Mozilla Firefox: Firefox bietet unbegrenztes VPN im Sommer
Mozilla hebt das Datenlimit für den integrierten VPN-Dienst im Firefox-Browser vorübergehend auf und erweitert die Serverauswahl. (<a href="https://www.golem.de/specials/vpn/">VPN</a>, <a href="https://www.golem.de/speci
How has use of framing protection security headers changed in the past 3 years?, (Wed, Jun 10th)
Back in 2023, I wrote a diary[ 1 ] discussing how commonly X-Frame-Options and CSP headers containing the frame-ancestors directive were used on 1 million most popular domains on the internet (based on the Tran
Microsoft erneut unter Druck: Verärgerter Forscher leakt weiteren Defender-Exploit
Der Rogueplanet genannte Defender-Exploit verleiht Angreifern unter Windows Systemrechte. Ursprünglich sollte er aber noch viel mehr können. (<a href="https://www.golem.de/specials/sicherheitsluecke/">Sicherheitslücke</a
Fortinet schließt Befehlsschmuggel-Lücke in FortiSandbox und mehr
Fortinet warnt vor einer kritischen Sicherheitslücke in FortiSandbox und weiteren Lecks in FortiPortal und FortiOS/FortiProxy.
Anthropic Releases Claude Fable 5, Its Most Powerful AI Yet, With Cyber Safeguards
On June 9, Anthropic released Claude Fable 5, the most capable model it has ever made, generally available. It also did something unusual: it shipped one model as two products, split not by capability but by a layer of s
Patchday: Adobe schließt mehr als 120 Sicherheitslücken in InDesign & Co.
Angreifer können unter anderem an Schadcode-Schwachstellen in ColdFusion und Dreamwaver ansetzen.
ServiceNow Flaw Exploited to Gain Unauthorized Access to Customer Instances
ServiceNow has warned about a security incident in which unknown threat actors exploited a flaw to obtain deeper unauthorized access to susceptible instances. "On June 5, 2026, ServiceNow applied a security update to hos
Datenleck: Cyberangriff auf französischen Regierungs-Messenger Tchap
Frankreichs Digitalstelle DINUM räumt ein Datenleck beim Regierungs-Messenger Tchap ein. Angreifer konnten ein Konto kompromittieren.
Microsoft-Patchday mit offenem Ende: Forscher legt RoguePlanet-Zero-Day nach
Unter anderem eine kritische Kernel-Schwachstelle bedroht Windows 11. Zusätzlich schließt Microsoft Ende Mai bekannt gewordene Zero-Day-Lücken.
„Passwort“ Folge 59: Vom DNSSEC-Fail beim DENIC, Domainklau und anderen News
Nicht nur bei DENIC rumpelte es: Ein domainbeklauter DeFI-Anbieter und ein abgeschalteter Cloud-Hoster sind Themen dieser Folge. Und eine Bitlocker-Lücke.
Ohne Nutzerinteraktion: Unzählige Windows-Systeme über Kernel-Lücke angreifbar
Microsofts Juni-Updates schließen über 500 Sicherheitslücken. Eine davon ermöglicht automatisierte Schadcode-Attacken auf Windows-Systeme. (<a href="https://www.golem.de/specials/patchday/">Patchday</a>, <a href="https:/
Ivanti: Max severity Sentry flaw allows code execution as root
Ivanti has patched two critical vulnerabilities in its Sentry secure mobile gateway solution, including a maximum-severity flaw that enables remote attackers to execute code with root privileges. [...]
13,6 Millionen Euro weniger: Gericht reduziert Millionenstrafe für Deutsche Wohnen
Datenschützer verhängten gegen die Deutsche Wohnen ein Bußgeld von 14,5 Millionen Euro. Ein Gericht hat die Summe auf 900.000 Euro reduziert. (<a href="https://www.golem.de/specials/eu-dsgvo/">DSGVO</a>, <a href="https:/
Microsoft Defender RoguePlanet Zero-Day Grants SYSTEM Access on Updated Windows
The anonymous security researcher going by the name Chaotic Eclipse (aka Nightmare-Eclipse) has released a proof-of-concept (PoC) exploit for yet another Microsoft Defender zero-day named RoguePlanet. "The exploit is a r
Anzeige: Schwachstellenmanagement und Patchmanagement praxisnah umsetzen
Schwachstellenmanagement erfordert belastbare Priorisierung statt CVSS-Autopilot. Ein Live-Online-Workshop vermittelt Methoden, um Risiken einzuordnen und Maßnahmen abzuleiten. (<a href="https://www.golem.de/specials/gol
Six Proto6 Vulnerabilities in protobuf.js Expose Node.js Apps to RCE and DoS
Cybersecurity researchers have flagged half a dozen vulnerabilities in protobuf.js, a JavaScript and TypeScript implementation of Protocol Buffers (Protobuf), that, if successfully exploited, could result in remote code
Anthropic rolls out Claude Fable 5, but it's available for a limited time
Anthropic has begun rolling out a new model called "Fable," which is based on the same underlying model as Mythos, its most powerful AI model class. [...]
ISC Stormcast For Wednesday, June 10th, 2026 https://isc.sans.edu/podcastdetail/9966, (Wed, Jun 10th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Microsoft Defender 'RoguePlanet' zero-day grants SYSTEM privileges
A security researcher has released a new Microsoft Defender zero-day exploit named "RoguePlanet" just hours after Microsoft fixed two previously disclosed flaws during June 2026 Patch Tuesday. [...]
A Record-Breaking Patch Tuesday for June 2026
Microsoft today released software updates to plug nearly 200 security holes across its Windows operating systems and supported software, a record number of fixes for the company's monthly Patch Tuesday cycle. Nearly thre
ServiceNow discloses security incident exposing customer data
ServiceNow is warning about a security incident after attackers exploited an unauthenticated access flaw through a vulnerable API endpoint, allowing them to query data from customer instances. [...]
OpenClaw AI agent found falling for phishing attacks, spills user data
Phishing simulation on an OpenClaw email agent with various configuration profiles showed that it was susceptible to tactics commonly used to compromise human users. [...]
Das wird teuer: Anthropics Claude Mythos 5 erscheint als Fable 5 mit Schranken
Claude Mythos 5 gibt es für die NSA und ausgewählte Partner. Die veröffentlichte, eingeschränkte Version heißt Claude Fable 5. Abonnement gibt’s keines.
SAP fixes critical flaws in NetWeaver and Commerce Cloud
SAP has released fixes for 15 vulnerabilities as part of its June 2026 Security Patch package, including four critical-severity flaws affecting SAP NetWeaver and SAP Commerce Cloud. [...]
Microsoft releases Windows 10 KB5094127 extended security update
Microsoft has released the Windows 10 KB5094127 extended security update, which fixes the June 2026 Patch Tuesday vulnerabilities and adds new functionality to monitor the rollout of updated Secure Boot certificates that
Microsoft June 2026 Patch Tuesday fixes 3 zero-day, 200 flaws
Today is Microsoft's June 2026 Patch Tuesday, with security updates for 200 flaws and three publicly disclosed zero-day vulnerabilities. [...]
Reconstructing AI activity in investigations
Learn how to investigate AI activity in Microsoft 365 Copilot and Azure AI services using a structured, telemetry-driven approach. This playbook helps security teams reconstruct events, assess data exposure, and detect p
Microsoft June 2026 Patch Tuesday, (Tue, Jun 9th)
Microsoft today released patches for 204 vulnerabilities. 38 of these vulnerabilities are considered critical, and three have been disclosed before today. Six of the vulnerabilities affect Microsoft cloud solutions and d
Windows 11 KB5094126 & KB5093998 cumulative updates released
Microsoft has released Windows 11 KB5094126 and KB5093998 cumulative updates for versions 25H2/24H2 and 23H2 to fix security vulnerabilities, bugs, and add new features. [...]
Meta to Use Off-Site Business Data for Feed and AI Personalization
Meta on Tuesday announced that it will use information shared by other businesses to personalize users' feed and responses from its artificial intelligence (AI) chatbot, expanding its scope beyond targeted ads. "Business
Veeam Backup & Replication RCE Flaw Lets Domain Users Run Remote Code
Veeam has released security patches to address a critical flaw in its Backup & Replication software that could result in remote code execution. Tracked as CVE-2026-44963, the vulnerability carries a CVSS score of 9.4 out
Microsoft Restores Some GitHub Repos, Keeps Others Offline as Miasma Probe Continues
Microsoft on Monday confirmed that it temporarily removed some GitHub repositories in response to a recent security incident that led to 73 of its open-source projects being compromised to inject an information stealer i
XBOW tests Anthropic's Mythos Preview for offensive security
Anthropic's Mythos Preview was highly effective at finding vulnerability candidates, especially when analyzing source code. XBOW explores how the model performed across exploit discovery, reverse engineering, and live-si
Reaktion auf Claude Mythos? Bundesregierung gründet KI-Sicherheitsinstitut
Mit einer neuen Einrichtung will die Bundesregierung ihre Analysefähigkeiten bei KI-Modellen stärken. Minister Wildberger verspricht „Experten auf Weltniveau“.
GitHub disables Microsoft repos pushing password-stealing malware
Microsoft removed 73 repositories across its Azure, microsoft, Azure-Samples, and MicrosoftDocs organizations on GitHub, disrupting continuous integration pipelines. [...]
New Veeam vulnerability exposes backup servers to RCE attacks
Veeam has released security updates to patch a critical Backup & Replication security flaw that can be exploited to gain remote code execution (RCE) on domain-joined backup servers. [...]
Darknet Diaries Deutsch: Nackt im Netz - Teil 2
Die Zwillingsschwestern Madison und Christine wurden über Jahre hinweg von einer unbekannten Person massiv im Internet belästigt. Jetzt wehren sie sich.
WinRAR Flaw Exploited by Russia-Aligned Groups to Deploy Stealers in Ukraine
Two Russia-aligned cyber attack campaigns have continued to exploit a security flaw in WinRAR to target Ukrainian organisations, almost a year after patches for the vulnerability were released. The activity has been attr
Researchers Build Self-Replicating AI Worm That Operates Entirely on Local, Open-Weight Models
University of Toronto researchers have built and tested a proof-of-concept AI-driven computer worm that uses a locally hosted open-weight large language model to reason its way through a network, generate tailored attack
Chrome V8 Zero-Day CVE-2026-11645 Exploited in the Wild - Patch Now
Google has released security updates to address 74 vulnerabilities, including one that has come under active exploitation in the wild. The high-severity vulnerability, tracked as CVE-2026-11645 (CVSS score: 8.8), has bee
Wird alle 30 Minuten aktualisiert · CH/DE: BACS Schweiz, BSI, Allianz Cyber-Sicherheit, Heise Security, Golem · EN: BleepingComputer, The Hacker News, Fortinet, SANS ISC, Microsoft Security, Krebs on Security, Kaspersky