Daily June 2026

daily@lists.cert.at

1 participants
14 discussions

Tageszusammenfassung - 05.06.2026
by Daily end-of-shift report 05 Jun '26

05 Jun '26

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 03-06-2026 18:00 − Freitag 05-06-2026 18:00 Handler: Michael Schlagenhaufer Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Unauthenticated RCE as QSECOFR via IBM i Management Central ∗∗∗ --------------------------------------------- Management Central is one of those services that has been running quietly on IBM i systems for over two decades. Many administrators don’t know it’s there, and its protocol security missed the scrutiny of researchers until now. The combination of a custom binary protocol, client-controlled authentication flags, and a derived usedForAuth field that can be trivially satisfied resulted in unauthenticated root-level command execution. --------------------------------------------- https://blog.silentsignal.eu/2026/06/05/unauthenticated-rce-as-qsecofr-via-… ∗∗∗ New IronWorm malware hits 36 packages in npm supply-chain attack ∗∗∗ --------------------------------------------- A new supply-chain attack has infected 36 packages on the Node Package Manager (npm) index with infostealer malware called IronWorm. The malware targets 86 environment variables (key-value pairs) and 20 credential files that may contain OpenAI, AWS, Anthropic, and npm credentials, vault configuration files, SSH keys, and Exodus cryptocurrency wallet files. --------------------------------------------- https://www.bleepingcomputer.com/news/security/new-ironworm-malware-hits-36… ∗∗∗ Software supply chain attacks: check your dependencies ∗∗∗ --------------------------------------------- This blog, aimed at cyber security professionals, exposes the insidious nature of recent attacks, underlining the growing threat from software supply chains, and how attackers are able to exploit them. We explain how organisations can check if they have been affected by such a supply chain attack, and recommend actions to take to mitigate compromise and prevent further spread. --------------------------------------------- https://www.ncsc.gov.uk/blogs/software-supply-chain-attacks-check-your-depe… ∗∗∗ Google DoubleClick Abused in New Malspam Campaign to Deliver DesckVB RAT ∗∗∗ --------------------------------------------- Cybersecurity researchers have flagged a new malspam campaign that makes use of Googles DoubleClick domain as a way to evade detection and ultimately deliver a remote access trojan (RAT) named DesckVB RAT. [..] The attack begins when an unsuspecting user opens an HTML file that's attached to a phishing email. The file triggers a meta-refresh browser redirect to a Google DoubleClick Campaign Manager click-tracking URL, from where the user is steered to another redirector, which decodes the Base64-encoded email address and leads the victim to a landing page containing a "Download PDF" button. --------------------------------------------- https://thehackernews.com/2026/06/google-doubleclick-abused-in-new.html ∗∗∗ Fake Sites Mimicking Open-Source Tools Rank High on Google to Deliver Malware via TDS ∗∗∗ --------------------------------------------- Cybersecurity researchers have flagged a large-scale operation that impersonates open-source and freeware projects to funnel unsuspecting users through a Traffic Distribution System (TDS) and deliver malware families like Remus Stealer, AnimateClipper, and the SessionGate framework. [..] Attack chains specifically target users looking for such tools on search engines like Google, causing the bogus sites to be surfaced on top of the search results. --------------------------------------------- https://thehackernews.com/2026/06/fake-sites-mimicking-open-source-tools.ht… ∗∗∗ EU-Paket für digitale Souveränität: „Gefahr einer technologischen Entkopplung“ ∗∗∗ --------------------------------------------- Das neue Tech-Souveränitätspaket der EU erntet gemischte Reaktionen: Open-Source-Verfechter jubeln, doch US-Branchenverbände warnen vor schweren Marktstörungen. --------------------------------------------- https://heise.de/-11318218 ∗∗∗ Analyse zum Souveränitätspaket der EU: Krisenfest per Gesetz? ∗∗∗ --------------------------------------------- Die EU-Kommission hat ein großes Paket vorgestellt, das den Staatenbund technologisch souveräner machen soll. Immerhin ein Anfang, analysiert Falk Steiner. --------------------------------------------- https://heise.de/-11318875 ∗∗∗ Federal Audit Finds NIST Wasted Funds With No Plan to Clear NVD Backlog ∗∗∗ --------------------------------------------- A newly released federal audit now documents NIST’s long-running NVD backlog, with findings that are hard to square with two years of public assurances that the database was being brought back under control. --------------------------------------------- https://socket.dev/blog/federal-audit-finds-nist-wasted-funds-with-no-plan-… ∗∗∗ A Post-Quantum Future for Lets Encrypt ∗∗∗ --------------------------------------------- Let’s Encrypt is committed to a post-quantum-safe Web PKI. The path we’re planning to take is Merkle Tree Certificates (“MTCs”), a new approach that adds post-quantum authentication to the web without sacrificing the speed and reliability that have made TLS universal. This post is about these plans and why we believe MTCs are worth pursuing as a key to a post-quantum future. --------------------------------------------- https://letsencrypt.org/2026/06/03/pq-certs.html ∗∗∗ The Interesting Case of WSL for Payload Staging ∗∗∗ --------------------------------------------- Windows Subsystem for Linux (WSL) lets you run a Linux environment directly on Windows without a traditional virtual machine or dual-boot setup. [..] This is a case study in indirect command execution — a class of techniques where the process responsible for a malicious action is not the process that appears in telemetry. --------------------------------------------- https://detect.fyi/the-interesting-case-of-wsl-for-payload-staging-bfaa0f69… ∗∗∗ IT-Forscher zeigen anpassungsfähigen KI-Wurm ∗∗∗ --------------------------------------------- IT-Forscher untersuchen, ob künstliche Intelligenz eine Bedrohung darstellt. Dabei haben sie eine neue Bedrohungsart entwickelt: Ein KI-Wurm, der maßgeschneiderte Angriffe auf jedes Ziel startet, dem er begegnet. --------------------------------------------- https://www.heise.de/news/IT-Forscher-zeigen-anpassungsfaehigen-KI-Wurm-113… ∗∗∗ Threat Brief: Active Exploitation of PAN-OS CVE-2026-0257 ∗∗∗ --------------------------------------------- We include indicators of activity and mitigations for PAN-OS vulnerability CVE-2026-0257. --------------------------------------------- https://unit42.paloaltonetworks.com/active-exploitation-of-pan-os-cve-2026-… ===================== = Vulnerabilities = ===================== ∗∗∗ Drupal: Anti-Spam by CleanTalk - Moderately critical - Cross site scripting - SA-CONTRIB-2026-042 ∗∗∗ --------------------------------------------- https://www.drupal.org/sa-contrib-2026-042 ∗∗∗ Drupal: Commerce Core - Moderately critical - Cross site scripting - SA-CONTRIB-2026-041 ∗∗∗ --------------------------------------------- https://www.drupal.org/sa-contrib-2026-041 ∗∗∗ Drupal: TacJS - Moderately critical - Improper Access Control - SA-CONTRIB-2026-040 ∗∗∗ --------------------------------------------- https://www.drupal.org/sa-contrib-2026-040 ∗∗∗ Drupal: LocalGov Workflows - Moderately critical - Information disclosure - SA-CONTRIB-2026-039 ∗∗∗ --------------------------------------------- https://www.drupal.org/sa-contrib-2026-039 ∗∗∗ Cisco Webex Meetings Cross-Site Scripting Vulnerability ∗∗∗ --------------------------------------------- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdviso… ∗∗∗ Cisco Unified Communications Manager Server-Side Request Forgery Vulnerability ∗∗∗ --------------------------------------------- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdviso… ∗∗∗ Cisco Finesse Remote File Inclusion Vulnerability ∗∗∗ --------------------------------------------- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdviso… ∗∗∗ Cisco Catalyst SD-WAN Manager Authenticated Privilege Escalation Vulnerability ∗∗∗ --------------------------------------------- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdviso… ∗∗∗ LWN: Security updates for Thursday ∗∗∗ --------------------------------------------- https://lwn.net/Articles/1076364/ ∗∗∗ LWN: Security updates for Friday ∗∗∗ --------------------------------------------- https://lwn.net/Articles/1076605/ -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/mailman3/postorius/lists/daily.lists.cert.at/

1 0

Tageszusammenfassung - 03.06.2026
by Daily end-of-shift report 03 Jun '26

03 Jun '26

===================== = End-of-Day report = ===================== Timeframe: Dienstag 02-06-2026 18:00 − Mittwoch 03-06-2026 18:00 Handler: Michael Schlagenhaufer Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Absicherung von Software: Anthropic öffnet „Project Glasswing“ für Europa ∗∗∗ --------------------------------------------- Anthropic will den Zugriff auf sein leistungsstärkstes KI-Modell Mythos deutlich ausweiten und Organisationen in mehr als 15 Staaten damit nach Sicherheitslücken in systemrelevanter Software suchen lassen. Das hat das KI-Unternehmen jetzt mitgeteilt, ohne das aber aufzuschlüsseln. [..] Anthropic hat Mythos Anfang April vorgestellt und erklärt, dass das Modell so gefährlich sei, dass es nur Firmen zur Verfügung gestellt wird, die an IT-Sicherheit arbeiten. --------------------------------------------- https://heise.de/-11316440 ∗∗∗ Trump gibt sich exklusiven Zugriff auf neue KI vor allen anderen ∗∗∗ --------------------------------------------- Geheimes Benchmarking von KI, Zugriff für die US-Regierung vor allen anderen, staatliche Suche nach Software-Bugs. Das und mehr ordnet der US-Präsident an. --------------------------------------------- https://www.heise.de/news/Trump-gibt-sich-exklusiven-Zugriff-auf-neue-KI-vo… ∗∗∗ Android bekommt Anrufererkennung gegen Betrugsanrufe ∗∗∗ --------------------------------------------- Google baut einen neuen Mechanismus in Android ein, der betrügerische Anrufe mit gefälschten Kontakten unterbinden soll. Betrugsversuche mit gefälschten Caller-IDs (der übertragenen Anrufer-Rufnummer) soll das eindämmen. --------------------------------------------- https://heise.de/-11316362 ∗∗∗ Codex Discovered a Hidden HTTP/2 Bomb ∗∗∗ --------------------------------------------- We’re publishing HTTP/2 Bomb, a remote denial-of-service exploit against most major web servers, including: nginx, Apache httpd, Microsoft IIS, Envoy, Cloudflare Pingora [..] The vulnerable behavior exists in each server's default HTTP/2 configuration. [..] A curious search on Shodan revealed 880,000+ websites supporting HTTP/2 and running one of these servers, though many sit behind a CDN, which is much harder to bring down. [..] A home computer on a 100Mbps connection can render a vulnerable server inaccessible within seconds. [..] We disclosed the issue to nginx in April. They responded by importing the max_headers directive from freenginx, shipping it in 1.29.8 the next day. At this point, we consider the attack public. --------------------------------------------- https://blog.calif.io/p/codex-discovered-a-hidden-http2-bomb ∗∗∗ Over 116,000 Mincraft systems infected in WeedHack malware campaign ∗∗∗ --------------------------------------------- A large-scale malware campaign dubbed WeedHack is targeting Minecraft players and has infected more than 116,000 systems since January. The malware is distributed through Minecraft-related malicious mods, clients, cheats, and utilities that are promoted over YouTube and SEO (search engine optimization) poisoning. --------------------------------------------- https://www.bleepingcomputer.com/news/security/over-116-000-mincraft-system… ∗∗∗ Argamal: Malware hidden in hentai games ∗∗∗ --------------------------------------------- The DLLs were spawned by different games written using various game engines and programming languages, including RenPy (Python) and RPG Maker MV (JavaScript), among others. However, they all had one thing in common: they were all hentai games. --------------------------------------------- https://securelist.com/argamal-rat-distributed-with-hentai-games/119999/ ∗∗∗ Espionage Campaign Targeted Stock Exchange Executive for Five Months ∗∗∗ --------------------------------------------- The attackers' focus throughout was on a single objective: long-term, incremental theft of the contents of a single Outlook mailbox, exfiltrated through Dropbox and OneDrive Personal in small batches over a period of five months to avoid raising suspicions or triggering alerts on the system. This was a tightly focused and highly targeted campaign, with five months being a significant dwell time for an attacker. It is notable to see the different techniques and approaches used by the attacker in order to stay under the radar and maintain persistent access. [..] The initial infection vector used by the attackers in this incident is unknown. --------------------------------------------- https://www.security.com/threat-intelligence/stock-exchange-espionage ===================== = Vulnerabilities = ===================== ∗∗∗ Acer working to patch max severity zero-days in Wave 7 routers ∗∗∗ --------------------------------------------- Acer is working to address two maximum-severity zero-day vulnerabilities affecting its Wave 7 mesh routers. [..] The first zero-day, a broken access control vulnerability tracked as CVE-2026-49200, can allow unauthenticated attackers to remotely access plaintext credentials stored in log archives. [..] The second one (CVE-2026-49201) stems from a hardcoded cryptographic key that lets remote attackers without privileges gain persistent backdoor access to the router. [..] While no security patches are available yet for these two flaws, Acer says it's working on fixes that should be released by the end of the month. --------------------------------------------- https://www.bleepingcomputer.com/news/security/acer-warns-of-max-severity-z… ∗∗∗ Unpatched Windows Search URI Vulnerability Lets Attackers Steal NTLMv2 Hashes ∗∗∗ --------------------------------------------- Cybersecurity researchers have disclosed details of an unpatched issue that could be exploited to disclose a users NTLMv2 hash to the attacker. [..] As a result, a threat actor could leverage the captured hash to conduct relay attacks and gain deeper access into a network. Following responsible disclosure on April 15, 2026, Microsoft declined to address the issue, stating "only Important and Critical severity cases meet our bar for servicing." --------------------------------------------- https://thehackernews.com/2026/06/unpatched-windows-search-uri.html ∗∗∗ GitHub-Drama 1: Sicherheitsforscher veröffentlicht 0-Day-Schwachstelle ∗∗∗ --------------------------------------------- Ein weiterer Sicherheitsforscher hat die koordinierte Offenlegung von Schwachstellen beim Microsoft Security Resource Center (MSRC) übersprungen und eine kritische 1-Klick-GitHub-Schwachstelle öffentlich gemacht. Mit der Schwachstelle in VSCode lassen sich GitHub-Tokens stehlen, und der Entdecker hatte keine Lust mit dem MSRC zu diskutieren. [..] Der Sicherheitsforscher hat einen funktionierenden Proof-of-Concept veröffentlicht. [..] Er empfiehlt, die Daten der Website http://github[.]dev zu löschen, um das Risiko zu mindern, solange das Problem öffentlich bekannt ist. --------------------------------------------- https://borncity.com/blog/2026/06/03/github-drama-1-sicherheitsforscher-ver… ∗∗∗ LWN: Security updates for Wednesday ∗∗∗ --------------------------------------------- https://lwn.net/Articles/1076117/ ∗∗∗ Mozilla: Security Vulnerabilities fixed in Firefox 151.0.3 ∗∗∗ --------------------------------------------- https://www.mozilla.org/en-US/security/advisories/mfsa2026-54/ ∗∗∗ Paloalto: CVE-2026-0249 GlobalProtect App: Certificate Validation Bypass Vulnerabilities (Severity: LOW) ∗∗∗ --------------------------------------------- https://security.paloaltonetworks.com/CVE-2026-0249 ∗∗∗ Solarwinds: WHD 2026.2 release notes ∗∗∗ --------------------------------------------- https://documentation.solarwinds.com/en/success_center/whd/content/release_… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/mailman3/postorius/lists/daily.lists.cert.at/

1 0

Tageszusammenfassung - 02.06.2026
by Daily end-of-shift report 02 Jun '26

02 Jun '26

===================== = End-of-Day report = ===================== Timeframe: Montag 01-06-2026 18:00 − Dienstag 02-06-2026 18:00 Handler: Michael Schlagenhaufer Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Passwortmanager: Hacker erbeuten Passwort-Tresore von Dashlane-Nutzern ∗∗∗ --------------------------------------------- Infolge eines Brute-Force-Angriffs wurden einige Dashlane-Nutzer temporär gesperrt. Die Angreifer sollen zudem an Passwort-Tresore gelangt sein. --------------------------------------------- https://www.golem.de/news/brute-force-attacke-angreifer-erbeuten-passwort-t… ∗∗∗ New Wave Of Phishing Emails with SVG Files, (Tue, Jun 2nd) ∗∗∗ --------------------------------------------- This time, the SVG files are really simple and even don’t contain any graphical element but a simple piece of JavaScript that will redirect the victim's browser to the phishing page. --------------------------------------------- https://isc.sans.edu/diary/rss/33040 ∗∗∗ CVSS: NIST schränkt Bewertung von IT-Sicherheitslücken ein ∗∗∗ --------------------------------------------- Das US-amerikanische National Institute of Standards and Technology (NIST) wird die Bewertung von IT-Sicherheitslücken mit den bekannten CVSS-Schweregraden weitgehend einstellen. Das ist eine der Maßnahmen, mit denen NIST den wachsenden Rückstau seiner National Vulnerability Database (NVD) bekämpfen möchte. Wie das vereinbar ist mit der rechtlichen Verpflichtung, CVSS (Common Vulnerability Scoring System) zu berechnen, bleibt offen – aber wo kein Kläger, da kein Richter. --------------------------------------------- https://www.heise.de/news/CVSS-NIST-schraenkt-Bewertung-von-IT-Sicherheitsl… ∗∗∗ Red-Hat-Infostealer kommt auf mehr als 100.000 Downloads ∗∗∗ --------------------------------------------- Ende Mai haben Cyberkriminelle in einer Lieferkettenattacke, die mittels eines Mini-Shai-Hulud-Klons erfolgte, bösartige Versionen von npm-Paketen verbreitet. Ziel der Malware, die sich selbst Miasma nennt, waren die Managed Cloud Services von Red Hat. Mittlerweile sind keine bösartigen Paketversionen mehr im Umlauf. Sicherheitsexperten raten dennoch dazu, die Credentials zu rotieren. --------------------------------------------- https://www.heise.de/news/Mini-Shai-Hulud-Klon-Miasma-nimmt-Red-Hat-ins-Vis… ∗∗∗ Fake virus alerts are invading mobile games ∗∗∗ --------------------------------------------- Sometimes it happens. You’re happily playing a game on your phone or laptop when suddenly alarms pop up out of nowhere: “Your device is infected!” [..] Unfortunately, cybercriminals sometimes manage to buy advertising space and use it to defraud gamers. --------------------------------------------- https://www.malwarebytes.com/blog/mobile/2026/06/fake-virus-alerts-are-inva… ∗∗∗ Vorsicht, Phishing: Spar-Gewinnspiel zu Bier-Paketen ist ein Fake! ∗∗∗ --------------------------------------------- Der Sommer naht mit Riesenschritten und die thematisch passenden Betrugsmaschen schießen aus dem Boden wie Schwammerl. Eine Falle, die im Vorjahr für besonders viel Aufsehen gesorgt hat, feiert dabei ein Comeback: Es geht um ein Bier-Gewinnspiel! Die optische und inhaltliche Gestaltung hat sich im Vergleich zur 2025er-Variante zwar etwas geändert, die Abläufe sind allerdings dieselben geblieben. Ein kleines Update. --------------------------------------------- https://www.watchlist-internet.at/news/phishing-spar-gewinnspiel-bier/ ∗∗∗ ASFINAG-Phishing: Über eine Fake-Mail an die Kreditkartendaten ∗∗∗ --------------------------------------------- Erwischt beim Fahren ohne Vignette? Mit der Zahlung einer Ersatzmaut in Höhe von 12,36 Euro oder dem nachträglichen Kauf einer 10-Tages-Vignette ist die Angelegenheit aus der Welt geschafft? Was auf den ersten Blick aussieht wie eine echte Benachrichtigung der ASFINAG, ist in Wahrheit eine neue Phishing-Welle. --------------------------------------------- https://www.watchlist-internet.at/news/asfinag-phishing-mail-kreditkartenda… ∗∗∗ Hacker stehlen Hunderte Instagram-Konten über Metas KI-Support ∗∗∗ --------------------------------------------- Die Schatten eines ausgelagerten Instagram-Supports an eine KI. Hackern ist es gelungen, langjährige, hochkarätige Instagram-Konten zu kapern. Dazu haben Sie die Funktion zum Passwort-Reset aufgerufen und den KI-Support-Chatbot von Meta einfach gebeten, die mit dem Konto verknüpfte E-Mail-Adresse zu ändern. --------------------------------------------- https://borncity.com/blog/2026/06/02/hacker-stehlen-hunderte-instagram-kont… ∗∗∗ Ivanti EPMM ‘Sleeper Shells’ not so sleepy? ∗∗∗ --------------------------------------------- In late January 2026, an advisory covering two remote code execution vulnerabilities (CVE-2026-1281 & CVE-2026-1340) in Ivanti Endpoint Manager Mobile (EPMM) was published. [..] In a recent incident that NVISO CSIRT handled, we came across a compromised Ivanti EPMM device, and the logs quickly revealed that the aforementioned vulnerabilities were used to compromise the device. From the log entries, we quickly identified what we believe is the same webshell Defused was reporting on. --------------------------------------------- https://blog.nviso.eu/2026/03/13/ivanti-epmm-sleeper-shells-not-so-sleepy/ ∗∗∗ New WordPress Malware Uses Steam Profile Comments to Hide C2 Instructions ∗∗∗ --------------------------------------------- GoDaddy researchers found WordPress malware using Steam Community profile comments to hide encoded command and control data, with nearly 1,980 sites affected. --------------------------------------------- https://hackread.com/wordpress-malware-steam-profile-comments-instructions/ ===================== = Vulnerabilities = ===================== ∗∗∗ LWN: Security updates for Tuesday ∗∗∗ --------------------------------------------- https://lwn.net/Articles/1075966/ ∗∗∗ WebKitGTK and WPE WebKit Security Advisory WSA-2026-0003 ∗∗∗ --------------------------------------------- https://webkitgtk.org/security/WSA-2026-0003.html ∗∗∗ Zyxel security advisory for buffer overflow vulnerabilities in the UPnP function of certain 4G LTE/5G NR CPE and DSL/Ethernet CPE ∗∗∗ --------------------------------------------- https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-… ∗∗∗ Android: Patchday: 18 kritische Sicherheitslücken bedrohen Android 14, 15, 16 ∗∗∗ --------------------------------------------- https://heise.de/-11314546 ∗∗∗ Samsung: Juni-Patchday bei Samsung: Zahlreiche Sicherheitslücken gestopft ∗∗∗ --------------------------------------------- https://heise.de/-11315093 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/mailman3/postorius/lists/daily.lists.cert.at/

1 0

Tageszusammenfassung - 01.06.2026
by Daily end-of-shift report 01 Jun '26

01 Jun '26

===================== = End-of-Day report = ===================== Timeframe: Freitag 29-05-2026 18:00 − Montag 01-06-2026 18:00 Handler: Michael Schlagenhaufer Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Miasma: Supply Chain Attack Targeting RedHat npm Packages ∗∗∗ --------------------------------------------- Detect and mitigate malicious npm packages linked to the latest npm supply chain attack, based on the open sourced Mini Shai-Hulud malware. --------------------------------------------- https://www.wiz.io/blog/miasma-supply-chain-attack-targeting-redhat-npm-pac… ∗∗∗ On the cyber-security implications of current LLMs ∗∗∗ --------------------------------------------- The rapid progress in the capabilities of LLMs for cyber-security related tasks naturally leads to the question of what the right response should be. [..] So, here is a rough outline of how I structure the problem set in my mind. It’s not a complete treatment of all the points, just a scaffolding that needs to be fleshed out. Nevertheless, I think it could provide some value. --------------------------------------------- https://www.cert.at/en/blog/2026/6/on-the-cyber-security-implications-of-cu… ∗∗∗ ChatGPT share links abused to host fake outage pages to deliver malware ∗∗∗ --------------------------------------------- Threat actors are abusing ChatGPTs content-sharing feature to display fake OpenAI outage pages that direct users to download malware disguised as the ChatGPT desktop application. --------------------------------------------- https://www.bleepingcomputer.com/news/security/chatgpt-share-links-abused-t… ∗∗∗ Microsoft fixes KB5089549 Windows security update install issues ∗∗∗ --------------------------------------------- Microsoft has resolved a known issue causing installation failures and 0x800f0922 errors when deploying the May 2026 Windows 11 security update (KB5089549). [..] On Friday, the company said the issue has been resolved in the Windows 11 KB5089573 preview cumulative update, with the fix to be made available to all users who install the June Patch Tuesday updates later this month. --------------------------------------------- https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-kb5089549-w… ∗∗∗ Patch Now: Another Palo Alto Auth Bypass Bug Under Active Exploit ∗∗∗ --------------------------------------------- In May, Palo Alto Networks (PAN) disclosed and fixed the flaw, tracked as CVE-2026-0257, but it updated the advisory last week to note that there have been "limited exploit attempts on unpatched PAN-OS devices without mitigations applied." --------------------------------------------- https://www.darkreading.com/threat-intelligence/patch-palo-alto-auth-bypass… ∗∗∗ Containers on fire: from container escapes to supply chain attacks ∗∗∗ --------------------------------------------- We break down the primary attack vectors in containerized environments: exposed secrets, privilege misconfigurations, API compromise, and supply chain attacks. --------------------------------------------- https://securelist.com/container-attack-vectors/120010/ ∗∗∗ Attackers Use LLM Agent for Post-Exploitation After Marimo CVE-2026-39987 Exploit ∗∗∗ --------------------------------------------- An unknown threat actor has been observed using a large language model (LLM) agent to conduct post-compromise actions after obtaining initial access following the exploitation of a publicly-accessible Marimo network using a recently disclosed vulnerability. --------------------------------------------- https://thehackernews.com/2026/05/attackers-use-llm-agent-for-post.html ∗∗∗ Handy-Spione als Schnäppchen: Italiens boomende Spyware-Schattenindustrie ∗∗∗ --------------------------------------------- Wenn von staatlicher Überwachungssoftware die Rede ist, fallen meist Namen wie Pegasus, Predator oder Paragon (Graphite)). Diese hochentwickelten Werkzeuge kosten Millionen und nutzen unbekannte Sicherheitslücken in Form von Zero-Day-Exploits, um Smartphones völlig ohne Zutun der Betroffenen zu infizieren. Doch diese High-End-Produkte bilden nur die Spitze des Eisbergs. Abseits des Rampenlichts hat sich in Europa ein paralleler, weitaus billigerer Markt etabliert. --------------------------------------------- https://www.heise.de/news/Handy-Spione-als-Schnaeppchen-Italiens-boomende-S… ∗∗∗ Let’s talk about encrypted reasoning ∗∗∗ --------------------------------------------- Last week I decided it’d be fun to set up an OpenClaw agent. [..] But configuring the agent to talk to Claude exposed me to something way more interesting: I got a cool error. The kind of error that cryptographers can’t resist [..] So TL;DR, while I was able to extract application-specific secrets that did exist, I wasn’t able to extract model prompts that don’t. [..] I think model providers should think hard about this reasoning data, and they should make sure it doesn’t leak things they don’t want it to. --------------------------------------------- https://blog.cryptographyengineering.com/2026/05/29/fooling-around-with-enc… ∗∗∗ CVE-2026-48710: A Maintainers Perspective ∗∗∗ --------------------------------------------- Upgrade to Starlette 1.0.1 or later, which validates the Host header and rejects malformed values. Beyond that: don't base authorization on request.url.path. If you need the routed path, use request.scope["path"], which is never reconstructed from the Host header. Better yet, don't make authorization decisions on path strings at all. --------------------------------------------- https://marcelotryle.com/blog/2026/05/28/cve-2026-48710-a-maintainers-persp… ===================== = Vulnerabilities = ===================== ∗∗∗ A census of the Starlette host-header auth bypass CVE-2026-48710 ∗∗∗ --------------------------------------------- CVE-2026-48710 is a Starlette host-header authentication bypass. Because FastAPI is built on Starlette, the affected population spans applications of every kind - AI and non-AI - and that broad impact is only starting to unfold. --------------------------------------------- https://www.persistent-security.net/post/cve-2026-48710-bad-hosts-in-the-wi… ∗∗∗ Ivanti: Security Advisory Ivanti Neurons for ITSM (CVE-2026-9614) ∗∗∗ --------------------------------------------- An Improper Access Control vulnerability in Ivanti Neurons for ITSM (cloud and on-premises) allows a remote authenticated attacker to gain administrative access. --------------------------------------------- https://hub.ivanti.com/s/article/Security-Advisory-Ivanti-Neurons-for-ITSM-… ∗∗∗ IT-Sicherheitslösung Check Point Security Gateway ist verwundbar ∗∗∗ --------------------------------------------- Insgesamt haben die Entwickler vier Softwareschwachstellen geschlossen. Drei davon (CVE-2026-48131, CVE-2026-48132, CVE-2026-48133) sind mit dem Bedrohungsgrad „hoch“ eingestuft. In zwei Fällen können Angreifer durch das Versenden von präparierten Datenpaketen VPN-Verbindungen terminieren. Wenn im Kontext der Browser-basierten Authentifizierung die Funktion Identity Awareness aktiv ist, können Angreifer ohne Authentifizierung interne Dateien von Security Gateway einsehen. --------------------------------------------- https://www.heise.de/news/IT-Sicherheitsloesung-Check-Point-Security-Gatewa… ∗∗∗ LWN: Security updates for Monday ∗∗∗ --------------------------------------------- https://lwn.net/Articles/1075733/ ∗∗∗ Mozilla: Security Vulnerabilities fixed in Firefox for iOS 151.2 ∗∗∗ --------------------------------------------- https://www.mozilla.org/en-US/security/advisories/mfsa2026-53/ -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/mailman3/postorius/lists/daily.lists.cert.at/

1 0

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily June 2026