle: Link The Hacker News Google Reports State-Backed Hackers Using Gemini AI for Recon and Attack Support (2026-02-12 17:57 UTC) Kurz: Google on Thursday said it observed the North Korea-linked threat actor known as UNC2970 using its generative artificial intelligence (AI) model Gemini to conduct reconnaissance on its targets, as various hacking groups continue to weaponiz… Quelle: Link Lazarus Campaign Plants Malicious Packages in npm and PyPI Ecosystems (2026-02-12 16:55 UTC) Kurz: Cybersecurity researchers have discovered a fresh set of malicious packages across npm and the Python Package Index (PyPI) repository linked to a fake recruitment-themed campaign orchestrated by the North Korea-linked Lazarus Group. The coo… Quelle: Link ThreatsDay Bulletin: AI Prompt RCE, Claude 0-Click, RenEngine Loader, Auto 0-Days & 25+ Stories (2026-02-12 11:51 UTC) Kurz: Threat activity this week shows one consistent signal — attackers are leaning harder on what already works. Instead of flashy new exploits, many operations are built around quiet misuse of trusted tools, familiar workflows, and overlooked e… Quelle: Link Neue CVEs (letzte 24h, NVD‑Abgleich) Fortinet FortiGate (7.4.x) Keine neuen Treffer in den letzten 24h. Atlassian (Jira/Confluence) Keine neuen Treffer in den letzten 24h. HPE/Aruba Switches Keine neuen Treffer in den letzten 24h. VMware ESXi/vCenter (7.x) Keine neuen Treffer in den letzten 24h. Hinweis CVE‑Treffer sind ein Frühwarn‑Check (NVD) und müssen für eure exakten Versionen/Deployments gegengeprüft werden (Vendor Advisory/Patches).

IT‑Sicherheits‑Digest (2026-02-12) Aktuelle Security‑News heise security Kommentar: Neue Windows-Regeln – fraglich für die Sicherheit, nervig für Nutzer (2026-02-11 15:07 UTC) Kurz: Microsoft kündigt deutlich verschärfte Sicherheitsmaßnahmen für Windows an – die wenigstens zweifelhaft bis kontraproduktiv sind, analysiert Moritz Förster. Quelle: Link Windows 11 erhält Runtime-Integritätsschutz und Zustimmungsabfragen (2026-02-11 12:18 UTC) Kurz: Microsoft kündigt zwei neue Sicherheitsinitiativen für Windows an: Baseline Security Mode und User Transparency and Consent sollen Nutzer besser schützen. Quelle: Link Neue Verschlüsselungs-Empfehlungen des BSI: Das Ende für RSA und ECC naht (2026-02-11 12:14 UTC) Kurz: Das Bundesamt fordert, klassische asymmetrische Verschlüsselungsverfahren ab 2032 nur noch in Kombination mit Post-Quanten-Kryptographie einzusetzen. Quelle: Link BleepingComputer Apple fixes zero-day flaw used in ’extremely sophisticated’ attacks (2026-02-12 01:06 UTC) Kurz: Apple has released security updates to fix a zero-day vulnerability that was exploited in an “extremely sophisticated attack” targeting specific individuals. […] Quelle: Link Windows 11 Notepad flaw let files execute silently via Markdown links (2026-02-11 23:15 UTC) Kurz: Microsoft has fixed a “remote code execution” vulnerability in Windows 11 Notepad that allowed attackers to execute local or remote programs by tricking users into clicking specially crafted Markdown links, without displaying any Windows se… Quelle: Link Microsoft Store Outlook add-in hijacked to steal 4,000 Microsoft accounts (2026-02-11 21:53 UTC) Kurz: The AgreeTo add-in for Outlook has been hijacked and turned into a phishing kit that stole more than 4,000 Microsoft account credentials. […] Quelle: Link The Hacker News Apple Fixes Exploited Zero-Day Affecting iOS, macOS, and Apple Devices (2026-02-12 05:39 UTC) Kurz: Apple on Wednesday released iOS, iPadOS, macOS Tahoe, tvOS, watchOS, and visionOS updates to address a zero-day flaw that it said has been exploited in sophisticated cyber attacks. The vulnerability, tracked as CVE-2026-20700 (CVSS score: N… Quelle: Link First Malicious Outlook Add-In Found Stealing 4,000+ Microsoft Credentials (2026-02-11 17:45 UTC) Kurz: Cybersecurity researchers have discovered what they said is the first known malicious Microsoft Outlook add-in detected in the wild. In this unusual supply chain attack detailed by Koi Security, an unknown attacker claimed the domain associ… Quelle: Link APT36 and SideCopy Launch Cross-Platform RAT Campaigns Against Indian Entities (2026-02-11 14:52 UTC) Kurz: Indian defense sector and government-aligned organizations have been targeted by multiple campaigns that are designed to compromise Windows and Linux environments with remote access trojans capable of stealing sensitive data and ensuring co… Quelle: Link Neue CVEs (letzte 24h, NVD‑Abgleich) Fortinet FortiGate (7.4.x) Keine neuen Treffer in den letzten 24h. Atlassian (Jira/Confluence) Keine neuen Treffer in den letzten 24h. HPE/Aruba Switches Keine neuen Treffer in den letzten 24h. VMware ESXi/vCenter (7.x) Keine neuen Treffer in den letzten 24h. Hinweis CVE‑Treffer sind ein Frühwarn‑Check (NVD) und müssen für eure exakten Versionen/Deployments gegengeprüft werden (Vendor Advisory/Patches).