===================== = End-of-Day report = =====================
Timeframe: Donnerstag 11-06-2026 18:00 − Freitag 12-06-2026 18:00 Handler: Alexander Riepl Co-Handler: n/a
===================== = News = =====================
∗∗∗ Pharma giant Novo Nordisk discloses breach of clinical trials data ∗∗∗ --------------------------------------------- Danish pharmaceutical giant Novo Nordisk, the worlds largest producer of insulin, disclosed a data breach affecting patient information from some clinical trials. --------------------------------------------- https://www.bleepingcomputer.com/news/security/pharmaceutical-giant-novo-nor...
∗∗∗ 336 Millionen Euro in Bitcoin gewaschen: Geldwäschedienst AudiA6 zerschlagen ∗∗∗ --------------------------------------------- Ein AudiA6 genannter Geldwäschedienst ließ Hacker und Betrüger Bitcoin-Transaktionen in Millionenhöhe verschleiern. Doch damit ist jetzt Schluss. --------------------------------------------- https://www.golem.de/news/336-millionen-euro-in-bitcoin-gewaschen-geldwaesch...
∗∗∗ Kernel-Bug: FreeBSD-Exploit "Bumsrakete" verleiht Root-Zugriff ∗∗∗ --------------------------------------------- Ein Exploit namens Bumsrakete gefährdet alle FreeBSD-Versionen der letzten fünf Jahre. Die Entdecker nehmen es mit reichlich Humor. --------------------------------------------- https://www.golem.de/news/kernel-bug-freebsd-exploit-bumsrakete-verleiht-roo...
∗∗∗ LangGraph Flaw Chain Exposes Self-Hosted AI Agents to Remote Code Execution ∗∗∗ --------------------------------------------- Cybersecurity researchers have disclosed details of three now-patched security flaws impacting LangGraph, including a critical vulnerability chain that could result in remote code execution.LangGraph is an open-source framework created by LangChain to .. --------------------------------------------- https://thehackernews.com/2026/06/langgraph-flaw-chain-exposes-self.html
∗∗∗ INTERPOL Operation Takes Down Sniper Dz Phishing Platform, Arrests Administrator ∗∗∗ --------------------------------------------- An INTERPOL-led operation last month resulted in the disruption of Sniper Dz, a decade-long phishing-as-a-service (PhaaS) platform, Group-IB said Thursday.The effort, codenamed Operation Ramz, took place between October 2025 and February .. --------------------------------------------- https://thehackernews.com/2026/06/interpol-takes-down-sniper-dz-phishing.htm...
∗∗∗ Drug Sites Hijacked Spotify’s Search Ranking Through Fake Podcasts ∗∗∗ --------------------------------------------- A joint congressional report describes a spam operation that turned tens of thousands of fake podcasts into search-engine bait for illegal pharmacy and scam sites. --------------------------------------------- https://www.wired.com/story/drug-sites-hijacked-spotifys-search-ranking-thro...
∗∗∗ Ivanti Sentry: Verwirrung um Status von kritischem Befehlsschmuggel-Leck ∗∗∗ --------------------------------------------- Ivanti warnt aktuell vor kritischen Sicherheitslücken in Sentry. Die CISA warnt vor Angriffen, Ivanti wiegelt jedoch ab. --------------------------------------------- https://www.heise.de/news/Ivanti-Sentry-Wirrwar-um-Missbrauch-kritischer-Bef...
∗∗∗ Ubiquiti UniFi OS: Kritische Lücken erlauben Codeschmuggel ∗∗∗ --------------------------------------------- Ubiquiti warnt vor teils kritischen Sicherheitslücken in UniFi OS. Aktualisierte Software steht bereit, um sie zu schließen. --------------------------------------------- https://www.heise.de/news/Ubiquiti-UniFi-OS-Kritische-Luecken-erlauben-Codes...
∗∗∗ Fake verification pages are stealing Steam accounts from players ∗∗∗ --------------------------------------------- A convincing fake FACEIT verification page is stealing Steam accounts by using a fake login window that looks completely legitimate. --------------------------------------------- https://www.malwarebytes.com/blog/threat-intel/2026/06/fake-verification-pag...
∗∗∗ Hundreds of AUR packages compromised ∗∗∗ --------------------------------------------- Hundreds of orphaned packages hosted by the Arch User Repository (AUR) have been compromised by an attacker who has added a malicious npm package (atomic-lockfile) that can exfiltrate sensitive data. The project is currently working on cleaning up the mess. There is a list of affected packages and post (possibly NSFW domain) by"sodiboo" with additional information .. --------------------------------------------- https://lwn.net/Articles/1077718/
∗∗∗ Decade-Long SniperDz Phishing Network Disrupted in Operation Ramz ∗∗∗ --------------------------------------------- Group-IB, INTERPOL and Algerian Police dismantle decade-old SniperDZ phishing network used to steal credentials, with its alleged developer arrested. --------------------------------------------- https://hackread.com/authorities-dismantle-sniperdz-phishing-network/
∗∗∗ Marking Your Own Homework (Check Point Remote Access VPN IKEv1 Authentication Bypass CVE-2026-50751) ∗∗∗ --------------------------------------------- It is yet another day in this parallel universe of security, where the devices we bolt onto the edge of our networks to keep the bad people out are, with remarkable consistency, the exact thing that let the bad .. --------------------------------------------- https://labs.watchtowr.com/marking-your-own-homework-check-point-remote-acce...
===================== = Vulnerabilities = =====================
∗∗∗ CVE-2026-45257: LPE in FreeBSD via kTLS-RX ∗∗∗ --------------------------------------------- https://bumsrake.de