📰 8 Einträge vom 21. März 2026:
Trivy vulnerability scanner breach pushed infostealer via GitHub Actions
🕐 17:30:41 UTC
The Trivy vulnerability scanner was compromised in a supply-chain attack by threat actors known as TeamPCP, which distributed credential-stealing malware through official releases and GitHub Actions. [...]
Google adds ‘Advanced Flow’ for safe APK sideloading on Android
🕐 14:18:23 UTC
Google has announced a new mechanism in Android called Advanced Flow that will allow sideloading APKs from unverified developers for power users in a more secure way. [...]
Microsoft Azure Monitor alerts abused in callback phishing campaigns
🕐 14:09:19 UTC
Microsoft Azure Monitor alerts are being abused to send callback phishing emails that impersonate warnings from the Microsoft Security Team about unauthorized charges on your account. [...]
FBI Warns Russian Hackers Target Signal, WhatsApp in Mass Phishing Attacks
🕐 13:17:00 UTC
Threat actors affiliated with Russian Intelligence Services are conducting phishing campaigns to compromise commercial messaging applications (CMAs) like WhatsApp and Signal to seize control of accounts belonging to individuals with high intelligence value, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI) said Friday.
"The campaign
Critical Quest KACE Vulnerability Potentially Exploited in Attacks
🕐 11:00:00 UTC
The vulnerability is tracked as CVE-2025-32975 and it may have been exploited in attacks against the education sector.
The post Critical Quest KACE Vulnerability Potentially Exploited in Attacks appeared first on SecurityWeek.
Oracle Patches Critical CVE-2026-21992 Enabling Unauthenticated RCE in Identity Manager
🕐 10:24:00 UTC
Oracle has released security updates to address a critical security flaw impacting Identity Manager and Web Services Manager that could be exploited to achieve remote code execution.
The vulnerability, tracked as CVE-2026-21992, carries a CVSS score of 9.8 out of a maximum of 10.0.
"This vulnerability is remotely exploitable without authentication," Oracle said in an advisory. "If successfully
CISA Flags Apple, Craft CMS, Laravel Bugs in KEV, Orders Patching by April 3, 2026
🕐 08:25:00 UTC
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added five security flaws impacting Apple, Craft CMS, and Laravel Livewire to its Known Exploited Vulnerabilities (KEV) catalog, urging federal agencies to patch them by April 3, 2026.
The vulnerabilities that have come under exploitation are listed below - CVE-2025-31277 (CVSS score: 8.8) - A vulnerability in Apple
Trivy Supply Chain Attack Triggers Self-Spreading CanisterWorm Across 47 npm Packages
🕐 07:28:00 UTC
The threat actors behind the supply chain attack targeting the popular Trivy scanner are suspected to be conducting follow-on attacks that have led to the compromise of a large number of npm packages with a previously undocumented self-propagating worm dubbed CanisterWorm.
The name is a reference to the fact that the malware uses an ICP canister, which refers to tamperproof smart contracts on
What do you feel about this post?
0%
Like
0%
Love
0%
Happy
0%
Haha
0%
Sad
0%
