ARTIKEL SUCHE
Threat Feed QueryDurchsuche alle aggregierten Security-Artikel nach Schlagworten, CVE-IDs und Quellen.
CISA Adds 6 Known Exploited Flaws in Fortinet, Microsoft, and Adobe Software
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added half a dozen security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The list of vulne
Microsoft Edge: Mehrere Schwachstellen
Ein entfernter, anonymer Angreifer kann mehrere, nicht näher beschriebene Schwachstellen in Microsoft Edge ausnutzen, um Informationen offenzulegen und falsche Informationen darzustellen. Zur erfolgreichen Ausnutzung ist
Investigating Storm-2755: “Payroll pirate” attacks targeting Canadian employees
Microsoft Incident Response – Detection and Response Team (DART) researchers observed an emerging, financially motivated threat actor, tracked as Storm-2755, compromising Canadian employee accounts to gain unauthorized a
Google Chrome und Microsoft Edge: Mehrere Schwachstellen
Es gibt mehrere Schwachstellen in Google Chrome und Microsoft Edge. Ein Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsmechanismen zu umgehen, Schadcode auszuführen, Informationen offenzulegen und den Benut
Palo Alto Cortex Microsoft Teams Integration Vulnerability Enables Data Access for Attackers
Palo Alto Networks released an urgent update to patch a high-severity flaw (CVE-2026-0234) affecting the Microsoft Teams integration in Cortex XSOAR and Cortex XSIAM. This flaw could allow unauthorized attackers to acces
Russia Hacked Routers to Steal Microsoft Office Tokens
Hackers linked to Russia's military intelligence units are using known flaws in older Internet routers to mass harvest authentication tokens from Microsoft Office users, security experts warned today. The spying campaign
BlueHammer PoC for Windows Defender Exploited by Researchers to Escalate Privileges
A proof-of-concept (PoC) exploit dubbed BlueHammer has been publicly released by security researcher Nightmare Eclipse (also known as Chaotic Eclipse), targeting a zero-day local privilege escalation (LPE) vulnerability
Disgruntled researcher leaks “BlueHammer” Windows zero-day exploit
Exploit code has been released for an unpatched Windows privilege escalation flaw reported privately to Microsoft, allowing attackers to gain SYSTEM or elevated administrator permissions. [...]
Microsoft links Medusa ransomware affiliate to zero-day attacks
Microsoft says that Storm-1175, a China-based financially motivated cybercriminal group known for deploying Medusa ransomware payloads, has been deploying n-day and zero-day exploits in high-velocity attacks. [...]
CVE-2018-25245 - Microsoft 7 Tik 1.0.1.0 Denial of Service via Search
CVE ID :CVE-2018-25245 Published : April 4, 2026, 2:16 p.m. | 21 minutes ago Description :Microsoft 7 Tik 1.0.1.0 contains a denial of service vulnerability that allows attackers to crash the application by submitt
CVE-2018-25241 - Microsoft VPN Browser+ 1.1.0.0 Denial of Service
CVE ID :CVE-2018-25241 Published : April 4, 2026, 2:16 p.m. | 21 minutes ago Description :Microsoft VPN Browser+ 1.1.0.0 contains a denial of service vulnerability that allows unauthenticated attackers to crash the
CVE-2026-33105 - Microsoft Azure Kubernetes Service Elevation of Privilege Vulnerability
CVE ID :CVE-2026-33105 Published : April 3, 2026, 12:16 a.m. | 21 minutes ago Description :Improper authorization in Microsoft Azure Kubernetes Service allows an unauthorized attacker to elevate privileges over a n
Microsoft Details Steps to Mitigate the Axios npm Supply Chain Compromise
A widely used JavaScript library called Axios was at the center of a serious supply chain attack that came to light on March 31, 2026. Two updated versions of the Axios npm package — version 1.14.1 and version 0.30.4 — w
Mitigating the Axios npm supply chain compromise
On March 31, 2026, the popular HTTP client Axios experienced a supply chain attack, causing two newly published npm packages for version updates (1.14.1 and 0.30.4) to download from command and control (C2) that Microsof
Microsoft Warns of WhatsApp-Delivered VBS Malware Hijacking Windows via UAC Bypass
Microsoft is calling attention to a new campaign that has leveraged WhatsApp messages to distribute malicious Visual Basic Script (VBS) files. The activity, beginning in late February 2026, leverages these scripts to ini
Microsoft Edge: Schwachstelle ermöglicht Manipulation von Dateien und die Offenlegung von Informationen
Es existiert eine Schwachstelle in Microsoft Edge. Ein Angreifer kann diese Schwachstelle ausnutzen, um Daten zu modifizieren und vertrauliche Informationen zu stehlen. Dazu ist eine Benutzeraktion erforderlich: Das Opfe
SharePoint-Schwachstelle führt zu Remote-Code-Ausführung
SharePoint ist seit Januar von einer kritischen Schwachstelle betroffen, die die Ausführung von Schadcode ermöglicht. Assigner Microsoft gibt an, dass die Schwachstelle nicht ausgenutzt wurde, doch CISA und ENISA behaupt
New Windows Error Reporting Vulnerability Lets Attackers Escalate to Gain SYSTEM Access
A newly analyzed local privilege escalation vulnerability in the Windows Error Reporting (WER) service allows attackers to easily gain full SYSTEM access. The flaw, tracked as CVE-2026-20817, was considered so structural
North Korea-linked threat actors abuse VS Code auto-run to spread StoatWaffle malware
North Korea-linked threat actors use VS Code auto-run tasks to spread StoatWaffle malware via malicious projects that execute on folder open. North Korea-linked threat actor Team 8 behind the Contagious Interview campaig
CVE-2026-0898 - An arbitrary file-write vulnerability in Pega Browser Extension (PBE) affects Pega Robot Studio developers who are automating Google Chrome and Microsoft Edge using either version 22.1 or R25.
CVE ID :CVE-2026-0898 Published : March 23, 2026, 7:16 p.m. | 1 hour, 17 minutes ago Description :An arbitrary file-write vulnerability in Pega Browser Extension (PBE) affects Pega Robot Studio developers who are a