Tageszusammenfassung - 05.06.2026

End-of-Day report

Timeframe: Mittwoch 03-06-2026 18:00 - Freitag 05-06-2026 18:00 Handler: Michael Schlagenhaufer Co-Handler: n/a

News

Unauthenticated RCE as QSECOFR via IBM i Management Central

Management Central is one of those services that has been running quietly on IBM i systems for over two decades. Many administrators don-t know it-s there, and its protocol security missed the scrutiny of researchers until now. The combination of a custom binary protocol, client-controlled authentication flags, and a derived usedForAuth field that can be trivially satisfied resulted in unauthenticated root-level command execution.

https://blog.silentsignal.eu/2026/06/05/unauthenticated-rce-as-qsecofr-via-ibm-i-management-central/

New IronWorm malware hits 36 packages in npm supply-chain attack

A new supply-chain attack has infected 36 packages on the Node Package Manager (npm) index with infostealer malware called IronWorm. The malware targets 86 environment variables (key-value pairs) and 20 credential files that may contain OpenAI, AWS, Anthropic, and npm credentials, vault configuration files, SSH keys, and Exodus cryptocurrency wallet files.

https://www.bleepingcomputer.com/news/security/new-ironworm-malware-hits-36-packages-in-npm-supply-chain-attack/

Software supply chain attacks: check your dependencies

This blog, aimed at cyber security professionals, exposes the insidious nature of recent attacks, underlining the growing threat from software supply chains, and how attackers are able to exploit them. We explain how organisations can check if they have been affected by such a supply chain attack, and recommend actions to take to mitigate compromise and prevent further spread.

https://www.ncsc.gov.uk/blogs/software-supply-chain-attacks-check-your-dependencies

Google DoubleClick Abused in New Malspam Campaign to Deliver DesckVB RAT

Cybersecurity researchers have flagged a new malspam campaign that makes use of Googles DoubleClick domain as a way to evade detection and ultimately deliver a remote access trojan (RAT) named DesckVB RAT. [..] The attack begins when an unsuspecting user opens an HTML file that's attached to a phishing email. The file triggers a meta-refresh browser redirect to a Google DoubleClick Campaign Manager click-tracking URL, from where the user is steered to another redirector, which decodes the Base64-encoded email address and leads the victim to a landing page containing a "Download PDF" button.

https://thehackernews.com/2026/06/google-doubleclick-abused-in-new.html

Fake Sites Mimicking Open-Source Tools Rank High on Google to Deliver Malware via TDS

Cybersecurity researchers have flagged a large-scale operation that impersonates open-source and freeware projects to funnel unsuspecting users through a Traffic Distribution System (TDS) and deliver malware families like Remus Stealer, AnimateClipper, and the SessionGate framework. [..] Attack chains specifically target users looking for such tools on search engines like Google, causing the bogus sites to be surfaced on top of the search results.

https://thehackernews.com/2026/06/fake-sites-mimicking-open-source-tools.html

EU-Paket für digitale Souveränität: -Gefahr einer technologischen Entkopplung-

Das neue Tech-Souveränitätspaket der EU erntet gemischte Reaktionen: Open-Source-Verfechter jubeln, doch US-Branchenverbände warnen vor schweren Marktstörungen.

https://heise.de/-11318218

Analyse zum Souveränitätspaket der EU: Krisenfest per Gesetz?

Die EU-Kommission hat ein großes Paket vorgestellt, das den Staatenbund technologisch souveräner machen soll. Immerhin ein Anfang, analysiert Falk Steiner.

https://heise.de/-11318875

Federal Audit Finds NIST Wasted Funds With No Plan to Clear NVD Backlog

A newly released federal audit now documents NIST-s long-running NVD backlog, with findings that are hard to square with two years of public assurances that the database was being brought back under control.

https://socket.dev/blog/federal-audit-finds-nist-wasted-funds-with-no-plan-to-clear-nvd-backlog

A Post-Quantum Future for Lets Encrypt

Let-s Encrypt is committed to a post-quantum-safe Web PKI. The path we-re planning to take is Merkle Tree Certificates (-MTCs-), a new approach that adds post-quantum authentication to the web without sacrificing the speed and reliability that have made TLS universal. This post is about these plans and why we believe MTCs are worth pursuing as a key to a post-quantum future.

https://letsencrypt.org/2026/06/03/pq-certs.html

The Interesting Case of WSL for Payload Staging

Windows Subsystem for Linux (WSL) lets you run a Linux environment directly on Windows without a traditional virtual machine or dual-boot setup. [..] This is a case study in indirect command execution - a class of techniques where the process responsible for a malicious action is not the process that appears in telemetry.

https://detect.fyi/the-interesting-case-of-wsl-for-payload-staging-bfaa0f69329a?source=rssd5fd8f494f6a4

IT-Forscher zeigen anpassungsfähigen KI-Wurm

IT-Forscher untersuchen, ob künstliche Intelligenz eine Bedrohung darstellt. Dabei haben sie eine neue Bedrohungsart entwickelt: Ein KI-Wurm, der maßgeschneiderte Angriffe auf jedes Ziel startet, dem er begegnet.

https://www.heise.de/news/IT-Forscher-zeigen-anpassungsfaehigen-KI-Wurm-11318083.html

Threat Brief: Active Exploitation of PAN-OS CVE-2026-0257

We include indicators of activity and mitigations for PAN-OS vulnerability CVE-2026-0257.

https://unit42.paloaltonetworks.com/active-exploitation-of-pan-os-cve-2026-0257/

Vulnerabilities

Drupal: Anti-Spam by CleanTalk - Moderately critical - Cross site scripting - SA-CONTRIB-2026-042

https://www.drupal.org/sa-contrib-2026-042

Drupal: Commerce Core - Moderately critical - Cross site scripting - SA-CONTRIB-2026-041

https://www.drupal.org/sa-contrib-2026-041

Drupal: TacJS - Moderately critical - Improper Access Control - SA-CONTRIB-2026-040

https://www.drupal.org/sa-contrib-2026-040

Drupal: LocalGov Workflows - Moderately critical - Information disclosure - SA-CONTRIB-2026-039

https://www.drupal.org/sa-contrib-2026-039