Archiv für März 2026

In early January 2026, KrebsOnSecurity revealed how a security researcher disclosed a vulnerability that was used to assemble Kimwolf, the world’s largest and most disruptive botnet. Since then, the person in control of Kimwolf — who goes by the handle „Dort“ — has coordinated a barrage of distributed denial-of-service (DDoS), doxing and email flooding attacks […]

Finding Signal in the Noise: Lessons Learned Running a Honeypot with AI Assistance [Guest Diary] https://isc.sans.edu/diary/Finding%20Signal%20in%20the%20Noise%3A%20Lessons%20Learned%20Running%20a%20Honeypot%20with%20AI%20Assistance%20%5BGuest%20Diary%5D/32744 Google API Keys Weren’t Secrets. But then Gemini Changed the Rules. https://trufflesecurity.com/blog/google-api-keys-werent-secrets-but-then-gemini-changed-the-rules AirSnitch: Demystifying and Breaking Client Isolation in Wi-Fi Networks https://www.ndss-symposium.org/ndss-paper/airsnitch-demystifying-and-breaking-client-isolation-in-wi-fi-networks/

The CLAIR Model: A Synthesized Conceptual Framework for Mapping Critical Infrastructure Interdependencies [Guest Diary] https://isc.sans.edu/diary/The+CLAIR+Model+A+Synthesized+Conceptual+Framework+for+Mapping+Critical+Infrastructure+Interdependencies+Guest+Diary/32748 Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability CVE-2026-20127 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-rpa-EHchtZk https://blog.talosintelligence.com/uat-8616-sd-wan/ Abusing Cortex XDR Live https://labs.infoguard.ch/posts/abusing_cortex_xdr_live_response_as_c2/ OpenSSL Vulnerability CVE-2025-15467 https://seclists.org/oss-sec/2026/q1/220

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.  CVE-2022-20775 Cisco Catalyst SD-WAN Path Traversal Vulnerability CVE-2026-20127 Cisco Catalyst SD-WAN Controller and Manager Authentication Bypass Vulnerability  These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.  Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the […]

Open Redirects: A Forgotten Vulnerability? https://isc.sans.edu/diary/Open%20Redirects%3A%20A%20Forgotten%20Vulnerability%3F/32742 Goodbye innerHTML, Hello setHTML: Stronger XSS Protection in Firefox 148 https://hacks.mozilla.org/2026/02/goodbye-innerhtml-hello-sethtml-stronger-xss-protection-in-firefox-148/ More telnetd issues https://seclists.org/oss-sec/2026/q1/199

Another day, another malicious JPEG https://isc.sans.edu/diary/Another%20day%2C%20another%20malicious%20JPEG/32738 Calibre Path Traversal Leading to Arbitrary File Write and Potentially Code Execution CVE-2026-26064 CVE-2026-26065 https://github.com/kovidgoyal/calibre/security/advisories/GHSA-72ch-3hqc-pgmp https://github.com/kovidgoyal/calibre/security/advisories/GHSA-vmfh-7mr7-pp2w CVE-2026-25755: PDF Object Injection in jsPDF (addJS Method) https://github.com/ZeroXJacks/CVEs/blob/main/2026/CVE-2026-25755.md Roundcube Webmail Exploited CVE-2025-49113 https://roundcube.net/news/2025/06/01/security-updates-1.6.11-and-1.5.10 https://www.openwall.com/lists/oss-security/2025/06/02/3