===================== = End-of-Day report = =====================
Timeframe: Montag 04-05-2026 18:00 − Dienstag 05-05-2026 18:00 Handler: Felician Fuchs Co-Handler: n/a
===================== = News = =====================
∗∗∗ Trellix discloses data breach after source code repository hack ∗∗∗ --------------------------------------------- Cybersecurity firm Trellix disclosed a data breach after attackers gained access to "a portion" of its source code repository. --------------------------------------------- https://www.bleepingcomputer.com/news/security/trellix-discloses-data-breach...
∗∗∗ Amazon SES increasingly abused in phishing to evade detection ∗∗∗ --------------------------------------------- The Amazon Simple Email Service (SES) is being increasingly abused to send convincing phishing emails that can bypass standard security filters and render reputation-based blocks ineffective. --------------------------------------------- https://www.bleepingcomputer.com/news/security/amazon-ses-increasingly-abuse...
∗∗∗ Weaver E-cology critical bug exploited in attacks since March ∗∗∗ --------------------------------------------- Hackers have been exploiting a critical vulnerability (CVE-2026-22679) in the Weaver E-cology office automation since mid-March to run discovery commands. --------------------------------------------- https://www.bleepingcomputer.com/news/security/weaver-e-cology-critical-bug-...
∗∗∗ CloudZ malware abuses Microsoft Phone Link to steal SMS and OTPs ∗∗∗ --------------------------------------------- A new version of the CloudZ remote access tool (RAT) is deploying a previously unseen malicious plugin called Pheno that hijacks the Microsoft Phone Link connection to steal sensitive codes from mobile devices. --------------------------------------------- https://www.bleepingcomputer.com/news/security/cloudz-malware-abuses-microso...
∗∗∗ Webbrowser: Klartext-Passwörter im Speicher von Microsoft Edge entdeckt ∗∗∗ --------------------------------------------- Der in Edge integrierte Passwortmanager ist offenbar keine sichere Wahl. Passwörter landen beim Start im Prozessspeicher und lassen sich auslesen. --------------------------------------------- https://www.golem.de/news/webbrowser-klartext-passwoerter-permanent-im-speic...
∗∗∗ Phishing Campaign Hits 80+ Orgs Using SimpleHelp and ScreenConnect RMM Tools ∗∗∗ --------------------------------------------- An active phishing campaign has been observed targeting multiple vectors since at least April 2025 with legitimate Remote Monitoring and Management (RMM) software as a way to establish persistent remote access to compromised hosts. --------------------------------------------- https://thehackernews.com/2026/05/phishing-campaign-hits-80-orgs-using.html
∗∗∗ Microsoft Details Phishing Campaign Targeting 35,000 Users Across 26 Countries ∗∗∗ --------------------------------------------- Microsoft has disclosed details of a large-scale credential theft campaign that has leveraged a combination of code of conduct-themed lures and legitimate email services to direct users to attacker-controlled domains and steal authentication tokens. --------------------------------------------- https://thehackernews.com/2026/05/microsoft-details-phishing-campaign.html
∗∗∗ Vimeo-Datenleck: 119.000 E-Mail-Adressen betroffen ∗∗∗ --------------------------------------------- Die Cybergang ShinyHunters hat Daten von Vimeo bei Anodot gestohlen und ins Darknet gestellt. Nun hat Have-I-Been-Pwned sie aufgenommen. --------------------------------------------- https://www.heise.de/news/Vimeo-Datenleck-119-000-E-Mail-Adressen-betroffen-...
∗∗∗ Datenschutzvorfall bei Verlag Delius Klasing ∗∗∗ --------------------------------------------- Der Verlag Delius Klasing räumt in einer E-Mail an Kunden einen IT-Vorfall ein. Personenbezogene Kundendaten wurden offengelegt. --------------------------------------------- https://www.heise.de/news/Datenschutzvorfall-bei-Verlag-Delius-Klasing-11281...
∗∗∗ Quasar Linux (QLNX) – A Silent Foothold in the Supply Chain: Inside a Full-Featured Linux RAT With Rootkit, PAM Backdoor, Credential Harvesting Capabilities ∗∗∗ --------------------------------------------- TrendAI™ Research breaks down Quasar Linux (QLNX), a previously undocumented sophisticated Linux RAT with low detection rates. In this blog, we examine a full-featured Linux threat incorporating a rootkit, a PAM backdoor, credential harvesting, and more, revealing how this malware enables stealthy access, persistence, and potential supply-chain attacks. --------------------------------------------- https://www.trendmicro.com/en_us/research/26/e/quasar-linux-qlnx-a-silent-fo...
∗∗∗ CISA Unveils New Initiative to Fortify America’s Critical Infrastructure ∗∗∗ --------------------------------------------- Today, the Cybersecurity and Infrastructure Security Agency (CISA) released guidance to help critical infrastructure (CI) entities across all sectors prepare to operate through a crisis or conflict, continuing vital service delivery even as their systems are under attack. --------------------------------------------- https://www.cisa.gov/news-events/news/cisa-unveils-new-initiative-fortify-am...
===================== = Vulnerabilities = =====================
∗∗∗ Patchday: Kritische Schadcode-Lücke bedroht Android 14, 15 und 16 ∗∗∗ --------------------------------------------- Schadcode kann durch ein fehlerhaftes Debugging-Modul auf Androidgeräte schlüpfen. Nun hat Google die kritische Schwachstelle geschlossen. --------------------------------------------- https://www.heise.de/news/Patchday-Kritische-Schadcode-Luecke-bedroht-Androi...
∗∗∗ Daemon Tools Lite: Infizierte Installer durch Supply-Chain-Attacke ∗∗∗ --------------------------------------------- Offiziell signierte Daemon-Tools-Installer von der Herstellerseite bringen Malware mit. Offenbar durch einen Lieferkettenangriff. --------------------------------------------- https://www.heise.de/news/Daemon-Tools-Lite-Infizierte-Installer-durch-Suppl...
∗∗∗ Progress Patches Critical MOVEit Automation Bug Enabling Authentication Bypass ∗∗∗ --------------------------------------------- Progress Software has released updates to address two security flaws in MOVEit Automation, including a critical bug that could result in an authentication bypass. MOVEit Automation (formerly Central) is a secure, server-based managed file transfer (MFT) solution used to schedule and automate file movement workflows in enterprise environments without requiring any custom scripts. --------------------------------------------- https://thehackernews.com/2026/05/progress-patches-critical-moveit.html
∗∗∗ LWN Security updates for Tuesday ∗∗∗ --------------------------------------------- https://lwn.net/Articles/1071324/