Heise Security-Alert

BSI Bund-Cert

• Version 1.0: Microsoft Windows IKE – Kritische Schwachstelle gefährdet Windows VPN-Server 15. April 2026
• Version 1.0: F5 BIG-IP – Aktive Ausnutzung einer Schwachstelle im Access Policy Manager 30. März 2026
• Version 1.1: Citrix NetScaler ADC und Gateway – Schwachstellen gefährden Organisationen 30. März 2026
• Version 1.0: Trivy – Supply-Chain Angriff führt zu Kompromittierungen in Deutschland 26. März 2026

Bruce Schneier

• Friday Squid Blogging: New Giant Squid Video 17. April 2026
  Pretty fantastic video from Japan of a giant squid eating another squid. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Blog moderation policy.
• Mythos and Cybersecurity 17. April 2026
  Last week, Anthropic pulled back the curtain on Claude Mythos Preview, an AI model so capable at finding and exploiting software vulnerabilities that the company decided it was too dangerous to release to the public. Instead, access has been restricted to roughly 50 organizations—Microsoft, Apple, Amazon Web Services, CrowdStrike and other vendors of critical infrastructure—under […]
• Human Trust of AI Agents 16. April 2026
  Interesting research: “Humans expect rationality and cooperation from LLM opponents in strategic games.” Abstract: As Large Language Models (LLMs) integrate into our social and economic interactions, we need to deepen our understanding of how humans respond to LLMs opponents in strategic settings. We present the results of the first controlled monetarily-incentivised laboratory experiment looking at […]
• Defense in Depth, Medieval Style 15. April 2026
  This article on the walls of Constantinople is fascinating. The system comprised four defensive lines arranged in formidable layers: The brick-lined ditch, divided by bulkheads and often flooded, 15­-20 meters wide and up to 7 meters deep. A low breastwork, about 2 meters high, enabling defenders to fire freely from behind. The outer wall, 8 […]