Archiv fĂźr Februar 2026

📄
security

CISA Adds Four Known Exploited Vulnerabilities to Catalog

CISA has added four new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.  CVE-2019-19006 Sangoma FreePBX Improper Authentication Vulnerability CVE-2021-39935 GitLab Community and Enterprise Editions Server-Side Request Forgery (SSRF) Vulnerability CVE-2025-40551 SolarWinds Web Help Desk Deserialization of Untrusted Data Vulnerability CVE-2025-64328 Sangoma FreePBX OS Command Injection Vulnerability  These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.  Binding Operational Directive (BOD) […]

Mehr lesen →
📄
security

Please Don’t Feed the Scattered Lapsus ShinyHunters

A prolific data ransom gang that calls itself Scattered Lapsus ShinyHunters (SLSH) has a distinctive playbook when it seeks to extort payment from victim firms: Harassing, threatening and even swatting executives and their families, all while notifying journalists and regulators… Read More »

Mehr lesen →
📄
pinball

FLIPPER FRIENDS™: ALL-LEGENDS TOURNAMENT SERIES | SEASON 1: WEEK 13

sponsored blog post  Legends players, it’s tournament time! Wrap up the season with frozen adventures, wild circus fun, and international pinball flair! Compete together on your Legends 4K™, HDP™, or HD device and make one last push up the leaderboard. This Week’s Tables:  Polar Expedition – included in Natural History Pinball Pack 2  Clown Deluxe […]

Mehr lesen →
📄
security

Wirksamer Schutz von Benutzerkonten: Der Ändere-dein-Passwort-Tag braucht ein Update

von BSI Presse-Meldungen •

Der „Ändere-dein-Passwort-Tag“ am 1. Februar soll daran erinnern, Passwörter regelmäßig zu erneuern – für den Fall, dass ein Passwort unbemerkt in die Hände von unbefugten Dritten gelangt ist. Tatsächlich ist ein pauschaler Passwortwechsel jedoch keine zeitgemäße Schutzmaßnahme mehr.

Mehr lesen →
📄
security

Fortinet Releases Guidance to Address Ongoing Exploitation of Authentication Bypass Vulnerability CVE-2026-24858

Newly disclosed vulnerability Common Vulnerabilities and Exposures (CVE)-2026-24858 [Common Weakness Enumeration (CWE)-288: Authentication Bypass Using an Alternate Path or Channel] allows malicious actors with a FortiCloud account and a registered device to log in to separate devices registered to other users in FortiOS, FortiManager, FortiWeb, FortiProxy, and FortiAnalyzer, if FortiCloud single sign on (SSO) is […]

Mehr lesen →
📄
security

CISA Adds Five Known Exploited Vulnerabilities to Catalog

CISA has added five new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2018-Adresse geschuetzt CVE-2025-Adresse geschuetzt CVE-2026-Adresse geschuetzt CVE-2026-Adresse geschuetzt CVE-2026-Adresse geschuetzt These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing […]

Mehr lesen →