Tageszusammenfassung - 02.07.2026

End-of-Day report

Timeframe: Mittwoch 01-07-2026 18:00 - Donnerstag 02-07-2026 18:00 Handler: Michael Schlagenhaufer Co-Handler: Guenes Holler

News

Cisco finally confirms attackers exploiting Unified CM flaw

Cisco confirmed that attackers are now exploiting a Unified Communications Manager (Unified CM) vulnerability patched in early June.

https://www.bleepingcomputer.com/news/security/cisco-finally-confirms-attackers-exploiting-unified-cm-flaw/

6 security settings every GitHub maintainer should enable this week

These six free settings will not make your project unhackable. Nothing will. What they will do is close the easy doors. Turn these on, and your project will be meaningfully harder to attack than it was before.

https://github.blog/security/6-security-settings-every-github-maintainer-should-enable-this-week/

Ransomware im Anmarsch: Hacker greifen mit fieser Interpol-Masche an

Angreifer geben sich bei Unternehmen als Personal von Interpol aus und ködern mit angeblichen Beweismitteln. Doch stattdessen gibt es Ransomware.

https://www.golem.de/news/ransomware-im-anmarsch-hacker-greifen-mit-fieser-interpol-masche-an-2607-210436.html

Falsche Rechnungen und Chatpartner bei ZumDaten, MichVerlieben & Co.

Eine Rechnung über mehrere hundert Euro von einer Datingplattform, bei der Sie nie ein Konto angelegt haben? Genau das berichten derzeit zahlreiche Betroffene. Doch nicht nur Menschen, die sich nie angemeldet haben, geraten ins Visier: Auch Registrierte können durch fragwürdige Praktiken viel Geld verlieren. Was hinter den Maschen von michverlieben.com, zumdaten.com und Co. steckt - und wie Sie sich dagegen wehren können.

https://www.watchlist-internet.at/news/falsche-zahlungsaufforderungen-von-datingplattformen/

New ChocoPoC malware targets researchers via trojanized PoC exploits

Multiple weaponized proof-of-concept (PoC) exploits on GitHub were found delivering a Python-based remote access trojan (RAT) named ChocoPoC that can execute commands and steal sensitive data in a campaign believed to target cybersecurity researchers.

https://www.bleepingcomputer.com/news/security/new-chocopoc-malware-targets-researchers-via-trojanized-poc-exploits/

Medtronic notifies customers impacted by ShinyHunters data breach

Healthcare device firm Medtronic is notifying affected customers about a data breach that exposed their personal data to an unauthorized third party.

https://www.bleepingcomputer.com/news/security/medtronic-notifies-customers-impacted-by-shinyhunters-data-breach/

Opera rolls out Paste Protect feature to fight ClickFix attacks

Opera has introduced Paste Protect, a security feature designed to block ClickFix-style attacks that trick users into executing malicious commands through social engineering.

https://www.bleepingcomputer.com/news/security/opera-rolls-out-paste-protect-feature-to-fight-clickfix-attacks/

VEIL#DROP Malware Chain Uses Blogger Platform to Deliver PureLogs Stealer

Cybersecurity researchers have flagged a new multi-stage malware delivery attack chain that uses social engineering and Blogger pages to deliver an information stealer called PureLogs.

https://thehackernews.com/2026/07/veildrop-malware-chain-uses-blogger.html

Unpatched Argo CD Repo-Server Flaw Could Let Attackers Take Over Kubernetes Clusters

Argo CD, a widely used tool for deploying software to Kubernetes, has an unpatched flaw in its repo-server component that lets an unauthenticated attacker run code, provided they can reach the component's internal network port. Synacktiv, which found the bug, says it can lead to a full cluster takeover. There is no fix and no CVE. The firm says it reported the flaw to Argo CD's maintainers in January 2025; roughly eighteen months later, it remains unpatched, so it published the details to warn users.

https://thehackernews.com/2026/07/unpatched-argo-cd-repo-server-flaw.html

FortiBleed Credential Theft Linked to INC and Lynx Ransomware Operations

The recently discovered financially-motivated FortiBleed campaign has been attributed to INC and Lynx ransomware operations, indicating that the verified, stolen credentials were intended for follow-on intrusions.

https://thehackernews.com/2026/07/fortibleed-credential-theft-linked-to.html

Fehler in -E-Mail-Adresse verbergen- von Apple weiter ohne Fix

-Hide my E-Mail- oder -E-Mail-Adresse verbergen- soll eigentlich User vor Spam und Co. schützen. Es gibt aber eine Lücke. Die Entdecker warten weiter auf Apple.

https://heise.de/-11351055

PamStealer: a Rust-based macOS infostealer that validates credentials through PAM

Jamf Threat Labs investigates PamStealer, a macOS infostealer disguised as the legitimate Maccy clipboard manager that uses a two-stage attack chain to silently harvest data and clipboard contents while evading detection.

https://www.jamf.com/blog/pamstealer-macos-infostealer-applescript-rust/

Vulnerabilities

WinRAR flaw could allow attackers to take control of your computer

A new WinRAR update fixes a serious security flaw, but without automatic updates many users could miss the patch.

https://www.malwarebytes.com/blog/news/2026/07/winrar-flaw-could-allow-attackers-to-take-control-of-your-computer

Schwachstellen in Synology MailPlus Server lassen Angreifer passieren

Netzwerkspeicher von Synology mit MailPlus Server sind attackierbar. Ein Sicherheitspatch schafft Abhilfe.

https://heise.de/-11351331

ClamAV Vulnerabilities Affecting Cisco Products: July 2026

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-88cFYyxR

Cisco Catalyst Center Arbitrary File Read Vulnerability

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-catc-file-read-wLH2vf8X

Drupal Security Advisories 2026-July-01

https://www.drupal.org/security

SVD-2026-0701: Third-Party Package Updates in Python for Scientific Computing - July 2026

https://advisory.splunk.com//advisories/SVD-2026-0701

LWN Security updates for Thursday

https://lwn.net/Articles/1080956/