security

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.  CVE-2022-20775 Cisco Catalyst SD-WAN Path Traversal Vulnerability CVE-2026-20127 Cisco Catalyst SD-WAN Controller and Manager Authentication Bypass Vulnerability  These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.  Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the […]

Open Redirects: A Forgotten Vulnerability? https://isc.sans.edu/diary/Open%20Redirects%3A%20A%20Forgotten%20Vulnerability%3F/32742 Goodbye innerHTML, Hello setHTML: Stronger XSS Protection in Firefox 148 https://hacks.mozilla.org/2026/02/goodbye-innerhtml-hello-sethtml-stronger-xss-protection-in-firefox-148/ More telnetd issues https://seclists.org/oss-sec/2026/q1/199

Another day, another malicious JPEG https://isc.sans.edu/diary/Another%20day%2C%20another%20malicious%20JPEG/32738 Calibre Path Traversal Leading to Arbitrary File Write and Potentially Code Execution CVE-2026-26064 CVE-2026-26065 https://github.com/kovidgoyal/calibre/security/advisories/GHSA-72ch-3hqc-pgmp https://github.com/kovidgoyal/calibre/security/advisories/GHSA-vmfh-7mr7-pp2w CVE-2026-25755: PDF Object Injection in jsPDF (addJS Method) https://github.com/ZeroXJacks/CVEs/blob/main/2026/CVE-2026-25755.md Roundcube Webmail Exploited CVE-2025-49113 https://roundcube.net/news/2025/06/01/security-updates-1.6.11-and-1.5.10 https://www.openwall.com/lists/oss-security/2025/06/02/3

Japanese-Language Phishing Emails https://isc.sans.edu/diary/Japanese-Language%20Phishing%20Emails/32734 ‚God-Like‘ Attack Machines: AI Agents Ignore Security Policies https://www.darkreading.com/application-security/ai-agents-ignore-security-policies Starkiller: New Phishing Framework Proxies Real Login Pages to Bypass MFA https://abnormal.ai/blog/starkiller-phishing-kit

Most phishing websites are little more than static copies of login pages for popular online destinations, and they are often quickly taken down by anti-abuse activists and security firms. But a stealthy new phishing-as-a-service offering lets customers sidestep both of these pitfalls: It uses cleverly disguised links to load the target brand’s real website, and […]

Under the Hood of DynoWiper https://isc.sans.edu/diary/Under%20the%20Hood%20of%20DynoWiper/32730 Vibe Password Generation: Predictable by Design https://www.irregular.com/publications/vibe-password-generation Vulnerabilities (CVE-2025-65715, CVE-2025-65716, CVE-2025-65717) in four popular IDE Extensions https://www.ox.security/blog/four-vulnerabilities-expose-a-massive-security-blind-spot-in-ide-extensions/ Grandstream GXP1600 VoIP Phones https://www.rapid7.com/blog/post/ve-cve-2026-2329-critical-unauthenticated-stack-buffer-overflow-in-grandstream-gxp1600-voip-phones-fixed/

Tracking Malware Campaigns With Reused Material https://isc.sans.edu/diary/Tracking%20Malware%20Campaigns%20With%20Reused%20Material/32726 From BRICKSTORM to GRIMBOLT: UNC6201 Exploiting a Dell RecoverPoint for Virtual Machines Zero-Day https://cloud.google.com/blog/topics/threat-intelligence/unc6201-exploiting-dell-recoverpoint-zero-day Windows Admin Center Elevation of Privilege Vulnerability CVE-2026-26119 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26119 DNS-PERSIST-01: A New Model for DNS-based Challenge Validation https://letsencrypt.org/2026/02/18/dns-persist-01.html Defending Web Apps https://www.sans.org/cyber-security-courses/application-security-securing-web-apps-api-microservices

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2021-Adresse geschuetztLab Server-Side Request Forgery (SSRF) Vulnerability CVE-2026-Adresse geschuetztRecoverPoint for Virtual Machines (RP4VMs) Use of Hard-coded Credentials Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the […]

Fake Incident Report Used in Phishing Campaign https://isc.sans.edu/diary/Fake%20Incident%20Report%20Used%20in%20Phishing%20Campaign/32722 Divide and conquer: how the new Keenadu backdoor exposed links between major Android botnets https://securelist.com/keenadu-android-backdoor/118913/ CVE-2026-25903: Apache NiFi: Missing Authorization of Restricted Permissions for Component Updates https://seclists.org/oss-sec/2026/q1/166 The Next Frontier of Runtime Assembly Attacks: Leveraging LLMs to Generate Phishing JavaScript in Real Time https://unit42.paloaltonetworks.com/real-time-malicious-javascript-through-llms/ Encrypted RCS in […]

Mitte Februar hat die EU-Kommission einen erfolgreichen Cyberangriff be­stä­tigt, der sensible Mitarbeiterdaten betroffen hat. Nun wurde ein wei­terer Vorfall bekannt, bei dem kompromittierte AWS-