===================== = End-of-Day report = =====================
Timeframe: Mittwoch 10-06-2026 18:00 − Donnerstag 11-06-2026 18:00 Handler: Alexander Riepl Co-Handler: n/a
===================== = News = =====================
∗∗∗ Oracle PeopleSoft servers hacked in ShinyHunters data theft attacks ∗∗∗ --------------------------------------------- Oracle PeopleSoft servers are being targeted in ongoing data theft attacks by the ShinyHunters extortion gang, which claims to have stolen data from over 100 organizations. --------------------------------------------- https://www.bleepingcomputer.com/news/security/oracle-peoplesoft-servers-hac...
∗∗∗ Neuer Bitlocker-Bypass: Chaotic Eclipse wirft weiter mit Windows-Exploits um sich ∗∗∗ --------------------------------------------- Chaotic Eclipse ist wohl doch nicht so erschöpft wie behauptet. Ein neuer Exploit zur Umgehung von Bitlocker auf Windows-Geräten ist noch drin. --------------------------------------------- https://www.golem.de/news/neuer-bitlocker-bypass-chaotic-eclipse-wirft-weite...
∗∗∗ Chinese agents caught rebuilding botnets and stirring the pot on AI datacenter debate ∗∗∗ --------------------------------------------- PRC eyes are watching you --------------------------------------------- https://www.theregister.com/security/2026/06/11/china-linked-operators-reviv...
∗∗∗ Every employee’s password was stored in a single Excel file ∗∗∗ --------------------------------------------- The CEO thought this was the best way to deal with some email issues --------------------------------------------- https://www.theregister.com/security/2026/06/11/every-employees-password-was...
∗∗∗ CISA Tells US Agencies to Fix Security Bugs in as Little as 3 Days Thanks to AI Threats ∗∗∗ --------------------------------------------- “Defenders cannot afford to take weeks to patch,” one Cybersecurity and Infrastructure Security Agency official warned on Wednesday. --------------------------------------------- https://www.wired.com/story/cisa-ai-vulnerability-directive/
∗∗∗ OpenSSL: Präparierte Signatur kann Weg für Schadcode ebnen ∗∗∗ --------------------------------------------- In aktuellen Versionen haben die OpenSSL-Entwickler insgesamt 18 Sicherheitslücken geschlossen. --------------------------------------------- https://www.heise.de/news/OpenSSL-Praeparierte-Signatur-kann-Weg-fuer-Schadc...
∗∗∗ Intel-Aus: So lange will Apple Sicherheitspatches liefern ∗∗∗ --------------------------------------------- Mit macOS 27 ist das x86-Zeitalter bei Apple vorbei. Immerhin soll es noch über einen längeren Zeitraum Patches geben. Wie vollständig die sind – unklar. --------------------------------------------- https://www.heise.de/news/macOS-Apple-teilt-mit-wie-lange-es-Intel-Sicherhei...
∗∗∗ FreeBSD: Rechteausweitungslücke mit augenzwinkerndem Codenamen ∗∗∗ --------------------------------------------- Auch in FreeBSD haben IT-Forscher eine Sicherheitslücke gefunden, die die Rechteausweitung ermöglicht. Name: „Bumsrakete[tm]“. --------------------------------------------- https://www.heise.de/news/FreeBSD-Rechteausweitungsluecke-mit-augenzwinkernd...
∗∗∗ GenAI Is Both Hunter and Hunted at Pwn2Own Berlin 2026 ∗∗∗ --------------------------------------------- This year’s Pwn2Own competition in Berlin revealed just how much of the AI stack remains exposed -- and the gap between what these tools promise and what they can withstand point to the fragile security foundations underneath. --------------------------------------------- https://www.trendmicro.com/en_us/research/26/f/pwn2own-genai.html
===================== = Vulnerabilities = =====================
∗∗∗ SVD-2026-0609: Improper Access Control in Splunk Enterprise ∗∗∗ --------------------------------------------- In Splunk Enterprise versions below 10.2.4 and 10.0.7, and Splunk Cloud Platform versions below 10.4.2604.0, 10.3.2512.12, 10.2.2510.15, 10.1.2507.23, 10.0.2503.14, and 9.3.2411.131, a user who holds a Splunk role that contains the high-privilege capability edit_saved_search_owner could reassign saved search ownership to users outside their authorized scope. The ownership reassignment endpoint lacks access control. --------------------------------------------- https://advisory.splunk.com//advisories/SVD-2026-0609
∗∗∗ SVD-2026-0606: Improper Input Validation through Protocol-Relative URL in Classic Dashboards in Splunk Enterprise ∗∗∗ --------------------------------------------- In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.3.2512.13, 10.2.2510.15, 10.1.2507.23, and 9.3.2411.132, a low-privileged user that does not hold the ‘admin’ or ‘power’ Splunk roles could cause data exfiltration through classic dashboards by redirecting a victim to an external site using a protocol-relative URL in a drill-down link.The vulnerability exists because the URL classifier in classic dashboards --------------------------------------------- https://advisory.splunk.com//advisories/SVD-2026-0606
∗∗∗ SVD-2026-0605: Improper Input Validation through Classic Dashboards in Splunk Enterprise ∗∗∗ --------------------------------------------- In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.3.2512.13, 10.2.2510.15, 10.1.2507.23, and 9.3.2411.132, a low-privileged user that does not hold the “admin” or “power” Splunk roles could craft a malicious classic dashboard that exfiltrates sensitive data to an external server.The vulnerability exists because URL validation on the external content dialog is incomplete, which can allow for requests to --------------------------------------------- https://advisory.splunk.com//advisories/SVD-2026-0605
∗∗∗ SVD-2026-0601: Remote Code Execution through Deserialization of Untrusted Data in Splunk Secure Gateway ∗∗∗ --------------------------------------------- In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, Splunk Cloud Platform versions below 10.3.2512.12, 10.2.2510.14, 10.1.2507.22, and 9.3.2411.132, and Splunk Secure Gateway versions below 3.10.6, 3.9.20, and 3.8.67, a low-privileged user that does not hold the ‘admin’ or ‘power’ Splunk roles could perform a Remote Code Execution (RCE) through the Splunk Secure Gateway app.The Remote Code Execution is possible because of unsafe deserialization of App --------------------------------------------- https://advisory.splunk.com//advisories/SVD-2026-0601
∗∗∗ Oracle Security Alert Advisory - CVE-2026-35273 ∗∗∗ --------------------------------------------- https://www.oracle.com/security-alerts/alert-cve-2026-35273.html
∗∗∗ Brute force attack protection - Critical - Unsupported - SA-CONTRIB-2026-047 ∗∗∗ --------------------------------------------- https://www.drupal.org/sa-contrib-2026-047
∗∗∗ Composer - Critical - Unsupported - SA-CONTRIB-2026-046 ∗∗∗ --------------------------------------------- https://www.drupal.org/sa-contrib-2026-046