Heise Security News (alert)

• Ivanti EPMM: Update stopft bereits angegriffene Sicherheitslücken (08.05.2026 09:12)
• „Dirty Frag“: Linux-Lücken verschaffen root-Rechte (08.05.2026 06:40)
• Node.js 25: Ausbrüche aus JavaScript-Sandbox vm2 vorstellbar (07.05.2026 09:02)
• Cisco: Codeschmuggel-Leck in Unity Connection und weitere Lücken (07.05.2026 07:08)
• Google Chrome 148: Neue Version schließt 127 Sicherheitslücken (07.05.2026 05:52)
• Apache HTTP Server: Hochriskante Lücken ermöglichen Einschleusen von Schadcode (06.05.2026 11:28)

CyberSecurityNews (The Hacker News)

• cPanel, WHM Release Fixes for Three New Vulnerabilities — Patch Now (09.05.2026 07:16)
• TCLBANKER Banking Trojan Targets Financial Platforms via WhatsApp and Outlook Worms (08.05.2026 18:12)
• Fake Call History Apps Stole Payments From Users After 7.3 Million Play Store Downloads (08.05.2026 15:08)
• One Click, Total Shutdown: The "Patient Zero" Webinar on Killing Stealth Breaches (08.05.2026 14:01)
• Quasar Linux RAT Steals Developer Credentials for Software Supply Chain Compromise (08.05.2026 11:00)
• One Missed Threat Per Week: What 25M Alerts Reveal About Low-Severity Risk (08.05.2026 10:30)
• New Linux PamDOORa Backdoor Uses PAM Modules to Steal SSH Credentials (08.05.2026 08:41)
• Linux Kernel Dirty Frag LPE Exploit Enables Root Access Across Major Distributions (08.05.2026 05:12)
• Ivanti EPMM CVE-2026-6973 RCE Under Active Exploitation Grants Admin-Level Access (07.05.2026 17:55)
• PCPJack Credential Stealer Exploits 5 CVEs to Spread Worm-Like Across Cloud Systems (07.05.2026 17:45)
• PAN-OS RCE Exploit Under Active Use Enabling Root Access and Espionage (07.05.2026 13:34)
• ThreatsDay Bulletin: Edge Plaintext Passwords, ICS 0-Days, Patch-or-Die Alerts and 25+ New Stories (07.05.2026 11:33)