Posts

IT‑Sicherheits‑Digest (2026-02-16) Aktuelle Security‑News heise security Sicherheit durch KI: Bruce Schneier warnt vor Monopolen und fordert Regulierung (2026-02-15 17:11 UTC) Kurz: Der renommierte Kryptologe Bruce Schneier sieht in KI das Potenzial, Software sicherer zu machen, warnt aber vor Monopolen. Er fordert eine starke Regulierung. Quelle: Link Jetzt aktualisieren! Chrome-Update schließt attackierte Lücke (2026-02-14 20:43 UTC) Kurz: Google hat zum Wochenende ein Notfall-Update für den Webbrowser Chrome veröffentlicht. Es schließt eine bereits attackierte Lücke. Quelle: Link Palantir will Gegendarstellung von Schweizer Magazin gerichtlich durchsetzen (2026-02-13 19:05 UTC) Kurz: Der Datenanalyse-Anbieter Palantir will vor Gericht eine Gegendarstellung erwirken – und löst eine Welle der Solidarität für ein kleines Schweizer Magazin aus. Quelle: Link BleepingComputer Canada Goose investigating as hackers leak 600K customer records (2026-02-16 04:45 UTC) Kurz: ShinyHunters, a well-known data extortion group, claims to have stolen more than 600,000 Canada Goose customer records containing personal and payment-related data. Canada Goose told BleepingComputer the dataset appears to relate to past cu… Quelle: Link New ClickFix attack abuses nslookup to retrieve PowerShell payload via DNS (2026-02-16 00:29 UTC) Kurz: Threat actors are now abusing DNS queries as part of ClickFix social engineering attacks to deliver malware, making this the first known use of DNS as a channel in these campaigns. […] Quelle: Link Windows 11 KB5077181 fixes boot failures linked to failed updates (2026-02-15 22:08 UTC) Kurz: Microsoft says it has resolved a Windows 11 bug that caused some commercial systems to fail to boot with an “UNMOUNTABLE_BOOT_VOLUME” error after installing recent security updates, with the fix delivered in the February 2026 Patch Tuesday … Quelle: Link The Hacker News Microsoft Discloses DNS-Based ClickFix Attack Using Nslookup for Malware Staging (2026-02-15 14:10 UTC) Kurz: Microsoft has disclosed details of a new version of the ClickFix social engineering tactic in which the attackers trick unsuspecting users into running commands that carry out a Domain Name System (DNS) lookup to retrieve the next-stage pay… Quelle: Link Google Ties Suspected Russian Actor to CANFAIL Malware Attacks on Ukrainian Orgs (2026-02-13 17:27 UTC) Kurz: A previously undocumented threat actor has been attributed to attacks targeting Ukrainian organizations with malware known as CANFAIL. Google Threat Intelligence Group (GTIG) described the hacking group as possibly affiliated with Russian i… Quelle: Link Google Links China, Iran, Russia, North Korea to Coordinated Defense Sector Cyber Operations (2026-02-13 16:23 UTC) Kurz: Several state-sponsored actors, hacktivist entities, and criminal groups from China, Iran, North Korea, and Russia have trained their sights on the defense industrial base (DIB) sector, according to findings from Google Threat Intelligence … Quelle: Link Neue CVEs (letzte 24h, NVD‑Abgleich) Fortinet FortiGate (7.4.x) Keine neuen Treffer in den letzten 24h. Atlassian (Jira/Confluence) Keine neuen Treffer in den letzten 24h. HPE/Aruba Switches Keine neuen Treffer in den letzten 24h. VMware ESXi/vCenter (7.x) Keine neuen Treffer in den letzten 24h. Hinweis CVE‑Treffer sind ein Frühwarn‑Check (NVD) und müssen für eure exakten Versionen/Deployments gegengeprüft werden (Vendor Advisory/Patches).

IT‑Sicherheits‑Digest (2026-02-15) Aktuelle Security‑News heise security Jetzt aktualisieren! Chrome-Update schließt attackierte Lücke (2026-02-14 20:43 UTC) Kurz: Google hat zum Wochenende ein Notfall-Update für den Webbrowser Chrome veröffentlicht. Es schließt eine bereits attackierte Lücke. Quelle: Link Palantir will Gegendarstellung von Schweizer Magazin gerichtlich durchsetzen (2026-02-13 19:05 UTC) Kurz: Der Datenanalyse-Anbieter Palantir will vor Gericht eine Gegendarstellung erwirken – und löst eine Welle der Solidarität für ein kleines Schweizer Magazin aus. Quelle: Link IPFire stellt freie Domain-Blockliste DBL vor (2026-02-13 12:46 UTC) Kurz: Die IPFire-Entwickler haben mit DBL eine kategorisierte Domain-Blockliste veröffentlicht. Sie soll Malware, Phishing und Tracker blockieren. Quelle: Link BleepingComputer One threat actor responsible for 83% of recent Ivanti RCE attacks (2026-02-14 16:02 UTC) Kurz: Threat intelligence observations show that a single threat actor is responsible for most of the active exploitation of two critical vulnerabilities in Ivanti Endpoint Manager Mobile (EPMM), tracked as CVE-2026-21962 and CVE-2026-24061. […… Quelle: Link Snail mail letters target Trezor and Ledger users in crypto-theft attacks (2026-02-14 15:15 UTC) Kurz: Threat actors are sending physical letters pretending to be from Trezor and Ledger, makers of cryptocurrency hardware wallets, to trick users into submitting recovery phrases in crypto theft attacks. […] Quelle: Link Fake job recruiters hide malware in developer coding challenges (2026-02-13 22:35 UTC) Kurz: A new variation of the fake recruiter campaign from North Korean threat actors is targeting JavaScript and Python developers with cryptocurrency-related tasks. […] Quelle: Link The Hacker News Google Ties Suspected Russian Actor to CANFAIL Malware Attacks on Ukrainian Orgs (2026-02-13 17:27 UTC) Kurz: A previously undocumented threat actor has been attributed to attacks targeting Ukrainian organizations with malware known as CANFAIL. Google Threat Intelligence Group (GTIG) described the hacking group as possibly affiliated with Russian i… Quelle: Link Google Links China, Iran, Russia, North Korea to Coordinated Defense Sector Cyber Operations (2026-02-13 16:23 UTC) Kurz: Several state-sponsored actors, hacktivist entities, and criminal groups from China, Iran, North Korea, and Russia have trained their sights on the defense industrial base (DIB) sector, according to findings from Google Threat Intelligence … Quelle: Link UAT-9921 Deploys VoidLink Malware to Target Technology and Financial Sectors (2026-02-13 15:23 UTC) Kurz: A previously unknown threat actor tracked as UAT-9921 has been observed leveraging a new modular framework called VoidLink in its campaigns targeting the technology and financial services sectors, according to findings from Cisco Talos. “Th… Quelle: Link Neue CVEs (letzte 24h, NVD‑Abgleich) Fortinet FortiGate (7.4.x) Keine neuen Treffer in den letzten 24h. Atlassian (Jira/Confluence) Keine neuen Treffer in den letzten 24h. HPE/Aruba Switches Keine neuen Treffer in den letzten 24h. VMware ESXi/vCenter (7.x) Keine neuen Treffer in den letzten 24h. Hinweis CVE‑Treffer sind ein Frühwarn‑Check (NVD) und müssen für eure exakten Versionen/Deployments gegengeprüft werden (Vendor Advisory/Patches).

IT‑Sicherheits‑Digest (2026-02-14) Aktuelle Security‑News heise security Palantir will Gegendarstellung von Schweizer Magazin gerichtlich durchsetzen (2026-02-13 19:05 UTC) Kurz: Der Datenanalyse-Anbieter Palantir will vor Gericht eine Gegendarstellung erwirken – und löst eine Welle der Solidarität für ein kleines Schweizer Magazin aus. Quelle: Link IPFire stellt freie Domain-Blockliste DBL vor (2026-02-13 12:46 UTC) Kurz: Die IPFire-Entwickler haben mit DBL eine kategorisierte Domain-Blockliste veröffentlicht. Sie soll Malware, Phishing und Tracker blockieren. Quelle: Link Angreifer können auf Dateisystem von QNAP-NAS zugreifen (2026-02-13 10:46 UTC) Kurz: Sicherheitspatches für die NAS-Betriebssysteme QTS und QuTS hero von Qnap schließen mehrere Lücken. Quelle: Link BleepingComputer Fake job recruiters hide malware in developer coding challenges (2026-02-13 22:35 UTC) Kurz: A new variation of the fake recruiter campaign from North Korean threat actors is targeting JavaScript and Python developers with cryptocurrency-related tasks. […] Quelle: Link Claude LLM artifacts abused to push Mac infostealers in ClickFix attack (2026-02-13 20:21 UTC) Kurz: Threat actors are abusing Claude artifacts and Google Ads in ClickFix campaigns that deliver infostealer malware to macOS users searching for specific queries. […] Quelle: Link Louis Vuitton, Dior, and Tiffany fined $25 million over data breaches (2026-02-13 18:35 UTC) Kurz: South Korea has fined luxury fashion brands Louis Vuitton, Christian Dior Couture, and Tiffany $25 million for failing to implement adequate security measures, which facilitated unauthorized access and the exposure of data belonging to more… Quelle: Link The Hacker News Google Ties Suspected Russian Actor to CANFAIL Malware Attacks on Ukrainian Orgs (2026-02-13 17:27 UTC) Kurz: A previously undocumented threat actor has been attributed to attacks targeting Ukrainian organizations with malware known as CANFAIL. Google Threat Intelligence Group (GTIG) described the hack group as possibly affiliated with Russian inte… Quelle: Link Google Links China, Iran, Russia, North Korea to Coordinated Defense Sector Cyber Operations (2026-02-13 16:23 UTC) Kurz: Several state-sponsored actors, hacktivist entities, and criminal groups from China, Iran, North Korea, and Russia have trained their sights on the defense industrial base (DIB) sector, according to findings from Google Threat Intelligence … Quelle: Link UAT-9921 Deploys VoidLink Malware to Target Technology and Financial Sectors (2026-02-13 15:23 UTC) Kurz: A previously unknown threat actor tracked as UAT-9921 has been observed leveraging a new modular framework called VoidLink in its campaigns targeting the technology and financial services sectors, according to findings from Cisco Talos. “Th… Quelle: Link Neue CVEs (letzte 24h, NVD‑Abgleich) Fortinet FortiGate (7.4.x) Keine neuen Treffer in den letzten 24h. Atlassian (Jira/Confluence) CVE-2026-22892 — CVSS 4.3 (MEDIUM) Kurz: Mattermost versions 11.1.x <= 11.1.2, 10.11.x <= 10.11.9, 11.2.x <= 11.2.1 fail to validate user permissions when creating Jira issues from Mattermost posts, which allows an authenticated attacker with access to the Jira… Quelle: Link HPE/Aruba Switches Keine neuen Treffer in den letzten 24h. VMware ESXi/vCenter (7.x) Keine neuen Treffer in den letzten 24h. Hinweis CVE‑Treffer sind ein Frühwarn‑Check (NVD) und müssen für eure exakten Versionen/Deployments gegengeprüft werden (Vendor Advisory/Patches).

IT‑Sicherheits‑Digest (2026-02-13) Aktuelle Security‑News heise security Attacken auf Systeme mit FortiSandbox und FortiOS möglich (2026-02-12 11:29 UTC) Kurz: Angreifer können unter anderem Firewalls von Fortinet attackieren. Sicherheitsupdates stehen zum Download bereit. Quelle: Link Dell schließt unzählige Sicherheitslücken in Avamar, iDRAC und NetWorker (2026-02-12 09:11 UTC) Kurz: Die Backuplösungen Dell Avamar und NetWorker und die Server-Fernverwaltung iDRAC sind verwundbar. Quelle: Link Kommentar: Neue Windows-Regeln – fraglich für die Sicherheit, nervig für Nutzer (2026-02-11 15:07 UTC) Kurz: Microsoft kündigt deutlich verschärfte Sicherheitsmaßnahmen für Windows an – die wenigstens zweifelhaft bis kontraproduktiv sind, analysiert Moritz Förster. Quelle: Link BleepingComputer Russia tries to block WhatsApp, Telegram in communication blockade (2026-02-12 22:57 UTC) Kurz: The Russian government is attempting to block WhatsApp in the country as its crackdown on communication platforms not under its control intensifies. […] Quelle: Link Bitwarden introduces ‘Cupid Vault’ for secure password sharing (2026-02-12 21:55 UTC) Kurz: Bitwarden has launched a new system called ‘Cupid Vault’ that allows users to safely share passwords with trusted email addresses. […] Quelle: Link Critical BeyondTrust RCE flaw now exploited in attacks, patch now (2026-02-12 21:34 UTC) Kurz: A critical pre-authentication remote code execution vulnerability in BeyondTrust Remote Support and Privileged Remote Access appliances is now being exploited in attacks after a PoC was published online. […] Quelle: Link The Hacker News Google Reports State-Backed Hackers Using Gemini AI for Recon and Attack Support (2026-02-12 17:57 UTC) Kurz: Google on Thursday said it observed the North Korea-linked threat actor known as UNC2970 using its generative artificial intelligence (AI) model Gemini to conduct reconnaissance on its targets, as various hacking groups continue to weaponiz… Quelle: Link Lazarus Campaign Plants Malicious Packages in npm and PyPI Ecosystems (2026-02-12 16:55 UTC) Kurz: Cybersecurity researchers have discovered a fresh set of malicious packages across npm and the Python Package Index (PyPI) repository linked to a fake recruitment-themed campaign orchestrated by the North Korea-linked Lazarus Group. The coo… Quelle: Link ThreatsDay Bulletin: AI Prompt RCE, Claude 0-Click, RenEngine Loader, Auto 0-Days & 25+ Stories (2026-02-12 11:51 UTC) Kurz: Threat activity this week shows one consistent signal — attackers are leaning harder on what already works. Instead of flashy new exploits, many operations are built around quiet misuse of trusted tools, familiar workflows, and overlooked e… Quelle: Link Neue CVEs (letzte 24h, NVD‑Abgleich) Fortinet FortiGate (7.4.x) Keine neuen Treffer in den letzten 24h. Atlassian (Jira/Confluence) Keine neuen Treffer in den letzten 24h. HPE/Aruba Switches Keine neuen Treffer in den letzten 24h. VMware ESXi/vCenter (7.x) Keine neuen Treffer in den letzten 24h. Hinweis CVE‑Treffer sind ein Frühwarn‑Check (NVD) und müssen für eure exakten Versionen/Deployments gegengeprüft werden (Vendor Advisory/Patches).

IT‑Sicherheits‑Digest (2026-02-12) Aktuelle Security‑News heise security Kommentar: Neue Windows-Regeln – fraglich für die Sicherheit, nervig für Nutzer (2026-02-11 15:07 UTC) Kurz: Microsoft kündigt deutlich verschärfte Sicherheitsmaßnahmen für Windows an – die wenigstens zweifelhaft bis kontraproduktiv sind, analysiert Moritz Förster. Quelle: Link Windows 11 erhält Runtime-Integritätsschutz und Zustimmungsabfragen (2026-02-11 12:18 UTC) Kurz: Microsoft kündigt zwei neue Sicherheitsinitiativen für Windows an: Baseline Security Mode und User Transparency and Consent sollen Nutzer besser schützen. Quelle: Link Neue Verschlüsselungs-Empfehlungen des BSI: Das Ende für RSA und ECC naht (2026-02-11 12:14 UTC) Kurz: Das Bundesamt fordert, klassische asymmetrische Verschlüsselungsverfahren ab 2032 nur noch in Kombination mit Post-Quanten-Kryptographie einzusetzen. Quelle: Link BleepingComputer Apple fixes zero-day flaw used in ’extremely sophisticated’ attacks (2026-02-12 01:06 UTC) Kurz: Apple has released security updates to fix a zero-day vulnerability that was exploited in an “extremely sophisticated attack” targeting specific individuals. […] Quelle: Link Windows 11 Notepad flaw let files execute silently via Markdown links (2026-02-11 23:15 UTC) Kurz: Microsoft has fixed a “remote code execution” vulnerability in Windows 11 Notepad that allowed attackers to execute local or remote programs by tricking users into clicking specially crafted Markdown links, without displaying any Windows se… Quelle: Link Microsoft Store Outlook add-in hijacked to steal 4,000 Microsoft accounts (2026-02-11 21:53 UTC) Kurz: The AgreeTo add-in for Outlook has been hijacked and turned into a phishing kit that stole more than 4,000 Microsoft account credentials. […] Quelle: Link The Hacker News Apple Fixes Exploited Zero-Day Affecting iOS, macOS, and Apple Devices (2026-02-12 05:39 UTC) Kurz: Apple on Wednesday released iOS, iPadOS, macOS Tahoe, tvOS, watchOS, and visionOS updates to address a zero-day flaw that it said has been exploited in sophisticated cyber attacks. The vulnerability, tracked as CVE-2026-20700 (CVSS score: N… Quelle: Link First Malicious Outlook Add-In Found Stealing 4,000+ Microsoft Credentials (2026-02-11 17:45 UTC) Kurz: Cybersecurity researchers have discovered what they said is the first known malicious Microsoft Outlook add-in detected in the wild. In this unusual supply chain attack detailed by Koi Security, an unknown attacker claimed the domain associ… Quelle: Link APT36 and SideCopy Launch Cross-Platform RAT Campaigns Against Indian Entities (2026-02-11 14:52 UTC) Kurz: Indian defense sector and government-aligned organizations have been targeted by multiple campaigns that are designed to compromise Windows and Linux environments with remote access trojans capable of stealing sensitive data and ensuring co… Quelle: Link Neue CVEs (letzte 24h, NVD‑Abgleich) Fortinet FortiGate (7.4.x) Keine neuen Treffer in den letzten 24h. Atlassian (Jira/Confluence) Keine neuen Treffer in den letzten 24h. HPE/Aruba Switches Keine neuen Treffer in den letzten 24h. VMware ESXi/vCenter (7.x) Keine neuen Treffer in den letzten 24h. Hinweis CVE‑Treffer sind ein Frühwarn‑Check (NVD) und müssen für eure exakten Versionen/Deployments gegengeprüft werden (Vendor Advisory/Patches).

IT‑Sicherheits‑Digest (2026-02-11) Aktuelle Security‑News heise security Attacken auf BeyondTrust Remote Support und Privileged Remote Access möglich (2026-02-10 11:27 UTC) Kurz: Zwei Fernwartungslösungen von BeyondTrust sind verwundbar. Sicherheitsupdates schließen eine kritische Lücke. Quelle: Link Archive.today: Betreiber setzt Nutzer für DDoS-Attacke ein (2026-02-10 11:00 UTC) Kurz: Der Betreiber von Archive.today setzt Besucher seiner Seite ohne deren Wissen für eine DDoS-Attacke ein. Betroffener ist ein finnischer Blogger. Quelle: Link Jetzt patchen! Abermals Attacken auf SolarWinds Web Help Desk beobachtet (2026-02-10 08:17 UTC) Kurz: Sicherheitsforschern zufolge nutzen Angreifer derzeit kritische Schadcode-Lücken in SolarWinds Web Help Desk aus. Quelle: Link BleepingComputer Microsoft releases Windows 11 26H1 for select and upcoming CPUs (2026-02-11 02:06 UTC) Kurz: Microsoft has announced Windows 11 26H1, but it’s not for existing PCs. Instead, it will ship on devices with Snapdragon X2 processors and possibly other rumored ARM chips.w […] Quelle: Link New Linux botnet SSHStalker uses old-school IRC for C2 comms (2026-02-10 23:09 UTC) Kurz: A newly documented Linux botnet named SSHStalker is using the IRC (Internet Relay Chat) communication protocol for command-and-control (C2) operations. […] Quelle: Link North Korean hackers use new macOS malware in crypto-theft attacks (2026-02-10 22:17 UTC) Kurz: North Korean hackers are running tailored campaigns using AI-generated video and the ClickFix technique to deliver malware for macOS and Windows to targets in the cryptocurrency sector. […] Quelle: Link The Hacker News DPRK Operatives Impersonate Professionals on LinkedIn to Infiltrate Companies (2026-02-10 17:44 UTC) Kurz: The information technology (IT) workers associated with the Democratic People’s Republic of Korea (DPRK) are now applying to remote positions using real LinkedIn accounts of individuals they’re impersonating, marking a new escalation of the… Quelle: Link Reynolds Ransomware Embeds BYOVD Driver to Disable EDR Security Tools (2026-02-10 14:36 UTC) Kurz: Cybersecurity researchers have disclosed details of an emergent ransomware family dubbed Reynolds that comes embedded with a built-in bring your own vulnerable driver (BYOVD) component for defense evasion purposes within the ransomware payl… Quelle: Link From Ransomware to Residency: Inside the Rise of the Digital Parasite (2026-02-10 13:59 UTC) Kurz: Are ransomware and encryption still the defining signals of modern cyberattacks, or has the industry been too fixated on noise while missing a more dangerous shift happening quietly all around them? According to Picus Labs’ new Red Report 2… Quelle: Link Neue CVEs (letzte 24h, NVD‑Abgleich) Fortinet FortiGate (7.4.x) CVE-2025-52436 — CVSS 8.8 (HIGH) Kurz: An Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability [CWE-79] vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.1, FortiSandbox 4.4.0 through 4.4.7, FortiSandbox 4.… Quelle: Link CVE-2026-22153 — CVSS 8.1 (HIGH) Kurz: An Authentication Bypass by Primary Weakness vulnerability [CWE-305] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.4 may allow an unauthenticated attacker to bypass LDAP authentication of Agentless VPN or FSSO poli… Quelle: Link CVE-2025-62676 — CVSS 7.1 (HIGH) Kurz: An Improper Link Resolution Before File Access (‘Link Following’) vulnerability [CWE-59] vulnerability in Fortinet FortiClientWindows 7.4.0 through 7.4.4, FortiClientWindows 7.2.0 through 7.2.12, FortiClientWindows 7.0 a… Quelle: Link CVE-2025-64157 — CVSS 6.7 (MEDIUM) Kurz: A use of externally-controlled format string vulnerability in Fortinet FortiOS 7.6.0 through 7.6.4, FortiOS 7.4.0 through 7.4.9, FortiOS 7.2.0 through 7.2.11, FortiOS 7.0 all versions allows an authenticated admin to exe… Quelle: Link CVE-2025-68686 — CVSS 5.9 (MEDIUM) Kurz: An Exposure of Sensitive Information to an Unauthorized Actor vulnerability [CWE-200] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.1, FortiOS 7.4.0 through 7.4.6, FortiOS 7.2 all versions, FortiOS 7.0 all versions… Quelle: Link CVE-2025-55018 — CVSS 5.8 (MEDIUM) Kurz: An inconsistent interpretation of http requests (‘http request smuggling’) vulnerability in Fortinet FortiOS 7.6.0, FortiOS 7.4.0 through 7.4.9, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4.3 through 6… Quelle: Link Atlassian (Jira/Confluence) Keine neuen Treffer in den letzten 24h. HPE/Aruba Switches Keine neuen Treffer in den letzten 24h. VMware ESXi/vCenter (7.x) CVE-2025-25058 — CVSS 3.3 (LOW) Kurz: Improper initialization for some ESXi kernel mode driver for the Intel(R) Ethernet 800-Series before version 2.2.2.0 (esxi 8.0) & 2.2.3.0 (esxi 9.0) within Ring 1: Device Drivers may allow an information disclosure. … Quelle: Link Hinweis CVE‑Treffer sind ein Frühwarn‑Check (NVD) und müssen für eure exakten Versionen/Deployments gegengeprüft werden (Vendor Advisory/Patches).

IT‑Sicherheits‑Digest (2026-02-11) Aktuelle Security‑News heise security Attacken auf BeyondTrust Remote Support und Privileged Remote Access möglich (2026-02-10 11:27 UTC) Kurz: Zwei Fernwartungslösungen von BeyondTrust sind verwundbar. Sicherheitsupdates schließen eine kritische Lücke. Quelle: Link Archive.today: Betreiber setzt Nutzer für DDoS-Attacke ein (2026-02-10 11:00 UTC) Kurz: Der Betreiber von Archive.today setzt Besucher seiner Seite ohne deren Wissen für eine DDoS-Attacke ein. Betroffener ist ein finnischer Blogger. Quelle: Link Jetzt patchen! Abermals Attacken auf SolarWinds Web Help Desk beobachtet (2026-02-10 08:17 UTC) Kurz: Sicherheitsforschern zufolge nutzen Angreifer derzeit kritische Schadcode-Lücken in SolarWinds Web Help Desk aus. Quelle: Link BleepingComputer New Linux botnet SSHStalker uses old-school IRC for C2 comms (2026-02-10 23:09 UTC) Kurz: A newly documented Linux botnet named SSHStalker is using the IRC (Internet Relay Chat) communication protocol for command-and-control (C2) operations. […] Quelle: Link North Korean hackers use new macOS malware in crypto-theft attacks (2026-02-10 22:17 UTC) Kurz: North Korean hackers are running tailored campaigns using AI-generated video and the ClickFix technique to deliver malware for macOS and Windows to targets in the cryptocurrency sector. […] Quelle: Link Malicious 7-Zip site distributes installer laced with proxy tool (2026-02-10 19:12 UTC) Kurz: A fake 7-Zip website is distributing a trojanized installer of the popular archiving tool that turns the user’s computer into a residential proxy node. […] Quelle: Link The Hacker News DPRK Operatives Impersonate Professionals on LinkedIn to Infiltrate Companies (2026-02-10 17:44 UTC) Kurz: The information technology (IT) workers associated with the Democratic People’s Republic of Korea (DPRK) are now applying to remote positions using real LinkedIn accounts of individuals they’re impersonating, marking a new escalation of the… Quelle: Link Reynolds Ransomware Embeds BYOVD Driver to Disable EDR Security Tools (2026-02-10 14:36 UTC) Kurz: Cybersecurity researchers have disclosed details of an emergent ransomware family dubbed Reynolds that comes embedded with a built-in bring your own vulnerable driver (BYOVD) component for defense evasion purposes within the ransomware payl… Quelle: Link From Ransomware to Residency: Inside the Rise of the Digital Parasite (2026-02-10 13:59 UTC) Kurz: Are ransomware and encryption still the defining signals of modern cyberattacks, or has the industry been too fixated on noise while missing a more dangerous shift happening quietly all around them? According to Picus Labs’ new Red Report 2… Quelle: Link Neue CVEs (letzte 24h, NVD‑Abgleich) Fortinet FortiGate (7.4.x) CVE-2025-52436 — CVSS 8.8 (HIGH) Kurz: An Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability [CWE-79] vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.1, FortiSandbox 4.4.0 through 4.4.7, FortiSandbox 4.… Quelle: Link CVE-2026-22153 — CVSS 8.1 (HIGH) Kurz: An Authentication Bypass by Primary Weakness vulnerability [CWE-305] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.4 may allow an unauthenticated attacker to bypass LDAP authentication of Agentless VPN or FSSO poli… Quelle: Link CVE-2025-62676 — CVSS 7.1 (HIGH) Kurz: An Improper Link Resolution Before File Access (‘Link Following’) vulnerability [CWE-59] vulnerability in Fortinet FortiClientWindows 7.4.0 through 7.4.4, FortiClientWindows 7.2.0 through 7.2.12, FortiClientWindows 7.0 a… Quelle: Link CVE-2025-64157 — CVSS 6.7 (MEDIUM) Kurz: A use of externally-controlled format string vulnerability in Fortinet FortiOS 7.6.0 through 7.6.4, FortiOS 7.4.0 through 7.4.9, FortiOS 7.2.0 through 7.2.11, FortiOS 7.0 all versions allows an authenticated admin to exe… Quelle: Link CVE-2025-68686 — CVSS 5.9 (MEDIUM) Kurz: An Exposure of Sensitive Information to an Unauthorized Actor vulnerability [CWE-200] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.1, FortiOS 7.4.0 through 7.4.6, FortiOS 7.2 all versions, FortiOS 7.0 all versions… Quelle: Link CVE-2025-55018 — CVSS 5.8 (MEDIUM) Kurz: An inconsistent interpretation of http requests (‘http request smuggling’) vulnerability in Fortinet FortiOS 7.6.0, FortiOS 7.4.0 through 7.4.9, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4.3 through 6… Quelle: Link Atlassian (Jira/Confluence) Keine neuen Treffer in den letzten 24h. HPE/Aruba Switches Keine neuen Treffer in den letzten 24h. VMware ESXi/vCenter (7.x) CVE-2025-25058 — CVSS 3.3 (LOW) Kurz: Improper initialization for some ESXi kernel mode driver for the Intel(R) Ethernet 800-Series before version 2.2.2.0 (esxi 8.0) & 2.2.3.0 (esxi 9.0) within Ring 1: Device Drivers may allow an information disclosure. … Quelle: Link Hinweis CVE‑Treffer sind ein Frühwarn‑Check (NVD) und müssen für eure exakten Versionen/Deployments gegengeprüft werden (Vendor Advisory/Patches).

IT‑Sicherheits‑Digest (2026-02-09) Aktuelle Security‑News heise security DoS- und Schadcode-Attacken auf IBM App Connect Enterprise möglich (2026-02-08 12:54 UTC) Kurz: Mehrere Softwareschwachstellen bedrohen Systeme mit IBM App Connect Enterprise oder WebSphere Service Registry and Repository Studio. Quelle: Link Weniger Enkeltrick-Anrufe und betrügerische Paket-SMS (2026-02-08 11:11 UTC) Kurz: Betrugsversuche per Telefon bleiben ein Problem – auch wenn die Zahlen rückläufig sind, und Warnsysteme der Provider offenbar greifen. Quelle: Link Zyxel-Firewalls: Angreifer können System-Befehle ausführen (2026-02-08 11:06 UTC) Kurz: Ein Sicherheitsupdate schützt bestimmte Firewalls von Zyxel vor möglichen Angriffen. Attacken sind aber nicht ohne Weiteres möglich. Quelle: Link BleepingComputer New tool blocks imposter attacks disguised as safe commands (2026-02-08 15:26 UTC) Kurz: A new open-source and cross-platform tool called Tirith can detect homoglyph attacks over command-line environments by analyzing URLs in typed commands and stopping their execution. […] Quelle: Link State actor targets 155 countries in ‘Shadow Campaigns’ espionage op (2026-02-07 15:09 UTC) Kurz: A new state-aligned cyberespionage threat group tracked as TGR-STA-1030/UNC6619, has conducted a global-scale operation dubbed the “Shadow Campaigns,” where it targeted government infrastructure in 155 countries. […] Quelle: Link Payments platform BridgePay confirms ransomware attack behind outage (2026-02-07 09:47 UTC) Kurz: A major U.S. payment gateway and solutions provider says a ransomware attack has knocked key systems offline, triggering a widespread outage affecting multiple services. The incident began on Friday and quickly escalated into a nationwide d… Quelle: Link The Hacker News OpenClaw Integrates VirusTotal Scanning to Detect Malicious ClawHub Skills (2026-02-08 07:32 UTC) Kurz: OpenClaw (formerly Moltbot and Clawdbot) has announced that it’s partnering with Google-owned VirusTotal to scan skills that are being uploaded to ClawHub, its skill marketplace, as part of broader efforts to bolster the security of the age… Quelle: Link German Agencies Warn of Signal Phishing Targeting Politicians, Military, Journalists (2026-02-07 11:15 UTC) Kurz: Germany’s Federal Office for the Protection of the Constitution (aka Bundesamt für Verfassungsschutz or BfV) and Federal Office for Information Security (BSI) have issued a joint advisory warning of a malicious cyber campaign undertaken by … Quelle: Link China-Linked DKnife AitM Framework Targets Routers for Traffic Hijacking, Malware Delivery (2026-02-06 14:56 UTC) Kurz: Cybersecurity researchers have taken the wraps off a gateway-monitoring and adversary-in-the-middle (AitM) framework dubbed DKnife that’s operated by China-nexus threat actors since at least 2019. The framework comprises seven Linux-based i… Quelle: Link Neue CVEs (letzte 24h, NVD‑Abgleich) Fortinet FortiGate (7.4.x) Keine neuen Treffer in den letzten 24h. Atlassian (Jira/Confluence) Keine neuen Treffer in den letzten 24h. HPE/Aruba Switches Keine neuen Treffer in den letzten 24h. VMware ESXi/vCenter (7.x) Keine neuen Treffer in den letzten 24h. Hinweis CVE‑Treffer sind ein Frühwarn‑Check (NVD) und müssen für eure exakten Versionen/Deployments gegengeprüft werden (Vendor Advisory/Patches).

IT‑Sicherheits‑Digest (2026-02-08) Aktuelle Security‑News heise security Freiwillige Chatkontrolle: EU-Parlament plant nächste Frist-Verlängerung (2026-02-07 17:55 UTC) Kurz: Eigentlich sollten anlasslose Scans privater Nachrichten längst Geschichte sein. Doch die EU-Institutionen treiben die nächste Verlängerung der Maßnahme voran. Quelle: Link Kryptobörse verschenkt versehentlich 44 Milliarden Dollar (2026-02-07 16:59 UTC) Kurz: Folgenschwere Panne bei einer Werbeaktion der südkoreanischen Kryptowährungsbörse Bithumb: Durch einen Fehler erhielten 695 Nutzer je mindestens 2000 Bitcoin. Quelle: Link Angriff per Signal: BfV und BSI warnen Politiker, Militärs und Diplomaten (2026-02-06 13:27 UTC) Kurz: Ein vergangene Woche bekannt gewordener Angriff auf Nutzer des Messengers Signal zielt auf Bundestagsabgeordnete und andere wichtige Personen ab. Quelle: Link BleepingComputer State actor targets 155 countries in ‘Shadow Campaigns’ espionage op (2026-02-07 15:09 UTC) Kurz: A new state-aligned cyberespionage threat group tracked as TGR-STA-1030/UNC6619, has conducted a global-scale operation dubbed the “Shadow Campaigns,” where it targeted government infrastructure in 155 countries. […] Quelle: Link Payments platform BridgePay confirms ransomware attack behind outage (2026-02-07 09:47 UTC) Kurz: A major U.S. payment gateway and solutions provider says a ransomware attack has knocked key systems offline, triggering a widespread outage affecting multiple services. The incident began on Friday and quickly escalated into a nationwide d… Quelle: Link Germany warns of Signal account hijacking targeting senior figures (2026-02-06 20:00 UTC) Kurz: Germany’s domestic intelligence agency is warning of suspected state-sponsored threat actors targeting high-ranking individuals in phishing attacks via messaging apps like Signal. […] Quelle: Link The Hacker News German Agencies Warn of Signal Phishing Targeting Politicians, Military, Journalists (2026-02-07 11:15 UTC) Kurz: Germany’s Federal Office for the Protection of the Constitution (aka Bundesamt für Verfassungsschutz or BfV) and Federal Office for Information Security (BSI) have issued a joint advisory warning of a malicious cyber campaign undertaken by … Quelle: Link China-Linked DKnife AitM Framework Targets Routers for Traffic Hijacking, Malware Delivery (2026-02-06 14:56 UTC) Kurz: Cybersecurity researchers have taken the wraps off a gateway-monitoring and adversary-in-the-middle (AitM) framework dubbed DKnife that’s operated by China-nexus threat actors since at least 2019. The framework comprises seven Linux-based i… Quelle: Link CISA Orders Removal of Unsupported Edge Devices to Reduce Federal Network Risk (2026-02-06 13:43 UTC) Kurz: The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has ordered Federal Civilian Executive Branch (FCEB) agencies to strengthen asset lifecycle management for edge network devices and remove those that no longer receive securit… Quelle: Link Neue CVEs (letzte 24h, NVD‑Abgleich) Fortinet FortiGate (7.4.x) Keine neuen Treffer in den letzten 24h. Atlassian (Jira/Confluence) Keine neuen Treffer in den letzten 24h. HPE/Aruba Switches Keine neuen Treffer in den letzten 24h. VMware ESXi/vCenter (7.x) Keine neuen Treffer in den letzten 24h. Hinweis CVE‑Treffer sind ein Frühwarn‑Check (NVD) und müssen für eure exakten Versionen/Deployments gegengeprüft werden (Vendor Advisory/Patches).

IT‑Sicherheits‑Digest (2026-02-07) Aktuelle Security‑News heise security Angriff per Signal: BfV und BSI warnen Politiker, Militärs und Diplomaten (2026-02-06 13:27 UTC) Kurz: Ein vergangene Woche bekannt gewordener Angriff auf Nutzer des Messengers Signal zielt auf Bundestagsabgeordnete und andere wichtige Personen ab. Quelle: Link Deutsche Bahn führt stillschweigend Passkeys ein (2026-02-06 11:13 UTC) Kurz: Bei der Deutschen Bahn ist ab sofort das Login mittels Passkeys möglich. Ein deutlicher Schritt vorwärts für die Kontosicherheit. Quelle: Link Debian: Projektleiter warnt vor stillem Rückzug von Entwicklern (2026-02-06 10:22 UTC) Kurz: Debian-Projektleiter Andreas Tille prangert ein strukturelles Problem an: Entwickler verschwinden ohne Rückmeldung – mit Folgen für Sicherheit und Wartung. Quelle: Link BleepingComputer Germany warns of Signal account hijacking targeting senior figures (2026-02-06 20:00 UTC) Kurz: Germany’s domestic intelligence agency is warning of suspected state-sponsored threat actors targeting high-ranking individuals in phishing attacks via messaging apps like Signal. […] Quelle: Link DKnife Linux toolkit hijacks router traffic to spy, deliver malware (2026-02-06 18:35 UTC) Kurz: A newly discovered toolkit called DKnife has been used since 2019 to hijack traffic at the edge-device level and deliver malware in espionage campaigns. […] Quelle: Link CISA warns of SmarterMail RCE flaw used in ransomware attacks (2026-02-06 17:16 UTC) Kurz: The Cybersecurity & Infrastructure Security Agency (CISA) in the U.S. has issued a warning about CVE-2026-24423, an unauthenticated remote code execution (RCE) flaw in SmarterMail that is used in ransomware attacks. […] Quelle: Link The Hacker News China-Linked DKnife AitM Framework Targets Routers for Traffic Hijacking, Malware Delivery (2026-02-06 14:56 UTC) Kurz: Cybersecurity researchers have taken the wraps off a gateway-monitoring and adversary-in-the-middle (AitM) framework dubbed DKnife that’s operated by China-nexus threat actors since at least 2019. The framework comprises seven Linux-based i… Quelle: Link CISA Orders Removal of Unsupported Edge Devices to Reduce Federal Network Risk (2026-02-06 13:43 UTC) Kurz: The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has ordered Federal Civilian Executive Branch (FCEB) agencies to strengthen asset lifecycle management for edge network devices and remove those that no longer receive securit… Quelle: Link Asian State-Backed Group TGR-STA-1030 Breaches 70 Government, Infrastructure Entities (2026-02-06 12:07 UTC) Kurz: A previously undocumented cyber espionage group operating from Asia broke into the networks of at least 70 government and critical infrastructure organizations across 37 countries over the past year, according to new findings from Palo Alto… Quelle: Link Neue CVEs (letzte 24h, NVD‑Abgleich) Fortinet FortiGate (7.4.x) CVE-2026-21643 — CVSS 9.8 (CRITICAL) Kurz: An improper neutralization of special elements used in an sql command (‘sql injection’) vulnerability in Fortinet FortiClientEMS 7.4.4 may allow an unauthenticated attacker to execute unauthorized code or commands via sp… Quelle: Link Atlassian (Jira/Confluence) CVE-2025-13523 — CVSS 7.7 (HIGH) Kurz: Mattermost Confluence plugin version <1.7.0 fails to properly escape user-controlled display names in HTML template rendering which allows authenticated Confluence users with malicious display names to execute arbitrary … Quelle: Link HPE/Aruba Switches Keine neuen Treffer in den letzten 24h. VMware ESXi/vCenter (7.x) Keine neuen Treffer in den letzten 24h. Hinweis CVE‑Treffer sind ein Frühwarn‑Check (NVD) und müssen für eure exakten Versionen/Deployments gegengeprüft werden (Vendor Advisory/Patches).