End-of-Day report
Timeframe: Montag 08-06-2026 18:00 - Dienstag 09-06-2026 18:00
Handler: Michael Schlagenhaufer
Co-Handler: n/a
News
High-severity vulnerability in Linux caused by a single errant character
The presence of a single mis-issued exclamation point in code implementing nf_tables introduced a use-after-free, a class of vulnerability that corrupts memory by placing malicious code at memory addresses that haven-t been properly freed of their previous contents. [..] The vulnerability was fixed in the kernel in February. Security firm FuzzingLabs demonstrated a proof of concept exploit in April. Exodus Intelligence, which discovered the bug, included its own PoC exploit in Monday-s post. It worked on Debian and Ubuntu.
https://arstechnica.com/security/2026/06/a-single-errant-character-in-the-linux-kernel-allows-attacker-to-gain-root/
WhatsApp says it disrupted new NSO spyware phishing attacks
WhatsApp has detected and stopped spear-phishing campaigns allegedly conducted by the NSO Group after investigating user reports of social engineering attacks. [..] The firm has been on the U.S. sanctioned entities list since November 2021, due to supplying to foreign governments software products that were used against people and organizations in the U.S.
https://www.bleepingcomputer.com/news/security/whatsapp-says-it-disrupted-new-nso-spyware-phishing-attacks/
-Bestätigen Sie Ihre Reservierung!- - Betrugsklassiker im Namen von booking.com
Nachdem Kriminelle im April 2026 Kontakt- und Reservierungsdaten von booking.com erbeutet hatten, setzt nun die dazugehörige Betrugswelle ein. Über WhatsApp sollen die Opfer zur -erneuten Bestätigung einer Reservierung- gedrängt werden. Reale Buchungsinfos wie Hotelname und An- bzw. Abreisedatum lassen die Nachricht vermeintlich seriös wirken. Abgesehen haben es die Betrüger:innen auf Geld und Zahlungsinformationen.
https://www.watchlist-internet.at/news/reservierung-betrugsklassiker-bookingcom/
When -Hi, This Is IT- Comes Through Microsoft Teams
Attackers are increasingly targeting collaboration platforms like Microsoft Teams. [..] If external chat is open, attackers will use it.
https://unit42.paloaltonetworks.com/microsoft-teams-phishing/
Microsoft benachrichtigt einige Kunden über Downloads infizierter GitHub-Pakete
Zum Wochenende hatte ich über eine Infektion von GitHub-Repositories mit Microsoft Tools berichtet. Diese waren mit einem Infostealer für AI-Tokens infiziert. Nun bestätigt, dass man eine kleine Anzahl Kunden benachrichtigt habe, die die kompromittierten Repositories mit den Tools heruntergeladen haben.
https://borncity.com/blog/2026/06/09/microsoft-benachrichtigt-einige-kunden-ueber-downloads-infizierter-github-pakete/
Hidden in Plain Sight: PowerShell Visibility Most Defender XDR Analysts Miss
Discover how an often-overlooked telemetry source in Microsoft Defender XDR can reveal PowerShell script activity that traditional process hunting misses.
https://detect.fyi/hidden-in-plain-sight-powershell-visibility-most-defender-xdr-analysts-miss-83944ddc56df?source=rssd5fd8f494f6a4
Mini Shai-Hulud, Miasma, and Hades Worms Target Bioinformatics and MCP Developers via Malicious PyPI Wheels
Socket Threat Research team identified a newer PyPI wave connected to the broader Mini Shai-Hulud, Miasma, and Hades supply chain attacks. This wave expands beyond the 37 malicious PyPI wheels covered in our weekend report and shows that the threat actors are iterating quickly across delivery mechanisms, package themes, and runtime triggers.
https://socket.dev/blog/mini-shai-hulud-miasma-and-hades-worms-target-bioinformatics-and-mcp-developers-via-malicious?utm_medium=feed
Vulnerabilities
Ivanti: Security Advisory Ivanti Sentry (CVE-2026-10520, CVE-2026-10523)
An Authentication Bypass vulnerability (CWE-288) in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote unauthenticated attacker to create arbitrary administrative accounts and obtain full administrative access ...
https://hub.ivanti.com/s/article/Security-Advisory-Ivanti-Sentry-CVE-2026-10520-CVE-2026-10523?language=en_US
Ivanti: Security Advisory Ivanti Endpoint Manager Mobile (EPMM) (CVE-2026-6973 & CVE-2026-10727)
A configuration control vulnerability in the Ivanti Endpoint Manager Mobile before 12.9.0.1, 12.8.0.3 and 12.7.0.2 versions allows a remote authenticated attacker to inject arbitrary Apache directives, leading to remote code execution. ...
https://hub.ivanti.com/s/article/Security-Advisory-Ivanti-Endpoint-Manager-Mobile-EPMM-CVE-2026-6973-CVE-2026-10727?language=en_US
TYPO3 Security Advisories 09.06.2026
TYPO3 has published 14 new security advisories.
https://typo3.org/security
XEN Security Advisories 09.06.2026
Xenbits has published 4 new security advisories.
https://xenbits.xen.org/xsa/
SAP-Patchday: Kritische Lücken in SAP NetWeaver und weitere Schwachstellen
Zum Juni-Patchday kümmert sich SAP um 15 neue Schwachstellen in mehreren Produkten. Gleich drei kritische betreffen NetWeaver.
https://www.heise.de/news/SAP-Patchday-Kritische-Luecken-in-SAP-NetWeaver-und-weitere-Schwachstellen-11323078.html
Vulnerability Resolved in Veeam Backup & Replication 12.3.2.4854
A vulnerability allowing remote code execution (RCE) on the Backup Server by an authenticated domain user. CVE-2026-44963
https://www.veeam.com/kb4869
LWN: Security updates for Tuesday
https://lwn.net/Articles/1077163/
Waves Central: Zahlreiche Local Privilege Escalation Schwachstellen in Waves Audio Waves Central
https://sec-consult.com/de/vulnerability-lab/advisory/zahlreiche-local-privilege-escalation-schwachstellen-in-waves-audio-waves-central/
Google: Jetzt updaten! Chrome-Update stopft attackierte Lücke und 73 weitere
https://heise.de/-11322503