Scheinverschlüsselung: Fedora-Update deckt uralte Security-Panne bei Outlook auf
Golem 05.06.2026 12:15
Einige Outlook-Nutzer haben offenbar jahrelang unwissentlich Passwörter im Klartext an E-Mail-Server übermittelt, obwohl die SSL/TLS-Option aktiv war. (Outlook, Microsoft)
Angriff auf GitHub.dev stiehlt das OAuth-Token für alle Repos
Heise Security 05.06.2026 11:58
Eine Lücke auf Github.dev – VS Code im Browser – ermöglichte es Angreifern, alle Repos eines Anwenders zu verseuchen, um verschiedene Angriffe zu starten.
Cisco warnt vor neuer attackierter SD-WAN-Sicherheitslücke
Heise Security 05.06.2026 10:21
Erst vor Kurzem hatten bösartige Akteure Ciscos SD-WAN-Geräte im Visier. Aktuell greifen sie eine neue Lücke an, warnt Cisco.
Claude Code has an MCP security problem — and your developers are already using it
CSO Online 05.06.2026 09:00
Claude Code is Anthropic’s AI coding assistant — a command-line tool that developers are adopting fast. It connects to external services through Model Context Protocol, the standard that lets AI tools interact with Jira, Confluence, GitHub, databases and internal APIs. When a developer connects one of those services, Claude Code runs an OAuth flow, the user approves the scopes and the tool receives a bearer token it uses for every subsequent request.
That token is stored in plaintext in a configuration file on the developer’s machine. And researchers have now shown exactly how attackers are getting to it.
Warten auf Sicherheitspatch: Zugangsdaten von Acer-Wave-7-Router einsehbar
Heise Security 05.06.2026 07:23
Kritische Schwachstellen bedrohen Acer-Router der Wave-7-Serie. Sicherheitsupdates sind bislang nicht verfügbar.
AI tools becoming hot commodities on ransomware marketplaces
CSO Online 05.06.2026 07:10
Sales of AI-based tools is accelerating within underground ransomware marketplaces, lowering the barrier to entry for new actors in the process.
An analysis of Telegram channels, 20 dark web forums, and five underground markets by anti-ransomware platform vendor Halcyon found that AI utility posts grew to 1,486 in February 2026, up from just 38 in December 2025.
PCPJack Hijacks 230 AWS, Google Cloud, and Azure Servers for Covert SMTP Relay Network
The Hacker News 05.06.2026 05:34
The threat actor known as PCPJack has hijacked cloud servers associated with Amazon Web Services (AWS), Google Cloud, and Microsoft Azure to create a covert SMTP email relay network.
"Compromised business servers across the U.S., Europe, and Asia were quietly converted into SMTP proxies, verified for mail relay capability, and synced to a downstream consumer every five minutes," Hunt.io said in
Google Chrome: Update schließt 429 Sicherheitslücken
Heise Security 05.06.2026 05:14
Das Google-Chrome-Update aus dieser Woche stopft 429 Sicherheitslücken, davon gelten 22 als kritisches Risiko.