Tageszusammenfassung - 08.07.2026

End-of-Day report

Timeframe: Dienstag 07-07-2026 18:00 - Mittwoch 08-07-2026 18:00 Handler: Michael Schlagenhaufer Co-Handler: n/a

News

Accenture confirms breach after hacker offers stolen data for sale

IT services giant Accenture has confirmed it suffered a security breach after a threat actor claimed to have stolen 35 GB of source code and other data from the company. [..] According to the threat actor, the data includes source code, RSA keys, SSH keys, Azure PAT (personal access tokens), Azure Storage access keys, and configuration files.

https://www.bleepingcomputer.com/news/security/accenture-confirms-breach-after-hacker-offers-stolen-data-for-sale/

GitHub AI agent leaks private repos when asked nicely

Malicious prompters could easily trick GitHub agents into pulling data from private repositories and then leaking the information as a public comment for anyone to access, according to Noma Labs researchers who named the vulnerability GitLost. The issue exists in GitHub-s Agentic Workflows, which allow an AI agent powered by Claude or GitHub Copilot to autonomously execute tasks in GitHub Actions.

https://www.theregister.com/security/2026/07/07/github-ai-agent-leaks-private-repos-when-asked-nicely/5267924

-Ihr Paket liegt im Logistikzentrum!- - Über eine Zollgebühr in die Phishing-Falle

Zwei Sätze, eine Aufforderung, eine Frist. Mehr braucht es nicht - und die Phishing-Falle ist fertig. Eine zurzeit besonders häufig gemeldete Masche nutzt den Paketdienstleister DPD als Tarnung. Da sich entsprechende Hinweise im Posteingang der Redaktion stapeln, ist es an der Zeit, die Masche erneut unter die Lupe zu nehmen.

https://www.watchlist-internet.at/news/dpd-paket-im-logistikzentrum/

Vidar Stealer Unmasked: Code Signing Abuse, Go Loaders and File Inflation

In April 2026, Unit 42 researchers identified a financially motivated campaign delivering Vidar stealer and the XMRig cryptocurrency miner to consumer and small- and medium-sized business victims worldwide. [..] We assess the operator of the campaign to be a Vidar stealer malware-as-a-service (MaaS) affiliate involved in operations targeting victims in the U.S. and European Union. This article provides a technical analysis of the campaign.

https://unit42.paloaltonetworks.com/vidar-stealer-xmrig-miner-campaign-analysis/

Offene Datenbank: Nextcloud GmbH behebt potenzielles Datenleck

Daten des Unternehmens hinter der populären Kollaborationslösung standen wegen einer Fehlkonfiguration offen im Netz. Die Software ist nicht betroffen.

https://heise.de/-11358275

Vulnerabilities

Joomla Security Advisories (Fixed Date: 2026-07-07)

Joomla has released 12 new security advisories.

https://developer.joomla.org/security-centre/

Foxit-Entwickler schließen Schwachstellen in PDF Reader und Editor

Nicht kritisch, aber zahlreich: Aktuelle Sicherheitsupdates dichten Foxits PDF Reader und Editor gegen eine lange Lückenliste ab.

https://www.heise.de/news/Foxit-Entwickler-schliessen-Schwachstellen-in-PDF-Reader-und-Editor-11358393.html

ILIAS: Wichtige Aktualisierungen für Lernplattform beseitigen Schwachstellen

Für die von Hochschulen, Kliniken und anderen öffentlichen Institutionen genutzte offene Lernplattform ILIAS stehen Aktualisierungen bereit. Die neuen Versionen 9.21, 10.9 und 11.2 schließen Sicherheitslücken, von denen alle früheren Ausgaben betroffen waren. Von drei Lücken geht ein hohes, von den übrigen ein mittleres Sicherheitsrisiko aus.

https://heise.de/-11357739

Juniper: 2026-07 Security Bulletin: Junos OS Evolved: A port which has been inadvertently exposed can be reached by an attacker (CVE-2026-57028)

https://supportportal.juniper.net/s/article/2026-07-Security-Bulletin-Junos-OS-Evolved-A-port-which-has-been-inadvertently-exposed-can-be-reached-by-an-attacker-CVE-2026-57028

Juniper: 2026-07 Security Bulletin: Junos OS: MX Series with SPC3, SRX Series: Processing of a specifically malformed SIP invite causes a flowd crash (CVE-2026-57026)

https://supportportal.juniper.net/s/article/2026-07-Security-Bulletin-Junos-OS-MX-Series-with-SPC3-SRX-Series-Processing-of-a-specifically-malformed-SIP-invite-causes-a-flowd-crash-CVE-2026-57026

Juniper: 2026-07 Security Bulletin: Junos OS: MX Series with SPC3, SRX Series: A specifically malformed TCP packet causes a flowd crash (CVE-2026-57023)

https://supportportal.juniper.net/s/article/2026-07-Security-Bulletin-Junos-OS-MX-Series-with-SPC3-SRX-Series-A-specifically-malformed-TCP-packet-causes-a-flowd-crash-CVE-2026-57023

Juniper: 2026-07 Security Bulletin: Junos OS and Junos OS Evolved: Receipt of a specific SNMPv3 request results in memory leak and eventual snmpd crash (CVE-2026-33799)

https://supportportal.juniper.net/s/article/2026-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Receipt-of-a-specific-SNMPv3-request-results-in-memory-leak-and-eventual-snmpd-crash-CVE-2026-33799

Juniper: 2026-07 Security Bulletin: Junos OS and Junos OS Evolved: Configuration of a specific SSH option results in mgd crash (CVE-2026-21901)

https://supportportal.juniper.net/s/article/2026-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Configuration-of-a-specific-SSH-option-results-in-mgd-crash-CVE-2026-21901

Juniper: 2026-07 Security Bulletin: cRPD: Multiple vulnerabilities resolved in cRPD 26.2R1

https://supportportal.juniper.net/s/article/2026-07-Security-Bulletin-cRPD-Multiple-vulnerabilities-resolved-in-cRPD-26-2R1

Juniper: 2026-07 Security Bulletin: Junos Space: Multiple vulnerabilities resolved in 26.1R1 Patch V1 Release

https://supportportal.juniper.net/s/article/2026-07-Security-Bulletin-Junos-Space-Multiple-vulnerabilities-resolved-in-26-1R1-Patch-V1-Release

Juniper: 2026-07 Security Bulletin: Network Director: Multiple vulnerabilities resolved in 7.1R3 release

https://supportportal.juniper.net/s/article/2026-07-Security-Bulletin-Network-Director-Multiple-vulnerabilities-resolved-in-7-1R3-release

Juniper: 2026-07 Security Bulletin: Junos OS Evolved: URL handling vulnerability in libfetch results in heap buffer overflow (CVE-2020-7450)

https://supportportal.juniper.net/s/article/2026-07-Security-Bulletin-Junos-OS-Evolved-URL-handling-vulnerability-in-libfetch-results-in-heap-buffer-overflow-CVE-2020-7450

Juniper: 2026-07 Security Bulletin: CTPView: Multiple vulnerabilities resolved in 9.3R2-3 Release

https://supportportal.juniper.net/s/article/2026-07-Security-Bulletin-CTPView-Multiple-vulnerabilities-resolved-in-9-3R2-3-Release

LWN: Security updates for Wednesday

https://lwn.net/Articles/1081798/