Home Honeypots Advisories Threat Intel Twitter Logo@DTCERT About

Telekom Security

Home Honeypots Advisories Threat Intel Twitter Logo@DTCERT About

  • ZipLine-linked spearphishing campaign uses PowerShell backdoor and Cloudflare Tunnel

    11 Jun 2026 • Threatintel

    Telekom Security investigated a spearphishing campaign targeting organizations in several European countries. The campaign ultimately enables follow-on activity that, in at least one observed case, led to the deployment of Qilin ransomware. We are aware of multiple affected companies across different countries, most of them located in Austria. Not all of these organizations were encrypted, but at least one became a victim of Qilin ransomware. We assess this activity to be related to the ZipLine campaign, which was uncovered by Check Point Research in August 2025. While there are some differences in the current activity, the overall tradecraft shows multiple similarities, as described throughout this blog post.

    Continue Reading →

  • Pack2TheRoot (CVE-2026-41651): Cross-Distro Local Privilege Escalation Vulnerability

    22 Apr 2026 • Advisories

    Today we publicly disclose a high-severity vulnerability (CVSS 3.1: 8.8) - in coordination with distro maintainers - that affects multiple Linux distributions in their default installations. The Pack2TheRoot vulnerability can be exploited by any local unprivileged user to obtain root access on a vulnerable system.

    Continue Reading →

  • Mass exploitation of CVE-2026-1281 and CVE-2026-1340 in Ivanti EPMM

    03 Mar 2026 • Threatintel

    In early 2026, two critical zero-day vulnerabilities in Ivanti’s mobile device management platform - CVE-2026-1281 and CVE-2026-1340 - emerged as significant drivers of incident activity across multiple sectors. Both flaws, rated CVSS 9.8 (critical), allow unauthenticated remote code execution, enabling attackers to compromise Ivanti Endpoint Manager Mobile (EPMM) appliances and potentially pivot into broader enterprise environments.

    Continue Reading →

  • REDAXO Mediapool Reflected Cross-Site Scripting

    25 Nov 2025 • Advisories

    A reflected Cross-Site Scripting vulnerability (CVE-2025-66026) has been identified in the REDAXO Mediapool component. The issue allows arbitrary JavaScript execution in the backend when a user visits a specially crafted link while authenticated.

    Continue Reading →

  • Multiple vulnerabilities in Janitza UMG 96RM-E

    04 Nov 2025 • Advisories

    Several vulnerabilities were discovered during testing of a Janitza UMG 96RM-E device.

    Continue Reading →

  • Multiple vulnerabilities in Kanboard (Exploiting web applications Part II)

    03 Jun 2025 • Advisories • Writeup

    This article is a continuation of a write-up series, where we discuss web application vulnerabilities found during red team operations. This time, the target was the Kanboard software.

    Continue Reading →

  • Rasa (un)authenticated Remote Code Execution via remote model loading (CVE-2024-49375)

    01 Apr 2025 • Advisories • Writeup

    During an internal penetration test a product was checked which uses Rasa to build a conversational AI. A mixture of penetration testing and source code analysis led to the discovery of an (un)authenticated Remote Code Execution.

    Continue Reading →

  • Multiple critical vulnerabilities in SICK DL100-2xxxxxxx Products

    14 Mar 2025 • Advisories

    Several vulnerabilities were discovered during testing of a DL100 device.

    Continue Reading →

« 1 2 3 4 5 6 7 8 »
Imprint • Disclaimer • Privacy Policy