Seite wählen

14.01.2026

9

January 2026 Microsoft Patch Tuesday: Actively exploited zero day needs attention

CSO Online 14.01.2026 01:50
Eight critical vulnerabilities and an actively exploited zero day highlight Microsoft’s first Patch Tuesday announcements for 2026.
Most of the higher scoring vulnerabilities impact Office products, with two holes in SharePoint scoring an 8.8 on the CVSS scale.

9

CISA Flags Actively Exploited Gogs Vulnerability With No Patch

Infosecurity Magazine 13.01.2026 16:45
A high-severity security flaw in the Gogs Git service is being actively exploited, leading to remote code execution

9

10-Punkte-Papier: BDEW fordert Maßnahmen zum Schutz kritischer Infrastruktur

Golem 13.01.2026 15:30
In einem Positionspapier fordert der Bundesverband der Energie- und Wasserwirtschaft die Stärkung der Resilienz kritischer Infrastrukturen. (Infrastruktur, Datenschutz)

9

New Chinese-Made Malware Framework Targets Linux-Based Cloud Environments

Infosecurity Magazine 13.01.2026 14:31
Detected by Check Point researchers, VoidLink is a sophisticated malware framework that can be used to implant malware in the most common cloud environments

9

High-severity bug in Broadcom software enables easy WiFi denial-of-service

CSO Online 13.01.2026 13:00
A high-severity flaw in Broadcom WiFi chipset software can allow an attacker within radio range to completely knock wireless networks offline by sending a single malicious frame, forcing routers to be manually rebooted before connectivity can be restored.
The flaw, uncovered by the Cybersecurity Research Center (CyRC) at Black Duck during fuzz testing of 802.11 protocol implementations, affects 5GHz wireless networks and causes all connected clients, including guest networks, to be disconnected simultaneously.

9

ServiceNow Patches Critical AI Platform Flaw Allowing Unauthenticated User Impersonation

The Hacker News 13.01.2026 11:47
ServiceNow has disclosed details of a now-patched critical security flaw impacting its ServiceNow artificial intelligence (AI) Platform that could enable an unauthenticated user to impersonate another user and perform arbitrary actions as that user.
The vulnerability, tracked as CVE-2025-12420, carries a CVSS score of 9.3 out of 10.0. It has been codenamed BodySnatcher by AppOmni.
"This issue [.

9

SAP-Patchday: Vier kritische Schwachstellen am Januar-Patchday behandelt

Heise Security 13.01.2026 10:35
SAP geht am Januar-Patchday 17 Sicherheitslücken an. Vier davon gelten als kritisches Sicherheitsrisiko.

9

Jetzt handeln! Angreifer haben seit Monaten Gogs-Server im Visier

Heise Security 13.01.2026 10:20
Neben Sicherheitsforschern warnt nun auch eine US-Sicherheitsbehörde vor Attacken auf Self-hosted-Git-Service-Server auf Basis von Gogs.

9

Ni8mare: 8.600 deutsche Server über n8n-Lücke angreifbar

Golem 13.01.2026 08:11
Weltweit sind knapp 60.000 n8n-Server anfällig für die Ni8mare-Lücke. Doch in der Plattform klaffen noch mehr gefährliche Schwachstellen. (Sicherheitslücke, Server)

9

CISA Warns of Active Exploitation of Gogs Vulnerability Enabling Code Execution

The Hacker News 13.01.2026 07:15
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has warned of active exploitation of a high-severity security flaw impacting Gogs by adding it to its Known Exploited Vulnerabilities (KEV) catalog.
The vulnerability, tracked as CVE-2025-8110 (CVSS score: 8.7), relates to a case of path traversal in the repository file editor that could result in code execution.
"Gogs Path