End-of-Day report
Timeframe: Freitag 26-06-2026 18:00 - Montag 29-06-2026 18:00
Handler: Alexander Riepl
Co-Handler: n/a
News
Cybersecurity firms targeted by fraudulent OpenAI organization invites
Threat actors are creating OpenAI tenants that impersonate legitimate companies and inviting employees to join them, in what appears to be a ploy to trick targets into submitting sensitive company information in chats and projects.
https://www.bleepingcomputer.com/news/security/cybersecurity-firms-targeted-by-fraudulent-openai-organization-invites/
Polymarket customers lose $3 million in supply-chain attack
Polymarket says it will fully reimburse customers who lost an estimated $3 million after hackers injected a malicious script into the platforms frontend following a breach at a third-party vendor.
https://www.bleepingcomputer.com/news/security/polymarket-customers-lose-3-million-in-supply-chain-attack/
Hackers now exploit critical Oracle E-Business flaw in attacks
Attackers have begun exploiting a critical vulnerability (CVE-2026-46817) in the Oracle E-Business Suite (EBS) financial application, according to threat intelligence company Defused.
https://www.bleepingcomputer.com/news/security/new-oracle-e-business-suite-flaw-now-exploited-in-attacks/
Root-Zugriff möglich: Exploits für gefährliche Lücke im Linux-Kernel geleakt
Admins sollten zügig ihre Linux-Systeme absichern. Auf Github sind Exploits für eine Root-Lücke in Debian, Ubuntu und RHEL aufgetaucht.
https://www.golem.de/news/root-zugriff-moeglich-exploits-fuer-gefaehrliche-luecke-im-linux-kernel-geleakt-2606-210283.html
The Gentlemen are knocking: -ustom backdoors and evolving tactics
Kaspersky researchers analyze incidents related to The Gentlemen RaaS group, disclose their tools and TTPs, and find a new ransomware variant.
https://securelist.com/the-gentlemen-raas/120447/
Microsoft Adds Another Year To Windows 10 Extended Update Program
Microsoft has quietly extended free Windows 10 security updates for consumers by another year, pushing the Extended Security Updates (ESU) programs end date from October 12, 2026, to October 12, 2027. "The ESU support page was updated with that date, and Microsofts blog post on the program has a new editors note confirming the change," reports Ars Technica. From the report: The prevalence of Windows across so many devices and form factors has given Microsoft a ..
https://tech.slashdot.org/story/26/06/26/0029235/microsoft-adds-another-year-to-windows-10-extended-update-program
New SharkLoader Malware Deploys Cobalt Strike in StrikeShark Cyberattacks
A newly discovered cyber attack campaign has been observed delivering a previously undocumented malware family called SharkLoader that acts as a loader for deploying Cobalt Strike Beacon on compromised hosts.Kaspersky, which is tracking the activity under the moniker StrikeShark, said the campaign has targeted a diplomatic organization in Indonesia, government organizations in Taiwan, ..
https://thehackernews.com/2026/06/new-sharkloader-malware-deploys-cobalt.html
Microsoft keeps Windows Server 2022 hotpatching alive into 2027
In the Azure Edition, of course
https://www.theregister.com/security/2026/06/29/microsoft-keeps-windows-server-2022-hotpatching-alive-into-2027/5263688
Critical Unauthenticated Remote Code Execution in Splunk Enterprise (CVE-2026-20253)
Splunk disclosed a critical unauthenticated remote code execution (RCE) vulnerability in Splunk Enterprise tracked as CVE-2026-20253 on June 10, 2026. The vulnerability has a CVSS score of 9.8 and stems from missing authentication on a PostgreSQL sidecar service recovery endpoint that can be reached through the Splunk Web interface, which proxies requests to the internal PostgreSQL sidecar service without enforcing authentication. A successful attacker can create or truncate ..
https://www.zscaler.com/blogs/security-research/critical-unauthenticated-remote-code-execution-splunk-enterprise-cve-2026
Taiwan: Cybersicherheitsbehörde warnt vor Überwachung durch billige eSIMs
Günstig für den Urlaub erworbene eSIMs könnten Datenverkehr durch China leiten, warnt Taiwans Digitalministerium. Dabei könnten Daten abgegriffen werden.
https://www.heise.de/news/Taiwanische-Cybersicherheitsbehoerde-warnt-vor-Ueberwachung-durch-billige-eSIMs-11347212.html
FBI-Warnung: Russischer Geheimdienst sieht es auf Messenger-Backup-Keys ab
Russische Angreifer geben sich inzwischen als Messenger-Support aus, der Zugriff auf die Backup-Wiederherstellungsschlüssel braucht.
https://www.heise.de/news/FBI-Warnung-Russischer-Geheimdienst-sieht-es-auf-Messenger-Backup-Keys-ab-11347302.html
Cyberangriffe auf Hotel- und Gastgewerbe: Täter nisten sich ein
Microsoft Threat Intelligence beobachtet eine mehrstufige Angriffswelle auf das Hotel- und Gastgewerbe in Asien und Europa.
https://www.heise.de/news/Cyberangriffe-auf-Hotel-und-Gastgewerbe-Taeter-nisten-sich-ein-11347609.html
Kritische libssh2-Lücke: Proof-of-Concept-Exploit veröffentlicht
Vergangene Woche wurde eine Sicherheitslücke in libssh2 bekannt. Jetzt ist Exploit-Code aufgetaucht, der sie missbrauchen kann.
https://www.heise.de/news/Kritische-libssh2-Luecke-Proof-of-Concept-Exploit-veroeffentlicht-11347855.html
Hacking-Fähigkeiten von Chinas KI Z.ai angeblich so gut wie die von Claude
Zhipu AIs offenes Modell GLM-5.2 erreicht laut Sicherheitsexperten die Fähigkeiten von Anthropics Mythos bei der Bug-Erkennung.
https://www.heise.de/news/Hacking-Faehigkeiten-von-Chinas-KI-Z-ai-angeblich-so-gut-wie-die-von-Claude-11348003.html
Harnessing Harnesses - Climbing the LLM Hills
Trying to coerce useful work out of LLMs without the harness is like supervising a room full of drunk toddlers, each convinced theyre helping, none of them checking with each other and falling over the next.
https://blog.zsec.uk/harnessing-harnesses/
From Perimeter to Proof: The New Architecture of Email Security
How identity, investigation, browser security, and AI are reshaping the future of email defense.
https://softwareanalyst.substack.com/p/from-perimeter-to-proof-the-new-architecture
Miasma Mini Shai-Hulud Hits ImmobiliareLabs npm Packages
Latest wave affects legitimate @immobiliarelabs Backstage packages, with malicious npm releases published across GitLab and LDAP authentication plugin families on June 26, 2026.Socket Threat Research is tracking a fresh compromise in the ongoing Miasma Mini Shai-Hulud supply chain campaign. The latest activity affects legitimate npm packages published under the @immobiliarelabs scope, including Backstage plugins used for GitLab integration and LDAP authentication ..
https://socket.dev/blog/miasma-mini-shai-hulud-hits-immobiliarelabs-npm-packages