Tageszusammenfassung - 13.05.2026

End-of-Day report

Timeframe: Dienstag 12-05-2026 18:00 - Mittwoch 13-05-2026 18:00 Handler: Guenes Holler Co-Handler: n/a

News

Azerbaijani Energy Firm Hit by Repeated Microsoft Exchange Exploitation

A threat actor with affiliations to China has been linked to a "multi-wave intrusion" targeting an unnamed Azerbaijani oil and gas company between late December 2025 and late February 2026, marking an expansion of its targeting.

https://thehackernews.com/2026/05/azerbaijani-energy-firm-hit-by-repeated.html

Angriff umgeht BitLocker mittels Windows Recovery Environment

BitLocker soll vertrauliche Daten auch vor physischen Angriffen schützen. Die Windows Recovery Environment hebelt den Schutz aus.

https://www.heise.de/news/Angriff-umgeht-BitLocker-mittels-Windows-Recovery-Environment-11292642.html

Datenpanne bei Best Western Hotels: Hacker konnten monatelang Buchungsdaten abgreifen

Angreifer konnten sich wohl rund ein halbes Jahr lang ungestört im System von Best Western Hotels umsehen und Daten der Hotelgäste ausleiten.

https://www.golem.de/news/best-western-hotels-hacker-konnten-monatelang-auf-buchungsdaten-zugreifen-2605-208637.html

RubyGems Suspends New Signups After Hundreds of Malicious Packages Are Uploaded

RubyGems, the standard package manager for the Ruby programming language, has temporarily paused account sign ups following what has been described as a "major malicious attack."

https://thehackernews.com/2026/05/rubygems-suspends-new-signups-after.html

Thus Spoke-The Gentlemen

The Gentlemen ransomware-as-a-service (RaaS) operation is a relatively new group that emerged around mid-2025. Its operators advertise the service across multiple underground forums, promoting their ransomware platform and inviting penetration testers and other technically skilled actors to join as affiliates.

https://research.checkpoint.com/2026/thus-spoke-the-gentlemen/

Claude Code RCE: Exploiting Deeplink Handlers via Settings Injection

Of course I took a peek at the Claude Code source.

https://0day.click/recipe/2026-05-12-cc-rce/

Vulnerabilities

Patchday Microsoft: Kritische DNS-Client-Lücke bedroht Windows

Microsoft hat wichtige Sicherheitsupdates für unter anderem Azure, Edge, Office und Windows veröffentlicht. Viele Lücken wurden mit KI-Agenten entdeckt.

https://www.heise.de/news/Patchday-Microsoft-Kritische-DNS-Client-Luecke-bedroht-Windows-11292506.html

Patchday: Adobe schließt mehr als 50 Lücken in After Effects & Co.

Wichtige Sicherheitsupdates reparieren diverse Adobe-Anwendungen. Bislang gibt es keine Berichte zu laufenden Attacken.

https://heise.de/-11292536

Fortinet stopft elf Sicherheitslücken in mehreren Produkten

Fortinet hat zum -Patch-Dienstag- elf Sicherheitsflicken konzertiert veröffentlicht. Zwei der Lecks gelten als kritisch.

https://heise.de/-11292861

1,000,000 WordPress Sites Affected by Arbitrary File Read and SQL Injection Vulnerabilities in Avada Builder WordPress Plugin

On March 21st, 2026, we received a submission for an Arbitrary File Read and an SQL Injection vulnerability in Avada Builder, a WordPress plugin with an estimated 1,000,000 active installations.The post 1,000,000 WordPress Sites Affected by Arbitrary File Read and SQL Injection Vulnerabilities in Avada Builder WordPress Plugin appeared first on Wordfence.

https://www.wordfence.com/blog/2026/05/1000000-wordpress-sites-affected-by-arbitrary-file-read-and-sql-injection-vulnerabilities-in-avada-builder-wordpress-plugin/

New Exim BDAT Vulnerability Exposes GnuTLS Builds to Potential Code Execution

Exim has released security updates to address a severe security issue affecting certain configurations that could enable memory corruption and potential code execution.

https://thehackernews.com/2026/05/new-exim-bdat-vulnerability-exposes.html