End-of-Day report
Timeframe: Dienstag 02-06-2026 18:00 - Mittwoch 03-06-2026 18:00
Handler: Michael Schlagenhaufer
Co-Handler: n/a
News
Absicherung von Software: Anthropic öffnet -Project Glasswing- für Europa
Anthropic will den Zugriff auf sein leistungsstärkstes KI-Modell Mythos deutlich ausweiten und Organisationen in mehr als 15 Staaten damit nach Sicherheitslücken in systemrelevanter Software suchen lassen. Das hat das KI-Unternehmen jetzt mitgeteilt, ohne das aber aufzuschlüsseln. [..] Anthropic hat Mythos Anfang April vorgestellt und erklärt, dass das Modell so gefährlich sei, dass es nur Firmen zur Verfügung gestellt wird, die an IT-Sicherheit arbeiten.
https://heise.de/-11316440
Trump gibt sich exklusiven Zugriff auf neue KI vor allen anderen
Geheimes Benchmarking von KI, Zugriff für die US-Regierung vor allen anderen, staatliche Suche nach Software-Bugs. Das und mehr ordnet der US-Präsident an.
https://www.heise.de/news/Trump-gibt-sich-exklusiven-Zugriff-auf-neue-KI-vor-allen-anderen-11316188.html
Android bekommt Anrufererkennung gegen Betrugsanrufe
Google baut einen neuen Mechanismus in Android ein, der betrügerische Anrufe mit gefälschten Kontakten unterbinden soll. Betrugsversuche mit gefälschten Caller-IDs (der übertragenen Anrufer-Rufnummer) soll das eindämmen.
https://heise.de/-11316362
Codex Discovered a Hidden HTTP/2 Bomb
We-re publishing HTTP/2 Bomb, a remote denial-of-service exploit against most major web servers, including: nginx, Apache httpd, Microsoft IIS, Envoy, Cloudflare Pingora [..] The vulnerable behavior exists in each server's default HTTP/2 configuration. [..] A curious search on Shodan revealed 880,000+ websites supporting HTTP/2 and running one of these servers, though many sit behind a CDN, which is much harder to bring down. [..] A home computer on a 100Mbps connection can render a vulnerable server inaccessible within seconds. [..] We disclosed the issue to nginx in April. They responded by importing the max_headers directive from freenginx, shipping it in 1.29.8 the next day. At this point, we consider the attack public.
https://blog.calif.io/p/codex-discovered-a-hidden-http2-bomb
Over 116,000 Mincraft systems infected in WeedHack malware campaign
A large-scale malware campaign dubbed WeedHack is targeting Minecraft players and has infected more than 116,000 systems since January. The malware is distributed through Minecraft-related malicious mods, clients, cheats, and utilities that are promoted over YouTube and SEO (search engine optimization) poisoning.
https://www.bleepingcomputer.com/news/security/over-116-000-mincraft-systems-infected-in-weedhack-malware-campaign/
Argamal: Malware hidden in hentai games
The DLLs were spawned by different games written using various game engines and programming languages, including RenPy (Python) and RPG Maker MV (JavaScript), among others. However, they all had one thing in common: they were all hentai games.
https://securelist.com/argamal-rat-distributed-with-hentai-games/119999/
Espionage Campaign Targeted Stock Exchange Executive for Five Months
The attackers' focus throughout was on a single objective: long-term, incremental theft of the contents of a single Outlook mailbox, exfiltrated through Dropbox and OneDrive Personal in small batches over a period of five months to avoid raising suspicions or triggering alerts on the system. This was a tightly focused and highly targeted campaign, with five months being a significant dwell time for an attacker. It is notable to see the different techniques and approaches used by the attacker in order to stay under the radar and maintain persistent access. [..] The initial infection vector used by the attackers in this incident is unknown.
https://www.security.com/threat-intelligence/stock-exchange-espionage
Vulnerabilities
Acer working to patch max severity zero-days in Wave 7 routers
Acer is working to address two maximum-severity zero-day vulnerabilities affecting its Wave 7 mesh routers. [..] The first zero-day, a broken access control vulnerability tracked as CVE-2026-49200, can allow unauthenticated attackers to remotely access plaintext credentials stored in log archives. [..] The second one (CVE-2026-49201) stems from a hardcoded cryptographic key that lets remote attackers without privileges gain persistent backdoor access to the router. [..] While no security patches are available yet for these two flaws, Acer says it's working on fixes that should be released by the end of the month.
https://www.bleepingcomputer.com/news/security/acer-warns-of-max-severity-zero-days-affecting-wave-7-routers/
Unpatched Windows Search URI Vulnerability Lets Attackers Steal NTLMv2 Hashes
Cybersecurity researchers have disclosed details of an unpatched issue that could be exploited to disclose a users NTLMv2 hash to the attacker. [..] As a result, a threat actor could leverage the captured hash to conduct relay attacks and gain deeper access into a network. Following responsible disclosure on April 15, 2026, Microsoft declined to address the issue, stating "only Important and Critical severity cases meet our bar for servicing."
https://thehackernews.com/2026/06/unpatched-windows-search-uri.html
GitHub-Drama 1: Sicherheitsforscher veröffentlicht 0-Day-Schwachstelle
Ein weiterer Sicherheitsforscher hat die koordinierte Offenlegung von Schwachstellen beim Microsoft Security Resource Center (MSRC) übersprungen und eine kritische 1-Klick-GitHub-Schwachstelle öffentlich gemacht. Mit der Schwachstelle in VSCode lassen sich GitHub-Tokens stehlen, und der Entdecker hatte keine Lust mit dem MSRC zu diskutieren. [..] Der Sicherheitsforscher hat einen funktionierenden Proof-of-Concept veröffentlicht. [..] Er empfiehlt, die Daten der Website http://github[.]dev zu löschen, um das Risiko zu mindern, solange das Problem öffentlich bekannt ist.
https://borncity.com/blog/2026/06/03/github-drama-1-sicherheitsforscher-veroeffentlicht-0-day-schwachstelle/
LWN: Security updates for Wednesday
https://lwn.net/Articles/1076117/
Mozilla: Security Vulnerabilities fixed in Firefox 151.0.3
https://www.mozilla.org/en-US/security/advisories/mfsa2026-54/
Paloalto: CVE-2026-0249 GlobalProtect App: Certificate Validation Bypass Vulnerabilities (Severity: LOW)
https://security.paloaltonetworks.com/CVE-2026-0249
Solarwinds: WHD 2026.2 release notes
https://documentation.solarwinds.com/en/success_center/whd/content/release_notes/whd_2026-2_release_notes.htm