Vom 15. bis zum 16. April 2026 findet der 21. Deutsche IT-Sicherheitskongress in Bonn statt. Die Registrierung zur Teilnahme am Kongress ist ab sofort möglich.
Differentiating Between a Targeted Intrusion and an Automated Opportunistic Scanning [Guest Diary] https://isc.sans.edu/diary/Differentiating%20Between%20a%20Targeted%20Intrusion%20and%20an%20Automated%20Opportunistic%20Scanning%20%5BGuest%20Diary%5D/32768 CVE-2026-29000: Critical Authentication Bypass in pac4j-jwt – Using Only a Public Key (CVSS 10) https://www.codeant.ai/security-research/pac4j-jwt-authentication-bypass-public-key FreeScout Help Desk Vulnerability https://github.com/freescout-help-desk/freescout/security/advisories/GHSA-mw88-x7j3-74vc Microsoft Authenticator Not Supported on Graphene OS https://www.heise.de/en/news/GrapheneOS-Microsoft-Authenticator-does-not-support-secure-Android-OS-11200495.html
Want More XWorm? https://isc.sans.edu/diary/Want%20More%20XWorm%3F/32766 Cisco Secure Firewall Management Center Vulnerabilities https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-rce-NKhnULJh https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-onprem-fmc-authbypass-5JPp45V2 LastPass Phishing https://www.securityweek.com/lastpass-users-targeted-with-backup-themed-phishing-emails/
Bruteforce Scans for CrushFTP https://isc.sans.edu/diary/Bruteforce%20Scans%20for%20CrushFTP%20/32762 Android March 2026 Patches, including 0-Day (CVE-2026-21385) https://source.android.com/docs/security/bulletin/2026/2026-03-01 OAuth redirection abuse enables phishing and malware delivery https://www.microsoft.com/en-us/security/blog/2026/03/02/oauth-redirection-abuse-enables-phishing-malware-delivery/
Quick Howto: ZIP Files Inside RTF https://isc.sans.edu/diary/Quick+Howto+ZIP+Files+Inside+RTF/32696/#comments Keeping the Internet fast and secure: introducing Merkle Tree Certificates https://blog.cloudflare.com/bootstrap-mtc/ Taming Agentic Browsers: Vulnerability in Chrome Allowed Extensions to Hijack New Gemini Panel https://unit42.paloaltonetworks.com/gemini-live-in-chrome-hijacking/
Fake Fedex Email Delivers Donuts! https://isc.sans.edu/diary/Fake%20Fedex%20Email%20Delivers%20Donuts!/32754 Abusing .ARPA: The TLD that isn t supposed to host anything https://www.infoblox.com/blog/threat-intelligence/abusing-arpa-the-tld-that-isnt-supposed-to-host-anything/ MC1179154 – Microsoft Authenticator app: Upcoming changes to jailbreak and root detection https://mc.merill.net/message/MC1179154 SECURITY BULLETIN: Apex One and Apex One (Mac) – February 2026 https://success.trendmicro.com/en-US/solution/KA-0022458 Special Webcast: AirSnitch How Worried Should You Be? https://www.sans.org/webcasts/airsnitch-how-worried-should-you-be
In early January 2026, KrebsOnSecurity revealed how a security researcher disclosed a vulnerability that was used to assemble Kimwolf, the world’s largest and most disruptive botnet. Since then, the person in control of Kimwolf — who goes by the handle „Dort“ — has coordinated a barrage of distributed denial-of-service (DDoS), doxing and email flooding attacks […]
Finding Signal in the Noise: Lessons Learned Running a Honeypot with AI Assistance [Guest Diary] https://isc.sans.edu/diary/Finding%20Signal%20in%20the%20Noise%3A%20Lessons%20Learned%20Running%20a%20Honeypot%20with%20AI%20Assistance%20%5BGuest%20Diary%5D/32744 Google API Keys Weren’t Secrets. But then Gemini Changed the Rules. https://trufflesecurity.com/blog/google-api-keys-werent-secrets-but-then-gemini-changed-the-rules AirSnitch: Demystifying and Breaking Client Isolation in Wi-Fi Networks https://www.ndss-symposium.org/ndss-paper/airsnitch-demystifying-and-breaking-client-isolation-in-wi-fi-networks/
The CLAIR Model: A Synthesized Conceptual Framework for Mapping Critical Infrastructure Interdependencies [Guest Diary] https://isc.sans.edu/diary/The+CLAIR+Model+A+Synthesized+Conceptual+Framework+for+Mapping+Critical+Infrastructure+Interdependencies+Guest+Diary/32748 Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability CVE-2026-20127 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-rpa-EHchtZk https://blog.talosintelligence.com/uat-8616-sd-wan/ Abusing Cortex XDR Live https://labs.infoguard.ch/posts/abusing_cortex_xdr_live_response_as_c2/ OpenSSL Vulnerability CVE-2025-15467 https://seclists.org/oss-sec/2026/q1/220
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2022-20775 Cisco Catalyst SD-WAN Path Traversal Vulnerability CVE-2026-20127 Cisco Catalyst SD-WAN Controller and Manager Authentication Bypass Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the […]