IT-Sicherheit · Aktuell

IT Security News

Aktuelle Meldungen zu IT-Sicherheit, Cyberbedrohungen und Datenschutz — automatisch kuratiert aus führenden Quellen.

BleepingComputer06. Juli 2026

Phishing poses as big-brand job interview to steal Google accounts

A phishing campaign is impersonating more than 30 well-known brands, including Adobe, Netflix, Coca-Cola, and OpenAI, in fake job interviews to steal Google account credentials from marketing professionals. [...]

Weiterlesen
BleepingComputer06. Juli 2026

Fake IT support calls on Microsoft Teams push EtherRAT malware

Threat actors are abusing Microsoft Teams voice calls by impersonating corporate IT support staff to trick employees into installing the EtherRAT malware, giving attackers initial access to corporate networks. [...]

Weiterlesen
The Hacker News06. Juli 2026

Iran-Linked Hackers Use New Cavern C2 Framework to Target Israeli Organizations

An Iranian hacking group affiliated with Iran's Ministry of Intelligence and Security (MOIS) has been wielding a previously undocumented modular command-and-control (C2) framework dubbed Cavern (aka Cav3rn) targeting Isr

Weiterlesen
BleepingComputer06. Juli 2026

Vietnam arrests suspects behind HiAnime anime piracy service

​Vietnamese authorities have arrested and are prosecuting seven suspects believed to have run HiAnime, the largest anime piracy streaming service before its shutdown in June. [...]

Weiterlesen
The Hacker News06. Juli 2026

16-Year-Old Linux KVM Flaw Lets Guest VMs Escape to Host on Intel and AMD x86 Systems

A use-after-free bug in Linux's KVM hypervisor can be triggered from a guest virtual machine to corrupt the shadow-page state of the host kernel that runs it. Dubbed 'Januscape' and tracked as CVE-2026-53359, the fl

Weiterlesen
The Hacker News06. Juli 2026

Threat Actors Probe Gitea Docker Flaw CVE-2026-20896 13 Days After Disclosure

Threat actors have been observed attempting to exploit a recently patched critical security flaw in Gitea Docker images, according to Sysdig. The vulnerability in question is CVE-2026-20896 (CVSS score: 9.8), a vulnerabi

Weiterlesen
Microsoft Security06. Juli 2026

5 insights from Frost & Sullivan’s 2025 Frost Radar™ for Cloud Security Posture Management

Read five key learnings from the Frost & Sullivan 2025 Frost Radar™ for CSPM to learn how CSPM is evolving from point-in-time compliance to continuous risk management. The post 5 insights from Frost & Sullivan’s 202

Weiterlesen
Heise Security06. Juli 2026

Für digitale Souveränität: RISC-V-Sicherheitschip aus Deutschland

Mehrere Fraunhofer-Institute haben gemeinsam ein Secure Element auf Basis des offengelegten OpenTitan entwickelt, das Globalfoundries in Dresden fertigt.

Weiterlesen
BleepingComputer06. Juli 2026

Software Is Now Written at the Speed of Thought. Security Isn't.

Every evolution in software development has reduced the friction between an idea and a deployable application. AI may remove the final barrier, but it also removes many of the moments where security decisions have tradit

Weiterlesen
Heise Security06. Juli 2026

Node.js kämpft mit Flut an automatisierten Sicherheitsreports

In der Node.js-Community ist eine Diskussion darüber entstanden, wie sie weiter mit der Vielzahl an LLM-generierten Sicherheitsmeldungen verfahren soll.

Weiterlesen
SANS ISC06. Juli 2026

RCS and DNS: The NAPTR Record, (Mon, Jul 6th)

Over the last year, with recent updates to iOS and Android, RCS (Rich Communication Services) has become an increasingly used protocol [1]. RCS is supposed to eventually replace SMS, and in addition to richer f

Weiterlesen
Heise Security06. Juli 2026

OPNsense-Update beseitigt kritische Rootlücke und weitere Sicherheitsrisiken

Aktuelle Versionen der Open-Source-Firewall-Distribution schließen mehrere Einfallstore. Eine als kritisch bewertete Lücke macht das Update besonders dringlich.

Weiterlesen
BleepingComputer06. Juli 2026

Max severity Adobe ColdFusion flaw now exploited in attacks

Attackers are now exploiting a maximum-severity Adobe ColdFusion vulnerability tracked as CVE-2026-48282, according to vulnerability intelligence company KEVIntel. [...]

Weiterlesen
The Hacker News06. Juli 2026

⚡ Weekly Recap: Proxy Botnets, Browser Ransomware, AI Agent Tricks, Fake PoC Malware and More

A streaming box should not need a threat model. Neither should a username field, a demo repo, a reset flow, or a browser permission prompt. That is the irritating part this week: the risky pieces were ordinary. Home devi

Weiterlesen
SANS ISC06. Juli 2026

ISC Stormcast For Monday, July 6th, 2026 https://isc.sans.edu/podcastdetail/9994, (Mon, Jul 6th)

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Weiterlesen
The Hacker News06. Juli 2026

How to Evaluate an AI SOC Platform in 2026: 6 Capabilities That Separate Leaders from Bolt-On AI solutions

Building a shortlist for an AI SOC evaluation can be tough. SIEM, SOAR, and pureplay AI SOC vendors are all saying the same thing. But behind the identical label sit very different products, from chat assistants bolted o

Weiterlesen
The Hacker News06. Juli 2026

Suspected China-Nexus Hackers Use Fake Indian Tax Filing Utility to Deploy DcRAT

A suspected China-nexus threat activity cluster has been observed targeting Indian taxpayers, tax professionals, and corporate finance teams to deliver a remote access trojan designed to steal sensitive data from comprom

Weiterlesen
Heise Security06. Juli 2026

Dell dichtet PowerProtect Data Domain gegen gefährliche Angriffsszenarien ab

Als „kritisch“ stuft Dell ein bereitgestelltes Update-Paket für mehrere Versionen des PowerProtect DD-Betriebssystems ein. Remote-Angriffe sind möglich.

Weiterlesen
Heise Security06. Juli 2026

Coolify: Kritische Lücken können Remote-Angriffe ermöglichen

Sicherheitslücken in der Self-Hosting-Plattform bieten Angriffsmöglichkeiten auf Basis geringer, jedoch eng definierter Zugriffsrechte. Updates sind verfügbar.

Weiterlesen
Kaspersky SecureList06. Juli 2026

When checking the URL isn’t enough: a Device Code Phishing attack via a Microsoft website

The OAuth 2.0 Device Authorization Grant specification was designed to streamline authentication for Smart TVs, IoT devices, and printers. Today, threat actors are weaponizing it.

Weiterlesen
The Hacker News06. Juli 2026

New TrojPix Attack Leaks Data From Air-Gapped Systems via Video Cable Emissions

Researchers at Shandong University have shown a fast new way to pull data off computers that are cut off from every network. The technique, called TrojPix, tweaks on-screen pixels in ways the eye cannot se

Weiterlesen
The Hacker News06. Juli 2026

New Java-Based QuimaRAT MaaS Built to Run on Windows, Linux, and macOS

Cybersecurity researchers have flagged a novel Java-based remote access trojan (RAT) called QuimaRAT that's capable of targeting Windows, Linux, and macOS environments. According to LevelBlue, the cross-platform malware

Weiterlesen
Golem Security06. Juli 2026

Auto: Notbremsassistent verringert Zahl der Schäden

Einige Fahrassistenzsysteme verringern Unfallschäden merklich. Viele Autofahrer schalten sie ab - weil die Systeme zu aggressiv sind. (<a href="https://www.golem.de/specials/auto/">Auto</a>, <a href="https://www.golem.de

Weiterlesen
The Hacker News06. Juli 2026

Opera GX Flaw Let Malicious Sites Auto-Install Mods to Steal Data From Visited Pages

Researchers found a flaw in&nbsp;Opera GX, the gaming-focused version of the Opera browser, that let a malicious website silently install a browser add-on and use it to lift specific data from the pages a victim visits.

Weiterlesen
Golem Security06. Juli 2026

Community darf helfen: Flipper Zero bekommt nach Kritik wieder Firmware-Updates

Im Schatten des Flipper One wurde die Firmware-Entwicklung des Flipper Zero gestoppt. Nach einem Aufschrei der Community geht es nun aber weiter. (<a href="https://www.golem.de/specials/flipper-zero/">Flipper Zero</a>, <

Weiterlesen
The Hacker News06. Juli 2026

SkillCloak Lets Malicious AI Agent Skills Evade Static Scanners with Self-Extracting Packing

Scanners meant to catch malicious add-on "skills" for AI coding agents can be fooled by a few simple changes that leave the malware working, according to a&nbsp;new study&nbsp;from researchers at the Hong Kong University

Weiterlesen
Golem Security06. Juli 2026

Anzeige: KI-Agenten im Unternehmen: Workshop mit Praxisdemos

KI-Agenten versprechen mehr Autonomie als Chatbots. Für Unternehmen zählt, ob Sicherheit, Kosten und Nutzen belastbar sind. Ein Workshop ordnet die Praxis ein. (<a href="https://www.golem.de/specials/golemakademie/">Gole

Weiterlesen
Allianz Cyber-Sicherheit06. Juli 2026

Partnerangebot: anapur AG &#8211; &#8222;IT meets Industry &#8211; der OT

Es wird passieren. Wieder. Beim IMI OT-Security Kongress der anapur AG treffen sich vom 10. bis zum 12. Mai 2027 IT- und OT-Praktiker und Entscheider. Das Ziel: gute OT-Security auf den Weg bringen &#8211; f&#252;r siche

Weiterlesen
BleepingComputer05. Juli 2026

Flipper Zero firmware development continues with community help

Flipper Devices says development of the Flipper Zero firmware will continue, albeit with a smaller internal team and greater reliance on community contributions. [...]

Weiterlesen
Golem Security05. Juli 2026

Anzeige: 4K-Mini-Überwachungskamera mit Wi-Fi und Akku zum Tiefstpreis

Die Mini-Überwachungskamera von Javiscam sorgt für mehr Sicherheit im Haushalt. Amazon verkauft sie wieder zu ihrem niedrigsten Preis. (<a href="https://www.golem.de/specials/technik-und-hardware/">Technik/Hardware</a>,

Weiterlesen
BleepingComputer04. Juli 2026

JadePuffer ransomware used AI agent to automate entire attack

Researchers identified what they believe is the first documented case of a ransomware operation, JadePuffer, conducted entirely by a large language model (LLM) agent. [...]

Weiterlesen
The Hacker News04. Juli 2026

U.S. Government Entity Paid Kairos $1 Million in Data-Theft Extortion Case

A U.S. government entity paid about $1 million to keep stolen files from being leaked, according to a new&nbsp;case study by Rakesh Krishnan for Ransom-ISAC, built on a leaked negotiation chat and the blockchain trail th

Weiterlesen
The Hacker News04. Juli 2026

North Korean Hackers Publish 108 Malicious Packages and Extensions in PolinRider Campaign

The North Korean threat actors linked to the Contagious Interview campaign have been observed publishing 108 unique packages and web browser extensions spanning npm, Packagist, Go, and Google Chrome as part of an ongoing

Weiterlesen
Golem Security04. Juli 2026

Rechenschaftspflicht: US-Verbraucherschützer warnen vor Ende der X-Überwachung

Der Kurznachrichtendienst X versucht, sich einer ursprünglich gegen Twitter verhängten Anordnung der US-Handelsbehörde zu entledigen. (<a href="https://www.golem.de/specials/x-app/">X</a>, <a href="https://www.golem.de/s

Weiterlesen
The Hacker News03. Juli 2026

Unpatched Flaws Disclosed in Filesystem Bundled Into Millions of Embedded Devices

Security firm runZero has&nbsp;disclosed seven vulnerabilities&nbsp;in&nbsp;FatFs, a small filesystem library that lets a device read and write the FAT and exFAT formats used on USB drives and SD cards. The flaws matter

Weiterlesen
The Hacker News03. Juli 2026

New "Bad Epoll" Linux Kernel Flaw Lets Unprivileged Users Gain Root, Hits Android

A newly disclosed Linux kernel flaw called Bad Epoll (CVE-2026-46242) lets an ordinary user with no special access take full control of a machine as root. It affects Linux desktops, servers, and Android, and a fix is out

Weiterlesen
The Hacker News03. Juli 2026

New Avalon Malware Framework Packs CrownX Ransomware Capabilities

Cybersecurity researchers have discovered a previously undocumented modular malware framework codenamed Avalon that's distributed by means of a multi-stage phishing chain capable of bypassing traditional security control

Weiterlesen
BleepingComputer03. Juli 2026

NetNut proxy network disrupted, 2 million infected devices cut off

A joint operation involving Google has disrupted NetNut, a residential proxy network that gave access to millions of compromised Android devices, including smart TVs and streaming boxes. [...]

Weiterlesen
The Hacker News03. Juli 2026

North Korea-Linked npm Packages Mimic Rollup Polyfills to Steal Developer Secrets

Threat actors with ties to North Korea have been linked to a fresh set of malicious npm packages that masquerade as Rollup polyfill tooling to facilitate remote access and data theft. According to JFrog, the packages "ro

Weiterlesen
Heise Security03. Juli 2026

Kommentar: CISA-Übereifer macht CVSS-Scores wertlos

CVSS ad absurdum: Zwei „Low“-Lücken in Apache Tomcat wären dank äußerst eigenwilligem CISA-Vulnrichment beinahe zu heisec-Alert-Kandidaten geworden.

Weiterlesen

Wird alle 30 Minuten aktualisiert · CH/DE: BACS Schweiz, BSI, Allianz Cyber-Sicherheit, Heise Security, Golem · EN: BleepingComputer, The Hacker News, Fortinet, SANS ISC, Microsoft Security, Krebs on Security, Kaspersky