07.05.2026

Spiegel Online 06.05.2026 14:28
Die Großstörung im deutschen Internet zeigt: Der Zugang zum Netz ist anfälliger als viele denken. Manchmal reicht ein sorgloser Administrator oder ein Betonbohrer, und wichtige Onlinedienste fallen plötzlich aus.

Infosecurity Magazine 06.05.2026 13:15
CISA’s CI Fortify initiative aim for critical infrastructure operators to build isolation & recovery

Golem 06.05.2026 12:42
Louisa Specht-Riemenschneider warnt eindringlich vor neuen Überwachungsbefugnissen für die Behörden. (Bundesbeauftragter für Datenschutz und I, Vorratsdatenspeicherung)

Heise Security 06.05.2026 11:28
Im Apache HTTP Server 2.4.67 stopfen die Entwickler mehrere Sicherheitslücken, die teils das Einschleusen von Schadcode ermöglichen.

Heise Security 06.05.2026 10:18
In Microsoft-365-Dokumenten lassen sich Vertraulichkeit-Labels vergeben. Künftig sollen die stärker berücksichtigt werden.

Spiegel Online 06.05.2026 09:01
Seit Jahren verzeichnet das Piraterie-Portal »Livetv.sx« mit illegalen Sportübertragungen Millionenaufrufe. Nun hat ein Gericht entschieden: Die Seite wird gesperrt.

The Hacker News 06.05.2026 06:14
Palo Alto Networks has released an advisory warning that a critical buffer overflow vulnerability in its PAN-OS software has been exploited in the wild.
The vulnerability, tracked as CVE-2026-0300, has been described as a case of unauthenticated remote code execution. It carries a CVSS score of 9.3 if the User-ID Authentication Portal is configured to enable access from the internet or any

Spiegel Online 06.05.2026 05:18
Webseiten, Apps, E-Mail: Viele deutsche Internetdienste waren am Dienstagabend nicht erreichbar. Der Grund lag offenbar bei dem Verwalter deutscher Internetdomains.

CSO Online 05.05.2026 19:33
Experts have mixed reactions to a report that the US Cybersecurity and Infrastructure Security Agency (CISA) is considering reducing the timeline in which government agencies must address critical vulnerabilities from two weeks to only three days.
The current 14-day window applies to high-severity flaws dating from 2021 onwards, listed as known to be under exploit in CISA’s Known Exploited Vulnerabilities (KEV) Catalog.

CSO Online 05.05.2026 17:20
The US Cybersecurity and Infrastructure Security Agency (CISA) has unveiled a new national initiative aimed at helping critical infrastructure operators withstand and recover from major cyberattacks by preparing to operate in isolation from the internet and third-party dependencies.
The program, CI Fortify, is designed to ensure that organizations can continue delivering essential services even when their networks are degraded, disconnected, or under active cyberattack. “Resilience and reliability begin with planning and investing,” said acting CISA director Nick Andersen during a media briefing, emphasizing that operators must be ready to function even when cut off from external connectivity.

CSO Online 05.05.2026 15:26
Oracle plans to issue security patches for its ERP, database, and other software on a monthly cycle, rather than quarterly, to respond to the increased pace of AI-enabled software vulnerability discovery.
Other software vendors, notably Microsoft, SAP, and Adobe, already release patches on a monthly beat, always on the second Tuesday of each month.

CSO Online 05.05.2026 11:53
Open-source databases are facing a bit of a memory problem as AI helps surface decades-old buffer overflow issues in widely used components. Security researchers have disclosed a set of high and critical-severity vulnerabilities affecting PostgreSQL and MariaDB, with two bugs reportedly tracing their roots back more than 20 years.
At Wiz’s zeroday.cloud hacking event, researchers using the AI-powered security analysis tool “Xint Code” found a high-severity zero-day bug in PostgreSQL’s “pgcrypto” extension, and a heap buffer overflow in MariaDB’s JSON schema validation logic, both allowing remote code execution (RCE) on respective database servers.