04.02.2026

The Hacker News 03.02.2026 16:41
Cybersecurity researchers have disclosed details of a now-patched security flaw impacting Ask Gordon, an artificial intelligence (AI) assistant built into Docker Desktop and the Docker Command-Line Interface (CLI), that could be exploited to execute code and exfiltrate sensitive data.
The critical vulnerability has been codenamed DockerDash by cybersecurity company Noma Labs. It was addressed by

The Hacker News 03.02.2026 14:00
Threat actors have been observed exploiting a critical security flaw impacting the Metro Development Server in the popular "@react-native-community/cli" npm package.
Cybersecurity company VulnCheck said it first observed exploitation of CVE-2025-11953 (aka Metro4Shell) on December 21, 2025. With a CVSS score of 9.8, the vulnerability allows remote unauthenticated attackers to execute arbitrary

Golem 03.02.2026 12:30
Ein Angriff auf Polens Energiesystem zeigt, wie digitale Schnittstellen zum Schwachpunkt der Versorgung werden, und welche Lehren Betreiber ziehen müssen. Von Steffen Zahn (Kritis, Cyberwar)

Heise Security 03.02.2026 11:06
Drei kritische Sicherheitslücken bedrohen SmarterTools E-Mail-Software SmarterMail. Ein Sicherheitsupdate ist verfügbar.

The Hacker News 03.02.2026 09:12
The Russia-linked state-sponsored threat actor known as APT28 (aka UAC-0001) has been attributed to attacks exploiting a newly disclosed security flaw in Microsoft Office as part of a campaign codenamed Operation Neusploit.
Zscaler ThreatLabz said it observed the hacking group weaponizing the shortcoming on January 29, 2026, in attacks targeting users in Ukraine, Slovakia, and Romania, three

Heise Security 03.02.2026 08:43
Angreifer können auf Firebox-Firewalls von WatchGuard zugreifen. Reparierte Fireware-OS-Version stehen zum Download bereit.