Telekom Security

Latest Update

ZipLine-linked spearphishing campaign uses PowerShell backdoor and Cloudflare Tunnel

Jun 11, 2026 Threat Intelligence

Telekom Security investigated a spearphishing campaign targeting organizations in several European countries. The campaign ultimately enables follow-on activity that, in at least one observed case, led to the deployment of Qilin ransomware.We are aware of m...

Read the analysis

Apr 22, 2026 Security Advisory

Pack2TheRoot (CVE-2026-41651): Cross-Distro Local Privilege Escalation Vulnerability

Today we publicly disclose a high-severity vulnerability (CVSS 3.1: 8.8) - in coordination with distro maintainers - that affects multiple Linux distributions in their default installations.The Pack2TheRoot vulnerability can be exploited...
Continue Reading
Mar 03, 2026 Threat Intelligence

Mass exploitation of CVE-2026-1281 and CVE-2026-1340 in Ivanti EPMM

In early 2026, two critical zero-day vulnerabilities in Ivanti’s mobile device management platform - CVE-2026-1281 and CVE-2026-1340 - emerged as significant drivers of incident activity across multiple sectors. Both flaws, rated CVSS 9....
Continue Reading
Nov 25, 2025 Security Advisory

REDAXO Mediapool Reflected Cross-Site Scripting

A reflected Cross-Site Scripting vulnerability (CVE-2025-66026) has been identified in the REDAXO Mediapool component. The issue allows arbitrary JavaScript execution in the backend when a user visits a specially crafted link while authe...
Continue Reading
Nov 04, 2025 Security Advisory

Multiple vulnerabilities in Janitza UMG 96RM-E

Several vulnerabilities were discovered during testing of a Janitza UMG 96RM-E device.
Continue Reading
Jun 03, 2025 Security Advisory

Multiple vulnerabilities in Kanboard (Exploiting web applications Part II)

This article is a continuation of a write-up series, where we discuss web application vulnerabilities found during red team operations. This time, the target was the Kanboard software.
Continue Reading
Apr 01, 2025 Security Advisory

Rasa (un)authenticated Remote Code Execution via remote model loading (CVE-2024-49375)

During an internal penetration test a product was checked which uses Rasa to build a conversational AI. A mixture of penetration testing and source code analysis led to the discovery of an (un)authenticated Remote Code Execution.
Continue Reading
Mar 14, 2025 Security Advisory

Multiple critical vulnerabilities in SICK DL100-2xxxxxxx Products

Several vulnerabilities were discovered during testing of a DL100 device.
Continue Reading

Telekom Security Updates