| ITtechNews

Anzeige: Persönlicher Alarm mit 130 dB jetzt unter 16 Euro bei Amazon 31. März 2026
Der Thopeb-Sicherheits-Alarm hat jetzt bei Amazon 36 Prozent Rabatt und bietet 130 dB Lautstärke plus eine Stroboskop-LED für Notfälle. (Technik/Hardware, Security)
Situation Monitors vs. Osint: Desinformation statt Intelligence 31. März 2026
"Situation Monitors" über den Iran schaffen Verwirrung, nicht Aufklärung - zumindest solange man nicht zwischen Open Source Information und Open Source Intelligence unterscheidet. (Wissen, CCC)
NPM-Pakete laden Malware nach: Populärer HTTP-Client Axios kompromittiert 31. März 2026
Axios ist zur Verarbeitung von HTTP-Anfragen in unzählige Softwareprojekte eingebunden. Das NPM-Konto des Maintainers wurde gekapert, um Malware zu verbreiten. (Malware, Virus)
Rund 30.000 Instanzen am Netz: Citrix-Systeme werden attackiert 31. März 2026
Eine kritische Sicherheitslücke gefährdet unzählige Citrix-Netscaler-Instanzen. Angreifer nutzen sie bereits aus. Es droht eine vollständige Kompromittierung. (Sicherheitslücke, Citrix)
Linkedin & Persona: In drei Minuten in den Datenschutz-Wahnsinn 31. März 2026
Ich habe meine Identität auf Linkedin verifiziert. Hier erzähle ich, was ich preisgegeben habe, nur um ein blaues Häkchen zu bekommen. (Datensicherheit, Datenschutz)
Anzeige: Praxisnahes Schwachstellenmanagement 31. März 2026
Schwachstellenmanagement entscheidet über Prioritäten im Patchprozess. Ein Online-Workshop zeigt, wie Risiken bewertet und Maßnahmen abgeleitet werden. (Golem Karrierewelt, Server-Applikationen)
Hilfe bei Scam: KI-Oma Hilde hat bereits 3.000 Anfragen beantwortet 30. März 2026
Telefónica zieht ein erstes Fazit mit der KI-Beraterin und verrät, welche Fragen am meisten gestellt wurden. (KI, Phishing)

2026-004: Critical Vulnerability in SharePoint Exploited 25. März 2026
On 17 March 2026, Microsoft updated one of its January 2026 security advisories related to a remote code execution vulnerability in Microsoft SharePoint. Specifically, Microsoft raised the CVSS score and changed the FAQ section to indicate that the vulnerability could be exploited by an unauthenticated attacker. This vulnerability was added in the CISA's Known Exploited […]
2026-003: Multiple Vulnerabilities in Citrix NetScaler and Citrix ADC 23. März 2026
On 23 March 2026, Citrix published a security advisory addressing multiple vulnerabilities affecting NetScaler ADC and NetScaler Gateway. These vulnerabilities may lead to sensitive information disclosure and user session mix-up under specific configurations. At the time of writing, there is no public evidence of active exploitation. It is strongly recommended updating affected gateways, prioritising internet-facing […]
2026-002: Multiple Vulnerabilities in Cisco Products 26. Februar 2026
On 25 February 2026, Cisco released security advisories addressing multiple high and critical severity vulnerabilities in Cisco Catalyst SD-WAN controllers and Cisco SD-WAN Manager. If exploited, these vulnerabilities could allow attackers to gain administrative access to compromised systems. It is recommended to capture forensic evidence, hunt for indicators of compromise, and apply updates as soon […]
2026-001: Critical vulnerabilities in Ivanti EPMM 30. Januar 2026
On 29 January 2026, Ivanti released a security advisory addressing two critical vulnerabilities in their EPMM products. An attacker could exploit those flaws to achieve unauthenticated remote code execution on the vulnerable device. One of these vulnerabilities have been exploited in a limited number of cases.
2025-042: Critical Vulnerability in Cisco Secure Email and Web Manager 18. Dezember 2025
On December 17, 2025, Cisco released a security advisory for a critical vulnerability affecting Cisco Secure Email Gateway and Cisco Secure Email and Web Manager products. It is recommended to follow Cisco's recommendations to check whether vulnerable appliances have been compromised, and to remediate the issue. There is no patch available for this vulnerability yet.
2025-041: Critical Security Vulnerability in React Server Components 4. Dezember 2025
On December 3, 2025, the React Team publicly disclosed a critical security vulnerability affecting React Server Components (RSC) and related packages. The vulnerability allows for unauthenticated remote code execution (RCE) via maliciously crafted HTTP requests. It is recommended to update all affected component packages and any frameworks that integrate them.
2025-040: Critical Vulnerability in Windows Server Update Service (WSUS) 24. Oktober 2025
On October 23, 2025, Microsoft released an out-of-band update to address a critical vulnerability in Windows Server Update Service (WSUS). This vulnerability could allow a remote unauthenticated attacker to execute code on the targeted systems. A proof-of-concept is publicly available for this vulnerability. It is recommended to update as soon as possible.
2025-039: High Severity Vulnerability in FortiOS 15. Oktober 2025
On October 14, 2025, Fortinet released a security advisory addressing a high severity vulnerability in its FortiOS product. It is recommended updating affected products.
2025-038: Critical Vulnerabilities in Veeam Backup 15. Oktober 2025
On October 14, 2025, Veeam released a security advisory addressing multiple vulnerabilities including 2 critical in its Veeam Backup product. CERT-EU recommends updating affected software as soon as possible and following Veeam implementation best practices.
2025-037: Multiple Vulnerabilities in F5 Products 15. Oktober 2025
On October 15, 2025, F5 disclosed that a sophisticated nation-state actor breached its systems and maintained long-term persistent access into F5's infrastructure. This included access to BIG-IP product development source code and to information related to security vulnerabilities that had not yet been disclosed nor patched. F5 released patches on the same day to address […]