===================== = End-of-Day report = =====================
Timeframe: Donnerstag 25-06-2026 18:00 − Freitag 26-06-2026 18:00 Handler: Alexander Riepl Co-Handler: Michael Schlagenhaufer
===================== = News = =====================
∗∗∗ New macOS malware embeds fake errors to confuse AI analysis tools ∗∗∗ --------------------------------------------- A newly discovered macOS malware dubbed "Gaslight" is designed to confuse AI-assisted malware analysis tools by hiding prompt injection strings and fake debugging data within the executable. --------------------------------------------- https://www.bleepingcomputer.com/news/security/new-macos-malware-embeds-fake...
∗∗∗ Order-tracking app Shop abused to push callback phishing attacks ∗∗∗ --------------------------------------------- Threat actors are increasingly abusing Shop, the order-tracking app from Shopify, by adding fake purchase receipts in users order histories to trick them into providing sensitive data or installing remote access software. --------------------------------------------- https://www.bleepingcomputer.com/news/security/order-tracking-app-shop-abuse...
∗∗∗ Security boss thought MFA would be too much security ∗∗∗ --------------------------------------------- One rule for the workers, another for execs --------------------------------------------- https://www.theregister.com/security/2026/06/26/security-boss-thought-mfa-wo...
∗∗∗ Miasma campaign poisons 20-plus npm packages, hunts for developer secrets ∗∗∗ --------------------------------------------- Microsoft says latest attack targets Leo Platform and RStreams packages, harvesting creds and going after more maintainers --------------------------------------------- https://www.theregister.com/security/2026/06/26/miasma-campaign-poisons-20-p...
∗∗∗ Amazon Q flaw let booby-trapped Git repos execute code, swipe cloud creds ∗∗∗ --------------------------------------------- Researchers warn many AI coding assistants now execute commands from project configurations --------------------------------------------- https://www.theregister.com/cyber-crime/2026/06/26/amazon-q-flaw-let-booby-t...
∗∗∗ YouTube-Werbeblocker mit 11 Millionen Installationen mit möglicher Hintertür ∗∗∗ --------------------------------------------- Adblock for YouTube kommt auf mehr als 11 Millionen Installationen. Es kann jedoch unkontrolliert Script-Code in jede Seite injizieren. --------------------------------------------- https://www.heise.de/news/YouTube-Werbeblocker-mit-11-Millionen-Installation...
∗∗∗ Polymarket: Kriminelle sollen Kryptowerte in Millionenhöhe gestohlen haben ∗∗∗ --------------------------------------------- Bei Polymarket haben Angreifer über eingeschleusten Schadcode Geld von Nutzerkonten gestohlen. Das Wettportal will Betroffene entschädigen. --------------------------------------------- https://www.heise.de/news/Polymarket-Kriminelle-entwenden-Kryptowerte-in-Mil...
∗∗∗ Malware steals Chrome session cookies to take over your accounts ∗∗∗ --------------------------------------------- A phishing campaign installs a malicious Chrome extension to hijack browser sessions and compromise Windows devices. --------------------------------------------- https://www.malwarebytes.com/blog/news/2026/06/malware-steals-chrome-session...
∗∗∗ The "Akrites" vulnerability-mitigation project launches ∗∗∗ --------------------------------------------- The Linux Foundation, in aletter co-signed by a large range of organizations and companies, hasannounced the launch of "Akrites", a project to fast-track vulnerabilityfixes into projects. As Akrites works upstream to fix projects at the source, we commit to support downstream efforts to secure critical infrastructure before it can be exploited. When patches are .. --------------------------------------------- https://lwn.net/Articles/1079657/
∗∗∗ Russia used social engineering to breach prominent messaging accounts, Ukraine says ∗∗∗ --------------------------------------------- Ukraines SBU described a long-running Russian operation that used fake tech-support workers to persuade people to hand over credentials to their messaging apps. --------------------------------------------- https://therecord.media/russia-ukraine-social-engineering-messaging-accounts
∗∗∗ DHS chief says president has met with likely CISA nominee; agency plans to hire 600 ∗∗∗ --------------------------------------------- Once a new CISA director is in place, the agency will ramp up hiring efforts, Homeland Security Secretary Markwayne Mullin told lawmakers. The White House has not yet announced a nominee. --------------------------------------------- https://therecord.media/cisa-director-nominee-workforce-hires-mullin-house-h...
∗∗∗ macOS Flaw Allowed Standard Users to Disable CrowdStrike and Kandji Security Tools ∗∗∗ --------------------------------------------- A macOS XPC flaw let regular users disable CrowdStrike and Kandji tools, exposing security gaps that vendors patched after XM Cyber reported the security issue. --------------------------------------------- https://hackread.com/macos-flaw-users-disable-crowdstrike-kandji-security-to...
∗∗∗ Miasma Mini Shai-Hulud Hits LeoPlatform npm Packages and GitHub Actions, Expands to the Go Ecosystem ∗∗∗ --------------------------------------------- Latest wave affects LeoPlatform/RStreams npm packages, three llxlr-published npm packages, the Verana Blockchain Go module, and GitHub Actions/developer-tool workflows.Socket Threat Research is tracking a new .. --------------------------------------------- https://socket.dev/blog/miasma-mini-shai-hulud-hits-leoplatform-npm-packages...
===================== = Vulnerabilities = =====================
∗∗∗ Synology-SA-26:11 Synology MailPlus Server ∗∗∗ --------------------------------------------- https://www.synology.com/en-global/support/security/Synology_SA_26_11
∗∗∗ [R2] Nessus Version 10.12.1 Fixes SQL Injection Vulnerabilities ∗∗∗ --------------------------------------------- https://www.tenable.com/security/tns-2026-17
∗∗∗ [R3] Tenable Identity Exposure Version 3.93.5 Fixes Multiple Vulnerabilities ∗∗∗ --------------------------------------------- https://www.tenable.com/security/tns-2026-16