[UPDATE] [mittel] OpenSSL und LibreSSL: Mehrere Schwachstellen

24.02.2026 12:37

Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in OpenSSL und LibreSSL ausnutzen, um…

[NEU] [mittel] SonicWall SonicOS: Mehrere Schwachstellen ermöglichen Denial of Service

24.02.2026 12:36

Ein entfernter, authentisierter Angreifer kann mehrere Schwachstellen in SonicWall SonicOS ausnutzen…

[NEU] [mittel] Red Hat Enterprise Linux (389-ds-base): Schwachstelle ermöglicht Codeausführung und potenziell Denial of Service

24.02.2026 12:32

Ein entfernter, authentisierter Angreifer kann eine Schwachstelle in Red Hat Enterprise Linux ausnut…

[UPDATE] [hoch] Red Hat Enterprise Linux (Lodash): Schwachstelle ermöglicht Denial of Service

24.02.2026 12:32

Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Red Hat Enterprise Linux ausnutzen, um…

[UPDATE] [hoch] Linux Kernel: Mehrere Schwachstellen ermöglichen Denial of Service

24.02.2026 12:32

Ein Angreifer kann mehrere Schwachstellen in Linux Kernel ausnutzen, um einen Denial of Service Angr…

[UPDATE] [mittel] Linux Kernel: Mehrere Schwachstellen ermöglichen Denial of Service

24.02.2026 12:32

Ein Angreifer kann mehrere Schwachstellen in Linux Kernel ausnutzen, um einen Denial of Service Angr…

[UPDATE] [hoch] Linux Kernel: Mehrere Schwachstellen

24.02.2026 12:32

Ein Angreifer kann mehrere Schwachstellen im Linux-Kernel ausnutzen, um nicht näher spezifizierte An…

[UPDATE] [hoch] Linux Kernel: Mehrere Schwachstellen

24.02.2026 12:32

Ein Angreifer kann mehrere Schwachstellen im Linux Kernel ausnutzen, um nicht näher spezifizierte An…

[UPDATE] [hoch] Linux Kernel: Mehrere Schwachstellen

24.02.2026 12:32

Ein Angreifer kann mehrere Schwachstellen im Linux-Kernel ausnutzen, um nicht näher spezifizierte An…

[UPDATE] [mittel] Linux Kernel: Mehrere Schwachstellen ermöglichen Denial of Service

24.02.2026 12:32

Ein lokaler Angreifer kann mehrere Schwachstellen in Linux Kernel ausnutzen, um einen Denial of Serv…

[UPDATE] [hoch] Linux Kernel: Mehrere Schwachstellen

24.02.2026 12:32

Ein Angreifer kann mehrere Schwachstellen im Linux-Kernel ausnutzen, um nicht näher spezifizierte An…

[UPDATE] [hoch] Linux Kernel: Mehrere Schwachstellen ermöglichen Denial of Service

24.02.2026 12:32

Ein Angreifer kann mehrere Schwachstellen im Linux Kernel ausnutzen, um einen Denial-of-Service-Zust…

[UPDATE] [hoch] Linux Kernel: Mehrere Schwachstellen

24.02.2026 12:32

Ein Angreifer kann mehrere Schwachstellen im Linux Kernel ausnutzen, um nicht näher spezifizierte An…

[UPDATE] [mittel] Linux Kernel: Mehrere Schwachstellen ermöglichen Denial of Service

24.02.2026 12:32

Ein lokaler Angreifer kann mehrere Schwachstellen in Linux Kernel ausnutzen, um einen Denial of Serv…

[UPDATE] [hoch] Linux Kernel: Mehrere Schwachstellen ermöglichen Denial of Service

24.02.2026 12:32

Ein Angreifer kann mehrere Schwachstellen im Linux Kernel ausnutzen, um einen Denial-of-Service-Zust…

[UPDATE] [hoch] Linux Kernel: Mehrere Schwachstellen

24.02.2026 12:32

Ein lokaler Angreifer kann mehrere Schwachstellen im Linux-Kernel ausnutzen, um beliebigen Code ausz…

[UPDATE] [hoch] Linux Kernel: Mehrere Schwachstellen ermöglichen Denial of Service

24.02.2026 12:32

Ein Angreifer kann mehrere Schwachstellen in Linux Kernel ausnutzen, um einen Denial of Service Angr…

[UPDATE] [mittel] QEMU: Schwachstelle ermöglicht Denial of Service

24.02.2026 12:32

Ein entfernter, anonymer Angreifer kann eine Schwachstelle in QEMU ausnutzen, um einen Denial of Ser…

[NEU] [mittel] Apache Airflow: Mehrere Schwachstellen

24.02.2026 12:27

Ein entfernter, authentisierter Angreifer kann mehrere Schwachstellen in Apache Airflow ausnutzen, u…

[NEU] [mittel] ImageMagick: Mehrere Schwachstellen

24.02.2026 12:12

Ein Angreifer kann mehrere Schwachstellen in ImageMagick ausnutzen, um beliebigen Programmcode auszu…

CVE-2026-25108 – FileZen: Soliton Systems K.K FileZen OS Command Injection Vulnerability

24.02.2026 00:00

Soliton Systems K.K FileZen contains an OS command injection vulnerability when an user logs-in to t…

CVE-2025-49113 – Webmail: RoundCube Webmail Deserialization of Untrusted Data Vulnerability

20.02.2026 00:00

RoundCube Webmail contains a deserialization of untrusted data vulnerability that allows remote code…

CVE-2025-68461 – Webmail: RoundCube Webmail Cross-site Scripting Vulnerability

20.02.2026 00:00

RoundCube Webmail contains a cross-site scripting vulnerability via the animate tag in an SVG docume…

CVE-2021-22175 – GitLab: GitLab Server-Side Request Forgery (SSRF) Vulnerability

18.02.2026 00:00

GitLab contains a server-side request forgery (SSRF) vulnerability when requests to the internal net…

CVE-2026-22769 – RecoverPoint for Virtual Machines (RP4VMs): Dell RecoverPoint for Virtual Machines (RP4VMs) Use of Hard-coded Credentials Vulnerability

18.02.2026 00:00

Dell RecoverPoint for Virtual Machines (RP4VMs) contains an use of hard-coded credentials vulnerabil…

CVE-2020-7796 – Zimbra Collaboration Suite: Synacor Zimbra Collaboration Suite (ZCS) Server-Side Request Forgery Vulnerability

17.02.2026 00:00

Synacor Zimbra Collaboration Suite (ZCS) contains a server-side request forgery vulnerability if Web…

CVE-2024-7694 – ThreatSonar Anti-Ransomware: TeamT5 ThreatSonar Anti-Ransomware Unrestricted Upload of File with Dangerous Type Vulnerability

17.02.2026 00:00

TeamT5 ThreatSonar Anti-Ransomware contains an unrestricted upload of file with dangerous type vulne…

CVE-2008-0015 – Windows: Microsoft Windows Video ActiveX Control Remote Code Execution Vulnerability

17.02.2026 00:00

Microsoft Windows Video ActiveX Control contains a remote code execution vulnerability. An attacker …

CVE-2026-2441 – Chromium: Google Chromium CSS Use-After-Free Vulnerability

17.02.2026 00:00

Google Chromium CSS contains a use-after-free vulnerability that could allow a remote attacker to po…

CVE-2026-1731 – Remote Support (RS) and Privileged Remote Access (PRA): BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA) OS Command Injection Vulnerability

13.02.2026 00:00

BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA)contain an OS command injection vu…

CVE-2026-20700 – Multiple Products: Apple Multiple Buffer Overflow Vulnerability

12.02.2026 00:00

Apple iOS, macOS, tvOS, watchOS, and visionOS contain an improper restriction of operations within t…

CVE-2024-43468 – Configuration Manager: Microsoft Configuration Manager SQL Injection Vulnerability

12.02.2026 00:00

Microsoft Configuration Manager contains an SQL injection vulnerability. An unauthenticated attacker…

CVE-2025-15556 – Notepad++: Notepad++ Download of Code Without Integrity Check Vulnerability

12.02.2026 00:00

Notepad++ when using the WinGUp updater, contains a download of code without integrity check vulnera…

CVE-2025-40536 – Web Help Desk: SolarWinds Web Help Desk Security Control Bypass Vulnerability

12.02.2026 00:00

SolarWinds Web Help Desk contains a security control bypass vulnerability that could allow an unauth…

CVE-2026-21513 – Windows: Microsoft MSHTML Framework Protection Mechanism Failure Vulnerability

10.02.2026 00:00

Microsoft MSHTML Framework contains a protection mechanism failure vulnerability that could allow an…

CVE-2026-21525 – Windows: Microsoft Windows NULL Pointer Dereference Vulnerability

10.02.2026 00:00

Microsoft Windows Remote Access Connection Manager contains a NULL pointer dereference that could al…

CVE-2026-21510 – Windows: Microsoft Windows Shell Protection Mechanism Failure Vulnerability

10.02.2026 00:00

Microsoft Windows Shell contains a protection mechanism failure vulnerability that could allow an un…

CVE-2026-21533 – Windows: Microsoft Windows Improper Privilege Management Vulnerability

10.02.2026 00:00

Microsoft Windows Remote Desktop Services contains an improper privilege management vulnerability th…

CVE-2026-21519 – Windows: Microsoft Windows Type Confusion Vulnerability

10.02.2026 00:00

Microsoft Desktop Windows Manager contains a type confusion vulnerability that could allow an author…

CVE-2026-21514 – Office: Microsoft Office Word Reliance on Untrusted Inputs in a Security Decision Vulnerability

10.02.2026 00:00

Microsoft Office Word contains a reliance on untrusted inputs in a security decision vulnerability t…

Microsoft-Anleitung für Secure-Boot-Zertifikate von Windows Servern

24.02.2026 13:25

Microsofts Secure-Boot-Zertifikate laufen im Juni aus und müssen ersetzt werden. Microsoft gibt Serv…

iOS 26.4 Beta 2: Apple testet RCS-Verschlüsselung mit Android

24.02.2026 10:28

Apple hat eine neue Entwicklerbeta fürs iPhone freigegeben. Damit lassen sich erstmals verschlüsselt…

Microsoft beendet Unterstützung für Windows-Versionen aus 2016

24.02.2026 10:23

Windows-Versionen aus 2016 erhalten in Kürze keinen Support mehr. Erweiterte Sicherheits-Updates (ES…

40 Sicherheitslücken in ImageMagick geschlossen

24.02.2026 09:39

Die Bildbearbeitungssoftware ImageMagick ist an mehreren Stellen verwundbar. Sicherheitspatches steh…

MedConf 2026: Das Programm der Medizintechnik-Konferenz steht

24.02.2026 09:00

Die MedConf by heise ist die wichtigste deutschsprachige Konferenz zur Entwicklung von Medizintechni…

Microsoft Edge: Tumult um VPN-Funktion

24.02.2026 08:13

Aktuell macht eine Meldung die Runde: Microsoft Edge Secure Network ist gar kein VPN. Es macht jedoc…

Mit ChatGPT erstellte Passwörter sind nicht sicher

23.02.2026 13:45

Wer KI-Chatbots auffordert, starke Passwörter zu erstellen, erhält zwar sicher erscheinende Ergebnis…

Sicherheitsupdate: Schadcode-Attacken auf GIMP möglich

23.02.2026 10:36

Angreifer können PCs, auf denen das Grafikprogramm GIMP installiert ist, attackieren. Dafür müssen O…

CarGurus: Have I Been Pwned integriert Daten von 12,5 Millionen Kunden

23.02.2026 09:53

Have I Been Pwned ist um 12,5 Millionen Einträge von CarGurus-Nutzern und -Nutzerinnen reicher. Die …

Pi-hole: Update schließt Sicherheitslücken und liefert mehr Performance

23.02.2026 08:11

Die Pi-hole-Programmierer haben dem DNS-Werbefilter Sicherheitslücken ausgetrieben und die Software …

Roundcube Webmail: Angriffe auf Sicherheitslücken laufen

23.02.2026 07:00

Die IT-Sicherheitsbehörde CISA warnt vor aktuell beobachteten Angriffen auf Roundcube-Webmail-Schwac…

Anthropic launcht Claude Code Security – Cybersecurity-Aktien verlieren

21.02.2026 15:53

Das KI-Tool Claude Code Security von Anthropic analysiert Code kontextbasiert statt regelbasiert. Di…

Zahlreiche Kernel-Lücken in Dell PowerProtect Data Manager geschlossen

20.02.2026 12:16

Dells Backuplösung PowerProtect Data Manager ist unter anderem für Schadcode-Attacken anfällig. Sich…

Kommentar: Russlands Cyber-Angriffe erfordern eine Reaktion

20.02.2026 12:07

Jürgen Schmidt sprach sich lange Zeit gegen offensive Cyber-Aktionen aus. Russlands Sabotage-Angriff…

Adidas bezieht Stellung zu möglichem Datenleck bei externem Dienstleister

20.02.2026 11:20

Die Cybergang Lapsus$ behauptet in einem Untergrundforum, Daten von Adidas bei einem externen Dienst…

Google: KI-Systeme blockten 2025 1,75 Millionen schädliche Apps

20.02.2026 10:25

Google hat 2025 deutlich weniger Schadprogramme aus dem Play Store entfernen müssen – ein Erfolg ver…

BSI-Warnung: Ivanti-EPMM-Lücke wird verbreitet missbraucht

20.02.2026 10:22

Das Bundesamt für Sicherheit in der Informationstechnik (BSI) und IT-Forscher warnen vor weit verbre…

Atlassian-Sicherheitsupdates: Bamboo und Confluence sind verwundbar

20.02.2026 09:08

Angreifer können Systeme mit Atlassian-Anwendungen im schlimmsten Fall mit Schadcode attackieren.

Windows-Editor: Details zur Markdown-Sicherheitslücke

20.02.2026 08:02

Die Patchday-Updates schließen eine Lücke im Windows-Editor, die das Einschleusen von Schadcode erla…

Love-Scam: Liebesbetrug-Masche wegen KI immer erfolgreicher

20.02.2026 06:00

Liebesschwindel im Netz – immer mehr Menschen werden von Love-Scammern um viel Geld gebracht. KI erl…

Google Chrome: Mehrere Schwachstellen

24.02.2026 09:57

In Google Chrome/Microsoft Edge existieren mehrere Schwachstellen. Ein Angreifer kann diese Schwachs…

D-LINK DWR-M960 Router: Mehrere Schwachstellen ermöglichen Codeausführung und DoS

23.02.2026 10:42

In D-LINK DWR-M960 Router existieren mehrere Schwachstellen. Ein entfernter, authentisierter Angreif…

GIMP: Mehrere Schwachstellen ermöglichen Codeausführung

20.02.2026 12:10

Ein Angreifer kann mehrere Schwachstellen in GIMP ausnutzen, um beliebigen Programmcode auszuführen.…

Google Chrome: Mehrere Schwachstellen

19.02.2026 11:35

In Google Chrome existieren mehrere Schwachstellen. Ein Angreifer kann diese Schwachstelle ausnutzen…

Moodle: Mehrere Schwachstellen

18.02.2026 12:20

Ein Angreifer kann mehrere Schwachstellen in Moodle ausnutzen, um Schadcode auszuführen und um einen…

Microsoft Edge: Schwachstelle ermöglicht Offenlegung von Informationen

18.02.2026 08:40

Es existiert eine Schwachstelle in Microsoft Edge. Ein Angreifer kann diese Schwachstelle ausnutzen,…

Mozilla Firefox, Firefox ESR und Thunderbird: Mehrere Schwachstellen

17.02.2026 10:55

Es bestehen mehrere Schwachstellen in Mozilla Firefox, Firefox ESR und Thunderbird. Ein Angreifer ka…

Dell Computer: Schwachstelle ermöglicht Codeausführung

17.02.2026 10:45

Es existiert eine Schwachstelle in Dell Computer. Die Schwachstelle entsteht durch einen Fehler im Q…

Google Chrome: Schwachstelle ermöglicht Codeausführung

16.02.2026 11:30

Es existiert eine Schwachstelle in Google Chrome. Ein Angreifer kann diese Schwachstelle ausnutzen, …

Apple macOS Tahoe, Sequoia und Sonoma: Mehrere Schwachstellen

12.02.2026 12:12

In Apple macOS Tahoe, Sequoia und Sonoma existieren mehrere Schwachstellen.
Ein Angreifer kann die…

Apple iOS und iPadOS: Mehrere Schwachstellen

12.02.2026 12:12

In Apple iOS und Apple iPadOS existieren mehrere Schwachstellen. Ein Angreifer kann diese Schwachst…

Google Chrome: Mehrere Schwachstellen

12.02.2026 12:12

In Google Chrome existieren mehrere Schwachstellen. Ein Angreifer kann diese Schwachstellen ausnutze…

Apple Safari: Mehrere Schwachstellen

12.02.2026 11:47

n Apple Safari existieren mehrere Schwachstellen. Ein Angreifer kann diese Schwachstellen ausnutzen,…

QNAP NAS QTS und QuTS hero: Mehrere Schwachstellen

12.02.2026 11:42

Es bestehen mehrere Schwachstellen in QNAP QTS und QuTS hero.Ein Angreifer kann diese Schwachstellen…

AMD EPYC, Athlon und Ryzen Prozessoren: Mehrere Schwachstellen

11.02.2026 11:52

In einigen AMD EPYC-, Athlon- und Ryzen-Prozessoren bestehen mehrere Schwachstellen. Ein Angreifer k…

HP OfficeJet Pro Printers: Mehrere Schwachstellen

11.02.2026 11:52

In einigen HP OfficeJet Druckern bestehen mehrere Schwachstellen. Ein Angreifer kann diese Schwachst…

Adobe Creative Cloud Applikationen: Mehrere Schwachstellen

11.02.2026 10:17

In Adobe Creative Cloud-Anwendungen bestehen mehrere Schwachstellen. Ein lokaler Angreifer kann die…

Microsoft Patchday Februar 2026

11.02.2026 10:12

Microsoft hat im Februar zahlreiche Schwachstellen in verschiedenen Produkten behoben.

Intel Prozessoren: Mehrere Schwachstellen

11.02.2026 10:02

Es bestehen mehrere Schwachstellen in verschiedenen Intel-Prozessoren und Intel-Chipsätzen. Ein Angr…

Microsoft Edge (Android): Schwachstelle ermöglicht Darstellen falscher Informationen

06.02.2026 11:54

In Microsoft Edge für Android wurde eine Schwachstelle entdeckt. Ein Angreifer kann die Benutzerober…

Analysis of Single Sign-On Abuse on FortiOS

22.01.2026 18:44

Fortinet is proactively communicating to customers to share analysis regarding single sign-on (SSO) …

Product Security Advisory and Analysis: Observed Abuse of FG-IR-19-283

24.12.2025 10:15

This blog analysis describes the observed abuse and provides additional context so that administrato…

Analysis of Threat Actor Activity

10.04.2025 13:00

Fortinet diligently balances our commitment to the security of our customers and our culture of resp…

Advancing Responsible Disclosure Efforts: A Q&A with Michael Daniel of Cyber Threat Alliance

11.03.2025 13:00

The Cyber Threat Alliance introduced its Responsible Vulnerability Communication Policy, laying out …

Analysis of Threat Actor Data Posting

16.01.2025 14:10

This blog analysis regarding a recent threat actor posting, which claims to offer compromised config…

Proactive, Responsible Disclosure Is One Crucial Way Fortinet Strengthens Customer Security

03.05.2024 14:27

The cybersecurity industry continues to grow and mature. As a part of this process, we must collecti…

The Importance of Patching: An Analysis of the Exploitation of N-Day Vulnerabilities

07.02.2024 17:15

An analysis of the exploitation of resolved N-Day Fortinet vulnerabilities by an unknown actor.
&#16…

Analysis of CVE-2023-27997 and Clarifications on Volt Typhoon Campaign

12.06.2023 14:59

Today, Fortinet published a CVSS Critical PSIRT Advisory (FG-IR-23-097 / CVE-2023-27997) along with …

Analysis of FG-IR-22-369

09.03.2023 15:32

A following write-up that details Fortinet's investigation into the incident that led to the discove…

Perspectives: FortiNAC and CVE-2022-39952

23.02.2023 10:30

Fortinet published a Critical Advisory (FG-IR-22-300 / CVE-2022-39952) for FortiNAC on February 16, …

CVE-2021-24119 In Trusted Firmware Mbed TLS 2.24.0, a side-channel vulnerability in base64 PEM file decoding allows system-level (administrator) attackers to obtain information about secret RSA keys via a controlled-channel and side-channel attack on software running in isolated environments that can be single stepped, especially Intel SGX.

21.02.2026 11:27

Information published.

CVE-2020-36426 An issue was discovered in Arm Mbed TLS before 2.24.0. mbedtls_x509_crl_parse_der has a buffer over-read (of one byte).

21.02.2026 11:28

Information published.

CVE-2025-21846 acct: perform last write from workqueue

21.02.2026 10:18

Information published.

CVE-2025-21847 ASoC: SOF: stream-ipc: Check for cstream nullity in sof_ipc_msg_data()

21.02.2026 10:21

Information published.

CVE-2025-21863 io_uring: prevent opcode speculation

21.02.2026 10:23

Information published.

CVE-2025-29768 Vim vulnerable to potential data loss with zip.vim and special crafted zip files

21.02.2026 10:32

Information published.

CVE-2024-55549 xsltGetInheritedNsList in libxslt before 1.1.43 has a use-after-free issue

21.02.2026 10:36

Information published.

CVE-2024-58088 bpf: Fix deadlock when freeing cgroup storage

21.02.2026 10:26

Information published.

CVE-2025-21856 s390/ism: add release function for struct device

21.02.2026 10:24

Information published.

CVE-2025-21866 powerpc/code-patching: Fix KASAN hit by not flagging text patching area as VM_ALLOC

21.02.2026 10:20

Information published.

CVE-2023-52969 MariaDB Server 10.4 through 10.5.*, 10.6 through 10.6.*, 10.7 through 10.11.*, and 11.0 through 11.0.* can sometimes crash with an empty backtrace log. This may be related to make_aggr_tables_info and optimize_stage2.

21.02.2026 11:02

Information published.

CVE-2025-21861 mm/migrate_device: don't add folio to be freed to LRU in migrate_device_finalize()

21.02.2026 10:25

Information published.

CVE-2025-1767 This CVE only affects Kubernetes clusters that utilize the in-tree gitRepo volume to clone git repositories from other pods within the same node. Since the in-tree gitRepo volume feature has been deprecated and will not receive security updates upstream, any cluster still using this feature remains vulnerable.

21.02.2026 10:33

Information published.

CVE-2024-58089 btrfs: fix double accounting race when btrfs_run_delalloc_range() failed

21.02.2026 11:28

Information published.

CVE-2025-21864 tcp: drop secpath at the same time as we currently drop dst

21.02.2026 10:16

Information published.

CVE-2025-2953 PyTorch torch.mkldnn_max_pool2d denial of service

21.02.2026 11:37

Information published.

CVE-2024-8176 Libexpat: expat: improper restriction of xml entity expansion depth in libexpat

21.02.2026 10:38

Information published.

CVE-2025-21839 KVM: x86: Load DR6 with guest value only before entering .vcpu_run() loop

21.02.2026 11:45

Information published.

CVE-2025-21855 ibmvnic: Don't reference skb after sending to VIOS

21.02.2026 10:15

Information published.

CVE-2025-58436 OpenPrinting CUPS slow client can halt cupsd, leading to a possible DoS attack

21.02.2026 12:08

Information published.

Keeping Google Play & Android app ecosystems safe in 2025

19.02.2026 17:00

Posted by Vijaya Kaza, VP and GM, App & Ecosystem Trust





The Android ecosystem is a thriving glo…

New Android Theft Protection Feature Updates: Smarter, Stronger

27.01.2026 16:59

Posted by Nataliya Stanetsky, Fabricio Ferracioli, Elliot Sisteron, Irene Ang of the Android Securit…

HTTPS certificate industry phasing out less secure domain validation methods

10.12.2025 20:00

Posted by Chrome Root Program Team


Secure connections are the backbone of the modern web, but a c…

Further Hardening Android GPUs

09.12.2025 17:20

Posted by Liz Prucka, Hamzeh Zawawy, Rishika Hooda, Android Security and Privacy Team


Last year, G…

Architecting Security for Agentic Capabilities in Chrome

08.12.2025 19:39

Posted by Nathan Parker, Chrome security team


Chrome has been advancing the web’s security for wel…

Android expands pilot for in-call scam protection for financial apps

03.12.2025 16:59

Posted by Aden Haussmann, Associate Product Manager and Sumeet Sharma, Play Partnerships Trust & Saf…

Android Quick Share Support for AirDrop: A Secure Approach to Cross-Platform File Sharing

20.11.2025 22:25

Posted by Dave Kleidermacher, VP, Platforms Security & Privacy, Google


Technology should bring peo…

Rust in Android: move fast and fix things

13.11.2025 17:02

Posted by Jeff Vander Stoep, Android


Last year, we wrote about why a memory safety strategy that f…

How Android provides the most effective protection to keep you safe from mobile scams

25.11.2025 21:40

Posted by Lyubov Farafonova, Product Manager, Phone by Google; Alberto Pastor Nieto, Sr. Product Man…

HTTPS by default

28.10.2025 21:16

One year from now, with the release of Chrome 154 in October 2026, we will change the default setti…

Accelerating adoption of AI for cybersecurity at DEF CON 33

24.09.2025 19:07

Posted by Elie Bursztein and Marianna Tishchenko, Google Privacy, Safety and Security TeamEmpowering…

Supporting Rowhammer research to protect the DRAM ecosystem

15.09.2025 17:01

Posted by Daniel MoghimiRowhammer is a complex class of vulnerabilities across the industry. It is a…

How Pixel and Android are bringing a new level of trust to your images with C2PA Content Credentials

10.09.2025 15:59

Posted by Eric Lynch, Senior Product Manager, Android Security, and Sherif Hanna, Group Product Mana…

Android’s pKVM Becomes First Globally Certified Software to Achieve Prestigious SESIP Level 5 Security Certification

06.10.2025 01:12

Posted by Dave Kleidermacher, VP Engineering, Android Security & Privacy


Today marks a watershed m…

Introducing OSS Rebuild: Open Source, Rebuilt to Last

04.08.2025 21:40

Posted by Matthew Suozzo, Google Open Source Security Team (GOSST)Today we're excited to announce OS…

Advancing Protection in Chrome on Android

08.07.2025 17:36

Posted by David Adrian, Javier Castro & Peter Kotwicz, Chrome Security Team


Android recently a…

Mitigating prompt injection attacks with a layered defense strategy

13.06.2025 18:49

Posted by Google GenAI Security TeamWith the rapid adoption of generative AI, a new wave of threats …

Sustaining Digital Certificate Security - Upcoming Changes to the Chrome Root Store

30.05.2025 15:02

Posted by Chrome Root Program, Chrome Security Team


Note: Google Chrome communicated its removal o…

Tracking the Cost of Quantum Factoring

23.05.2025 11:57

Posted by Craig Gidney, Quantum Research Scientist, and Sophie Schmieg, Senior Staff Cryptography En…

What’s New in Android Security and Privacy in 2025

14.05.2025 16:28

Posted by Dave Kleidermacher, VP Engineering, Android Security and Privacy



Android’s intelligent …

Cisco Secure Web Appliance Real-Time Scanning Archive File Bypass Vulnerability

20.02.2026 21:08

A vulnerability in the Dynamic Vectoring and Streaming (DVS) Engine implementation of Cisco Asy…

Cisco Unified Communications Products Remote Code Execution Vulnerability

13.02.2026 15:21

A vulnerability in Cisco Unified Communications Manager (Unified CM), Cisco Unified Communicati…

Cisco TelePresence Collaboration Endpoint Software and RoomOS Software Denial of Service Vulnerability

13.02.2026 01:37

A vulnerability in the text rendering subsystem of Cisco TelePresence Collaboration Endpoint (C…

Multiple Cisco Products Snort 3 MIME Denial of Service Vulnerabilities

12.02.2026 18:38

Multiple Cisco products are affected by vulnerabilities in the HTTP Multipurpose Internet Mail E…

Multiple Cisco Products Snort 3 Distributed Computing Environment/Remote Procedure Call Vulnerabilities

11.02.2026 04:42

Multiple Cisco products are affected by vulnerabilities in the processing of Distributed Computi…

Cisco Prime Infrastructure Stored Cross-Site Scripting Vulnerability

05.02.2026 00:00

A vulnerability in the web-based management interface of Cisco Prime Infrastructure could allow…

Cisco Meeting Management Arbitrary File Upload Vulnerability

05.02.2026 00:00

A vulnerability in the Certificate Management feature of Cisco Meeting Management could allow a…

Cisco Evolved Programmable Network Manager and Cisco Prime Infrastructure Open Redirect Vulnerability

05.02.2026 00:00

A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Man…

Cisco IEC6400 Wireless Backhaul Edge Compute Software SSH Denial of Service Vulnerability

22.01.2026 00:00

A vulnerability in the SSH service of Cisco IEC6400 Wireless Backhaul Edge Compute Software cou…

Cisco Packaged Contact Center Enterprise and Cisco Unified Contact Center Enterprise Cross-Site Scripting Vulnerabilities

22.01.2026 00:00

Multiple vulnerabilities in the web-based management interface of Cisco Packaged Contact Center…

Cisco Intersight Virtual Appliance Privilege Escalation Vulnerability

21.01.2026 16:00

A vulnerability in the read-only maintenance shell of Cisco Intersight Virtual Appliance could …

Reports About Cyberattacks Against Cisco Secure Email Gateway And Cisco Secure Email and Web Manager

15.01.2026 16:01

On December 10, Cisco became aware of a new cyberattack campaign targeting a limited subset of a…

Cisco Identity Services Engine Stored Cross-Site Scripting Vulnerability

15.01.2026 16:00

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) c…

Cisco Evolved Programmable Network Manager and Cisco Prime Infrastructure Stored Cross-Site Scripting Vulnerability

15.01.2026 16:00

A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Man…

Cisco Identity Services Engine Cross-Site Scripting Vulnerability

15.01.2026 16:00

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) a…

Cisco Identity Services Engine XML External Entity Processing Information Disclosure Vulnerability

08.01.2026 00:00

A vulnerability in the licensing features of Cisco Identity Services Engine (ISE) and Cisc…

Remote Code Execution Vulnerability in React and Next.js Frameworks: December 2025

18.12.2025 06:37

On December 3, 2025, the React team released a security advisory regarding a vulnerability, CVE-…

Cisco Identity Services Engine Reflected Cross-Site Scripting and Information Disclosure Vulnerabilities

04.12.2025 14:23

Multiple vulnerabilities in Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity …

Multiple Cisco Contact Center Products Vulnerabilities

18.11.2025 14:49

Multiple vulnerabilities in Cisco Unified Contact Center Express (Unified CCX), Cisco Unified Co…

Cisco Catalyst Center Privilege Escalation Vulnerability

13.11.2025 16:00

A vulnerability in Cisco Catalyst Center could allow an authenticated, remote attacker to execu…

Oracle Critical Patch Update Advisory - January 2026

20.01.2026 19:30

Oracle Critical Patch Update Advisory - October 2025

21.10.2025 19:30

Oracle Security Alert for CVE-2025-61884 - 11 October 2025

12.10.2025 02:00

Oracle Security Alert for CVE-2025-61882 - 4 October 2025

04.10.2025 19:30

Oracle Critical Patch Update Advisory - July 2025

15.07.2025 19:30

Oracle Critical Patch Update Advisory - April 2025

15.04.2025 19:30

Oracle Critical Patch Update Advisory - January 2025

21.01.2025 19:30

Oracle Security Alert for CVE-2024-21287 - 18 November 2024

18.11.2024 19:30

Oracle Critical Patch Update Advisory - October 2024

15.10.2024 19:30

Oracle Critical Patch Update Advisory - July 2024

16.07.2024 19:30

Oracle Critical Patch Update Advisory - April 2024

16.04.2024 19:30

Oracle Critical Patch Update Advisory - January 2024

16.01.2024 19:30

Oracle Critical Patch Update Advisory - October 2023

17.10.2023 19:30

Oracle Critical Patch Update Advisory - July 2023

18.07.2023 19:30

Oracle Critical Patch Update Advisory - April 2023

18.04.2023 19:30

Oracle Critical Patch Update Advisory - January 2023

17.01.2023 19:30

Oracle Critical Patch Update Advisory - October 2022

18.10.2022 19:30

Oracle Critical Patch Update Advisory - July 2022

19.07.2022 19:30

Oracle Security Alert for CVE-2022-21500 - 19 May 2022

19.05.2022 19:30

Oracle Critical Patch Update Advisory - April 2022

19.04.2022 19:30

To Be More Effective Cybersecurity Must Learn to Think in Matrices

02.02.2026 08:30

Cybersecurity leaders have been recommending for years to learn to speak to the business. However, I…

More Effective Security Programs Through Security Risk Quantification

27.01.2026 09:00

For effective communication and decision on the appropriate response, we need to translate security …

Building Resilient Enterprises: SAP’s Security Gains from Microsoft Defender for Cloud

27.10.2025 12:45

t's 3 PM on a Friday, and your development team just discovered a critical production issue affectin…

“Don’t Lie to Me” - Containing AI Agent Threats with Plan-then-Execute

20.10.2025 06:30

Throughout this blog series, we have repeatedly mentioned to consider your AI agents as threat actor…

Navigating SAP Security and Cloud Compliance Topics

14.10.2025 16:07

SAP offers customers several options to find resources and information on security and cloud complia…

Plan-then-Execute – An Architectural Pattern for Responsible Agentic AI

13.10.2025 06:30

In the recently published paper Architecting Resilient LLM Agents: A Guide to Secure Plan-then-Execu…

Limiting Agent Autonomy – Least Privilege and Tool Access for Agentic AI Systems

30.09.2025 06:00

In the previous blog in this series, we covered the non-deterministic nature of agentic AI systems a…

“That’s Not What We Agreed!” – Repudiation and Agentic AI Threat Modeling

08.09.2025 21:17

What makes Large Language Models (LLMs) both powerful and unpredictable is that they are non-determi…

Securing Agentic AI Through Threat Modeling at SAP

17.07.2025 16:17

Agentic AI is no longer a concept of the future—it’s here, embedded into enterprise workflows. But a…

Striking a Balance: Navigating the Open-Source Tightrope in a World of Evolving Threats - Part 3

08.04.2025 07:00

With 'Part 3 - The Strategic Imperative of Transitioning to Inner Source Development' of the series …

Striking a Balance: Navigating the Open-Source Tightrope in a World of Evolving Threats - Part 2

02.04.2025 14:32

With 'Part 2 - Navigating the Complex Landscape of OSS Licensing and Geopolitical Influences' of the…

Defending Against AI Security Risks by Turning LLMs on LLMs

03.03.2025 18:31

As a provider of both Business AI solutions and the AI Core platform that provides access to third p…

The Broad Spectrum of Supply Chain Security

11.02.2025 15:06

There is increasing understanding that supply chain security is important to the resilience of busin…

Beyond Prioritization: Combating Alert Fatigue Through Policy Enforcement at The Edge

06.02.2025 00:43

Cybersecurity teams, developers and system operators increasingly struggle with alert fatigue. As ne…

Striking a Balance: Navigating the Open-Source Tightrope in a World of Evolving Threats - Part 1

23.01.2025 13:43

With 'Part 1 - Understanding the Multifaceted Risks of Open-Source Reliance' of the series 'Striking…

Moving ERP to the Cloud is More Than Running On Someone Else’s Computer

16.12.2024 13:18

People say that “cloud is just someone else’s computer”. That obscures significant differences betwe…

Managing Threats and Security Incidents for SAP Systems

11.12.2024 15:15

Many cyber threats target core IT infrastructure, rather than specialized applications like ERP syst…

We did it... SAP confirmed it is NIST CSF Tier 3

24.09.2024 21:35

At SAP, cybersecurity is paramount. We know that our customers trust us to provide solutions that he…

How SAP Security Teams Can Help Cyber Teams Towards Cyber Resilience

10.09.2024 10:10

SAP security teams, including Governance, Risk and Compliance (GCS), have special skills and experie…

Protecting SAP RISE Customer Data - Building on AWS Security Capabilities

21.08.2024 16:28

RISE with SAP provides an attractive solution for organizations to deploy their S/4 HANA solutions i…

New Malicious npm Package "ambar-src" Targets Developers with Open Source Malware

24.02.2026 21:30

Tenable Research investigated a malicious npm package with around 50,000 downloads in the public reg…

Dynamic Objects in Active Directory: The Stealthy Threat

20.02.2026 14:00

Active Directory’s "dynamic objects" feature offers attackers a perfect evasion cloak. These objects…

The Cloud and AI Velocity Trap: Why Governance Is Falling Behind Innovation

19.02.2026 13:50

AI adoption is outpacing traditional cyber governance. The “Tenable Cloud and AI Security Risk Repor…

Gartner® Names Tenable as the Current Company to Beat for AI-Powered Exposure Assessment in a 2025 Report

12.02.2026 13:45

“Tenable’s asset and attack surface coverage, its application of AI and its reputation for vulnerabi…

Microsoft’s February 2026 Patch Tuesday Addresses 54 CVEs (CVE-2026-21510, CVE-2026-21513)

10.02.2026 18:55

2Critical51Important1Moderate0LowMicrosoft addresses 54 CVEs in the February 2026 Patch Tuesday rele…

What Anthropic’s Latest Model Reveals About the Future of Cybersecurity

09.02.2026 23:10

AI can find vulnerabilities with unprecedented speed, but discovery alone doesn’t reduce cyber risk.…

I pretended to be an AI agent on Moltbook so you don’t have to

09.02.2026 17:34

I went undercover on Moltbook, the AI-only social network, masquerading as a bot. Instead of deep bo…

2025 SLG cyber trends: 5 lessons to build a 2026 cyber roadmap

05.02.2026 14:00

From school districts to state agencies, 2025 cyber incidents were a wake-up call about asset visibi…

LookOut: Discovering RCE and Internal Access on Looker (Google Cloud & On-Prem)

04.02.2026 11:00

Tenable Research discovered two novel vulnerabilities in Google Looker that could allow an attacker …

From Clawdbot to Moltbot to OpenClaw: Security Experts Detail Critical Vulnerabilities and 6 Immediate Hardening Steps for the Viral AI Agent

03.02.2026 22:54

Moltbot, the viral AI agent, offers immense power but is riddled with critical vulnerabilities, incl…