===================== = End-of-Day report = =====================
Timeframe: Dienstag 07-04-2026 18:00 − Mittwoch 08-04-2026 18:00 Handler: Michael Schlagenhaufer Co-Handler: n/a
===================== = News = =====================
∗∗∗ Iran-Linked Hackers Are Sabotaging US Energy and Water Infrastructure ∗∗∗ --------------------------------------------- As Trump threatens Iranian infrastructure, the US government warns that Iran has carried out its own digital attacks against US critical infrastructure. --------------------------------------------- https://www.wired.com/story/iran-linked-hackers-are-sabotaging-us-energy-and...
∗∗∗ Anthropic Teams Up With Its Rivals to Keep AI From Hacking Everything ∗∗∗ --------------------------------------------- The AI labs Project Glasswing will bring together Apple, Google, and more than 45 other organizations. Theyll use the new Claude Mythos Preview model to test advancing AI cybersecurity capabilities. --------------------------------------------- https://www.wired.com/story/anthropic-mythos-preview-project-glasswing/
∗∗∗ Wichtiges Bug-Bounty-Programm pausiert: KI-Reports überlasten Open-Source-Projekte ∗∗∗ --------------------------------------------- Internet Bug Bounty zahlt vorerst keine Prämien mehr. Das betrifft unter anderem Node.js. Der Grund: Mit KI wird viel gemeldet, aber wenig gefixt. --------------------------------------------- https://www.golem.de/news/wichtiges-bug-bounty-programm-pausiert-ki-reports-...
∗∗∗ Microsoft Releases Open Source Toolkit for AI Agent Runtime Security ∗∗∗ --------------------------------------------- Microsoft has published its Agent Governance Toolkit, an open source project that brings runtime policy enforcement to autonomous AI agents. The release lands as the industry grapples with a widening gap between how fast AI agents are being deployed and how little infrastructure exists to govern what they do once theyre running. The toolkit is available under the MIT license at the Microsoft GitHub organization and supports Python, TypeScript, Rust, Go, and .NET. --------------------------------------------- https://socket.dev/blog/microsoft-open-source-toolkit-for-ai-agent-runtime-s...
∗∗∗ Spooler Alert: Remote Unauthd RCE-to-root Chain in CUPS ∗∗∗ --------------------------------------------- TLDR: my self-orchestrating team of vulnerability hunting agents discovered two issues in CUPS, CVE-2026-34980 and CVE-2026-34990, chainable into unauthenticated remote attacker -> unprivileged RCE -> root file (over)write. See below for the prerequisites, details, and mitigation options. --------------------------------------------- https://heyitsas.im/posts/cups/
∗∗∗ Keine neuen Windows-Versionen: Microsoft sperrt Veracrypt-Entwickler aus ∗∗∗ --------------------------------------------- Der Veracrypt-Entwickler kann die Windows-Variante seiner Verschlüsselungssoftware nicht mehr aktualisieren. [..] Idrassi versuchte nach eigenen Angaben mehrfach, Microsoft über verschiedene Kanäle zu kontaktieren. Dabei sei er aber nur an automatisierte Antworten und Bots geraten. --------------------------------------------- https://www.golem.de/news/keine-neuen-windows-versionen-microsoft-sperrt-ver...
∗∗∗ A Little Bit Pivoting: What Web Shells are Attackers Looking for?, (Tue, Apr 7th) ∗∗∗ --------------------------------------------- Webshells remain a popular method for attackers to maintain persistence on a compromised web server. Many "arbitrary file write" and "remote code execution" vulnerabilities are used to drop small files on systems for later execution of additional payloads. The names of these files keep changing and are often chosen to "fit in" with other files. --------------------------------------------- https://isc.sans.edu/diary/rss/32874
∗∗∗ More Honeypot Fingerprinting Scans, (Wed, Apr 8th) ∗∗∗ --------------------------------------------- One question that often comes up when I talk about honeypots: Are attackers able to figure out if they are connected to a honeypot? The answer is pretty simple: Yes! --------------------------------------------- https://isc.sans.edu/diary/rss/32878
∗∗∗ Cracks in the Bedrock: Escaping the AWS AgentCore Sandbox ∗∗∗ --------------------------------------------- Unit 42 uncovers critical vulnerabilities in Amazon Bedrock AgentCores sandbox, demonstrating DNS tunneling and credential exposure. [..] We also identified a critical security regression where the AgentCore Runtime utilized a microVM Metadata Service (MMDS) that lacks session token enforcement. Prior to our disclosure and AWS's fixes, this configuration could have allowed an attacker to exploit standard web vulnerabilities, such as server-side request forgery (SSRF), to directly extract sensitive credentials, putting the entire environment at risk. --------------------------------------------- https://unit42.paloaltonetworks.com/bypass-of-aws-sandbox-network-isolation-...
∗∗∗ New ClickFix Attack Uses Node.js Malware via Tor to Steal Crypto ∗∗∗ --------------------------------------------- Netskope Threat Labs report a new ClickFix attack using fake CAPTCHAs to deploy Tor-backed NodeJS malware and drain crypto wallets on Windows. --------------------------------------------- https://hackread.com/clickfix-attack-node-js-malware-tor-steal-crypto/
∗∗∗ Jetzt patchen! Attacken auf Low-Coding-Tool Flowise beobachtet ∗∗∗ --------------------------------------------- Unbekannte Angreifer nutzen derzeit eine kritische Sicherheitslücke mit Höchstwertung in Flowise aus. [..] Um Systeme vor diesen Attacken zu schützen, müssen Admins sicherstellen, dass mindestens Flowise 3.0.6 installiert ist. Aktuell ist die Ausgabe 3.1.1. --------------------------------------------- https://heise.de/-11248346
∗∗∗ When the compiler lies: breaking memory safety in safe Go ∗∗∗ --------------------------------------------- Early in March, I reported two compiler bugs affecting Go releases up to 1.26.1 which broke the Go memory safety guarantees using only safe Go code. [..] I’m not including the full end-to-end exploits, to allow the fixed releases to become more widely available. I’ll briefly describe the issues and show the problematic code patterns though. --------------------------------------------- https://ciolek.dev/posts/when-the-compiler-lies
===================== = Vulnerabilities = =====================
∗∗∗ Palo Alto Networks Security Advisories ∗∗∗ --------------------------------------------- Palo Alto has released 6 new security advisories (1x high, 3x medium, 2x informational) --------------------------------------------- https://security.paloaltonetworks.com/
∗∗∗ Juniper: 2026-04 Security Bulletin: vLWC: Default password is not required to be changed which allows unauthorized high-privileged access (CVE-2026-33784) ∗∗∗ --------------------------------------------- https://supportportal.juniper.net/s/article/2026-04-Security-Bulletin-vLWC-D...
∗∗∗ Juniper: 2026-04 Security Bulletin: CTP OS: Configuring password requirements does not work which permits the use of weak passwords (CVE-2026-33771) ∗∗∗ --------------------------------------------- https://supportportal.juniper.net/s/article/2026-04-Security-Bulletin-CTP-OS...
∗∗∗ Juniper: 2026-04 Security Bulletin: Apstra: SSH host key validation vulnerability for managed devices (CVE-2025-13914) ∗∗∗ --------------------------------------------- https://supportportal.juniper.net/s/article/2026-04-Security-Bulletin-Apstra...
∗∗∗ LWN: Security updates for Wednesday ∗∗∗ --------------------------------------------- https://lwn.net/Articles/1066809/
∗∗∗ Mozilla: Security Vulnerabilities fixed in Thunderbird 140.9.1 ∗∗∗ --------------------------------------------- https://www.mozilla.org/en-US/security/advisories/mfsa2026-29/
∗∗∗ Mozilla: Security Vulnerabilities fixed in Thunderbird 149.0.2 ∗∗∗ --------------------------------------------- https://www.mozilla.org/en-US/security/advisories/mfsa2026-28/
∗∗∗ Nix security advisory: Privilege escalation via symlink following during FOD output registration ∗∗∗ --------------------------------------------- https://discourse.nixos.org/t/nix-security-advisory-privilege-escalation-via...