End-of-Day report
Timeframe: Donnerstag 11-06-2026 18:00 - Freitag 12-06-2026 18:00
Handler: Alexander Riepl
Co-Handler: n/a
News
Pharma giant Novo Nordisk discloses breach of clinical trials data
Danish pharmaceutical giant Novo Nordisk, the worlds largest producer of insulin, disclosed a data breach affecting patient information from some clinical trials.
https://www.bleepingcomputer.com/news/security/pharmaceutical-giant-novo-nordisk-discloses-security-breach/
336 Millionen Euro in Bitcoin gewaschen: Geldwäschedienst AudiA6 zerschlagen
Ein AudiA6 genannter Geldwäschedienst ließ Hacker und Betrüger Bitcoin-Transaktionen in Millionenhöhe verschleiern. Doch damit ist jetzt Schluss.
https://www.golem.de/news/336-millionen-euro-in-bitcoin-gewaschen-geldwaeschedienst-audia6-zerschlagen-2606-209687.html
Kernel-Bug: FreeBSD-Exploit "Bumsrakete" verleiht Root-Zugriff
Ein Exploit namens Bumsrakete gefährdet alle FreeBSD-Versionen der letzten fünf Jahre. Die Entdecker nehmen es mit reichlich Humor.
https://www.golem.de/news/kernel-bug-freebsd-exploit-bumsrakete-verleiht-root-zugriff-2606-209694.html
LangGraph Flaw Chain Exposes Self-Hosted AI Agents to Remote Code Execution
Cybersecurity researchers have disclosed details of three now-patched security flaws impacting LangGraph, including a critical vulnerability chain that could result in remote code execution.LangGraph is an open-source framework created by LangChain to ..
https://thehackernews.com/2026/06/langgraph-flaw-chain-exposes-self.html
INTERPOL Operation Takes Down Sniper Dz Phishing Platform, Arrests Administrator
An INTERPOL-led operation last month resulted in the disruption of Sniper Dz, a decade-long phishing-as-a-service (PhaaS) platform, Group-IB said Thursday.The effort, codenamed Operation Ramz, took place between October 2025 and February ..
https://thehackernews.com/2026/06/interpol-takes-down-sniper-dz-phishing.html
Drug Sites Hijacked Spotify-s Search Ranking Through Fake Podcasts
A joint congressional report describes a spam operation that turned tens of thousands of fake podcasts into search-engine bait for illegal pharmacy and scam sites.
https://www.wired.com/story/drug-sites-hijacked-spotifys-search-ranking-through-fake-podcasts-report-finds/
Ivanti Sentry: Verwirrung um Status von kritischem Befehlsschmuggel-Leck
Ivanti warnt aktuell vor kritischen Sicherheitslücken in Sentry. Die CISA warnt vor Angriffen, Ivanti wiegelt jedoch ab.
https://www.heise.de/news/Ivanti-Sentry-Wirrwar-um-Missbrauch-kritischer-Befehlsschmuggel-Luecke-11329730.html
Ubiquiti UniFi OS: Kritische Lücken erlauben Codeschmuggel
Ubiquiti warnt vor teils kritischen Sicherheitslücken in UniFi OS. Aktualisierte Software steht bereit, um sie zu schließen.
https://www.heise.de/news/Ubiquiti-UniFi-OS-Kritische-Luecken-erlauben-Codeschmuggel-11329967.html
Fake verification pages are stealing Steam accounts from players
A convincing fake FACEIT verification page is stealing Steam accounts by using a fake login window that looks completely legitimate.
https://www.malwarebytes.com/blog/threat-intel/2026/06/fake-verification-pages-are-stealing-steam-accounts-from-players
Hundreds of AUR packages compromised
Hundreds of orphaned packages hosted by the Arch User Repository (AUR) have been compromised by an attacker who has added a malicious npm package (atomic-lockfile) that can exfiltrate sensitive data. The project is currently working on cleaning up the mess. There is a list of affected packages and post (possibly NSFW domain) by"sodiboo" with additional information ..
https://lwn.net/Articles/1077718/
Decade-Long SniperDz Phishing Network Disrupted in Operation Ramz
Group-IB, INTERPOL and Algerian Police dismantle decade-old SniperDZ phishing network used to steal credentials, with its alleged developer arrested.
https://hackread.com/authorities-dismantle-sniperdz-phishing-network/
Marking Your Own Homework (Check Point Remote Access VPN IKEv1 Authentication Bypass CVE-2026-50751)
It is yet another day in this parallel universe of security, where the devices we bolt onto the edge of our networks to keep the bad people out are, with remarkable consistency, the exact thing that let the bad ..
https://labs.watchtowr.com/marking-your-own-homework-check-point-remote-access-vpn-ikev1-authentication-bypass-cve-2026-50751/
Vulnerabilities
CVE-2026-45257: LPE in FreeBSD via kTLS-RX
https://bumsrake.de