SecBoard analysiert Cybersecurity-News, CVEs, Exploit-Signale, KEV-Einträge und Community-Indikatoren und verdichtet sie zu einem operativen Cyber-Lagebild für CISOs, SOCs, Red Teams und Security-Verantwortliche.
Warum SecBoard?
Weniger Noise
Viele Quellen, aber nur relevante Signale — kein allgemeiner Newsfeed.
Mehr Priorisierung
CVEs, Vorfälle und Tools werden nach operativer Relevanz eingeordnet.
Branchenbezug
Threats werden nach betroffenen Branchen und Technologien sichtbar gemacht.
Handlungsperspektive
Fokus auf das, was Security-Teams prüfen, patchen, monitoren oder eskalieren sollten.
CISA Adds One Known Exploited Vulnerability to Catalog
Threat Brief: Active Exploitation of PAN-OS CVE-2026-0257
Cisco SD-WAN Zero-Day Exploited Months Before Patching
CISA Adds Two Known Exploited Vulnerabilities to Catalog
mutillidae — OWASP Mutillidae II is a free, open-source, deliberately vulnerable web application providing a target for web-security training. This is an easy-to-use web hacking environment designed for labs, security enthusiasts, classrooms, CTF, and vulnerability assessment tool targets.
pentest-ai-agents — Turn Claude Code into your offensive security research assistant. Specialized AI subagents for authorized penetration testing plan engagements, analyze recon, research exploits, build detections, audit STIGs, and write reports.
Athena OS Nix configuration files focused on Cybersecurity. Learn, practice and enjoy with any hacking tool! · Sprache: Nix · Topics: athenaos, cybersecurity, hacking, infosec, learning, linux · ⭐ 250 Stars
Coerce Windows authentication by generating, distributing, and cleaning up poisoned files at scale. · Sprache: Python · Topics: penetration-testing, security · ⭐ 38 Stars
The FBI and CISA are warning that a phishing campaign targeting Signal users tied to Russian intelligence services has evolved to steal Signal Backup Recovery Keys, allowing attackers to access victims' historical messages. [...]
Interactive offensive security cheat sheet — 2000+ pentest commands across 33 categories with instant search, full CRUD, write-ups, favorites and variable fill-bar. OSCP/OSWE/OSEP/CPTS exam prep ready. Docker deployable. · Sprache: JavaScript · Topics: active-directory, cheatsheet, ctf, ethical-hacking, kali-linux, offensive-security · ⭐ 37 Stars
Chinese companies control nearly two-thirds of Argentina’s own squid fleet.
Sandfly Security Agentless Compromise and Intrusion Detection System For Linux · Sprache: Shell · Topics: forensics, intrusion-detection, intrusion-detection-system, linux, security, security-automation · ⭐ 91 Stars
Sprache: Go · Topics: dependencies, dependency-audit, osv, security, security-audit, security-tools · ⭐ 63 Stars
Recover symbols, types, interfaces, and method signatures from stripped Go binaries. Ghidra, IDA, and Binary Ninja exporters included. · Sprache: Rust · Topics: binary-analysis, binary-ninja, decompiler-helper, garble, ghidra, ghidra-plugin · ⭐ 10 Stars
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is giving federal agencies until Sunday to patch a vulnerability in Cisco Unified Communications Manager Server that is being actively exploited. [...]
The FBI and CISA have updated their March warning about Russian intelligence phishing Signal accounts, and the operators have added a step: they now coax targets into handing over their Signal Backup Recovery Key. Hand it over once, and the attacker can restore the account's backup, read the...
Companies are still experimenting with automated AI systems to find security weaknesses, but fewer are relying on the technology.
A DoS testing tool for network load simulation. · Sprache: Python · Topics: ddos, ddos-attack, ddos-attack-tool, ddos-attacks, ddos-script, ddos-tool · ⭐ 432 Stars
A newly discovered cyber attack campaign has been observed delivering a previously undocumented malware family called SharkLoader that acts as a loader for deploying Cobalt Strike Beacon on compromised hosts. Kaspersky, which is tracking the activity under the moniker StrikeShark, said the campaign...
Polymarket says it will fully reimburse customers who lost an estimated $3 million after hackers injected a malicious script into the platform's frontend following a breach at a third-party vendor. [...]
Agentic pentest tooling. Currently achieving 81% (KIMI K2.5) on XBOW's benchmark in full black-box. Completely Self-hosted. Every model available on LiteLLM (Ollama, anthropic, openai...) · Sprache: Python · Topics: agentic-ai, ai, cybersecurity, cybersecurity-tools, offensive-security, pentesting · ⭐ 261 Stars
Threat actors are creating OpenAI tenants that impersonate legitimate companies and inviting employees to join them, in what appears to be a ploy to trick targets into submitting sensitive company information in chats and projects. [...]
Cisco joins a growing list of security platform providers who are betting that securing the agentic workforce means turning identity into the primary control plane.
BUSted!!! Microarchitectural Side-Channel Attacks on the MCU Bus Interconnect · Sprache: C · Topics: cortex-m, exploit, microarchitectural-attack, microcontrollers, security, side-channel · ⭐ 11 Stars
We know that ICE wants to deploy eyeglasses with facial recognition that can identify people in real time. Turns out Meta is prototyping the feature with a Pentagon supplier. (Alternate news story.)
The Open Source Sustainability Initiative's goal is to help enterprises manage and secure aging open source projects while maintaining regulatory compliance.
A Chinese-speaking advanced persistent threat (APT) actor has been linked to a new custom backdoor called TinyRCT as part of cyber attacks aimed at government entities and critical infrastructure in Southeast Asia. The activity, particularly aimed at state-owned enterprises in the energy and...
Instead of eliminating jobs for early-career cyber pros, AI is creating new opportunities for candidates with strong human decision-making skills.
AWS has patched the vulnerability and published its own advisory to inform customers about the potential impact. The post Amazon Q Flaw Enabled Cloud Credential Theft via Malicious Repositories appeared first on SecurityWeek.
Roughly two dozen companies have notified their customers of the Klue-Salesforce incident impact. The post More Klue Breach Victims Identified as Hackers Get Hacked appeared first on SecurityWeek.
Other noteworthy stories that might have slipped under the radar: Russia used Cellebrite to hack activist’s phone, Five Eyes issue urgent AI threat warning, macOS Gaslight backdoor, Scattered Spider guilty pleas. The post In Other News: Chinese Mythos-Like AI, Tata Electronics Breach, Snyk Layoffs...
AI won't replace GRC analysts, but it can eliminate much of the repetitive work they do. Anecdotes walks through building an agent that continuously monitors controls, identifies evidence gaps, and opens remediation tasks. [...]
A high-severity flaw in Amazon Q Developer let a malicious repository run commands and steal a developer's cloud credentials. The path was short: a developer opens the repo, trusts the workspace, and Amazon Q does the rest. Amazon has patched it. Tracked as CVE-2026-12957 (CVSS 8.5), the bug sat in...
Getting accurate visibility into IT and OT systems will be compounded by multivendor environments, misaligned update life cycles, and interoperability gaps.
A flaw in the Linux kernel's traffic-control subsystem can let a local unprivileged user gain root on affected systems. CVE-2026-46331, nicknamed "pedit COW," is an out-of-bounds write in the packet-editing action (act_pedit) that corrupts shared page-cache memory. A public, working exploit...
It might be taking a bit longer than usual to respond to your submissions — here's why.