Fortinet releases emergency hotfix for FortiClient EMS zero-day flaw
CSO Online 07.04.2026 20:37
Hackers have been exploiting a critical vulnerability in FortiClient Endpoint Management Server (FortiClient EMS) since at least the end of March. Fortinet has published an advisory and released an emergency hotfix that can be applied to affected deployments until a patched version can be released.
The vulnerability, now tracked as CVE-2026-35616, allows unauthenticated attackers to remotely execute arbitrary code on FortiClient EMS, which organizations use to manage, monitor, provision, patch, quarantine, and monitor endpoint systems. The flaw is rated 9.1 (critical) in the Common Vulnerability Scoring System and was added by the US Cybersecurity and Infrastructure Security Agency (CISA) to its Know Exploited Vulnerabilities catalog on Monday.
Warnung aus UK: Russische Cyberkriminelle kapern Router zum Passwort-Klau
Heise Security 07.04.2026 19:17
Das britische Cybersicherheitszentrum NCSC meldet Cyberangriffe auf Internetrouter. Die Bande aus Russland ist auch mehrerer Attacken in Deutschland verdächtig.
Russische Staatshacker sollen beliebte Internetrouter infiltriert haben
Spiegel Online 07.04.2026 18:12
Das FBI, der Bundesnachrichtendienst und der Verfassungsschutz warnen Eigentümer von »TP-Link«-Routern und W-Lan-Verstärkern vor russischen Hackern. Weltweit sollen Tausende Geräte infiltriert worden sein.
Russia Hacked Routers to Steal Microsoft Office Tokens
Krebs Security 07.04.2026 17:02
Hackers linked to Russia's military intelligence units are using known flaws in older Internet routers to mass harvest authentication tokens from Microsoft Office users, security experts warned today. The spying campaign allowed state-backed Russian hackers to quietly siphon authentication tokens from users on more than 18,000 networks without deploying any malicious software or code.
Russian State-Linked APT28 Exploits SOHO Routers in Global DNS Hijacking Campaign
The Hacker News 07.04.2026 16:48
The Russia-linked threat actor known as APT28 (aka Forest Blizzard) has been linked to a new campaign that has compromised insecure MikroTik and TP-Link routers and modified their settings to turn them into malicious infrastructure under their control as part of a cyber espionage campaign since at least May 2025.
The large-scale exploitation campaign has been codenamed
„BlueHammer“: Zero-Day-Lücke in Windows verschafft erhöhte Rechte
Heise Security 07.04.2026 11:37
Windows weist eine Zero-Day-Lücke auf, durch die Angreifer ihre Rechte ausweiten können. Ein Patch steht noch nicht bereit.
Microsoft says Medusa-linked Storm-1175 is speeding ransomware attacks
CSO Online 07.04.2026 10:48
Microsoft has warned that Storm-1175, a cybercrime group linked to Medusa ransomware, is exploiting vulnerable web-facing systems in fast-moving attacks, at times moving from initial access to data theft and ransomware deployment within 24 hours.
The company said the group has heavily targeted organizations in healthcare, education, professional services, and finance across Australia, the UK, and the US, showing how quickly ransomware affiliates can exploit exposed perimeter systems before defenders patch or even spot the breach.
Rheinmetall und Co.: Datenhändler gefährden Rüstungsunternehmen in der Ukraine
Golem 07.04.2026 10:00
Händler bieten im Internet Bewegungsdaten von Millionen Smartphones an – eine Gefahr für Soldaten und Fabriken in der Ukraine. (Ukrainekrieg, Datenschutz)
Druckersystem: Cups-Lücken gefährden zahlreiche Linux-Systeme
Golem 07.04.2026 08:52
Ein Forscher hat KI-Agenten auf das Druckersystem Cups angesetzt. Zwei entdeckte Sicherheitslücken verleihen Angreifern Root-Zugriff aus der Ferne. (Sicherheitslücke, Drucker)
New GPUBreach Attack Enables Full CPU Privilege Escalation via GDDR6 Bit-Flips
The Hacker News 07.04.2026 08:38
New academic research has identified multiple RowHammer attacks against high-performance graphics processing units (GPUs) that could be exploited to escalate privileges and, in some cases, even take full control of a host.
The efforts have been codenamed GPUBreach, GDDRHammer, and GeForge.
GPUBreach goes a step further than GPUHammer, demonstrating for the first time that
Zoff mit Microsoft: Frustrierter Forscher leakt Zero-Day-Exploit für Windows
Golem 07.04.2026 06:57
Ein Forscher fühlt sich offenbar von Microsoft nicht ernst genommen. Aus Frust hat er einen Exploit-Code für eine ungepatchte Windows-Lücke geleakt. (Sicherheitslücke, Microsoft)
China-Linked Storm-1175 Exploits Zero-Days to Rapidly Deploy Medusa Ransomware
The Hacker News 07.04.2026 06:35
A China-based threat actor known for deploying Medusa ransomware has been linked to the weaponization of a combination of zero-day and N-day vulnerabilities to orchestrate "high-velocity" attacks and break into susceptible internet-facing systems.
"The threat actor's high operational tempo and proficiency in identifying exposed perimeter assets have proven successful, with recent