===================== = End-of-Day report = =====================

Timeframe: Freitag 12-06-2026 18:00 − Montag 15-06-2026 18:00 Handler: Michael Schlagenhaufer Co-Handler: Alexander Riepl

===================== = News = =====================

∗∗∗ New attack turned Microsoft 365 Copilot into 1-click data theft tool ∗∗∗ --------------------------------------------- A critical vulnerability chain dubbed SearchLeak in Microsoft 365 Copilot Enterprise could allow attackers to steal sensitive data from a targets mailbox, OneDrive, or SharePoint account through a specially crafted URL. --------------------------------------------- https://www.bleepingcomputer.com/news/security/new-attack-turned-microsoft-3...

∗∗∗ Popular WordPress Plugin Scripts Tampered to Plant Hidden Backdoors on Sites ∗∗∗ --------------------------------------------- An attacker tampered with trusted JavaScript files used by WordPress sites running PushEngage, OptinMonster, and TrustPulse, turning those files into a way to break into the sites.When a site administrator was logged in as the file loaded, the code created an admin account under the attackers control and installed a hidden plugin that opened a way back in. --------------------------------------------- https://thehackernews.com/2026/06/popular-wordpress-plugin-scripts.html

∗∗∗ „Sommer der Glückseligkeit“: curl nimmt einen Monat lang keine Bug-Reports an ∗∗∗ --------------------------------------------- Seit Wochen kämpft der Maintainer von curl mit der Arbeitslast durch die Flut an KI-generierten Bug-Reports. Im Juli soll deshalb keiner angenommen werden. --------------------------------------------- https://www.heise.de/news/Sommer-der-Glueckseligkeit-curl-nimmt-einen-Monat-...

∗∗∗ WKO-Phishing: Betrugsmail fordert Datenaktualisierung ∗∗∗ --------------------------------------------- Aktuell behauptet eine E-Mail im Namen der Wirtschaftskammer Österreich (WKO), dass Unternehmensdaten nicht aktualisiert wurden. Wer den enthaltenen Link nicht ausfüllt, dem werden umfassende Strafen angedroht. Tatsächlich haben es Kriminelle auf sensible Unternehmens- und Personendaten abgesehen. --------------------------------------------- https://www.watchlist-internet.at/news/wko-phishing-betrugsmail-fordert-date...

∗∗∗ FortiNet SSO Vulnerability CVE-2025-59718 and CVE-2025-59719 Leading to Full System Compromise ∗∗∗ --------------------------------------------- Earlier this year, Truesec CSIRT responded to multiple incidents related to the two FortiCloud single-sign-on (SSO) vulnerabilities from December 2025 (tracked as CVE-2025-59718 and CVE-2025-59719). In this blog post, we share our insights into threat actors’ activities and methods for compromising an environment. --------------------------------------------- https://www.truesec.com/hub/blog/vulnerability-cve-2025-59718-and-cve-2025-5...

∗∗∗ Routerhersteller fordern Kontrolle importierter Geräte ∗∗∗ --------------------------------------------- EU-Sicherheitsvorschriften für 5G-Mobilfunk sollen Spionage vorbeugen. Für Heimnetzwerke gibt es keine entsprechenden Regeln, kritisieren nun Hersteller. --------------------------------------------- https://heise.de/-11331799

∗∗∗ 152 Chrome Live Wallpaper Extensions Hid Ad Tracking and Faked Google Search Traffic ∗∗∗ --------------------------------------------- Sockets Threat Research Team identified a family of 152 Chrome Web Store new-tab "live wallpaper" extensions, built from one shared codebase but distributed across 38 separate Chrome Web Store publisher accounts and three brand backends, carrying a combined total of approximately 105,000 reported installs. --------------------------------------------- https://socket.dev/blog/152-chrome-live-wallpaper-extensions-hid-ad-tracking

∗∗∗ Präparierte PDF-Datei kann Avira Antivirus gefährlich werden ∗∗∗ --------------------------------------------- In einer Schwachstellendatenbank sind Lücken in Avira Antivirus aufgetaucht. Bislang listet der Softwarehersteller die Lücken nicht auf. Sie sind aber gepatcht. --------------------------------------------- https://www.heise.de/news/Praeparierte-PDF-Datei-kann-Avira-Antivirus-gefaeh...

∗∗∗ LibreNMS Authenticated RCE (< 26.5.0) ∗∗∗ --------------------------------------------- When theres one, theres normally more. This is a part 2 to our previous post on LibreNMS. This vulnerability allows an admin user to inject commands that are passed to the exec function, which will then be executed as the user running the poller. --------------------------------------------- https://projectblack.io/blog/librenms-authenticated-rce-26-5-0/

∗∗∗ Why Use App-Level Auth When Every Database Has Auth? (Splunk Enterprise CVE-2026-20253 Pre-Auth RCE) ∗∗∗ --------------------------------------------- On June 10th, Splunk published this CVE-2026-20253 advisory [..] It has everything that we love: No authentication requirements, An almost full-mark CVSS score, Claims to be a security product, Vulnerability name longer than the average piece of spaghetti. --------------------------------------------- https://labs.watchtowr.com/why-use-app-level-auth-when-every-database-has-au...

===================== = Vulnerabilities = =====================

∗∗∗ Splunk: SVD-2026-0603: Unauthenticated Arbitrary File Creation and Truncation in a PostgreSQL Sidecar Service Endpoint in Splunk Enterprise ∗∗∗ --------------------------------------------- In Splunk Enterprise versions below 10.2.4 and 10.0.7, an unauthenticated user could create or truncate arbitrary files through a PostgreSQL sidecar service endpoint. The vulnerability exists because the PostgreSQL sidecar service endpoint lacks authentication controls, allowing any network-reachable user to invoke file operations without credentials. --------------------------------------------- https://advisory.splunk.com//advisories/SVD-2026-0603

∗∗∗ phpBB: Kritische Sicherheitslücke ermöglicht Kompromittierung ∗∗∗ --------------------------------------------- In der Forensoftware phpBB haben IT-Forscher eine kritische Sicherheitslücke entdeckt, die Zugang mit jedem angelegten Konto ermöglicht. --------------------------------------------- https://www.heise.de/news/phpBB-Kritische-Sicherheitsluecke-ermoeglicht-Komp...

∗∗∗ LWN: Security updates for Monday ∗∗∗ --------------------------------------------- https://lwn.net/Articles/1077945/

∗∗∗ Zahlreiche kritische Schwachstellen in Wertheim SafeController Software for VAULT ROOMS (Safe Deposit Locker System) ∗∗∗ --------------------------------------------- https://sec-consult.com/de/vulnerability-lab/advisory/zahlreiche-kritische-s...