End-of-Day report
Timeframe: Donnerstag 09-07-2026 18:00 - Freitag 10-07-2026 18:00
Handler: Michael Schlagenhaufer
Co-Handler: n/a
News
Unpatched XRING Flaw in XQUIC Lets Remote Clients Crash HTTP/3 Servers
A single wrong variable on one line in XQUIC, Alibabas QUIC and HTTP/3 library, lets any remote client crash the server with a short burst of completely legal traffic. There is no patch. FoxIO researcher Sébastien Féry disclosed the flaw on July 8 and nicknamed it XRING. He says it needs no login and no malformed packets: about 260 bytes of ordinary QPACK traffic takes the server process down. [..] FoxIO demonstrated a crash, not code execution, and reported no exploitation in the wild. [..] XRING is the latest in a string of remote crashes in HTTP/2 and HTTP/3 stacks.
https://thehackernews.com/2026/07/unpatched-xring-flaw-in-xquic-lets.html
Exposed Hacker Server Reveals WP-SHELLSTORM Backdooring Thousands of WordPress Sites
A cybercrime crew left one of its own servers wide open on the internet for three weeks, and it exposed the operations inner workings: the hacking tools, the activity logs, and target lists naming more than 1.4 million websites. Far fewer were actually broken into, but the exposed files showed researchers how a mass site-hacking operation runs from the inside.
https://thehackernews.com/2026/07/exposed-hacker-server-reveals-wp.html
Software developers are the target. New trojan attacks supply chains and inflicts multifaceted damage on infected PCs
A new trojan engaging in supply chain attacks has recently come under the scrutiny of our antivirus laboratory. The malware primarily targets C++ and C# project files. This malicious sample is particularly dangerous as its payload incorporates multiple damaging features, allowing it to steal data, access clipboard content, operate as a backdoor, engage in rogue mining and also infect other files. [..] It mainly spreads over the Internet via infected executable files and Python scripts. The infection process is quite complex, so let-s examine the entire sequence phase by phase.
https://news.drweb.com/show/?i=15276&lng=en&c=9
"Comment stuffing" in an HTML phishing attachment as a mechanism for evading AI-based detection?, (Fri, Jul 10th)
Anyone who deals with phishing messages caught by basic security filters knows that most phishing samples tend to blend into one another, since only a small set of techniques and approaches keeps reappearing in them. That is precisely why it is worth pausing on the occasional message that does something a little out of the ordinary.
https://isc.sans.edu/diary/rss/33144
npm 12 Disables Install Scripts by Default to Reduce Supply Chain Risk
GitHub has officially announced the release of npm version 12 with install scripts disabled by default, along with deprecating granular access tokens (GATs) designed to bypass two-factor authentication (2FA).
https://thehackernews.com/2026/07/npm-12-disables-install-scripts-by.html
Microsoft warns customers AI will mean busier Patch Tuesdays
More patches mean more reasons to buy Redmond-s auto-patching tools
https://www.theregister.com/security/2026/07/10/microsoft-warns-customers-ai-will-mean-busier-patch-tuesdays/5269618
GigaWiper: Anatomy of a destructive backdoor assembled from multiple malware
In October 2025, Microsoft Threat Intelligence identified destructive wiping activity and uncovered a sophisticated Go programming language (Golang)-based backdoor we now track as GigaWiper, a versatile implant that combines robust command-and-control (C2) capabilities with multiple destructive payloads, including disk wiping, fake ransomware, and system-level sabotage. [..] In this blog, we provide a code-level analysis of GigaWiper-s architecture.
https://www.microsoft.com/en-us/security/blog/2026/07/09/gigawiper-anatomy-of-a-destructive-backdoor-assembled-from-multiple-malware/
Flying with the Flipper Zero
Why is the world so alarmed about taking the Flipper on board planes? Is it just poorly educated armchair cyber commentators of the -don-t use open Wi-Fi / USB juicejacking- style of fearmongering, or is there something to it? [..] Flippers are not a threat to the safety of a flight.
https://www.pentestpartners.com/security-blog/flying-with-the-flipper-zero/
Organized Cybercrime Merging with Other Crime
In a recent report, the FBI warns that Silent Ransom Group has also begun recruiting gig workers in the victims- area under the guise of hiring helpdesk personnel. Gig workers are people who earn money through short-term, flexible jobs rather than a traditional permanent role. They are usually paid per task, project or assignment.
https://www.truesec.com/hub/blog/organized-cybercrime-merging-with-other-crime
Wiz in the Verizon DBIR: How AI Acceleration and Cloud Sprawl Impact Modern Defense
Verizons latest DBIR highlights how attackers are exploiting familiar weaknesses at increasing speed and scale. [..] The lesson from this year's DBIR is that familiar weaknesses remain highly effective when combined with cloud scale, interconnected trust relationships, and increasingly rapid exploitation cycles.
https://www.wiz.io/blog/verizon-dbir-2026-ai-cloud-security
Vulnerabilities
GitLab Patch Release: 19.1.2, 19.0.4, 18.11.7
https://docs.gitlab.com/releases/patches/patch-release-gitlab-19-1-2-released/
LWN: Security updates for Friday
https://lwn.net/Articles/1082272/