End-of-Day report
Timeframe: Freitag 29-05-2026 18:00 - Montag 01-06-2026 18:00
Handler: Michael Schlagenhaufer
Co-Handler: n/a
News
Miasma: Supply Chain Attack Targeting RedHat npm Packages
Detect and mitigate malicious npm packages linked to the latest npm supply chain attack, based on the open sourced Mini Shai-Hulud malware.
https://www.wiz.io/blog/miasma-supply-chain-attack-targeting-redhat-npm-packages
On the cyber-security implications of current LLMs
The rapid progress in the capabilities of LLMs for cyber-security related tasks naturally leads to the question of what the right response should be. [..] So, here is a rough outline of how I structure the problem set in my mind. It-s not a complete treatment of all the points, just a scaffolding that needs to be fleshed out. Nevertheless, I think it could provide some value.
https://www.cert.at/en/blog/2026/6/on-the-cyber-security-implications-of-current-llms
ChatGPT share links abused to host fake outage pages to deliver malware
Threat actors are abusing ChatGPTs content-sharing feature to display fake OpenAI outage pages that direct users to download malware disguised as the ChatGPT desktop application.
https://www.bleepingcomputer.com/news/security/chatgpt-share-links-abused-to-host-fake-outage-pages-to-deliver-malware/
Microsoft fixes KB5089549 Windows security update install issues
Microsoft has resolved a known issue causing installation failures and 0x800f0922 errors when deploying the May 2026 Windows 11 security update (KB5089549). [..] On Friday, the company said the issue has been resolved in the Windows 11 KB5089573 preview cumulative update, with the fix to be made available to all users who install the June Patch Tuesday updates later this month.
https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-kb5089549-windows-security-update-install-issues/
Patch Now: Another Palo Alto Auth Bypass Bug Under Active Exploit
In May, Palo Alto Networks (PAN) disclosed and fixed the flaw, tracked as CVE-2026-0257, but it updated the advisory last week to note that there have been "limited exploit attempts on unpatched PAN-OS devices without mitigations applied."
https://www.darkreading.com/threat-intelligence/patch-palo-alto-auth-bypass-bug-exploit
Containers on fire: from container escapes to supply chain attacks
We break down the primary attack vectors in containerized environments: exposed secrets, privilege misconfigurations, API compromise, and supply chain attacks.
https://securelist.com/container-attack-vectors/120010/
Attackers Use LLM Agent for Post-Exploitation After Marimo CVE-2026-39987 Exploit
An unknown threat actor has been observed using a large language model (LLM) agent to conduct post-compromise actions after obtaining initial access following the exploitation of a publicly-accessible Marimo network using a recently disclosed vulnerability.
https://thehackernews.com/2026/05/attackers-use-llm-agent-for-post.html
Handy-Spione als Schnäppchen: Italiens boomende Spyware-Schattenindustrie
Wenn von staatlicher Überwachungssoftware die Rede ist, fallen meist Namen wie Pegasus, Predator oder Paragon (Graphite)). Diese hochentwickelten Werkzeuge kosten Millionen und nutzen unbekannte Sicherheitslücken in Form von Zero-Day-Exploits, um Smartphones völlig ohne Zutun der Betroffenen zu infizieren. Doch diese High-End-Produkte bilden nur die Spitze des Eisbergs. Abseits des Rampenlichts hat sich in Europa ein paralleler, weitaus billigerer Markt etabliert.
https://www.heise.de/news/Handy-Spione-als-Schnaeppchen-Italiens-boomende-Spyware-Schattenindustrie-11312651.html
Let-s talk about encrypted reasoning
Last week I decided it-d be fun to set up an OpenClaw agent. [..] But configuring the agent to talk to Claude exposed me to something way more interesting: I got a cool error. The kind of error that cryptographers can-t resist [..] So TL;DR, while I was able to extract application-specific secrets that did exist, I wasn-t able to extract model prompts that don-t. [..] I think model providers should think hard about this reasoning data, and they should make sure it doesn-t leak things they don-t want it to.
https://blog.cryptographyengineering.com/2026/05/29/fooling-around-with-encrypted-reasoning-blobs/
CVE-2026-48710: A Maintainers Perspective
Upgrade to Starlette 1.0.1 or later, which validates the Host header and rejects malformed values. Beyond that: don't base authorization on request.url.path. If you need the routed path, use request.scope["path"], which is never reconstructed from the Host header. Better yet, don't make authorization decisions on path strings at all.
https://marcelotryle.com/blog/2026/05/28/cve-2026-48710-a-maintainers-perspective/
Vulnerabilities
A census of the Starlette host-header auth bypass CVE-2026-48710
CVE-2026-48710 is a Starlette host-header authentication bypass. Because FastAPI is built on Starlette, the affected population spans applications of every kind - AI and non-AI - and that broad impact is only starting to unfold.
https://www.persistent-security.net/post/cve-2026-48710-bad-hosts-in-the-wild
Ivanti: Security Advisory Ivanti Neurons for ITSM (CVE-2026-9614)
An Improper Access Control vulnerability in Ivanti Neurons for ITSM (cloud and on-premises) allows a remote authenticated attacker to gain administrative access.
https://hub.ivanti.com/s/article/Security-Advisory-Ivanti-Neurons-for-ITSM-CVE-2026-9614?language=en_US
IT-Sicherheitslösung Check Point Security Gateway ist verwundbar
Insgesamt haben die Entwickler vier Softwareschwachstellen geschlossen. Drei davon (CVE-2026-48131, CVE-2026-48132, CVE-2026-48133) sind mit dem Bedrohungsgrad -hoch- eingestuft. In zwei Fällen können Angreifer durch das Versenden von präparierten Datenpaketen VPN-Verbindungen terminieren. Wenn im Kontext der Browser-basierten Authentifizierung die Funktion Identity Awareness aktiv ist, können Angreifer ohne Authentifizierung interne Dateien von Security Gateway einsehen.
https://www.heise.de/news/IT-Sicherheitsloesung-Check-Point-Security-Gateway-ist-verwundbar-11312987.html
LWN: Security updates for Monday
https://lwn.net/Articles/1075733/
Mozilla: Security Vulnerabilities fixed in Firefox for iOS 151.2
https://www.mozilla.org/en-US/security/advisories/mfsa2026-53/