ARTIKEL SUCHE
Threat Feed QueryDurchsuche alle aggregierten Security-Artikel nach Schlagworten, CVE-IDs und Quellen.
Five OpenClaw 0-Days let Attackers to Hijack Trusted AI Agent Access
Five zero-day flaws in OpenClaw allowed attackers to bypass trust boundaries and hijack AI agent access across multiple messaging platforms. OpenClaw, which integrates AI agents with services such as Slack, Discord, Micr
One-Click GitHub Dev Attack Lets Attackers Steal Full GitHub OAuth Tokens
Cybersecurity researchers have disclosed a one-click attack via Microsoft Visual Studio Code (VS Code) that makes it possible to steal a user's GitHub token. "Just by clicking a link, it's possible for an attacker to st
Microsoft Tries to Calm Legal Threat Fears After Zero-Day Disclosure Backlash
Microsoft responds to backlash over its threats of legal action against researchers who publicly disclose zero-day vulnerabilities. The post Microsoft Tries to Calm Legal Threat Fears After Zero-Day Disclosure Backlash a
New HTTP/2 Bomb Vulnerability Allows Remote DoS on NGINX, Apache, IIS, Envoy & Cloudflare
Cybersecurity researchers have discovered a remote denial-of-service exploit that affects major web servers, including NGINX, Apache HTTPD, Microsoft IIS, Envoy, and Cloudflare Pingora. The vulnerability has been codena
Microsoft 365 Android Apps Account Takeover Vulnerability Impacted Billions of Android Users
A single forgotten development flag left active in production code silently handed Microsoft account tokens to any app on an Android device, exposing billions of users across six major Microsoft 365 apps to account takeo
Windows Search URI Handler Flaw Leaks NTLMv2 Hashes to Attacker-Controlled Servers
A newly disclosed flaw in the Windows search URI handler can silently leak NTLMv2 hashes to attacker-controlled servers with nothing more than a single link click. This behavior is the same bug class as CVE-2026-33829 in
HTTP/2 Bomb — Remote DoS Exploit Hits nginx, Apache, IIS, Envoy, and Cloudflare Pingora
A newly disclosed remote denial-of-service exploit dubbed “HTTP/2 Bomb” targets the default HTTP/2 configurations of the world’s most widely deployed web servers, nginx, Apache httpd, Microsoft IIS, Envoy, and Cloudflare
Attackers Abuse AWS, Google Cloud, Cloudflare, and Microsoft Services to Hide Malicious Traffic
Cybercriminals are increasingly weaponizing trusted cloud infrastructure, including Amazon Web Services, Google Cloud, Microsoft Azure, Cloudflare, and GitHub, to camouflage malicious traffic, evade detection, and sustai
Microsoft MSRC Allegedly Dismissed Dependency Confusion Vulnerability, Claims Researcher
A dependency confusion vulnerability affecting Microsoft’s Azure Portal after the Microsoft Security Response Center (MSRC) closed the case, claiming the confirmed remote code execution evidence did not constitute an exp
Kritische Authenticator-Lücke ermöglicht Kontoübernahme ohne Exploit
CVE-2026-41615 erlaubt Angreifern, den Microsoft Authenticator über eine manipulierte OAuth-Anfrage zur Token-Weitergabe zu verleiten. Ein Nutzerklick genügt, kein Exploit ist nötig. Mit dem gestohlenen Token übernehm
[High] CVE-2026-49139 – Nanobot prior to version 0.2.1 contains a server-side request forgery vulnerabil...
High CVE-2026-49139 Nanobot prior to version 0.2.1 contains a server-side request forgery vulnerability in the Microsoft Teams channel handler that allows remote attackers to exfiltrate Bot Framework bearer tokens by sup
[High] CVE-2026-47294 – Deserialization of untrusted data in Microsoft Office SharePoint allows an autho...
High CVE-2026-47294 Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. CVSS: 8.0 · CWE: CWE-78 View on NVD
CVE-2026-47294 - Microsoft SharePoint Server Remote Code Execution Vulnerability
CVE ID :CVE-2026-47294 Published : June 1, 2026, 6:26 p.m. | 46 minutes ago Description :None Severity: 8.0 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and mor
EchoCreep und GraphWorm verstecken Angriffsbefehle in Cloud-Diensten
Die China-nahe APT-Gruppe Webworm erweitert ihr Backdoor-Arsenal um EchoCreep und GraphWorm. Beide tarnen ihren Steuerverkehr in legitimen Cloud-Diensten, EchoCreep über Discord, GraphWorm über die Microsoft Graph API. S
Microsoft fixes outage affecting MFA setup, MySignIn service
Microsoft is working to address an ongoing incident preventing customers from setting up multi-factor authentication (MFA) or accessing the My Sign-Ins platform. [...]
Microsoft confirms outage affecting MFA, My Sign-Ins platform
Microsoft is working to address an ongoing incident preventing customers from setting up multi-factor authentication (MFA) or accessing the My Sign-Ins platform. [...]
Microsoft fixes KB5089549 Windows security update install issues
Microsoft has resolved a known issue causing installation failures and 0x800f0922 errors when deploying the May 2026 Windows 11 security update (KB5089549). [...]
Microsoft Investigates MFA Setup Failure and MySigns-In Portal Outage
Microsoft is currently investigating a service disruption affecting users attempting to set up multi-factor authentication (MFA) or access the self-service sign-in portal at mysignins.microsoft.com. The issue was officia
Microsoft Tightens Entra ID Password Resets With New Authentication Change
Microsoft has announced a significant security update to its Entra ID Self-Service Password Reset (SSPR) feature, introducing stricter authentication requirements designed to reduce identity-based attacks. The update man
Microsoft Clarifies It Won’t Sue Security Researchers Amid Nightmare-Eclipse Controversy
Microsoft has clarified its stance, reducing perceived legal threats and reaffirming its commitment to coordinated vulnerability disclosure, following significant backlash from the security research community. In a caref