Daily June 2026

daily@lists.cert.at

1 participants
14 discussions

Tageszusammenfassung - 19.06.2026
by Daily end-of-shift report 19 Jun '26

19 Jun '26

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 18-06-2026 18:00 − Freitag 19-06-2026 18:00 Handler: Alexander Riepl Co-Handler: Michael Schlagenhaufer ===================== = News = ===================== ∗∗∗ USB worm spreads crypto-stealing malware via Windows shortcut files ∗∗∗ --------------------------------------------- Threat actors targeting cryptocurrency wallets have been distributing clipboard-stealing malware with self-spreading capabilities and using the Tor network to conceal communication. --------------------------------------------- https://www.bleepingcomputer.com/news/security/usb-worm-spreads-crypto-stea… ∗∗∗ Jailbreak möglich: Wohl unpatchbarer Hardware-Bug gefährdet iPhones ∗∗∗ --------------------------------------------- Forscher haben einen offenbar unpatchbaren Bug entdeckt, der Jailbreaks für mehrere iPhone-, iPad- und Apple-Watch-Modelle ermöglichen könnte. --------------------------------------------- https://www.golem.de/news/jailbreak-moeglich-wohl-unpatchbarer-hardware-bug… ∗∗∗ Warnung vor Fake-Rechnungen von Sixt Server ∗∗∗ --------------------------------------------- Derzeit melden sich zahlreiche Unternehmen bei uns, die Rechnungen für angebliche Cloud-Dienstleistungen erhalten haben. Tatsächlich handelt es sich dabei um einen Betrugsversuch: Die gefälschten Rechnungen sollen Unternehmen zu einer unberechtigten Zahlung verleiten. --------------------------------------------- https://www.watchlist-internet.at/news/fake-rechnungen-von-sixt-server/ ∗∗∗ Killing me gently: Inside Gentlemen’s EDR killer framework ∗∗∗ --------------------------------------------- ESET Research shares the results of a months-long investigation into the suite of EDR killers maintained by the RaaS gang Gentlemen. --------------------------------------------- https://www.welivesecurity.com/en/eset-research/killing-me-gently-inside-ge… ∗∗∗ Brand der Floridsdorfer Brücke: Glasfaserausfälle in Wien ∗∗∗ --------------------------------------------- Heute hat es auf der Floridsdorfer Brücke gebrannt. Was der ORF nicht meldet ist, dass über diese Brücke auch Glasfasertrassen geführt werden, und dass durch den Brand einige dieser Leitungen ausgefallen sind. Wenn man die Standorte der relevanten Rechenzentren in Wien kennt, dann ist sofort klar, dass das sehr relevant ist. Bei uns ging bis jetzt eine formelle NIS Meldung ein, weiters haben wir informell von anderen Organisationen gehört, dass sie betroffen sind. --------------------------------------------- https://www.cert.at/de/aktuelles/2026/6/brand-der-floridsdorfer-brucke-glas… ∗∗∗ Bulgaria allowed surveillance tech firm to sell products to repressive regimes, report says ∗∗∗ --------------------------------------------- The nonprofit Human Rights Watch obtained export licensing records covering 2018 through 2023, which show the Bulgarian government allowed the surveillance firm Circles to peddle the tech to law enforcement and intelligence agencies in several countries known for human rights abuses. --------------------------------------------- https://therecord.media/bulgaria-allowed-surveillance-tech-firm-to-sell-to-… ∗∗∗ PeopleSoft PeopleTools Pre-Authentication RCE: A PSIGW SSRF Chain That Executes Inside the JVM ∗∗∗ --------------------------------------------- A pre-authentication remote code execution (RCE) chain in Oracle PeopleSoft PeopleTools reaches an internal-only management servlet through a server-side request forgery (SSRF) in the PSIGW gateway, then gains code execution through Java XMLDecoder deserialization. Oracle assigned CVE-2026-35273 (CVSS 9.8) and released an out-of-band patch on June 10, 2026. [..] Our researchers discovered new information about this vulnerability, which was responsibly disclosed to Oracle as part of our investigation. --------------------------------------------- https://www.trendmicro.com/en_us/research/26/f/PeopleTools.html ∗∗∗ Anthropics KI Mythos: Unternehmen haben weiter Zugriff auf Preview-Version ∗∗∗ --------------------------------------------- Trotz US-Anordnung haben manche Unternehmen weiterhin Zugriff auf eine Preview-Version von Anthropics KI-Modell Mythos. --------------------------------------------- https://heise.de/-11338742 ∗∗∗ I discovered a large-scale malware distribution on GitHub ∗∗∗ --------------------------------------------- This is the story of how I found 10,000 repositories on GitHub that distribute Trojan malware. They are all from different contributors, have different names, and are not forks of other repositories. But they share a common pattern, which is what allowed me to write a script to find such repositories. --------------------------------------------- https://orchidfiles.com/github-repositories-distributing-malware/ ===================== = Vulnerabilities = ===================== ∗∗∗ Windows 10/11: Rechteausweitung in AMD-RAID-Treiber ∗∗∗ --------------------------------------------- Im AMD RAID-Treiber für Windows 10 und Windows 11 ist ein gravierender Bug bekannt geworden, der die Sicherheit des Systems gefährdet. Die Schwachstelle CVE-2024-21962, hat einen CVSS-Score von 8.6. AMD und auch der Hersteller HP haben Sicherheitshinweise sowie eine neue Treiberversion veröffentlicht. --------------------------------------------- https://borncity.com/blog/2026/06/19/windows-10-11-rechteausweitung-in-amd-… ∗∗∗ LWN: Security updates for Friday ∗∗∗ --------------------------------------------- https://lwn.net/Articles/1078662/ -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/mailman3/postorius/lists/daily.lists.cert.at/

1 0

Tageszusammenfassung - 18.06.2026
by Daily end-of-shift report 18 Jun '26

18 Jun '26

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 17-06-2026 18:00 − Donnerstag 18-06-2026 18:00 Handler: Alexander Riepl Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Rogueplanet-Exploit: Microsoft verspricht ein "High-Quality-Sicherheitsupdate" ∗∗∗ --------------------------------------------- Microsoft will mit einem Update die Ausnutzung des Rogueplanet-Exploits auf Windows-Geräten unterbinden. Wann das passiert, bleibt aber ein Rätsel. --------------------------------------------- https://www.golem.de/news/rogueplanet-exploit-microsoft-verspricht-ein-high… ∗∗∗ Jetzt patchen: Nginx-Webserver durch kritische Lücken angreifbar ∗∗∗ --------------------------------------------- Angreifer können aufgrund von Sicherheitslücken in drei Nginx-Modulen Webserver lahmlegen oder Schadcode einschleusen. Patches verhindern das. --------------------------------------------- https://www.golem.de/news/jetzt-patchen-nginx-webserver-durch-kritische-lue… ∗∗∗ Junior Hacker Used Tailscale and OpenSSH to Keep Access After His C2 Went Offline ∗∗∗ --------------------------------------------- A French-speaking attacker broke into a small French automotive business, planted a keylogger, and stole banking and email credentials.Ordinary stuff, until one move near the end.Before his command-and-control server went dark, he installed OpenSSH and Tailscale on a victims machine, building a way back in that did not run through the C2 at all. When the Havoc server went .. --------------------------------------------- https://thehackernews.com/2026/06/junior-hacker-used-tailscale-and.html ∗∗∗ Crypto Clipper Campaign Abuses Fake Reviews, AI Narrators, and VirusTotal Comments ∗∗∗ --------------------------------------------- An unknown threat actor has been observed leveraging paid or promoted posts on legitimate news websites to drum up buzz for their warez, according to new findings from Check Point Research.The threat actor also has at their disposal a dedicated WordPress .. --------------------------------------------- https://thehackernews.com/2026/06/crypto-clipper-campaign-abuses-fake.html ∗∗∗ Operation Endgame: Ermittler säubern tausende Blogs von SocGholish ∗∗∗ --------------------------------------------- Strafverfolger aus vier Ländern zerschlugen ein Botnet und Wordpress-Blogs, die Kriminelle als Verteilstationen für Schadsoftware mißbrauchten. --------------------------------------------- https://www.heise.de/news/Operation-Endgame-Ermittler-saeubern-tausende-Blo… ∗∗∗ Auslaufende Secure Boot-Zertifikate - was war, was ist, was kommt ∗∗∗ --------------------------------------------- Zwei völlig unterschiedliche Technologien, eine sehr ähnliche Problematik - DNS und Secure Boot sind beides Technologien die (idealerweise) problemfrei im Hintergrund laufen .. bis sie dann plötzlich zum Thema werden. Genau das könnte im Laufe dieses Jahres bei Secure Boot der Fall sein - die kryptographischen Vertrauensanker, auf denen UEFI Secure Boot beruht, stammen größtenteils aus dem Jahr 2011. Und das Ende fünfzehnjährigen .. --------------------------------------------- https://www.cert.at/de/blog/2026/6/auslaufende-secure-boot-zertifikate-was-… ∗∗∗ Aktueller Stand rund um "FortiBleed" ∗∗∗ --------------------------------------------- Vergangenes Wochenende entdeckte ein Sicherheitsforscher im Rahmen seiner Arbeit eine ungewöhnlich strukturierte Sammlung gestohlener Daten, welche sich nach weiterer Analyse als kompromittierte Zugangsdaten für zehntausende Fortinet-Systeme weltweit herausstellten. Die Echtheit der Daten wurden in weiterer Folge sowohl durch unabhängige Sicherheitsexperten als auch das Sicherheitsunternehmen Hudson Rock bestätigt. Die rund 75.000 betroffenen Fortinet-Systeme .. --------------------------------------------- https://www.cert.at/de/blog/2026/6/aktueller-stand-rund-um-fortibleed ∗∗∗ EU grants Ukraine access to cybersecurity reserve for major attacks ∗∗∗ --------------------------------------------- As Kyiv takes steps toward formal accession to the EU, the bloc is integrating Ukraine with its pool of pre-approved cybersecurity incident response companies. --------------------------------------------- https://therecord.media/ukraine-access-eu-cybersecurity-reserve ∗∗∗ Von Blaster bis BlueHammer: Wiederholt sich die Geschichte bei Microsoft? ∗∗∗ --------------------------------------------- Seit einigen Wochen gibt es ja einen ziemlichen Disput zwischen einem Sicherheitsforscher mit dem Alias Nightmare Eclipse und dem Microsoft Security Response Center-Team (MSRC-Team). Es geht um die Art, wie Sicherheitslücken gemeldet, .. --------------------------------------------- https://borncity.com/blog/2026/06/18/von-blaster-bis-bluehammer-wiederholt-… ∗∗∗ The Road to Post-Quantum Readiness Part 1 of 2: Understanding the Risk ∗∗∗ --------------------------------------------- Post-Quantum Cryptography is no longer a future-only concern. Standards are final, major providers have already deployed hybrid protection, and the real risk now is data captured today and decrypted later. Part 1 explains the fundamentals, the threat, and why organizations can no longer afford to wait. --------------------------------------------- https://blog.nviso.eu/2026/06/18/the-road-to-post-quantum-readiness-part-1/ ∗∗∗ Threat Actors Abuse claude.ai Shared Chat for ClickFix Malvertising Campaign ∗∗∗ --------------------------------------------- Cybercriminals hijacked Google Ads searches for popular AI developer tools to funnel over 2,000 victims toward malicious download pages before quietly moving their operation onto claude.ais own platform, turning the trusted domain into a delivery mechanism for credential-stealing malware. --------------------------------------------- https://www.trendmicro.com/en_us/research/26/f/claudeai-shared-chat-abused-… ===================== = Vulnerabilities = ===================== ∗∗∗ Drupal core - Critical - PHP object injection - SA-CORE-2026-005 ∗∗∗ --------------------------------------------- Project: Drupal coreDate: 2026-June-05Security risk: Critical 18 ∕ 25 AC:None/A:User/CI:All/II:All/E:Theoretical/TD:UncommonVulnerability: PHP object injectionAffected versions: =10.6.0 =11.2.0 =11.3.0 CVE IDs: CVE-2026-55803Description: SA-CORE-2019-003 added protection for fields that store serialized data to disallow direct writes via web .. --------------------------------------------- https://www.drupal.org/sa-core-2026-005 ∗∗∗ Plotly.js Graphing - Critical - PHP object injection - SA-CONTRIB-2026-050 ∗∗∗ --------------------------------------------- Project: Plotly.js GraphingDate: 2026-June-17Security risk: Critical 19 ∕ 25 AC:None/A:User/CI:All/II:All/E:Theoretical/TD:DefaultVulnerability: PHP object injectionAffected versions: CVE IDs: .. --------------------------------------------- https://www.drupal.org/sa-contrib-2026-050 ∗∗∗ Flag attendance field - Critical - PHP object injection - SA-CONTRIB-2026-049 ∗∗∗ --------------------------------------------- Project: Flag attendance fieldDate: 2026-June-17Security risk: Critical 19 ∕ 25 AC:None/A:User/CI:All/II:All/E:Theoretical/TD:DefaultVulnerability: PHP object injectionAffected versions: CVE IDs: CVE-2026-55809Description: The Flag attendance field module gives you the ability to add attendance by depending on Flag module.flag_attendance_field stores .. --------------------------------------------- https://www.drupal.org/sa-contrib-2026-049 ∗∗∗ Formatter Field - Critical - PHP object injection - SA-CONTRIB-2026-048 ∗∗∗ --------------------------------------------- Project: Formatter FieldDate: 2026-June-17Security risk: Critical 19 ∕ 25 AC:None/A:User/CI:All/II:All/E:Theoretical/TD:DefaultVulnerability: PHP object injectionAffected versions: CVE IDs: CVE-2026-12535Description: The Formatter Field module provides a mechanism for specifying a formatter and formatter settings to be used for displaying a .. --------------------------------------------- https://www.drupal.org/sa-contrib-2026-048 ∗∗∗ SVD-2026-0614: OS Command Injection in the btool Configuration Helper in Splunk AI Toolkit ∗∗∗ --------------------------------------------- In Splunk AI Toolkit versions below 5.7.4, a user who holds the “admin” Splunk role could execute arbitrary OS commands on the host running the Splunk Enterprise instance.The vulnerability is possible because of an unsafe shell execution pattern in the btool configuration helper, which constructs OS command strings from dynamic parameters without disabling shell interpretation. --------------------------------------------- https://advisory.splunk.com//advisories/SVD-2026-0614 ∗∗∗ Cisco Identity Services Engine Remote Code Execution and Information Disclosure Vulnerabilities ∗∗∗ --------------------------------------------- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdviso… ∗∗∗ Cisco Crosswork Network Controller Server-Side Template Injection Vulnerability ∗∗∗ --------------------------------------------- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdviso… ∗∗∗ Cisco Webex App Open Redirect Vulnerability ∗∗∗ --------------------------------------------- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdviso… ∗∗∗ Cisco Umbrella Virtual Appliance Privilege Escalation Vulnerability ∗∗∗ --------------------------------------------- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdviso… ∗∗∗ Hardcoded Root Cloud Credentials in Application Binaries in Silver Leaf Technologies Worksnaps ∗∗∗ --------------------------------------------- https://sec-consult.com/vulnerability-lab/advisory/hardcoded-root-cloud-cre… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/mailman3/postorius/lists/daily.lists.cert.at/

1 0

Tageszusammenfassung - 17.06.2026
by Daily end-of-shift report 17 Jun '26

17 Jun '26

===================== = End-of-Day report = ===================== Timeframe: Dienstag 16-06-2026 18:00 − Mittwoch 17-06-2026 18:00 Handler: Alexander Riepl Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Kodak confirms data breach claimed by ShinyHunters extortion gang ∗∗∗ --------------------------------------------- Kodak has confirmed that its working with external cybersecurity experts to investigate a security breach after hackers gained access to some of the companys data. --------------------------------------------- https://www.bleepingcomputer.com/news/security/kodak-confirms-data-breach-c… ∗∗∗ Historischer Anstieg: KI lässt Anzahl gemeldeter Sicherheitslücken explodieren ∗∗∗ --------------------------------------------- Neuen Hochrechnungen zufolge könnten 2026 etwa 66.000 neue Sicherheitslücken registriert werden. Im Vorjahr waren es noch deutlich weniger. --------------------------------------------- https://www.golem.de/news/historischer-anstieg-ki-laesst-anzahl-gemeldeter-… ∗∗∗ Fußball-WM: Offizielles Streamingportal der Fifa gehackt ∗∗∗ --------------------------------------------- Eine Forscherin hat eine unzureichende Sicherheitsprüfung bei Systemen der Fifa entdeckt. Angreifer hätten Streams der laufenden WM sabotieren können. --------------------------------------------- https://www.golem.de/news/fussball-wm-offizielles-streamingportal-der-fifa-… ∗∗∗ France To Stop Certifying Products Without Quantum-Safe Encryption ∗∗∗ --------------------------------------------- Starting in 2027, Frances cybersecurity agency ANSSI will stop certifying security products that lack quantum-resistant encryption, effectively forcing government agencies and critical infrastructure operators to phase out older cryptographic systems. Reuters reports: Samih Souissi, ANSSIs chief of staff, said at the France Quantum conference that .. --------------------------------------------- https://it.slashdot.org/story/26/06/16/181236/france-to-stop-certifying-pro… ∗∗∗ WordPress PBN Plugin Drops Dual Webshells via Database Injection ∗∗∗ --------------------------------------------- During a recent incident response engagement, our team uncovered a multi-stage WordPress infection that goes beyond the usual file-based malware. The attacker combined a fake plugin, a remote command-and-control server, and two PHP web shells stored directly inside the WordPress database.The campaign is operated by a Turkish-speaking threat actor .. --------------------------------------------- https://blog.sucuri.net/2026/06/wordpress-pbn-plugin-drops-dual-webshells-v… ∗∗∗ CISA Warns of Actively Exploited Joomla JCE Flaw Allowing PHP Code Execution ∗∗∗ --------------------------------------------- The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a maximum-severity security flaw impacting Widget Factory Joomla Content Editor (JCE) to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. --------------------------------------------- https://thehackernews.com/2026/06/cisa-warns-of-actively-exploited-joomla.h… ∗∗∗ Three critical Fortinet sandbox bugs splattered by unknown attackers ∗∗∗ --------------------------------------------- All have patches, so make sure you upgrade to a fixed version --------------------------------------------- https://www.theregister.com/security/2026/06/16/three-critical-fortinet-san… ∗∗∗ ‘Dangerous’ AI Models Are Coming No Matter What ∗∗∗ --------------------------------------------- The US government crackdown on Anthropic’s Claude Fable 5 and Mythos 5 hides a glaring truth: AI models with advanced hacking capabilities will soon be the norm. --------------------------------------------- https://www.wired.com/story/dangerous-ai-models-are-coming-no-matter-what/ ∗∗∗ Mehrere Plug-ins für JetBrains-IDEs stehlen API-Keys für OpenAI, DeepSeek & Co. ∗∗∗ --------------------------------------------- Mindestens 15 Plug-ins für JetBrains-IDEs übermitteln API-Keys an einen externen Server. Dabei bieten sie ansonsten die versprochenen Funktionen. --------------------------------------------- https://www.heise.de/news/Mehrere-Plug-ins-fuer-JetBrains-IDEs-stehlen-API-… ∗∗∗ Android 17 hat direkt Sicherheitspatches mit an Bord ∗∗∗ --------------------------------------------- Googles Entwickler haben in der Launchversion von Android 17 diverse Sicherheitslücken geschlossen. --------------------------------------------- https://www.heise.de/news/Android-17-hat-direkt-Sicherheitspatches-mit-an-B… ∗∗∗ Angriffe auf FortiSandbox-Schwachstellen ∗∗∗ --------------------------------------------- Schwachstellen in FortiSandbox sind derzeit Ziel von Angriffen im Internet. Patches zum Absichern stehen seit April bereit. --------------------------------------------- https://www.heise.de/news/Angriffe-auf-FortiSandbox-Schwachstellen-11335667… ∗∗∗ NIS2-Mahnung: BSI setzt neue Frist zur Registrierung bis Ende Juli ∗∗∗ --------------------------------------------- Die Registrierungszahlen zum IT-Sicherheitsgesetz enttäuschen. Das BSI mahnt Firmen, NIS2-Vorgaben einzuhalten, und gibt eine neue Deadline vor. --------------------------------------------- https://www.heise.de/news/NIS2-Mahnung-BSI-setzt-neue-Frist-zur-Registrieru… ∗∗∗ GitHub dismissed security reports on flaws now exploited by supply-chain worm, researchers say ∗∗∗ --------------------------------------------- GitHub rejected two formal vulnerability reports identifying design flaws that researchers say are enabling variants of the Shai-Hulud supply-chain worm to infect and compromise hundreds of software packages and developer accounts worldwide. --------------------------------------------- https://therecord.media/github-dismissed-reports-shai-hulud-deep-specter ∗∗∗ Reducing Microsoft Sentinel Costs Without Compromising Detection – Part 1: The Summary Rules Quest ∗∗∗ --------------------------------------------- This blog is the first in a series exploring how Summary Rules, together with Auxiliary or Data Lake storage, can help organizations optimize SIEM costs without compromising core threat detection and monitoring capabilities. --------------------------------------------- https://blog.nviso.eu/2026/06/17/reducing-microsoft-sentinel-costs-without-… ∗∗∗ FortiBleed — 75k Fortinet firewalls have admin passwords cracked ∗∗∗ --------------------------------------------- An interesting post popped up on LinkedIn at the weekend from Voldymyr Diachenko saying plain text passwords were found in the wild by Hunt Intelligence Inc for Fortinet firewalls .. --------------------------------------------- https://doublepulsar.com/fortibleed-75k-fortinet-firewalls-have-admin-passw… ∗∗∗ Threat tactic spotlight: Subdomain takeover ∗∗∗ --------------------------------------------- In this blog post you’ll learn how to detect and prevent subdomain takeover – a tactic where threat actors exploit dangling DNS records to redirect traffic to attacker-controlled resources. We’ll explain the issue, how the situation arises, and how you can use various AWS features and services to help mitigate the impact of this tactic. --------------------------------------------- https://aws.amazon.com/blogs/security/threat-tactic-spotlight-subdomain-tak… ===================== = Vulnerabilities = ===================== ∗∗∗ Critical Security Patch Update Advisory - June 2026 ∗∗∗ --------------------------------------------- https://www.oracle.com/security-alerts/cspujun2026.html ∗∗∗ Multiple Vulnerabilities in Quanos Content Solutions SCHEMA ST4 ∗∗∗ --------------------------------------------- https://sec-consult.com/vulnerability-lab/advisory/multiple-vulnerabilities… ∗∗∗ A 27-Year-Old Authentication Bypass in OpenBSDs PPP Stack ∗∗∗ --------------------------------------------- https://blog.argus-systems.ai/blog/openbsd-pap-27-year-auth-bypass.html -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/mailman3/postorius/lists/daily.lists.cert.at/

1 0

Tageszusammenfassung - 16.06.2026
by Daily end-of-shift report 16 Jun '26

16 Jun '26

===================== = End-of-Day report = ===================== Timeframe: Montag 15-06-2026 18:00 − Dienstag 16-06-2026 18:00 Handler: Guenes Holler Co-Handler: n/a ===================== = News = ===================== ∗∗∗ ÖIAT-Studie: Über 600.000 betrügerische und problematische Werbeanzeigen auf Facebook und Instagram ∗∗∗ --------------------------------------------- Eine „Analyse des Betrugsökosystems Online-Werbung auf Meta-Plattformen“ hat erstaunliche Ergebnisse geliefert. Über einen Zeitraum von drei Monaten entdeckte die Forschungsabteilung des ÖIAT über 600.000 betrügerische bzw. problematische Werbeanzeigen auf Meta-Plattformen. EU-weit wurden diese über 1 Milliarde Mal ausgespielt, davon 123 Millionen Mal allein in Österreich. --------------------------------------------- https://www.watchlist-internet.at/news/betruegerische-problematische-werbea… ∗∗∗ Mit Malware erbeutet: 124 Millionen neue Passwörter bei HaveIBeenPwned ∗∗∗ --------------------------------------------- Cyberkriminelle greifen mit Infostealer-Malware häufig Zugangsdaten ab. HaveIBeenPwned hat seine Datenbank um eine große Sammlung davon erweitert. --------------------------------------------- https://www.golem.de/news/mit-malware-erbeutet-124-millionen-neue-passwoert… ∗∗∗ Windows version of SprySOCKS Linux malware used to attack govt orgs ∗∗∗ --------------------------------------------- Windows variants for the SprySOCKS Linux malware have been used in attacks targeting government organizations in at least four countries. --------------------------------------------- https://www.bleepingcomputer.com/news/security/windows-version-of-sprysocks… ∗∗∗ Ransomware gang abuses Microsoft Teams relays to hide malicious traffic ∗∗∗ --------------------------------------------- DragonForce ransomware used a custom malware named 'Backdoor.Turn' to hide command-and-control traffic inside Microsoft Teams relay infrastructure. --------------------------------------------- https://www.bleepingcomputer.com/news/security/ransomware-gang-abuses-micro… ∗∗∗ North Korean Hackers Are Turning Developer Tools Into Malware Delivery Channels ∗∗∗ --------------------------------------------- Cybersecurity researchers have flagged two malicious cyber campaigns that exhibit similarities with a persistent North Korean threat cluster known as Contagious Interview (aka Famous Chollima, HexagonalRodent, and Void Dokkaebi). According to a report published by Proofpoint, the threat actor has been found orchestrating phishing campaigns using developer role recruitment or code review themes to target nearly 100 organizations in finance, cryptocurrency, education, technology, and several other sectors. The activity has been codenamed UNK_DeadDrop. --------------------------------------------- https://thehackernews.com/2026/06/north-korean-hackers-are-turning.html ∗∗∗ EvilTokens: Neue Phishing-Kampagne verschafft sich Zugriff mit legitimen Mitteln ∗∗∗ --------------------------------------------- Was passiert, wenn bei einem Phishing-Angriff offizielle Infrastruktur genutzt wird, anstatt diese zu fälschen? EvilTokens markiert eine Weiterentwicklung des Phishing: Es werden nicht mehr Anmeldedaten gestohlen, sondern die Opfer dazu verleitet, legitime Sitzungen zu autorisieren. --------------------------------------------- https://www.welivesecurity.com/de/cybercrime/eviltokens-neue-phishing-kampa… ∗∗∗ Pickle in the Middle – Hijacking Vertex AI Model Uploads for Cross-Tenant RCE ∗∗∗ --------------------------------------------- We discovered a vulnerability in the Google Cloud Vertex AI software development kit (SDK) for Python, and responsibly disclosed it to Google. Before Google’s fix, the vulnerability would have allowed an attacker operating entirely from their own Google Cloud project to hijack a victim's model upload and poison it. By exploiting this flaw in vulnerable versions of the SDK, an attacker can achieve remote code execution (RCE) within a target’s Vertex AI serving infrastructure, with zero initial access to the victim's project. --------------------------------------------- https://unit42.paloaltonetworks.com/hijacking-vertex-ai-model/ ∗∗∗ Viel Geduld: Chinesische IT-Spione lauerten lange in Forschungseinrichtungen ∗∗∗ --------------------------------------------- Viel Geduld haben chinesische Angreifer bewiesen: Sie nisteten sich in Redcap-Servern ein, nutzten das aber erst mehr als ein Jahr später voll aus. --------------------------------------------- https://heise.de/-11333355 ∗∗∗ GlassWASM: WebAssembly Malware Found in Trojanized Open VSX Extensions ∗∗∗ --------------------------------------------- The trojanized extensions use TinyGo-compiled WebAssembly and Solana transaction memos to resolve command-and-control infrastructure. --------------------------------------------- https://socket.dev/blog/glasswasm-malware-open-vsx-extensions?utm_medium=fe… ∗∗∗ A backdoor in a LinkedIn job offer ∗∗∗ --------------------------------------------- Last week, I got a LinkedIn message from a recruiter at a small crypto startup. We exchanged a few messages over a couple of days, she described a broken proof-of-concept they needed a lead engineer for, and then sent me a public GitHub repo to review. Specifically, she asked me to “check out the deprecated Node modules issue.” It’s not uncommon to ask for a review of an existing codebase, but something felt off and raised an alarm in my head, so I decided to get a bit extra paranoid. --------------------------------------------- https://roman.pt/posts/linkedin-backdoor/ ∗∗∗ Critical Fortinet FortiSandbox flaws now exploited in attacks ∗∗∗ --------------------------------------------- Attackers are now exploiting several critical vulnerabilities in Fortinet's FortiSandbox cyber threat detection platform, according to threat intelligence company Defused. Fortinet released security updates for these three critical-severity security flaws (tracked as CVE-2026-39813, CVE-2026-39808, and CVE-2026-25089) on April 14. --------------------------------------------- https://www.bleepingcomputer.com/news/security/critical-fortinet-fortisandb… ===================== = Vulnerabilities = ===================== ∗∗∗ Root-Attacken auf Cisco Catalyst SD-WAN Manager und cPanel-Plug-in LiteSpeed ∗∗∗ --------------------------------------------- Admins, die Cisco Catalyst SD-WAN Manager oder cPanel mit LiteSpeed-Plug-in verwalten, sollten aufgrund von laufenden Angriffen umgehend die verfügbaren Sicherheitsupdates installieren. Im schlimmsten Fall können Angreifer als root-Nutzer auf Systeme zugreifen. Damit das klappt, müssen sie aber zuerst einige Hürden überwinden. --------------------------------------------- https://www.heise.de/news/Root-Attacken-auf-Cisco-Catalyst-SD-WAN-Manager-u… ∗∗∗ LWN Security updates for Tuesday ∗∗∗ --------------------------------------------- https://lwn.net/Articles/1078158/ ∗∗∗ Broken Access Control in syracom AG Secure Login (2FA) for Atlassian Jira / Confluence / Bitbucket ∗∗∗ --------------------------------------------- https://sec-consult.com/vulnerability-lab/advisory/broken-access-control-in… ∗∗∗ Zyxel security advisory for stack-based buffer overflow vulnerability in GS1900 series switches ∗∗∗ --------------------------------------------- https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/mailman3/postorius/lists/daily.lists.cert.at/

1 0

Tageszusammenfassung - 15.06.2026
by Daily end-of-shift report 15 Jun '26

15 Jun '26

===================== = End-of-Day report = ===================== Timeframe: Freitag 12-06-2026 18:00 − Montag 15-06-2026 18:00 Handler: Michael Schlagenhaufer Co-Handler: Alexander Riepl ===================== = News = ===================== ∗∗∗ New attack turned Microsoft 365 Copilot into 1-click data theft tool ∗∗∗ --------------------------------------------- A critical vulnerability chain dubbed SearchLeak in Microsoft 365 Copilot Enterprise could allow attackers to steal sensitive data from a targets mailbox, OneDrive, or SharePoint account through a specially crafted URL. --------------------------------------------- https://www.bleepingcomputer.com/news/security/new-attack-turned-microsoft-… ∗∗∗ Popular WordPress Plugin Scripts Tampered to Plant Hidden Backdoors on Sites ∗∗∗ --------------------------------------------- An attacker tampered with trusted JavaScript files used by WordPress sites running PushEngage, OptinMonster, and TrustPulse, turning those files into a way to break into the sites.When a site administrator was logged in as the file loaded, the code created an admin account under the attackers control and installed a hidden plugin that opened a way back in. --------------------------------------------- https://thehackernews.com/2026/06/popular-wordpress-plugin-scripts.html ∗∗∗ „Sommer der Glückseligkeit“: curl nimmt einen Monat lang keine Bug-Reports an ∗∗∗ --------------------------------------------- Seit Wochen kämpft der Maintainer von curl mit der Arbeitslast durch die Flut an KI-generierten Bug-Reports. Im Juli soll deshalb keiner angenommen werden. --------------------------------------------- https://www.heise.de/news/Sommer-der-Glueckseligkeit-curl-nimmt-einen-Monat… ∗∗∗ WKO-Phishing: Betrugsmail fordert Datenaktualisierung ∗∗∗ --------------------------------------------- Aktuell behauptet eine E-Mail im Namen der Wirtschaftskammer Österreich (WKO), dass Unternehmensdaten nicht aktualisiert wurden. Wer den enthaltenen Link nicht ausfüllt, dem werden umfassende Strafen angedroht. Tatsächlich haben es Kriminelle auf sensible Unternehmens- und Personendaten abgesehen. --------------------------------------------- https://www.watchlist-internet.at/news/wko-phishing-betrugsmail-fordert-dat… ∗∗∗ FortiNet SSO Vulnerability CVE-2025-59718 and CVE-2025-59719 Leading to Full System Compromise ∗∗∗ --------------------------------------------- Earlier this year, Truesec CSIRT responded to multiple incidents related to the two FortiCloud single-sign-on (SSO) vulnerabilities from December 2025 (tracked as CVE-2025-59718 and CVE-2025-59719). In this blog post, we share our insights into threat actors’ activities and methods for compromising an environment. --------------------------------------------- https://www.truesec.com/hub/blog/vulnerability-cve-2025-59718-and-cve-2025-… ∗∗∗ Routerhersteller fordern Kontrolle importierter Geräte ∗∗∗ --------------------------------------------- EU-Sicherheitsvorschriften für 5G-Mobilfunk sollen Spionage vorbeugen. Für Heimnetzwerke gibt es keine entsprechenden Regeln, kritisieren nun Hersteller. --------------------------------------------- https://heise.de/-11331799 ∗∗∗ 152 Chrome Live Wallpaper Extensions Hid Ad Tracking and Faked Google Search Traffic ∗∗∗ --------------------------------------------- Sockets Threat Research Team identified a family of 152 Chrome Web Store new-tab "live wallpaper" extensions, built from one shared codebase but distributed across 38 separate Chrome Web Store publisher accounts and three brand backends, carrying a combined total of approximately 105,000 reported installs. --------------------------------------------- https://socket.dev/blog/152-chrome-live-wallpaper-extensions-hid-ad-tracking ∗∗∗ Präparierte PDF-Datei kann Avira Antivirus gefährlich werden ∗∗∗ --------------------------------------------- In einer Schwachstellendatenbank sind Lücken in Avira Antivirus aufgetaucht. Bislang listet der Softwarehersteller die Lücken nicht auf. Sie sind aber gepatcht. --------------------------------------------- https://www.heise.de/news/Praeparierte-PDF-Datei-kann-Avira-Antivirus-gefae… ∗∗∗ LibreNMS Authenticated RCE (< 26.5.0) ∗∗∗ --------------------------------------------- When theres one, theres normally more. This is a part 2 to our previous post on LibreNMS. This vulnerability allows an admin user to inject commands that are passed to the exec function, which will then be executed as the user running the poller. --------------------------------------------- https://projectblack.io/blog/librenms-authenticated-rce-26-5-0/ ∗∗∗ Why Use App-Level Auth When Every Database Has Auth? (Splunk Enterprise CVE-2026-20253 Pre-Auth RCE) ∗∗∗ --------------------------------------------- On June 10th, Splunk published this CVE-2026-20253 advisory [..] It has everything that we love: No authentication requirements, An almost full-mark CVSS score, Claims to be a security product, Vulnerability name longer than the average piece of spaghetti. --------------------------------------------- https://labs.watchtowr.com/why-use-app-level-auth-when-every-database-has-a… ===================== = Vulnerabilities = ===================== ∗∗∗ Splunk: SVD-2026-0603: Unauthenticated Arbitrary File Creation and Truncation in a PostgreSQL Sidecar Service Endpoint in Splunk Enterprise ∗∗∗ --------------------------------------------- In Splunk Enterprise versions below 10.2.4 and 10.0.7, an unauthenticated user could create or truncate arbitrary files through a PostgreSQL sidecar service endpoint. The vulnerability exists because the PostgreSQL sidecar service endpoint lacks authentication controls, allowing any network-reachable user to invoke file operations without credentials. --------------------------------------------- https://advisory.splunk.com//advisories/SVD-2026-0603 ∗∗∗ phpBB: Kritische Sicherheitslücke ermöglicht Kompromittierung ∗∗∗ --------------------------------------------- In der Forensoftware phpBB haben IT-Forscher eine kritische Sicherheitslücke entdeckt, die Zugang mit jedem angelegten Konto ermöglicht. --------------------------------------------- https://www.heise.de/news/phpBB-Kritische-Sicherheitsluecke-ermoeglicht-Kom… ∗∗∗ LWN: Security updates for Monday ∗∗∗ --------------------------------------------- https://lwn.net/Articles/1077945/ ∗∗∗ Zahlreiche kritische Schwachstellen in Wertheim SafeController Software for VAULT ROOMS (Safe Deposit Locker System) ∗∗∗ --------------------------------------------- https://sec-consult.com/de/vulnerability-lab/advisory/zahlreiche-kritische-… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/mailman3/postorius/lists/daily.lists.cert.at/

1 0

Tageszusammenfassung - 12.06.2026
by Daily end-of-shift report 12 Jun '26

12 Jun '26

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 11-06-2026 18:00 − Freitag 12-06-2026 18:00 Handler: Alexander Riepl Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Pharma giant Novo Nordisk discloses breach of clinical trials data ∗∗∗ --------------------------------------------- Danish pharmaceutical giant Novo Nordisk, the worlds largest producer of insulin, disclosed a data breach affecting patient information from some clinical trials. --------------------------------------------- https://www.bleepingcomputer.com/news/security/pharmaceutical-giant-novo-no… ∗∗∗ 336 Millionen Euro in Bitcoin gewaschen: Geldwäschedienst AudiA6 zerschlagen ∗∗∗ --------------------------------------------- Ein AudiA6 genannter Geldwäschedienst ließ Hacker und Betrüger Bitcoin-Transaktionen in Millionenhöhe verschleiern. Doch damit ist jetzt Schluss. --------------------------------------------- https://www.golem.de/news/336-millionen-euro-in-bitcoin-gewaschen-geldwaesc… ∗∗∗ Kernel-Bug: FreeBSD-Exploit "Bumsrakete" verleiht Root-Zugriff ∗∗∗ --------------------------------------------- Ein Exploit namens Bumsrakete gefährdet alle FreeBSD-Versionen der letzten fünf Jahre. Die Entdecker nehmen es mit reichlich Humor. --------------------------------------------- https://www.golem.de/news/kernel-bug-freebsd-exploit-bumsrakete-verleiht-ro… ∗∗∗ LangGraph Flaw Chain Exposes Self-Hosted AI Agents to Remote Code Execution ∗∗∗ --------------------------------------------- Cybersecurity researchers have disclosed details of three now-patched security flaws impacting LangGraph, including a critical vulnerability chain that could result in remote code execution.LangGraph is an open-source framework created by LangChain to .. --------------------------------------------- https://thehackernews.com/2026/06/langgraph-flaw-chain-exposes-self.html ∗∗∗ INTERPOL Operation Takes Down Sniper Dz Phishing Platform, Arrests Administrator ∗∗∗ --------------------------------------------- An INTERPOL-led operation last month resulted in the disruption of Sniper Dz, a decade-long phishing-as-a-service (PhaaS) platform, Group-IB said Thursday.The effort, codenamed Operation Ramz, took place between October 2025 and February .. --------------------------------------------- https://thehackernews.com/2026/06/interpol-takes-down-sniper-dz-phishing.ht… ∗∗∗ Drug Sites Hijacked Spotify’s Search Ranking Through Fake Podcasts ∗∗∗ --------------------------------------------- A joint congressional report describes a spam operation that turned tens of thousands of fake podcasts into search-engine bait for illegal pharmacy and scam sites. --------------------------------------------- https://www.wired.com/story/drug-sites-hijacked-spotifys-search-ranking-thr… ∗∗∗ Ivanti Sentry: Verwirrung um Status von kritischem Befehlsschmuggel-Leck ∗∗∗ --------------------------------------------- Ivanti warnt aktuell vor kritischen Sicherheitslücken in Sentry. Die CISA warnt vor Angriffen, Ivanti wiegelt jedoch ab. --------------------------------------------- https://www.heise.de/news/Ivanti-Sentry-Wirrwar-um-Missbrauch-kritischer-Be… ∗∗∗ Ubiquiti UniFi OS: Kritische Lücken erlauben Codeschmuggel ∗∗∗ --------------------------------------------- Ubiquiti warnt vor teils kritischen Sicherheitslücken in UniFi OS. Aktualisierte Software steht bereit, um sie zu schließen. --------------------------------------------- https://www.heise.de/news/Ubiquiti-UniFi-OS-Kritische-Luecken-erlauben-Code… ∗∗∗ Fake verification pages are stealing Steam accounts from players ∗∗∗ --------------------------------------------- A convincing fake FACEIT verification page is stealing Steam accounts by using a fake login window that looks completely legitimate. --------------------------------------------- https://www.malwarebytes.com/blog/threat-intel/2026/06/fake-verification-pa… ∗∗∗ Hundreds of AUR packages compromised ∗∗∗ --------------------------------------------- Hundreds of orphaned packages hosted by the Arch User Repository (AUR) have been compromised by an attacker who has added a malicious npm package (atomic-lockfile) that can exfiltrate sensitive data. The project is currently working on cleaning up the mess. There is a list of affected packages and post (possibly NSFW domain) by"sodiboo" with additional information .. --------------------------------------------- https://lwn.net/Articles/1077718/ ∗∗∗ Decade-Long SniperDz Phishing Network Disrupted in Operation Ramz ∗∗∗ --------------------------------------------- Group-IB, INTERPOL and Algerian Police dismantle decade-old SniperDZ phishing network used to steal credentials, with its alleged developer arrested. --------------------------------------------- https://hackread.com/authorities-dismantle-sniperdz-phishing-network/ ∗∗∗ Marking Your Own Homework (Check Point Remote Access VPN IKEv1 Authentication Bypass CVE-2026-50751) ∗∗∗ --------------------------------------------- It is yet another day in this parallel universe of security, where the devices we bolt onto the edge of our networks to keep the bad people out are, with remarkable consistency, the exact thing that let the bad .. --------------------------------------------- https://labs.watchtowr.com/marking-your-own-homework-check-point-remote-acc… ===================== = Vulnerabilities = ===================== ∗∗∗ CVE-2026-45257: LPE in FreeBSD via kTLS-RX ∗∗∗ --------------------------------------------- https://bumsrake.de -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/mailman3/postorius/lists/daily.lists.cert.at/

1 0

Tageszusammenfassung - 11.06.2026
by Daily end-of-shift report 11 Jun '26

11 Jun '26

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 10-06-2026 18:00 − Donnerstag 11-06-2026 18:00 Handler: Alexander Riepl Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Oracle PeopleSoft servers hacked in ShinyHunters data theft attacks ∗∗∗ --------------------------------------------- Oracle PeopleSoft servers are being targeted in ongoing data theft attacks by the ShinyHunters extortion gang, which claims to have stolen data from over 100 organizations. --------------------------------------------- https://www.bleepingcomputer.com/news/security/oracle-peoplesoft-servers-ha… ∗∗∗ Neuer Bitlocker-Bypass: Chaotic Eclipse wirft weiter mit Windows-Exploits um sich ∗∗∗ --------------------------------------------- Chaotic Eclipse ist wohl doch nicht so erschöpft wie behauptet. Ein neuer Exploit zur Umgehung von Bitlocker auf Windows-Geräten ist noch drin. --------------------------------------------- https://www.golem.de/news/neuer-bitlocker-bypass-chaotic-eclipse-wirft-weit… ∗∗∗ Chinese agents caught rebuilding botnets and stirring the pot on AI datacenter debate ∗∗∗ --------------------------------------------- PRC eyes are watching you --------------------------------------------- https://www.theregister.com/security/2026/06/11/china-linked-operators-revi… ∗∗∗ Every employee’s password was stored in a single Excel file ∗∗∗ --------------------------------------------- The CEO thought this was the best way to deal with some email issues --------------------------------------------- https://www.theregister.com/security/2026/06/11/every-employees-password-wa… ∗∗∗ CISA Tells US Agencies to Fix Security Bugs in as Little as 3 Days Thanks to AI Threats ∗∗∗ --------------------------------------------- “Defenders cannot afford to take weeks to patch,” one Cybersecurity and Infrastructure Security Agency official warned on Wednesday. --------------------------------------------- https://www.wired.com/story/cisa-ai-vulnerability-directive/ ∗∗∗ OpenSSL: Präparierte Signatur kann Weg für Schadcode ebnen ∗∗∗ --------------------------------------------- In aktuellen Versionen haben die OpenSSL-Entwickler insgesamt 18 Sicherheitslücken geschlossen. --------------------------------------------- https://www.heise.de/news/OpenSSL-Praeparierte-Signatur-kann-Weg-fuer-Schad… ∗∗∗ Intel-Aus: So lange will Apple Sicherheitspatches liefern ∗∗∗ --------------------------------------------- Mit macOS 27 ist das x86-Zeitalter bei Apple vorbei. Immerhin soll es noch über einen längeren Zeitraum Patches geben. Wie vollständig die sind – unklar. --------------------------------------------- https://www.heise.de/news/macOS-Apple-teilt-mit-wie-lange-es-Intel-Sicherhe… ∗∗∗ FreeBSD: Rechteausweitungslücke mit augenzwinkerndem Codenamen ∗∗∗ --------------------------------------------- Auch in FreeBSD haben IT-Forscher eine Sicherheitslücke gefunden, die die Rechteausweitung ermöglicht. Name: „Bumsrakete[tm]“. --------------------------------------------- https://www.heise.de/news/FreeBSD-Rechteausweitungsluecke-mit-augenzwinkern… ∗∗∗ GenAI Is Both Hunter and Hunted at Pwn2Own Berlin 2026 ∗∗∗ --------------------------------------------- This year’s Pwn2Own competition in Berlin revealed just how much of the AI stack remains exposed -- and the gap between what these tools promise and what they can withstand point to the fragile security foundations underneath. --------------------------------------------- https://www.trendmicro.com/en_us/research/26/f/pwn2own-genai.html ===================== = Vulnerabilities = ===================== ∗∗∗ SVD-2026-0609: Improper Access Control in Splunk Enterprise ∗∗∗ --------------------------------------------- In Splunk Enterprise versions below 10.2.4 and 10.0.7, and Splunk Cloud Platform versions below 10.4.2604.0, 10.3.2512.12, 10.2.2510.15, 10.1.2507.23, 10.0.2503.14, and 9.3.2411.131, a user who holds a Splunk role that contains the high-privilege capability edit_saved_search_owner could reassign saved search ownership to users outside their authorized scope. The ownership reassignment endpoint lacks access control. --------------------------------------------- https://advisory.splunk.com//advisories/SVD-2026-0609 ∗∗∗ SVD-2026-0606: Improper Input Validation through Protocol-Relative URL in Classic Dashboards in Splunk Enterprise ∗∗∗ --------------------------------------------- In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.3.2512.13, 10.2.2510.15, 10.1.2507.23, and 9.3.2411.132, a low-privileged user that does not hold the ‘admin’ or ‘power’ Splunk roles could cause data exfiltration through classic dashboards by redirecting a victim to an external site using a protocol-relative URL in a drill-down link.The vulnerability exists because the URL classifier in classic dashboards --------------------------------------------- https://advisory.splunk.com//advisories/SVD-2026-0606 ∗∗∗ SVD-2026-0605: Improper Input Validation through Classic Dashboards in Splunk Enterprise ∗∗∗ --------------------------------------------- In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.3.2512.13, 10.2.2510.15, 10.1.2507.23, and 9.3.2411.132, a low-privileged user that does not hold the “admin” or “power” Splunk roles could craft a malicious classic dashboard that exfiltrates sensitive data to an external server.The vulnerability exists because URL validation on the external content dialog is incomplete, which can allow for requests to --------------------------------------------- https://advisory.splunk.com//advisories/SVD-2026-0605 ∗∗∗ SVD-2026-0601: Remote Code Execution through Deserialization of Untrusted Data in Splunk Secure Gateway ∗∗∗ --------------------------------------------- In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, Splunk Cloud Platform versions below 10.3.2512.12, 10.2.2510.14, 10.1.2507.22, and 9.3.2411.132, and Splunk Secure Gateway versions below 3.10.6, 3.9.20, and 3.8.67, a low-privileged user that does not hold the ‘admin’ or ‘power’ Splunk roles could perform a Remote Code Execution (RCE) through the Splunk Secure Gateway app.The Remote Code Execution is possible because of unsafe deserialization of App --------------------------------------------- https://advisory.splunk.com//advisories/SVD-2026-0601 ∗∗∗ Oracle Security Alert Advisory - CVE-2026-35273 ∗∗∗ --------------------------------------------- https://www.oracle.com/security-alerts/alert-cve-2026-35273.html ∗∗∗ Brute force attack protection - Critical - Unsupported - SA-CONTRIB-2026-047 ∗∗∗ --------------------------------------------- https://www.drupal.org/sa-contrib-2026-047 ∗∗∗ Composer - Critical - Unsupported - SA-CONTRIB-2026-046 ∗∗∗ --------------------------------------------- https://www.drupal.org/sa-contrib-2026-046 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/mailman3/postorius/lists/daily.lists.cert.at/

1 0

Tageszusammenfassung - 10.06.2026
by Daily end-of-shift report 10 Jun '26

10 Jun '26

===================== = End-of-Day report = ===================== Timeframe: Dienstag 09-06-2026 18:00 − Mittwoch 10-06-2026 18:00 Handler: Alexander Riepl Co-Handler: n/a ===================== = News = ===================== ∗∗∗ OpenClaw AI agent found falling for phishing attacks, spills user data ∗∗∗ --------------------------------------------- Phishing simulation on an OpenClaw email agent with various configuration profiles showed that it was susceptible to tactics commonly used to compromise human users. --------------------------------------------- https://www.bleepingcomputer.com/news/security/openclaw-ai-agent-found-fall… ∗∗∗ Wurm-Attacken möglich: Kernel-Lücke lässt Angreifer Windows-Systeme kapern ∗∗∗ --------------------------------------------- Microsofts Juni-Updates schließen über 500 Sicherheitslücken. Eine davon ermöglicht automatisierte Schadcode-Attacken auf Windows-Systeme. --------------------------------------------- https://www.golem.de/news/wurm-attacken-moeglich-kernel-luecke-laesst-angre… ∗∗∗ Servicenow: Großer Cloudanbieter informiert Kunden über Datenpanne ∗∗∗ --------------------------------------------- Bei Servicenow konnten Angreifer ohne Authentifizierung über ein API Kundendaten ausleiten. Mindestens ein Cyberakteur hat das ausgenutzt. --------------------------------------------- https://www.golem.de/news/servicenow-grosser-cloudanbieter-informiert-kunde… ∗∗∗ Ivanti tells Sentry customers to patch now as critical bugs hit 10.0 and 9.9 ∗∗∗ --------------------------------------------- Remote, unauthenticated RCE with root privileges is about as bad as it gets --------------------------------------------- https://www.theregister.com/patches/2026/06/10/ivanti-urges-sentry-users-to… ∗∗∗ GitHub pulls pin on npms auto-run scripts ∗∗∗ --------------------------------------------- Shai-Hulud worm exploited exactly this. Better late than never, says everyone except the malware authors --------------------------------------------- https://www.theregister.com/devops/2026/06/10/github-pulls-pin-on-npms-auto… ∗∗∗ Wait, binding.gyp Can Do What? Exploring npms Weirdest Build System ∗∗∗ --------------------------------------------- It has only been a couple of days since the Miasma attack hit 32 official Red Hat packages on npm. The worm added a malicious preinstall script to each compromised package, so that node index.js ran automatically the moment you installed the dependency, harvesting cloud credentials, CI tokens, SSH keys and more before you ever ran a single line of your .. --------------------------------------------- https://www.aikido.dev/blog/exploring-binding-gyp-npm-build-system ∗∗∗ Bundesregierung will KI-Sicherheitsinstitut gründen ∗∗∗ --------------------------------------------- Mit einer neuen Einrichtung will die Bundesregierung ihre Analysefähigkeiten bei KI-Modellen stärken. Minister Wildberger verspricht „Experten auf Weltniveau“. --------------------------------------------- https://www.heise.de/news/Bundesregierung-will-KI-Sicherheitsinstitut-gruen… ∗∗∗ Datenleck: Cyberangriff auf französischen Regierungs-Messenger Tchap ∗∗∗ --------------------------------------------- Frankreichs Digitalstelle DINUM räumt ein Datenleck beim Regierungs-Messenger Tchap ein. Angreifer konnten ein Konto kompromittieren. --------------------------------------------- https://www.heise.de/news/Datenleck-Cyberangriff-auf-franzoesischen-Regieru… ∗∗∗ Fortinet schließt Befehlsschmuggel-Lücke in FortiSandbox und mehr ∗∗∗ --------------------------------------------- Fortinet warnt vor einer kritischen Sicherheitslücke in FortiSandbox und weiteren Lecks in FortiPortal und FortiOS/FortiProxy. --------------------------------------------- https://www.heise.de/news/Fortinet-schliesst-Befehlsschmuggel-Luecke-in-For… ∗∗∗ Phishing: Banken nutzen halbseidene Domains ∗∗∗ --------------------------------------------- Namhafte Banken wie die Sparkassen warnen zwar vor Phishing, nutzen aber selbst Phishing-artige Domains. Es ginge sicher besser. --------------------------------------------- https://www.heise.de/news/Phishing-Banken-nutzen-halbseidene-Domains-113274… ∗∗∗ E-Mail-Fälschung bei Exchange Online: Ghost-Sender betrifft viele Unternehmen ∗∗∗ --------------------------------------------- Nicht alle Unternehmenskunden von Microsofts Maildienst sind betroffen. Ein Prüfdienst schafft Klarheit und zeigt die möglichen Auswirkungen. --------------------------------------------- https://www.heise.de/news/Ghost-Sender-Exchange-Online-laesst-gefaelschte-E… ∗∗∗ Who Runs the Ransomware Group ‘The Gentlemen?’ ∗∗∗ --------------------------------------------- A cybercrime group known as The Gentlemen has emerged as the second most active ransomware gang by victim count, rapidly attracting a talented pool of hackers through an aggressive recruitment strategy that promises affiliates 90 percent of any ransom paid by victims. This post examines clues pointing to a real life identity for the administrator of The Gentlemen ransomware group. --------------------------------------------- https://krebsonsecurity.com/2026/06/who-runs-the-ransomware-group-the-gentl… ∗∗∗ FinanzOnline-Phishing: "Neuer Bescheid" in der DataBox als Lockmittel ∗∗∗ --------------------------------------------- Aktuell rollt wieder einmal eine Phishing-Welle im Namen von FinanzOnline. Darin dreht sich alles um einen vermeintlichen Bescheid, der in der DataBox von FinanzOnline wartet und eine Gutschrift verspricht. Dieser existiert natürlich nicht. Konkret abgesehen haben es die Kriminellen auf Logindaten ihrer Opfer. --------------------------------------------- https://www.watchlist-internet.at/news/finanzonline-phishing-bescheid-daten… ∗∗∗ Microsoft Patch Tuesday Juni 2026 & "RoguePlanet" ∗∗∗ --------------------------------------------- Im Rahmen des diesmonatigen Patchdays hat Microsoft Sicherheitsupdates für rund 200 Schwachstellen veröffentlicht. Damit übertrifft dieser Patchday den bisherigen Rekord von 167 Lücken aus dem Oktober 2025 deutlich. Über 30 der behobenen Sicherheitslücken sind als "Critical" eingestuft. Besonders im Blick behalten sollten Administrator:innen drei Probleme, die bereits vor Verfügbarkeit eines Patches öffentlich bekannt waren. Alle drei werden von .. --------------------------------------------- https://www.cert.at/de/aktuelles/2026/6/microsoft-patch-tuesday-juni-2026 ∗∗∗ More Evidence That Words Dont Mean What We Thought They Meant (Ivanti Sentry Pre-Auth OS Command Injection CVE-2026-10520) ∗∗∗ --------------------------------------------- Today, Ivanti published an advisory.“No way?” we hear you say. "Yes way!" a random dog screams back at you, across the street.Today’s rare advisory outlines two vulnerabilities in Ivanti’s Sentry product, appealing directly to our inner desire for sophisticated .. --------------------------------------------- https://labs.watchtowr.com/more-evidence-that-words-dont-mean-what-we-thoug… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/mailman3/postorius/lists/daily.lists.cert.at/

1 0

Tageszusammenfassung - 09.06.2026
by Daily end-of-shift report 09 Jun '26

09 Jun '26

===================== = End-of-Day report = ===================== Timeframe: Montag 08-06-2026 18:00 − Dienstag 09-06-2026 18:00 Handler: Michael Schlagenhaufer Co-Handler: n/a ===================== = News = ===================== ∗∗∗ High-severity vulnerability in Linux caused by a single errant character ∗∗∗ --------------------------------------------- The presence of a single mis-issued exclamation point in code implementing nf_tables introduced a use-after-free, a class of vulnerability that corrupts memory by placing malicious code at memory addresses that haven’t been properly freed of their previous contents. [..] The vulnerability was fixed in the kernel in February. Security firm FuzzingLabs demonstrated a proof of concept exploit in April. Exodus Intelligence, which discovered the bug, included its own PoC exploit in Monday’s post. It worked on Debian and Ubuntu. --------------------------------------------- https://arstechnica.com/security/2026/06/a-single-errant-character-in-the-l… ∗∗∗ WhatsApp says it disrupted new NSO spyware phishing attacks ∗∗∗ --------------------------------------------- WhatsApp has detected and stopped spear-phishing campaigns allegedly conducted by the NSO Group after investigating user reports of social engineering attacks. [..] The firm has been on the U.S. sanctioned entities list since November 2021, due to supplying to foreign governments software products that were used against people and organizations in the U.S. --------------------------------------------- https://www.bleepingcomputer.com/news/security/whatsapp-says-it-disrupted-n… ∗∗∗ „Bestätigen Sie Ihre Reservierung!“ – Betrugsklassiker im Namen von booking.com ∗∗∗ --------------------------------------------- Nachdem Kriminelle im April 2026 Kontakt- und Reservierungsdaten von booking.com erbeutet hatten, setzt nun die dazugehörige Betrugswelle ein. Über WhatsApp sollen die Opfer zur „erneuten Bestätigung einer Reservierung“ gedrängt werden. Reale Buchungsinfos wie Hotelname und An- bzw. Abreisedatum lassen die Nachricht vermeintlich seriös wirken. Abgesehen haben es die Betrüger:innen auf Geld und Zahlungsinformationen. --------------------------------------------- https://www.watchlist-internet.at/news/reservierung-betrugsklassiker-bookin… ∗∗∗ When “Hi, This Is IT” Comes Through Microsoft Teams ∗∗∗ --------------------------------------------- Attackers are increasingly targeting collaboration platforms like Microsoft Teams. [..] If external chat is open, attackers will use it. --------------------------------------------- https://unit42.paloaltonetworks.com/microsoft-teams-phishing/ ∗∗∗ Microsoft benachrichtigt einige Kunden über Downloads infizierter GitHub-Pakete ∗∗∗ --------------------------------------------- Zum Wochenende hatte ich über eine Infektion von GitHub-Repositories mit Microsoft Tools berichtet. Diese waren mit einem Infostealer für AI-Tokens infiziert. Nun bestätigt, dass man eine kleine Anzahl Kunden benachrichtigt habe, die die kompromittierten Repositories mit den Tools heruntergeladen haben. --------------------------------------------- https://borncity.com/blog/2026/06/09/microsoft-benachrichtigt-einige-kunden… ∗∗∗ Hidden in Plain Sight: PowerShell Visibility Most Defender XDR Analysts Miss ∗∗∗ --------------------------------------------- Discover how an often-overlooked telemetry source in Microsoft Defender XDR can reveal PowerShell script activity that traditional process hunting misses. --------------------------------------------- https://detect.fyi/hidden-in-plain-sight-powershell-visibility-most-defende… ∗∗∗ Mini Shai-Hulud, Miasma, and Hades Worms Target Bioinformatics and MCP Developers via Malicious PyPI Wheels ∗∗∗ --------------------------------------------- Socket Threat Research team identified a newer PyPI wave connected to the broader Mini Shai-Hulud, Miasma, and Hades supply chain attacks. This wave expands beyond the 37 malicious PyPI wheels covered in our weekend report and shows that the threat actors are iterating quickly across delivery mechanisms, package themes, and runtime triggers. --------------------------------------------- https://socket.dev/blog/mini-shai-hulud-miasma-and-hades-worms-target-bioin… ===================== = Vulnerabilities = ===================== ∗∗∗ Ivanti: Security Advisory Ivanti Sentry (CVE-2026-10520, CVE-2026-10523) ∗∗∗ --------------------------------------------- An Authentication Bypass vulnerability (CWE-288) in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote unauthenticated attacker to create arbitrary administrative accounts and obtain full administrative access ... --------------------------------------------- https://hub.ivanti.com/s/article/Security-Advisory-Ivanti-Sentry-CVE-2026-1… ∗∗∗ Ivanti: Security Advisory Ivanti Endpoint Manager Mobile (EPMM) (CVE-2026-6973 & CVE-2026-10727) ∗∗∗ --------------------------------------------- A configuration control vulnerability in the Ivanti Endpoint Manager Mobile before 12.9.0.1, 12.8.0.3 and 12.7.0.2 versions allows a remote authenticated attacker to inject arbitrary Apache directives, leading to remote code execution. ... --------------------------------------------- https://hub.ivanti.com/s/article/Security-Advisory-Ivanti-Endpoint-Manager-… ∗∗∗ TYPO3 Security Advisories 09.06.2026 ∗∗∗ --------------------------------------------- TYPO3 has published 14 new security advisories. --------------------------------------------- https://typo3.org/security ∗∗∗ XEN Security Advisories 09.06.2026 ∗∗∗ --------------------------------------------- Xenbits has published 4 new security advisories. --------------------------------------------- https://xenbits.xen.org/xsa/ ∗∗∗ SAP-Patchday: Kritische Lücken in SAP NetWeaver und weitere Schwachstellen ∗∗∗ --------------------------------------------- Zum Juni-Patchday kümmert sich SAP um 15 neue Schwachstellen in mehreren Produkten. Gleich drei kritische betreffen NetWeaver. --------------------------------------------- https://www.heise.de/news/SAP-Patchday-Kritische-Luecken-in-SAP-NetWeaver-u… ∗∗∗ Vulnerability Resolved in Veeam Backup & Replication 12.3.2.4854 ∗∗∗ --------------------------------------------- A vulnerability allowing remote code execution (RCE) on the Backup Server by an authenticated domain user. CVE-2026-44963 --------------------------------------------- https://www.veeam.com/kb4869 ∗∗∗ LWN: Security updates for Tuesday ∗∗∗ --------------------------------------------- https://lwn.net/Articles/1077163/ ∗∗∗ Waves Central: Zahlreiche Local Privilege Escalation Schwachstellen in Waves Audio Waves Central ∗∗∗ --------------------------------------------- https://sec-consult.com/de/vulnerability-lab/advisory/zahlreiche-local-priv… ∗∗∗ Google: Jetzt updaten! Chrome-Update stopft attackierte Lücke und 73 weitere ∗∗∗ --------------------------------------------- https://heise.de/-11322503 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/mailman3/postorius/lists/daily.lists.cert.at/

1 0

Tageszusammenfassung - 08.06.2026
by Daily end-of-shift report 08 Jun '26

08 Jun '26

===================== = End-of-Day report = ===================== Timeframe: Freitag 05-06-2026 18:00 − Montag 08-06-2026 18:00 Handler: Guenes Holler Co-Handler: n/a ===================== = News = ===================== ∗∗∗ C0XMO botnet spreads via DD-WRT router flaw, kills rival malware ∗∗∗ --------------------------------------------- A new variant of the Gafgyt botnet called C0XMO is targeting DD-WRT router firmware and can move to other device types with various CPU architectures. --------------------------------------------- https://www.bleepingcomputer.com/news/security/c0xmo-botnet-spreads-via-dd-… ∗∗∗ Over 20,000 Instagram accounts stolen in Meta AI support hack ∗∗∗ --------------------------------------------- Meta has revealed that 20,225 Instagram users had their accounts hijacked in a recent incident where attackers used Meta's AI-powered support system to reset passwords. --------------------------------------------- https://www.bleepingcomputer.com/news/security/meta-ai-support-data-breach-… ∗∗∗ Angst vor Russland: Hacker entschuldigen sich bei attackierter Firma ∗∗∗ --------------------------------------------- Ein Cyberakteur entpuppt sich als "Ransomware-Trottel des Tages". Er hat ein Ziel attackiert, das ihm wirklich Probleme bereiten kann. --------------------------------------------- https://www.golem.de/news/angst-vor-russland-hacker-entschuldigen-sich-bei-… ∗∗∗ VerdantBamboo Deploys BSD Variant of BRICKSTORM on Linux Appliances ∗∗∗ --------------------------------------------- A China-nexus cyber espionage group has been observed deploying a BSD variant of a known backdoor called BRICKSTORM, as well as two other malware families codenamed PLENET (aka GRIMBOLT) and AGENTPSD to target Linux systems. --------------------------------------------- https://thehackernews.com/2026/06/verdantbamboo-deploys-bsd-variant-of.html ∗∗∗ Google warnt: Angreifer geben sich als IT-Techniker aus und betreten Büros ∗∗∗ --------------------------------------------- Die Google Threat Intelligence Group warnt vor der Gruppe UNC3753. Die Angreifer geben sich vor Ort als IT-Techniker aus, um Daten per USB-Stick zu stehlen. --------------------------------------------- https://www.heise.de/news/Google-warnt-Angreifer-geben-sich-als-IT-Technike… ∗∗∗ Passwortmanager Dashlane: Angreifer kopieren fast 20 Passwort-Vaults ∗∗∗ --------------------------------------------- Dashlane informiert darüber, dass Angreifer nach massiven Brute-Force-Attacken rund 20 Passwort-Vaults kopiert haben. --------------------------------------------- https://www.heise.de/news/Passwortmanager-Dashlane-Angreifer-kopieren-fast-… ∗∗∗ Schweizer Rüstungsunternehmen RUAG zahlt Lösegeld an Cybergang ∗∗∗ --------------------------------------------- Nachdem die Cybergang Akira bei der RUAG-Tochter Mecanex USA Daten abgezogen hat, hat RUAG ein Lösegeld gezahlt. --------------------------------------------- https://www.heise.de/news/Schweizer-Ruestungsunternehmen-RUAG-zahlt-Loesege… ∗∗∗ Recovery Scam: Fake-Agenturen schädigen Opfer erneut ∗∗∗ --------------------------------------------- Sie versprechen Hilfe bei der Wiederbeschaffung von Vermögen, das durch eine Betrugsmasche gestohlen wurde. Die Website zur angeblichen Agentur sieht ansprechend aus, nutzt reale Impressumsdaten und übersteht damit erste Überprüfungen. Tatsächlich stecken hinter diesem Angebot Kriminelle, die frühere Opfer erneut bestehlen wollen. So funktioniert der Betrug nach dem Betrug. --------------------------------------------- https://www.watchlist-internet.at/news/fake-agenturen-schaedigen-opfer/ ∗∗∗ Got a LinkedIn message from a recruiter? It might be Chinese intelligence, warn FBI and MI5 ∗∗∗ --------------------------------------------- If you've ever received an out-of-the-blue message via LinkedIn from a recruiter offering some well-paid consultancy work, intelligence agencies have a message for you: be very careful. --------------------------------------------- https://www.bitdefender.com/en-us/blog/hotforsecurity/linkedin-recruiter-ch… ∗∗∗ Israelische Firma Bright Data missbraucht mit Backdoor in Apps Millionen Smart-TV ∗∗∗ --------------------------------------------- Eine israelische Firma ist dabei aufgeflogen, dass sie Millionen Smart TV-Geräte in Zombi-Proxys verwandelt hat, um AI-Web-Scraping durchzuführen. Dazu wurden entsprechende Backdoors in Apps für Smart TV-Geräte eingebaut. Einige Anbieter wie Roku, Fire TV und Google TV haben diese Praxis untersagt. Aber Samsung- und LG-Smart TV-Geräte fungieren heimlich als Ausgangsknoten für KI-basiertes Web-Scraping, wie eine Untersuchung gezeigt hat. --------------------------------------------- https://borncity.com/blog/2026/06/06/israelische-firma-bright-data-missbrau… ∗∗∗ New Pink Extortion Group Targets Microsoft 365 Cloud Data Via Vishing Scams ∗∗∗ --------------------------------------------- Cybersecurity researchers are warning businesses about Pink Extortion Group, a threat actor that uses voice phishing to bypass multi-factor authentication and steal files from cloud environments. --------------------------------------------- https://hackread.com/pink-extortion-microsoft-365-cloud-data-vishing-scams/ ∗∗∗ Did Claude Increase Bugs in rsync? ∗∗∗ --------------------------------------------- A simple distributional analysis of every rsync release with bug data. Nothing complicated, answers only one question: are the Claude-assisted releases unusually buggy? --------------------------------------------- https://alexispurslane.github.io/rsync-analysis/ ∗∗∗ How a USB-connected speaker can infect a PC without ever being touched ∗∗∗ --------------------------------------------- Operating system makers take many steps to prevent their wares from accepting commands from remote devices. The safeguards, designed to thwart malicious attacks, typically require hackers to jump through all kinds of hoops to bypass the measures. But what if remote code execution were as simple as being within Bluetooth range of a speaker connected to the targeted device? --------------------------------------------- https://arstechnica.com/security/2026/06/highly-reviewed-speaker-can-be-hac… ===================== = Vulnerabilities = ===================== ∗∗∗ Angriffe gegen Checkpoint VPN Lösungen - Hotfix verfügbar ∗∗∗ --------------------------------------------- Checkpoint warnt vor beobachteten Angriffen gegen die Produkte Checkpoint Security Gateway und Checkpoint Spark Firewall. Auswirkungen Die zugrunde liegende Sicherheitslücke CVE-2026-50751 erlaubt unbefugten Zugriff auf das VPN. --------------------------------------------- https://www.cert.at/de/warnungen/2026/6/angriffe-gegen-checkpoint-vpn-losun… ∗∗∗ Critical UniFi OS bug lets hackers gain root without authentication ∗∗∗ --------------------------------------------- Attackers can chain three already fixed vulnerabilities in the Ubiquiti UniFi OS server to execute remote code with root privileges and without authentication. The security issues are tracked as CVE-2026-34908, CVE-2026-34909, and CVE-2026-34910. They have been addressed in May and impact UniFi OS Server versions 5.0.6 and earlier. --------------------------------------------- https://www.bleepingcomputer.com/news/security/critical-unifi-os-bug-lets-h… ∗∗∗ SolarWinds Serv-U: Angreifer missbrauchen DoS-Lücke in FTP-Server ∗∗∗ --------------------------------------------- In SolarWinds-Serv-U-Servern können Angreifer eine Schwachstelle für Denial-of-Service-Angriffe missbrauchen. Laut CISA tun sie das bereits. --------------------------------------------- https://www.heise.de/news/SolarWinds-Serv-U-Angreifer-missbrauchen-DoS-Luec… ∗∗∗ VMware: Mehrere Produkte mit Stored-Cross-Site-Scripting-Lücken ∗∗∗ --------------------------------------------- Broadcom warnt vor mehreren Stored-Cross-Site-Scripting-Lücken in VMware Cloud Foundation und weiteren Produkten. Updates helfen. --------------------------------------------- https://www.heise.de/news/VMware-Mehrere-Produkte-mit-Stored-Cross-Site-Scr… ∗∗∗ Comodo Internet Security: DoS-Bug ohne Sicherheitsupdate ∗∗∗ --------------------------------------------- Wer sich eine Internet Security Suite installiert, möchte den Rechner absichern. Im Fall von Comodo kommt eine Sicherheitslücke mit. --------------------------------------------- https://www.heise.de/news/Comodo-Internet-Security-DoS-Bug-ohne-Sicherheits… ∗∗∗ Critical Everest Forms Pro flaw exploited to take over WordPress sites ∗∗∗ --------------------------------------------- Hackers are actively exploiting a critical vulnerability (CVE-2026-3300) in the Everest Forms Pro plugin, which lets them take complete control of a WordPress website. The security issue affects versions 1.9.12 and earlier of the plugin and can be leveraged without authentication to execute arbitrary code on the server. --------------------------------------------- https://www.bleepingcomputer.com/news/security/critical-everest-forms-pro-f… ∗∗∗ Kein Patch verfügbar: Bitlocker-Exploit Bitskrieg veröffentlicht ∗∗∗ --------------------------------------------- Microsofts empfohlene Korrektur für den Bitlocker-Exploit Yellowkey ist offenbar unvollständig. Mit Bitskrieg soll sie sich umgehen lassen. --------------------------------------------- https://www.golem.de/news/kein-patch-verfuegbar-bitlocker-exploit-bitskrieg… ∗∗∗ LWN Security updates for Monday ∗∗∗ --------------------------------------------- https://lwn.net/Articles/1076983/ -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/mailman3/postorius/lists/daily.lists.cert.at/

1 0

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily June 2026