
Hosted by Johannes B. Ullrich · EN

More Odd DNS Records: NIMLOC https://isc.sans.edu/diary/More%20Odd%20DNS%20Records%3A%20NIMLOC/33128 From Invoice to AnyDesk: Uncovering a Phishing Campaign Targeting Russian Aerospace Organizations https://www.seqrite.com/blog/from-invoice-to-anydesk-uncovering-a-phishing-campaign-targeting-russian-aerospace-organizations/ Tenda firmware (multiple versions) contains hidden authentication backdoor https://kb.cert.org/vuls/id/213560 GitLost: GitHub AI Agent Leak https://noma.security/wp-content/uploads/GitLostWorkflow_2.gif My Upcoming Classes https://www.sans.org/profiles/dr-johannes-ullrich

RCS and DNS: The NAPTR Record https://isc.sans.edu/diary/RCS%20and%20DNS%3A%20The%20NAPTR%20Record/33124 OpenSSH 10.4 released https://seclists.org/oss-sec/2026/q3/62 Beyond Trust Advisory CVE-2026-40138 CVE-2026-40139 https://www.beyondtrust.com/trust-center/security-advisories/bt26-03 PolinRider: North Korea-Linked Supply Chain Campaign https://socket.dev/blog/polinrider-north-korea-linked-supply-chain-campaign-expands My Upcoming Classes https://www.sans.org/profiles/dr-johannes-ullrich

Apple Updated Patch Policy https://www.reuters.com/business/apple-says-it-is-releasing-updates-early-response-ai-cybersecurity-concerns-2026-06-29/ T3MP3ST multi-agent offensive-security framework https://github.com/elder-plinius/T3MP3ST Seven FatFs bugs, one very large blast radius https://www.runzero.com/blog/fatfs-bugs/ OpenWRT Releases v25.12.5 https://github.com/openwrt/openwrt/releases My Upcoming Classes https://www.sans.org/profiles/dr-johannes-ullrich

Why Ask Credentials If There Are Secret Codes? https://isc.sans.edu/diary/Why%20Ask%20Credentials%20If%20There%20Are%20Secret%20Codes%3F/33118 Adobe Patches and Updated Patch Release Policy https://helpx.adobe.com/security/Home.html https://blog.adobe.com/security/protecting-customers-faster-how-adobe-is-responding-to-ai-accelerated-vulnerability-discovery Google Chrome Update (link had issues loading while recording) https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_0175352312.html Apple Hide My Email Vulnerability https://www.404media.co/apple-hide-my-email-vulnerability-reveals-peoples-real-email-addresses/ My Upcoming Classes https://www.sans.org/profiles/dr-johannes-ullrich

June 2026 Apple Updates https://isc.sans.edu/diary/June%202026%20Apple%20Updates/33114 SimpleHelp Exploit used to reply TaskWeaver https://blackpointcyber.com/blog/a-djinn-in-the-machine-taskweavers-node-js-intrusion-chain/ DNS Tricks to Load Malware into Cloned Repository https://0din.ai/blog/clone-this-repo-and-i-own-your-machine My Upcoming Classes https://www.sans.org/profiles/dr-johannes-ullrich

Adding some Automation to the favicon.ico method of Host Recon https://isc.sans.edu/diary/Adding%20some%20Automation%20to%20the%20favicon.ico%20method%20of%20Host%20Recon/33110 Russian Intelligence Services Continue to Target Commercial Messaging Applications https://www.ic3.gov/PSA/2026/PSA260626 Google Gemini CLI Vulnerability CVE-2026-12537 https://github.com/advisories/GHSA-jj69-4grx-fqj5 IPv6 Frag Escape https://github.com/sgkdev/ipv6_frag_escape My Upcoming Classes https://www.sans.org/profiles/dr-johannes-ullrich

What do Ports Hear When Nobody's Listening? An Assessment of Automated Cybercrime https://isc.sans.edu/diary/What%20do%20Ports%20Hear%20When%20Nobody%27s%20Listening%3F%20An%20Assessment%20of%20Automated%20Cybercrime%20%5BGuest%20Diary%5D/33104 Linux Process Name Masquerading https://isc.sans.edu/diary/Linux+Process+Name+Masquerading/33102 Amazon Q VS Code Extension Vulnerability https://www.wiz.io/blog/amazon-q-vulnerability My Upcoming Classes https://www.sans.org/profiles/dr-johannes-ullrich

CVE-2024-40766: The Patch Fixed the Bug. Nobody Fixed the Configuration. https://isc.sans.edu/diary/CVE-2024-40766%3A%20The%20Patch%20Fixed%20the%20Bug.%20Nobody%20Fixed%20the%20Configuration./33094 libssh2 - Out-of-Bounds Write via Unchecked packet_length in transport.c https://www.vulncheck.com/advisories/libssh2-out-of-bounds-write-via-unchecked-packet-length-in-transport-c PixelSmash Critical FFmpeg Vulnerability Turns Media Files into Weapons https://jfrog.com/blog/pixelsmash-critical-ffmpeg-vulnerability-turns-media-files-into-weapons/ My Upcoming Classes https://www.sans.org/profiles/dr-johannes-ullrich

Webshells Remain Popular https://isc.sans.edu/diary/Webshells%20Remain%20Popular/33096 Safer pull_request_target defaults for GitHub Actions checkout https://github.blog/changelog/2026-06-18-safer-pull_request_target-defaults-for-github-actions-checkout/ Private Access Control Tokens https://cloudflare.net/news/news-details/2026/Cloudflare-Collaborates-With-Leading-Browsers-to-Develop-a-Privacy-First-Protocol-For-the-Global-Internet/default.aspx https://blog.cloudflare.com/eliminating-captchas-on-iphones-and-macs-using-new-standard/ Fortibleed Update https://socradar.io/resources/whitepapers/dismantling-fortibleed-inside-a-russian-fortinet-compromise-operation/ My Upcoming Classes https://www.sans.org/profiles/dr-johannes-ullrich

eBanking Phishing Delivered Through IPv4-Mapped IPv6 Address https://isc.sans.edu/diary/eBanking%20Phishing%20Delivered%20Through%20IPv4-Mapped%20IPv6%20Address/33090 NGINX ngx_http_v3_module vulnerability CVE-2026-42530 https://my.f5.com/manage/s/article/K000161616 Squidbleed (CVE-2026-47729) https://blog.calif.io/p/squidbleed-cve-2026-47729 AMD will reinstate memory encryption on Ryzen 9000 CPUs through a BIOS update in July https://www.tomshardware.com/pc-components/cpus/amd-will-reinstate-memory-encryption-on-ryzen-9000-cpus-through-a-bios-update-in-july-tsme-is-coming-back-after-valuable-community-feedback My Upcoming Classes https://www.sans.org/profiles/dr-johannes-ullrich