26.02.2026

Heise Security 25.02.2026 22:06
Ein unbekannter Cyberkrimineller dringt mittels des KI-Chatbots von Anthropic in mexikanische Behördennetzwerke ein. Das folgt einem besorgniserregenden Trend.

The Hacker News 25.02.2026 17:46
Google on Wednesday disclosed that it worked with industry partners to disrupt the infrastructure of a suspected China-nexus cyber espionage group tracked as UNC2814 that breached at least 53 organizations across 42 countries.
"This prolific, elusive actor has a long history of targeting international governments and global telecommunications organizations across Africa, Asia, and the Americas,"

The Hacker News 25.02.2026 17:00
Cybersecurity researchers have disclosed multiple security vulnerabilities in Anthropic's Claude Code, an artificial intelligence (AI)-powered coding assistant, that could result in remote code execution and theft of API credentials.
"The vulnerabilities exploit various configuration mechanisms, including Hooks, Model Context Protocol (MCP) servers, and environment variables – executing

Heise Security 25.02.2026 13:50
Unter anderem VMware Cloud Foundation ist verwundbar. Admins sollten die verfügbaren Sicherheitsupdates installieren.

Heise Security 25.02.2026 13:33
Der Rüstungskonzern L3Harris sammelt auch Zero-Day-Exploits für ausgewählte Regierungen. Ein Manager hat solche an einen Russen verkauft und muss nun in Haft.

The Hacker News 25.02.2026 12:43
Cybersecurity researchers have discovered four malicious NuGet packages that are designed to target ASP.NET web application developers to steal sensitive data.
The campaign, discovered by Socket, exfiltrates ASP.NET Identity data, including user accounts, role assignments, and permission mappings, as well as manipulates authorization rules to create persistent backdoors in victim applications.

Heise Security 25.02.2026 12:32
In Trend Micros Apex One haben die Entwickler Codeschmuggel-Lücken geschlossen. IT-Verantwortliche sollten zügig updaten.

Golem 25.02.2026 11:50
Hacker haben einen Weg gefunden, VMware-Instanzen über eine alte Sicherheitslücke zu attackieren. Hinweise auf Attacken mehren sich. (Sicherheitslücke, Virtualisierung)

Heise Security 25.02.2026 11:20
Vier kritische Sicherheitslecks stopft Solarwinds mit dem aktuellen Serv-U-Update. Angreifer können betroffene Systeme kompromittieren.

Infosecurity Magazine 25.02.2026 10:30
A former general manager of a US defense contractor has been sentenced after selling zero days to Russia

The Hacker News 25.02.2026 08:49
A 39-year-old Australian national who was previously employed at U.S. defense contractor L3Harris has been sentenced to a little over seven years in prison for selling eight zero-day exploits to Russian exploit broker Operation Zero in exchange for millions of dollars.
Peter Williams pleaded guilty to two counts of theft of trade secrets in October 2025. In addition to the jail term, Williams

Heise Security 25.02.2026 08:48
Dells Fernwartungstools Repository Manager und Wyse Management Suite sind verwundbar. Sicherheitsupdates schließen mehrere Lücken.

The Hacker News 25.02.2026 07:04
SolarWinds has released updates to address four critical security flaws in its Serv-U file transfer software that, if successfully exploited, could result in remote code execution.
The vulnerabilities, all rated 9.1 on the CVSS scoring system, are listed below –

CVE-2025-40538 – A broken access control vulnerability that allows an attacker to create a system admin user and execute arbitrary