Tageszusammenfassung - 17.06.2026

End-of-Day report

Timeframe: Dienstag 16-06-2026 18:00 - Mittwoch 17-06-2026 18:00 Handler: Alexander Riepl Co-Handler: n/a

News

Kodak confirms data breach claimed by ShinyHunters extortion gang

Kodak has confirmed that its working with external cybersecurity experts to investigate a security breach after hackers gained access to some of the companys data.

https://www.bleepingcomputer.com/news/security/kodak-confirms-data-breach-claimed-by-shinyhunters-extortion-gang/

Historischer Anstieg: KI lässt Anzahl gemeldeter Sicherheitslücken explodieren

Neuen Hochrechnungen zufolge könnten 2026 etwa 66.000 neue Sicherheitslücken registriert werden. Im Vorjahr waren es noch deutlich weniger.

https://www.golem.de/news/historischer-anstieg-ki-laesst-anzahl-gemeldeter-sicherheitsluecken-explodieren-2606-209853.html

Fußball-WM: Offizielles Streamingportal der Fifa gehackt

Eine Forscherin hat eine unzureichende Sicherheitsprüfung bei Systemen der Fifa entdeckt. Angreifer hätten Streams der laufenden WM sabotieren können.

https://www.golem.de/news/fussball-wm-offizielles-streamingportal-der-fifa-gehackt-2606-209873.html

France To Stop Certifying Products Without Quantum-Safe Encryption

Starting in 2027, Frances cybersecurity agency ANSSI will stop certifying security products that lack quantum-resistant encryption, effectively forcing government agencies and critical infrastructure operators to phase out older cryptographic systems. Reuters reports: Samih Souissi, ANSSIs chief of staff, said at the France Quantum conference that ..

https://it.slashdot.org/story/26/06/16/181236/france-to-stop-certifying-products-without-quantum-safe-encryption

WordPress PBN Plugin Drops Dual Webshells via Database Injection

During a recent incident response engagement, our team uncovered a multi-stage WordPress infection that goes beyond the usual file-based malware. The attacker combined a fake plugin, a remote command-and-control server, and two PHP web shells stored directly inside the WordPress database.The campaign is operated by a Turkish-speaking threat actor ..

https://blog.sucuri.net/2026/06/wordpress-pbn-plugin-drops-dual-webshells-via-database-injection.html

CISA Warns of Actively Exploited Joomla JCE Flaw Allowing PHP Code Execution

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a maximum-severity security flaw impacting Widget Factory Joomla Content Editor (JCE) to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.

https://thehackernews.com/2026/06/cisa-warns-of-actively-exploited-joomla.html

Three critical Fortinet sandbox bugs splattered by unknown attackers

All have patches, so make sure you upgrade to a fixed version

https://www.theregister.com/security/2026/06/16/three-critical-fortinet-sandbox-bugs-splattered-by-unknown-attackers/5256461

-Dangerous- AI Models Are Coming No Matter What

The US government crackdown on Anthropic-s Claude Fable 5 and Mythos 5 hides a glaring truth: AI models with advanced hacking capabilities will soon be the norm.

https://www.wired.com/story/dangerous-ai-models-are-coming-no-matter-what/

Mehrere Plug-ins für JetBrains-IDEs stehlen API-Keys für OpenAI, DeepSeek & Co.

Mindestens 15 Plug-ins für JetBrains-IDEs übermitteln API-Keys an einen externen Server. Dabei bieten sie ansonsten die versprochenen Funktionen.

https://www.heise.de/news/Mehrere-Plug-ins-fuer-JetBrains-IDEs-stehlen-API-Keys-fuer-OpenAI-DeepSeek-Co-11335021.html

Android 17 hat direkt Sicherheitspatches mit an Bord

Googles Entwickler haben in der Launchversion von Android 17 diverse Sicherheitslücken geschlossen.

https://www.heise.de/news/Android-17-hat-direkt-Sicherheitspatches-mit-an-Bord-11335345.html

Angriffe auf FortiSandbox-Schwachstellen

Schwachstellen in FortiSandbox sind derzeit Ziel von Angriffen im Internet. Patches zum Absichern stehen seit April bereit.

https://www.heise.de/news/Angriffe-auf-FortiSandbox-Schwachstellen-11335667.html

NIS2-Mahnung: BSI setzt neue Frist zur Registrierung bis Ende Juli

Die Registrierungszahlen zum IT-Sicherheitsgesetz enttäuschen. Das BSI mahnt Firmen, NIS2-Vorgaben einzuhalten, und gibt eine neue Deadline vor.

https://www.heise.de/news/NIS2-Mahnung-BSI-setzt-neue-Frist-zur-Registrierung-bis-Ende-Juli-11336134.html

GitHub dismissed security reports on flaws now exploited by supply-chain worm, researchers say

GitHub rejected two formal vulnerability reports identifying design flaws that researchers say are enabling variants of the Shai-Hulud supply-chain worm to infect and compromise hundreds of software packages and developer accounts worldwide.

https://therecord.media/github-dismissed-reports-shai-hulud-deep-specter

Reducing Microsoft Sentinel Costs Without Compromising Detection - Part 1: The Summary Rules Quest

This blog is the first in a series exploring how Summary Rules, together with Auxiliary or Data Lake storage, can help organizations optimize SIEM costs without compromising core threat detection and monitoring capabilities.

https://blog.nviso.eu/2026/06/17/reducing-microsoft-sentinel-costs-without-compromising-detection-part-1-the-summary-rules-quest/

FortiBleed - 75k Fortinet firewalls have admin passwords cracked

An interesting post popped up on LinkedIn at the weekend from Voldymyr Diachenko saying plain text passwords were found in the wild by Hunt Intelligence Inc for Fortinet firewalls ..

https://doublepulsar.com/fortibleed-75k-fortinet-firewalls-have-admin-passwords-cracked-60299faa65f8

Threat tactic spotlight: Subdomain takeover

In this blog post you-ll learn how to detect and prevent subdomain takeover - a tactic where threat actors exploit dangling DNS records to redirect traffic to attacker-controlled resources. We-ll explain the issue, how the situation arises, and how you can use various AWS features and services to help mitigate the impact of this tactic.

https://aws.amazon.com/blogs/security/threat-tactic-spotlight-subdomain-takeover/

Vulnerabilities