===================== = End-of-Day report = =====================
Timeframe: Mittwoch 12-11-2025 18:00 − Donnerstag 13-11-2025 18:00 Handler: Alexander Riepl Co-Handler: n/a
===================== = News = =====================
∗∗∗ November Patch Tuesday does its chores ∗∗∗ --------------------------------------------- A cleanup month brings 63 patches… wait, no, 68… how about 61? --------------------------------------------- https://news.sophos.com/en-us/2025/11/12/november-patch-tuesday-does-its-cho...
∗∗∗ Over 67,000 Fake npm Packages Flood Registry in Worm-Like Spam Attack ∗∗∗ --------------------------------------------- Cybersecurity researchers are calling attention to a large-scale spam campaign that has flooded the npm registry with thousands of fake packages since early 2024 as part of a likely financially motivated effort."The packages were systematically published .. --------------------------------------------- https://thehackernews.com/2025/11/over-46000-fake-npm-packages-flood.html
∗∗∗ Zohocorp ManageEngine: Mehrere Sicherheitslücken in unterschiedlichen Produkten ∗∗∗ --------------------------------------------- Mehrere Schwachstellenberichte zu Lücken in mehreren Zohocorp-ManageEngine-Produkten sind erschienen. Updates stehen bereit. --------------------------------------------- https://www.heise.de/news/Zohocorp-ManageEngine-Mehrere-Sicherheitsluecken-i...
∗∗∗ Operation Endgame 3: 1025 Server von Netz genommen ∗∗∗ --------------------------------------------- Internationalen Strafverfolgern ist ein neuerlicher Schlag gegen Malware und dahinterliegende Infrastruktur gelungen. --------------------------------------------- https://www.heise.de/news/Operation-Endgame-3-1025-Server-von-Netz-genommen-...
∗∗∗ Citrix Netscaler ADC und Gateway: Update schließt Cross-Site-Scripting-Lücke ∗∗∗ --------------------------------------------- In den Netscaler ADCs und Gateways von Citrix können Angreifer eine Cross-Site-Scripting-Lücke ausnutzen. Updates schließen sie. --------------------------------------------- https://www.heise.de/news/Citrix-Netscaler-ADC-und-Gateway-Update-schliesst-...
∗∗∗ Google Sues to Disrupt Chinese SMS Phishing Triad ∗∗∗ --------------------------------------------- Google is suing more than two dozen unnamed individuals allegedly involved in peddling a popular China-based mobile phishing service that helps scammers impersonate hundreds of trusted brands, blast out text message lures, and convert phished payment card data into mobile wallets from Apple and Google. --------------------------------------------- https://krebsonsecurity.com/2025/11/google-sues-to-disrupt-chinese-sms-phish...
∗∗∗ Wenn sich die angebliche Copyright-Verletzung als Betrugsversuch entpuppt ∗∗∗ --------------------------------------------- Immer wieder sorgen E-Mails von vermeintlichen Anwaltskanzleien für Aufregung. Die Empfänger:innen haben angeblich gegen Urheberrechte verstoßen, die Geschädigten fordern Wiedergutmachung. Tatsächlich stimmt hier aber gar nichts. Die Copyright-Verletzung hat nicht stattgefunden, die Anwaltskanzlei existiert nicht. --------------------------------------------- https://www.watchlist-internet.at/news/copyright-verletzung-betrugsversuch/
∗∗∗ TAG Bulletin: Q3 2025 ∗∗∗ --------------------------------------------- Our bulletin covering coordinated influence operation campaigns terminated on our platforms in Q3 2025. --------------------------------------------- https://blog.google/threat-analysis-group/tag-bulletin-q3-2025/
∗∗∗ Contagious Interview Actors Now Utilize JSON Storage Services for Malware Delivery ∗∗∗ --------------------------------------------- NVISO reports a new development to the Contagious Interview campaign. The threat actors have recently resorted to utilizing JSON storage services like JSON Keeper, JSONsilo and npoint.io to host and deliver malware from trojanized code projects, with the lure being a use case or demo project as part of an interview process. Background Contagious Interview .. --------------------------------------------- https://blog.nviso.eu/2025/11/13/contagious-interview-actors-now-utilize-jso...
∗∗∗ CISA and Partners Release Advisory Update on Akira Ransomware ∗∗∗ --------------------------------------------- Today, Cybersecurity and Infrastructure Security Agency (CISA), in collaboration with the Federal Bureau of Investigation, Department of Defense Cyber Crime Center, Department of Health and Human Services, and international partners, released an updated joint Cybersecurity Advisory, #StopRansomware: Akira Ransomware, to provide network defenders with the latest indicators .. --------------------------------------------- https://www.cisa.gov/news-events/alerts/2025/11/13/cisa-and-partners-release...
===================== = Vulnerabilities = =====================
∗∗∗ Drupal core - Moderately critical - Gadget chain - SA-CORE-2025-006 ∗∗∗ --------------------------------------------- https://www.drupal.org/sa-core-2025-006
∗∗∗ Drupal core - Moderately critical - Denial of Service - SA-CORE-2025-005 ∗∗∗ --------------------------------------------- https://www.drupal.org/sa-core-2025-005
∗∗∗ Drupal core - Moderately critical - Information disclosure - SA-CORE-2025-008 ∗∗∗ --------------------------------------------- https://www.drupal.org/sa-core-2025-008
∗∗∗ Drupal core - Moderately critical - Defacement - SA-CORE-2025-007 ∗∗∗ --------------------------------------------- https://www.drupal.org/sa-core-2025-007