Tageszusammenfassung - 26.06.2026

End-of-Day report

Timeframe: Donnerstag 25-06-2026 18:00 - Freitag 26-06-2026 18:00 Handler: Alexander Riepl Co-Handler: Michael Schlagenhaufer

News

New macOS malware embeds fake errors to confuse AI analysis tools

A newly discovered macOS malware dubbed "Gaslight" is designed to confuse AI-assisted malware analysis tools by hiding prompt injection strings and fake debugging data within the executable.

https://www.bleepingcomputer.com/news/security/new-macos-malware-embeds-fake-errors-to-confuse-ai-analysis-tools/

Order-tracking app Shop abused to push callback phishing attacks

Threat actors are increasingly abusing Shop, the order-tracking app from Shopify, by adding fake purchase receipts in users order histories to trick them into providing sensitive data or installing remote access software.

https://www.bleepingcomputer.com/news/security/order-tracking-app-shop-abused-to-push-callback-phishing-attacks/

Security boss thought MFA would be too much security

One rule for the workers, another for execs

https://www.theregister.com/security/2026/06/26/security-boss-thought-mfa-would-be-too-much-security/5261934

Miasma campaign poisons 20-plus npm packages, hunts for developer secrets

Microsoft says latest attack targets Leo Platform and RStreams packages, harvesting creds and going after more maintainers

https://www.theregister.com/security/2026/06/26/miasma-campaign-poisons-20-plus-npm-packages-hunts-for-developer-secrets/5262886

Amazon Q flaw let booby-trapped Git repos execute code, swipe cloud creds

Researchers warn many AI coding assistants now execute commands from project configurations

https://www.theregister.com/cyber-crime/2026/06/26/amazon-q-flaw-let-booby-trapped-git-repos-execute-code-swipe-cloud-creds/5263202

YouTube-Werbeblocker mit 11 Millionen Installationen mit möglicher Hintertür

Adblock for YouTube kommt auf mehr als 11 Millionen Installationen. Es kann jedoch unkontrolliert Script-Code in jede Seite injizieren.

https://www.heise.de/news/YouTube-Werbeblocker-mit-11-Millionen-Installationen-mit-moeglicher-Hintertuer-11345655.html

Polymarket: Kriminelle sollen Kryptowerte in Millionenhöhe gestohlen haben

Bei Polymarket haben Angreifer über eingeschleusten Schadcode Geld von Nutzerkonten gestohlen. Das Wettportal will Betroffene entschädigen.

https://www.heise.de/news/Polymarket-Kriminelle-entwenden-Kryptowerte-in-Millionenhoehe-11345764.html

Malware steals Chrome session cookies to take over your accounts

A phishing campaign installs a malicious Chrome extension to hijack browser sessions and compromise Windows devices.

https://www.malwarebytes.com/blog/news/2026/06/malware-steals-chrome-session-cookies-to-take-over-your-accounts

The "Akrites" vulnerability-mitigation project launches

The Linux Foundation, in aletter co-signed by a large range of organizations and companies, hasannounced the launch of "Akrites", a project to fast-track vulnerabilityfixes into projects. As Akrites works upstream to fix projects at the source, we commit to support downstream efforts to secure critical infrastructure before it can be exploited. When patches are ..

https://lwn.net/Articles/1079657/

Russia used social engineering to breach prominent messaging accounts, Ukraine says

Ukraines SBU described a long-running Russian operation that used fake tech-support workers to persuade people to hand over credentials to their messaging apps.

https://therecord.media/russia-ukraine-social-engineering-messaging-accounts

DHS chief says president has met with likely CISA nominee; agency plans to hire 600

Once a new CISA director is in place, the agency will ramp up hiring efforts, Homeland Security Secretary Markwayne Mullin told lawmakers. The White House has not yet announced a nominee.

https://therecord.media/cisa-director-nominee-workforce-hires-mullin-house-hearing

macOS Flaw Allowed Standard Users to Disable CrowdStrike and Kandji Security Tools

A macOS XPC flaw let regular users disable CrowdStrike and Kandji tools, exposing security gaps that vendors patched after XM Cyber reported the security issue.

https://hackread.com/macos-flaw-users-disable-crowdstrike-kandji-security-tools/

Miasma Mini Shai-Hulud Hits LeoPlatform npm Packages and GitHub Actions, Expands to the Go Ecosystem

Latest wave affects LeoPlatform/RStreams npm packages, three llxlr-published npm packages, the Verana Blockchain Go module, and GitHub Actions/developer-tool workflows.Socket Threat Research is tracking a new ..

https://socket.dev/blog/miasma-mini-shai-hulud-hits-leoplatform-npm-packages-go-ecosystem

Vulnerabilities