Nachrichtenarchiv

CSO Online 03.04.2026 19:10
An apparent security lapse has allowed researchers to peer into the work of a threat group currently exploiting unpatched servers open to the four-month-old React2Shell vulnerability to steal login credentials, keys, and tokens at scale.
Researchers from Cisco Systems’ Talos threat intelligence team who made the discovery said Thursday that the data harvested by an unattributed group they call UAT-10608 went to a password protected database behind a web application. However, that application was at one point exposed, allowing the researchers to see data that had been harvested from compromised systems.

The Hacker News 03.04.2026 17:34
A China-aligned threat actor has set its sights on European government and diplomatic organizations since mid-2025, following a two-year period of minimal targeting in the region.
The campaign has been attributed to TA416, a cluster of activity that overlaps with DarkPeony, RedDelta, Red Lich, SmugX, UNC6384, and Vertigo Panda.
"This TA416 activity included multiple

CSO Online 03.04.2026 17:29
Google has patched another zero-day vulnerability in Chrome, its fourth this year. In patching the vulnerability, tracked as CVE-2026-5281, the company acknowledged that an exploit for it already exists in the wild.
According to the report in NIST’s National Vulnerability Database, the vulnerability in Dawn, the implementation of WebGPU used by Chrome, allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page. It advised users to update to Chrome 146.0.7680.178 or newer.

CSO Online 03.04.2026 16:18
The European Union’s Computer Emergency Response Team, CERT-EU, has traced last week’s theft of data from the Europa.eu platform to the recent supply chain attack on Aqua Security’s Trivy open-source vulnerability scanner.
The attack on the AWS cloud infrastructure hosting the Europa.eu web hub on March 24 resulted in the theft of 350 GB of data (91.7 GB compressed), including personal names, email addresses, and messages, according to CERT-EU’s analysis.

The Hacker News 03.04.2026 15:32
Threat actors are increasingly using HTTP cookies as a control channel for PHP-based web shells on Linux servers and to achieve remote code execution, according to findings from the Microsoft Defender Security Research Team.
"Instead of exposing command execution through URL parameters or request bodies, these web shells rely on threat actor-supplied cookie values to gate execution,

The Hacker News 03.04.2026 11:04
The maintainer of the Axios npm package has confirmed that the supply chain compromise was the result of a highly-targeted social engineering campaign orchestrated by North Korean threat actors tracked as UNC1069.
Maintainer Jason Saayman said the attackers tailored their social engineering efforts "specifically to me" by first approaching him under the guise of the founder of a

CSO Online 02.04.2026 22:26
Cisco has released patches for a critical vulnerability in its out-of-band management solution, present in many of its servers and appliances. The flaw allows unauthenticated remote attackers to gain admin access to the Cisco Integrated Management Controller (IMC), which gives administrators remote control over servers even when the main OS is shut down.
The vulnerability, tracked as CVE-2026-20093, stems from incorrect handling of password changes and can be exploited by sending specially crafted HTTP requests. This means servers with their IMC interfaces exposed directly to the local network — or worse, to the internet — are at immediate risk.

The Hacker News 02.04.2026 15:21
Cisco has released updates to address a critical security flaw in the Integrated Management Controller (IMC) that, if successfully exploited, could allow an unauthenticated, remote attacker to bypass authentication and gain access to the system with elevated privileges.
The vulnerability, tracked as CVE-2026-20093, carries a CVSS score of 9.8 out of a maximum of 10.0.
"This

Heise Security 02.04.2026 10:05
Die Entwickler der weitverbreiteten XZ Utils haben eine aktualisierte Version veröffentlicht, die Sicherheitslücken ausbessert.

Heise Security 02.04.2026 05:51
Am Mittwoch hat Cisco neun Sicherheitswarnungen herausgegeben. Sie behandeln teils kritische Lücken in mehreren Produkten.

Heise Security 02.04.2026 03:08
Nach der Supply-Chain-Attacke auf LiteLLM konnten Angreifer auf interne Cisco-Daten zugreifen, heißt es. Sourcecode von Cisco und Kunden wurde wohl gestohlen.

Heise Security 01.04.2026 15:51
Das BSI hat nun auch den Leitfaden für die Neufassung seines IT-Grundschutzes herausgebracht. Noch kann es aber zu Änderungen am Grundschutz++ kommen.

Heise Security 01.04.2026 11:03
Ein KI-Pentesting-Tool hat in Standardkonfigurationen von ImageMagick kritische Sicherheitslücken aufgespürt. Workarounds schützen.

Heise Security 01.04.2026 08:26
Der Maintainer-Account für das Paket axios auf npm wurde geknackt, um einen Remote-Access-Trojaner für Windows, macOS und Linux einzuschleusen.

The Hacker News 01.04.2026 07:44
Google has formally attributed the supply chain compromise of the popular Axios npm package to a financially motivated North Korean threat activity cluster tracked as UNC1069.
"We have attributed the attack to a suspected North Korean threat actor we track as UNC1069," John Hultquist, chief analyst at Google Threat Intelligence Group (GTIG), told The Hacker News in a statement.
"North Korean

Heise Security 01.04.2026 06:22
Google hat ein Update für Chrome veröffentlicht. Es stopft 21 Sicherheitslücken. Angriffe laufen auf eine Codeschmuggel-Lücke.