23.03.2026

Heise Security 22.03.2026 14:19
Der Hersteller warnt und bittet Admins, dringend ihre Instanzen mit einer Notlösung abzusichern. Ein Patch steht noch aus.

The Hacker News 21.03.2026 10:24
Oracle has released security updates to address a critical security flaw impacting Identity Manager and Web Services Manager that could be exploited to achieve remote code execution.
The vulnerability, tracked as CVE-2026-21992, carries a CVSS score of 9.8 out of a maximum of 10.0.
"This vulnerability is remotely exploitable without authentication," Oracle said in an advisory. "If successfully

The Hacker News 21.03.2026 08:25
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added five security flaws impacting Apple, Craft CMS, and Laravel Livewire to its Known Exploited Vulnerabilities (KEV) catalog, urging federal agencies to patch them by April 3, 2026.
The vulnerabilities that have come under exploitation are listed below –

CVE-2025-31277 (CVSS score: 8.8) – A vulnerability in Apple

CSO Online 21.03.2026 05:35
Attackers have compromised the widely used open-source Trivy vulnerability scanner, injecting credential-stealing malware into official releases and GitHub Actions used by thousands of CI/CD workflows. The breach could trigger a cascade of additional supply-chain compromises if impacted projects and organizations don’t rotate their secrets immediately.
The attack, disclosed by Trivy maintainers today, results from an earlier compromise announced late last month that also leveraged insecure GitHub Actions and impacted multiple projects. Security firms Socket and Wiz traced the root cause to an incomplete credential rotation after the first breach, allowing the attackers to return to Trivy’s environment and introduce malicious commits.