End-of-Day report
Timeframe: Mittwoch 10-06-2026 18:00 - Donnerstag 11-06-2026 18:00
Handler: Alexander Riepl
Co-Handler: n/a
News
Oracle PeopleSoft servers hacked in ShinyHunters data theft attacks
Oracle PeopleSoft servers are being targeted in ongoing data theft attacks by the ShinyHunters extortion gang, which claims to have stolen data from over 100 organizations.
https://www.bleepingcomputer.com/news/security/oracle-peoplesoft-servers-hacked-in-shinyhunters-data-theft-attacks/
Neuer Bitlocker-Bypass: Chaotic Eclipse wirft weiter mit Windows-Exploits um sich
Chaotic Eclipse ist wohl doch nicht so erschöpft wie behauptet. Ein neuer Exploit zur Umgehung von Bitlocker auf Windows-Geräten ist noch drin.
https://www.golem.de/news/neuer-bitlocker-bypass-chaotic-eclipse-wirft-weiter-mit-windows-exploits-um-sich-2606-209646.html
Chinese agents caught rebuilding botnets and stirring the pot on AI datacenter debate
PRC eyes are watching you
https://www.theregister.com/security/2026/06/11/china-linked-operators-revive-botnet-stir-ai-datacenter-debate/5253873
Every employee-s password was stored in a single Excel file
The CEO thought this was the best way to deal with some email issues
https://www.theregister.com/security/2026/06/11/every-employees-password-was-stored-in-a-single-excel-file/5253784
CISA Tells US Agencies to Fix Security Bugs in as Little as 3 Days Thanks to AI Threats
-Defenders cannot afford to take weeks to patch,- one Cybersecurity and Infrastructure Security Agency official warned on Wednesday.
https://www.wired.com/story/cisa-ai-vulnerability-directive/
OpenSSL: Präparierte Signatur kann Weg für Schadcode ebnen
In aktuellen Versionen haben die OpenSSL-Entwickler insgesamt 18 Sicherheitslücken geschlossen.
https://www.heise.de/news/OpenSSL-Praeparierte-Signatur-kann-Weg-fuer-Schadcode-ebnen-11328258.html
Intel-Aus: So lange will Apple Sicherheitspatches liefern
Mit macOS 27 ist das x86-Zeitalter bei Apple vorbei. Immerhin soll es noch über einen längeren Zeitraum Patches geben. Wie vollständig die sind - unklar.
https://www.heise.de/news/macOS-Apple-teilt-mit-wie-lange-es-Intel-Sicherheitsupdates-geben-wird-11327980.html
FreeBSD: Rechteausweitungslücke mit augenzwinkerndem Codenamen
Auch in FreeBSD haben IT-Forscher eine Sicherheitslücke gefunden, die die Rechteausweitung ermöglicht. Name: -Bumsrakete[tm]-.
https://www.heise.de/news/FreeBSD-Rechteausweitungsluecke-mit-augenzwinkerndem-Codenamen-11328722.html
GenAI Is Both Hunter and Hunted at Pwn2Own Berlin 2026
This year-s Pwn2Own competition in Berlin revealed just how much of the AI stack remains exposed -- and the gap between what these tools promise and what they can withstand point to the fragile security foundations underneath.
https://www.trendmicro.com/en_us/research/26/f/pwn2own-genai.html
Vulnerabilities
SVD-2026-0609: Improper Access Control in Splunk Enterprise
In Splunk Enterprise versions below 10.2.4 and 10.0.7, and Splunk Cloud Platform versions below 10.4.2604.0, 10.3.2512.12, 10.2.2510.15, 10.1.2507.23, 10.0.2503.14, and 9.3.2411.131, a user who holds a Splunk role that contains the high-privilege capability edit_saved_search_owner could reassign saved search ownership to users outside their authorized scope. The ownership reassignment endpoint lacks access control.
https://advisory.splunk.com//advisories/SVD-2026-0609
SVD-2026-0606: Improper Input Validation through Protocol-Relative URL in Classic Dashboards in Splunk Enterprise
In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.3.2512.13, 10.2.2510.15, 10.1.2507.23, and 9.3.2411.132, a low-privileged user that does not hold the -admin- or -power- Splunk roles could cause data exfiltration through classic dashboards by redirecting a victim to an external site using a protocol-relative URL in a drill-down link.The vulnerability exists because the URL classifier in classic dashboards
https://advisory.splunk.com//advisories/SVD-2026-0606
SVD-2026-0605: Improper Input Validation through Classic Dashboards in Splunk Enterprise
In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.3.2512.13, 10.2.2510.15, 10.1.2507.23, and 9.3.2411.132, a low-privileged user that does not hold the -admin- or -power- Splunk roles could craft a malicious classic dashboard that exfiltrates sensitive data to an external server.The vulnerability exists because URL validation on the external content dialog is incomplete, which can allow for requests to
https://advisory.splunk.com//advisories/SVD-2026-0605
SVD-2026-0601: Remote Code Execution through Deserialization of Untrusted Data in Splunk Secure Gateway
In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, Splunk Cloud Platform versions below 10.3.2512.12, 10.2.2510.14, 10.1.2507.22, and 9.3.2411.132, and Splunk Secure Gateway versions below 3.10.6, 3.9.20, and 3.8.67, a low-privileged user that does not hold the -admin- or -power- Splunk roles could perform a Remote Code Execution (RCE) through the Splunk Secure Gateway app.The Remote Code Execution is possible because of unsafe deserialization of App
https://advisory.splunk.com//advisories/SVD-2026-0601
Oracle Security Alert Advisory - CVE-2026-35273
https://www.oracle.com/security-alerts/alert-cve-2026-35273.html
Brute force attack protection - Critical - Unsupported - SA-CONTRIB-2026-047
https://www.drupal.org/sa-contrib-2026-047
Composer - Critical - Unsupported - SA-CONTRIB-2026-046
https://www.drupal.org/sa-contrib-2026-046