DEV Community: Mark0

SAP fixes critical flaws in NetWeaver and Commerce Cloud

Mark0 — Thu, 11 Jun 2026 05:00:09 +0000

SAP has released its June 2026 Security Patch package, addressing 15 vulnerabilities, including four critical-severity flaws affecting SAP NetWeaver and SAP Commerce Cloud. The most severe issues involve an XML Signature Wrapping vulnerability (CVSS 9.9) allowing for authentication bypass in SAML environments and a memory corruption flaw (CVSS 9.8) that can be triggered without authentication via crafted RFC requests.

These updates also cover directory traversal, Spring Security flaws, and missing authorization checks across various core platforms. Given the critical nature of these vulnerabilities—particularly those affecting core application serving and authentication middleware—security teams are advised to prioritize patching immediately to prevent unauthorized data access and potential system disruption.

Read Full Article

China-linked JDY botnet expands targeting of U.S. military networks

Mark0 — Thu, 11 Jun 2026 04:58:54 +0000

The JDY botnet, a scanning and reconnaissance network linked to Chinese threat actors such as Volt Typhoon, has more than doubled its size over the past year. Now comprising over 1,500 compromised SOHO and IoT devices, the botnet primarily targets United States military and associated infrastructure. Unlike typical DDoS botnets, JDY focuses on rapid service discovery and protocol fingerprinting to identify vulnerable assets shortly after public vulnerability disclosures.

Recent analysis by Black Lotus Labs reveals that JDY operators utilize hidden Tor services for command-and-control and the Platypus framework for host management. The malware employs sophisticated techniques like stealthy raw SYN scanning to perform high-speed reconnaissance. Organizations are urged to secure edge devices, disable exposed administrative interfaces, and monitor for unusual outbound scanning to mitigate the risk of being recruited into or targeted by this expanding network.

Read Full Article

Microsoft Patches Record 206 Flaws, Including Three Zero-Days and Critical RCE Bugs

Mark0 — Thu, 11 Jun 2026 04:57:32 +0000

Microsoft has released a record-breaking update for June 2026, addressing 206 vulnerabilities, with 39 rated as Critical. High-impact flaws include remote code execution (RCE) in the Windows Kernel and DHCP Client, as well as multiple BitLocker security feature bypasses. The volume of patches is attributed to the rise of AI-assisted vulnerability discovery tools.

Notable vulnerabilities include CVE-2026-45657 and CVE-2026-44815, both allowing unauthenticated RCE via network traffic. The update also mitigates the "HTTP2/Bomb" denial-of-service attack and addresses several publicly disclosed zero-days like GreenPlasma and MiniPlasma. Security experts warn that the scale of these updates, exceeding historical annual totals, presents significant challenges for patch management and quality assurance.

Read Full Article

2026-06-09: Atomic macOS (AMOS) Stealer infection

Mark0 — Wed, 10 Jun 2026 05:05:13 +0000

This report details an Atomic macOS (AMOS) Stealer infection observed on June 9, 2026. The infection chain begins with malicious advertisements that lead users to a fraudulent Homebrew (Brew) installation page. Victims are instructed to paste malicious commands into their terminal, which initiates the deployment of the stealer malware.

Following execution, the malware establishes persistence and creates specific artifacts within the /tmp directory. The analysis provides associated files including traffic captures (pcaps) and indicators of compromise (IOCs), alongside visual documentation of the malvertising campaign and the terminal-based infection vector.

Read Full Article

Microsoft Patch Tuesday for June 2026 — Snort rules and prominent vulnerabilities

Mark0 — Wed, 10 Jun 2026 05:04:27 +0000

Microsoft's June 2026 security update addresses 206 vulnerabilities, including 32 critical flaws. The majority of these critical entries are remote code execution (RCE) vulnerabilities affecting core services such as Windows Active Directory, Hyper-V, and the HTTP Protocol Stack. Talos has identified several vulnerabilities where exploitation is considered more likely, specifically highlighting heap-based buffer overflows in the Remote Desktop Client and integer overflows in the Windows Graphics component.

In addition to the critical RCE flaws, the update covers elevation of privilege, information disclosure, and security feature bypass vulnerabilities across the Microsoft ecosystem, including Azure and Office. Organizations are encouraged to apply patches immediately and update their security rulesets. Cisco Talos has released specific Snort rules to detect exploitation attempts targeting these newly disclosed vulnerabilities.

Read Full Article

Cybercriminals: the 'auditors' you never hired

Mark0 — Wed, 10 Jun 2026 05:03:44 +0000

Normalcy bias is a significant cognitive trap in cybersecurity where organizations underestimate the likelihood of disasters because life appears to continue as normal. This bias often leads businesses to interpret a lack of clear alerts as evidence of safety, resulting in a dangerous failure to act on warning signs. The NCSC Annual Review 2025 highlights this reality, reporting a 130% increase in significant cyberattacks, suggesting that many organizations are falling into a state of complacency even as the threat landscape escalates.

To combat this, organizations must move beyond the reactive "lessons learnt" narrative and adopt a proactive stance through continuous auditing and advanced security services. By investing in penetration testing, threat intelligence, and 24/7 Managed Detection and Response (MDR), companies can close the gap between perceived security and reality. Failing to do so essentially outsources security assurance to cybercriminals, who are increasingly using AI to scale their attacks and exploit the very normalcy bias that keeps organizations vulnerable.

Read Full Article

Threat Brief: Active Exploitation of PAN-OS CVE-2026-0257

Mark0 — Wed, 10 Jun 2026 05:02:58 +0000

⚠️ Region Alert: UAE/Middle East

Unit 42 has identified active exploitation of CVE-2026-0257, a critical authentication bypass vulnerability affecting Palo Alto Networks PAN-OS GlobalProtect portals and gateways. This security flaw enables unauthorized attackers to bypass security controls and initiate VPN connections. The vulnerability was added to the CISA Known Exploited Vulnerability (KEV) catalog on May 29, 2026, highlighting the immediate threat to organizations running unpatched versions.

While current observations show no post-access lateral movement, a small number of devices have successfully established VPN sessions. Security teams are urged to monitor GlobalProtect logs for specific Indicators of Compromise (IoCs), including suspicious IP addresses and hard-coded client configuration values found in public exploit code. Immediate patching or the application of vendor-provided workarounds is strongly recommended to secure network perimeters.

Read Full Article

CrowdStrike and Zscaler Bring Continuous Identity to Zero Trust Access

Mark0 — Wed, 10 Jun 2026 05:02:23 +0000

CrowdStrike and Zscaler have announced a new integration between Falcon Next-Gen Identity Security and Zscaler’s Adaptive Access Engine (AAE) to automate risk-based access control. Leveraging a Continuous Identity approach, the platform evaluates risk signals across identity, endpoint, and cloud domains to share context in real-time. This integration utilizes open standards such as the Shared Signals Framework (SSF) and Continuous Access Evaluation Profile (CAEP) to dynamically adjust access policies.

The system is designed to stop lateral movement by automatically restricting access to sensitive resources, such as code repositories, the moment high-risk activity is detected. Once an incident is resolved and the risk score decreases, access is automatically restored without manual intervention. This collaborative defense reduces the window of opportunity for adversaries and simplifies complex security operations through seamless interoperability between AI-native cybersecurity and Zero Trust architectures.

Read Full Article

SEC Consult SA-20260608-0 :: Privilege Escalation via Binary Planting in Genetec-provided RabbitMQ in multiple Genetec products

Mark0 — Wed, 10 Jun 2026 05:01:44 +0000

A critical local privilege escalation vulnerability (CVE-2026-25112) has been identified in the RabbitMQ component provided with various Genetec products. The flaw originates from insecure directory permissions in C:\ProgramData\Genetec\RabbitMQ, which is writable by any authenticated user. The erl.exe process, running with LOCAL SERVICE privileges, attempts to execute a non-existent file named handle.exe from this location, allowing an attacker to plant a malicious binary.

Successful exploitation allows an attacker to gain SYSTEM level privileges by leveraging the SeImpersonatePrivilege assigned to the LOCAL SERVICE account, often through techniques like the "Rotten Potato" attack. Genetec has released patches and a specific mitigation utility to address the issue across affected product lines, including Mission Control, Industrial IoT, and Sipelia. Users are advised to either apply the updates or manually restrict access to the vulnerable directory.

Read Full Article

Governing Claude Enterprise in Environments Where Inline Controls Can't Go

Mark0 — Wed, 10 Jun 2026 05:00:59 +0000

The provided input indicates a failure to retrieve content from the Trend Micro research blog regarding 'Governing Claude Enterprise'. Consequently, a technical summary of the specific findings or administrative recommendations regarding Anthropic's enterprise AI solution cannot be generated from the available text snippet.

The article likely explores security frameworks, data privacy controls, and governance strategies essential for organizations deploying Claude Enterprise. For detailed insights into Trend Micro's analysis of LLM security and risk management, it is recommended to visit the original source URL directly.

Read Full Article

Blinding the Watchmen: Abusing Cloud Logging Services for Defense Evasion and Visibility

Mark0 — Wed, 10 Jun 2026 05:00:15 +0000

⚠️ Region Alert: UAE/Middle East

This article examines the critical role of cloud logging services, such as AWS CloudTrail and Google Cloud Logging, and how they have become primary targets for cyber attackers. By disrupting these services, threat actors can create security blind spots, evade detection by SIEM and SOAR platforms, or establish long-term visibility by redirecting logs to attacker-controlled environments. The analysis categorizes these threats into defense evasion and continuous visibility, providing technical walkthroughs of techniques like log poisoning and encryption key impairment.

To counter these sophisticated tactics, the report emphasizes the necessity of strict access controls and the implementation of native security features like log file integrity validation and immutable log buckets. Organizations are encouraged to restrict logging configuration permissions to highly privileged users and utilize automated detection tools to identify unauthorized modifications. Understanding these adversarial patterns allows security teams to build more resilient cloud infrastructures and maintain the integrity of their forensic audit trails.

Read Full Article

Investigating suspicious AI workflows in Microsoft Entra Agent ID: Assistive agents

Mark0 — Wed, 10 Jun 2026 04:59:29 +0000

Read Full Article