===================== = End-of-Day report = =====================
Timeframe: Freitag 27-02-2026 18:00 − Montag 02-03-2026 18:00 Handler: Felician Fuchs Co-Handler: Michael Schlagenhaufer
===================== = News = =====================
∗∗∗ Microsoft testing Windows 11 batch file security improvements ∗∗∗ --------------------------------------------- Microsoft is rolling out new Windows 11 Insider Preview builds that improve security and performance during batch file or CMD script execution. --------------------------------------------- https://www.bleepingcomputer.com/news/microsoft/microsoft-testing-windows-11...
∗∗∗ QuickLens Chrome extension steals crypto, shows ClickFix attack ∗∗∗ --------------------------------------------- A Chrome extension named "QuickLens - Search Screen with Google Lens" has been removed from the Chrome Web Store after it was compromised to push malware and attempt to steal crypto from thousands of users. --------------------------------------------- https://www.bleepingcomputer.com/news/security/quicklens-chrome-extension-st...
∗∗∗ UK warns of Iranian cyberattack risks amid Middle-East conflict ∗∗∗ --------------------------------------------- The United Kingdoms National Cyber Security Centre (NCSC) alerted British organizations to a heightened risk of Iranian cyberattacks amid the ongoing conflict in the Middle East. --------------------------------------------- https://www.bleepingcomputer.com/news/security/uk-warns-of-iranian-cyberatta...
∗∗∗ A fake FileZilla site hosts a malicious download ∗∗∗ --------------------------------------------- A tampered copy of FileZilla quietly contacts attacker-controlled servers using encrypted DNS traffic that can slip past traditional monitoring. --------------------------------------------- https://www.malwarebytes.com/blog/threat-intel/2026/03/a-fake-filezilla-site...
∗∗∗ FinanzOnline-Phishing: Kriminelle drohen mit Hausratpfändung ∗∗∗ --------------------------------------------- Oh Schreck: Eine Pfändung des Hausrats droht, weil ein offener Betrag trotz mehrerer Mahnungen nicht bezahlt worden sein soll. Genau das behauptet derzeit eine E-Mail, die angeblich von FinanzOnline stammt. Tatsächlich handelt es sich dabei aber nicht um eine echte Zahlungsaufforderung. --------------------------------------------- https://www.watchlist-internet.at/news/finanzonline-phishing-hausratpfaendun...
∗∗∗ Taming Agentic Browsers: Vulnerability in Chrome Allowed Extensions to Hijack New Gemini Panel ∗∗∗ --------------------------------------------- A high-severity CVE-2026-0628 in Chromes Gemini allowed local file access and privacy invasion. Google quickly patched the flaw. --------------------------------------------- https://unit42.paloaltonetworks.com/gemini-live-in-chrome-hijacking/
∗∗∗ Active Reconnaissance Campaign Targets SonicWall Firewalls Through Commercial Proxy Infrastructure ∗∗∗ --------------------------------------------- 84,000+ scanning sessions targeting SonicWall SonicOS infrastructure in four days. GreyNoise details a coordinated reconnaissance campaign using rotating proxy infrastructure. --------------------------------------------- https://www.greynoise.io/blog/active-reconnaissance-campaign-targets-sonicwa...
∗∗∗ Cultivating a robust and efficient quantum-safe HTTPS ∗∗∗ --------------------------------------------- Today we're announcing a new program in Chrome to make HTTPS certificates secure against quantum computers. The Internet Engineering Task Force (IETF) recently created a working group, PKI, Logs, And Tree Signatures (“PLANTS”), aiming to address the performance and bandwidth challenges that the increased size of quantum-resistant cryptography introduces into TLS connections requiring Certificate Transparency (CT). --------------------------------------------- https://security.googleblog.com/2026/02/cultivating-robust-and-efficient.htm...
∗∗∗ Stop Putting Secrets in .env Files ∗∗∗ --------------------------------------------- [..] Why do we still store credentials in plaintext .env files? --------------------------------------------- https://jonmagic.com/posts/stop-putting-secrets-in-dotenv-files/
∗∗∗ Fooling Gos X.509 Certificate Verification ∗∗∗ --------------------------------------------- Below are two X.509 certificates. The first is the Certificate Authority (CA) root certificate, and the second is a leaf certifcate signed by the private key of the CA. --------------------------------------------- https://danielmangum.com/posts/fooling-go-x509-certificate-verification/
∗∗∗ Agents attacking agents: AI-powered bot exploiting GitHub Actions ∗∗∗ --------------------------------------------- A week-long automated attack campaign targeted CI/CD pipelines across major open source repositories, achieving remote code execution in multiple targets. The attacker, an autonomous bot called hackerbot-claw, used 5 different exploitation techniques and successfully exfiltrated a GitHub token with write permissions from one of the most popular repositories on GitHub. --------------------------------------------- https://www.stepsecurity.io/blog/hackerbot-claw-github-actions-exploitation
===================== = Vulnerabilities = =====================
∗∗∗ Checkmk: Hochriskante Cross-Site-Scripting-Lücke in Netzwerk-Monitor-Software ∗∗∗ --------------------------------------------- Die Entwickler haben aktualisierte Checkmk-Versionen herausgegeben. Sie schließen eine mindestens hochriskante Cross-Site-Scripting-Lücke. --------------------------------------------- https://www.heise.de/news/Checkmk-Hochriskante-Cross-Site-Scripting-Luecke-i...
∗∗∗ Unauthorized AI Agent Execution Code Published to OpenVSX in Aqua Trivy VS Code Extension ∗∗∗ --------------------------------------------- On February 27 and 28, 2026, versions 1.8.12 and 1.8.13 of the Aqua Trivy VS Code extension were published to the OpenVSX registry under the aquasecurityofficial.trivy-vulnerability-scanner namespace. Socket identified suspicious behavior in these versions shortly after publication and began investigating the releases. --------------------------------------------- https://socket.dev/blog/unauthorized-ai-agent-execution-code-published-to-op...
∗∗∗ LWN Security updates for Monday ∗∗∗ --------------------------------------------- https://lwn.net/Articles/1060911/