
Hosted by Johannes Ullrich · EN

The browser blind spot: Why your security tool may not be blocking what you think it is [Guest Diary]https://isc.sans.edu/diary/The%20browser%20blind%20spot%3A%20Why%20your%20security%20tool%20may%20not%20be%20blocking%20what%20you%20think%20it%20is%20%5BGuest%20Diary%5D/33084 Android 17 Security Patcheshttps://source.android.com/docs/security/bulletin/android-17 Oracle Critical Security Patch Update Advisory - June 2026https://www.oracle.com/security-alerts/cspujun2026.html Multiple JetBrains IDE plugins caught stealing AI keyshttps://www.aikido.dev/blog/multiple-jetbrains-ide-plugins-caught-stealing-ai-keys My Upcoming Classeshttps://www.sans.org/profiles/dr-johannes-ullrich

From a VHDX File to a Remcos RAThttps://isc.sans.edu/diary/From%20a%20VHDX%20File%20to%20a%20Remcos%20RAT/33080 A backdoor in a LinkedIn job offerhttps://roman.pt/posts/linkedin-backdoor/ A 27-Year-Old Authentication Bypass in OpenBSD's PPP Stackhttps://blog.argus-systems.ai/blog/openbsd-pap-27-year-auth-bypass.html Copilot M365 Data Leakagehttps://www.varonis.com/blog/searchleak My Upcoming Classeshttps://www.sans.org/profiles/dr-johannes-ullrich

Evil MSI Background: BASE64 Statistical Analysishttps://isc.sans.edu/diary/Evil%20MSI%20Background%3A%20BASE64%20Statistical%20Analysis/33072 Cisco Catalyst SD-WAN Manager Arbitrary File Write Vulnerabilityhttps://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-arbfw-c2rZvQ TSME/SME not activating on Ryzen 7 9700Xhttps://github.com/AMDESE/AMDSEV/issues/292 Deep-Research Agents Can Be Poisoned via User-Generated Contenthttps://arxiv.org/pdf/2605.24245 My Upcoming Classeshttps://www.sans.org/profiles/dr-johannes-ullrich

Atomic Arch: Attackers Hijack Trusted AUR Packages to Deliver Rootkit-Like Malwarehttps://www.sonatype.com/blog/atomic-arch-npm-campaign-adds-malicious-dependency Why Use App-Level Auth When Every Database Has Auth? (Splunk Enterprise CVE-2026-20253 Pre-Auth RCE) https://labs.watchtowr.com/why-use-app-level-auth-when-every-database-has-auth-splunk-enterprise-cve-2026-20253-pre-auth-rce/ A Fake Bug Report Hijacks Your AI Coding Agent and Nothing Catches It.https://tenetsecurity.ai/blog/agentjacking-coding-agents-with-fake-sentry-errors/ My Upcoming Classeshttps://www.sans.org/profiles/dr-johannes-ullrich

More Bitlocker Issues: GreatXMLhttps://git.churchofmalware.org/Nightmare_Eclipse/GreatXML Security Advisory Ivanti Sentry (CVE-2026-10520, CVE-2026-10523)https://hub.ivanti.com/s/article/Security-Advisory-Ivanti-Sentry-CVE-2026-10520-CVE-2026-10523?language=en_US Oracle Security Alert Advisory - CVE-2026-35273https://www.oracle.com/security-alerts/alert-cve-2026-35273.htmlhttps://www.bleepingcomputer.com/news/security/oracle-mitigates-peoplesoft-zero-day-exploited-in-data-theft-attacks/ How Deceptive Installers Are Targeting macOS Usershttps://www.huntress.com/blog/deceptive-installers-macos-infostealers My Upcoming Classeshttps://www.sans.org/profiles/dr-johannes-ullrich

How has use of framing protection security headers changed in the past 3 years?https://isc.sans.edu/diary/How%20has%20use%20of%20framing%20protection%20security%20headers%20changed%20in%20the%20past%203%20years%3F/33068 Preparing for npm v12: install scripts and non-registry sources become opt-inhttps://github.com/orgs/community/discussions/198547 Adobe Patcheshttps://helpx.adobe.com/security.html Rogue Planet new Microsoft Defender Vulnerabilityhttps://github.com/MSNightmare/RoguePlanet My Upcoming Classeshttps://www.sans.org/profiles/dr-johannes-ullrich

Microsoft June 2026 Patch Tuesdayhttps://isc.sans.edu/diary/Microsoft%20June%202026%20Patch%20Tuesday/33064 Miasma Software Supply Chain Attack Toolkit Source Publishedhttps://safedep.io/inside-the-miasma-supply-chain-attack-toolkit/ Fortinet FortiSandbox Vulnerabilityhttps://fortiguard.fortinet.com/psirt/FG-IR-26-141 My Upcoming Classeshttps://www.sans.org/profiles/dr-johannes-ullrich

Azure Functions Action and 72 Other Repositories Disabled After Supply Chain Attackhttps://www.stepsecurity.io/blog/miasma-worm-hits-microsoft-again-azure-functions-action-and-72-other-repositories-disabled-after-supply-chain-attack-targeting-ai-coding-agents Active Exploitation of Check Point VPN Authentication Bypass (CVE-2026-50751)https://blog.checkpoint.com/security/check-point-releases-important-hotfix-for-vulnerabilities-in-deprecated-ikev1-vpn-protocol/ Missing IPsec Integrity Protection for IMS SIP Signaling in Verizon VoLTE Deploymentshttps://kb.cert.org/vuls/id/615987 My Upcoming Classeshttps://www.sans.org/profiles/dr-johannes-ullrich

The Evil MSI Background is Back!https://isc.sans.edu/diary/The%20Evil%20MSI%20Background%20is%20Back!/33054 The Smart TV in Your LivingRoom Is a Node in the AIScraping Economyhttps://blog.includesecurity.com/2026/06/the-smart-tv-in-your-livingroom-is-a-node-in-the-aiscraping-economy/ Brute force attack on Dashlane user accountshttps://support.dashlane.com/hc/en-us/articles/36038764990866-Security-advisory-Brute-force-attack-on-Dashlane-user-accounts#update-jun-4 My Upcoming Classeshttps://www.sans.org/profiles/dr-johannes-ullrich

Microsoft's Coreutils for Windowshttps://isc.sans.edu/diary/Microsoft%27s%20Coreutils%20for%20Windows/33048 Cisco Unified Communications Manager Server-Side Request Forgery Vulnerability CVE-2026-20230https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-ssrf-cXPnHcW Firmware Update for Acer Connect W6x Router https://community.acer.com/en/kb/articles/19672 OAuth marketplace apps keep access after publishers vanishhttps://www.helpnetsecurity.com/2026/06/04/oauth-marketplace-apps-audit/ My Upcoming Classeshttps://www.sans.org/profiles/dr-johannes-ullrich