===================== = End-of-Day report = =====================
Timeframe: Dienstag 13-01-2026 18:00 − Mittwoch 14-01-2026 18:30 Handler: Felician Fuchs Co-Handler: n/a
===================== = News = =====================
∗∗∗ Target employees confirm leaked source code is authentic ∗∗∗ --------------------------------------------- Multiple current and former Target employees confirmed that leaked source code samples posted by a threat actor match real internal systems. The company also rolled out an "accelerated" lockdown of its Git server, requiring VPN access, a day after being contacted by BleepingComputer. --------------------------------------------- https://www.bleepingcomputer.com/news/security/target-employees-confirm-leak...
∗∗∗ Microsoft: Windows 365 update blocks access to Cloud PC sessions ∗∗∗ --------------------------------------------- Microsoft confirmed that a recent Windows 365 update is blocking customers from accessing their Microsoft 365 Cloud PC sessions. --------------------------------------------- https://www.bleepingcomputer.com/news/microsoft/microsoft-windows-365-update...
∗∗∗ Cloud marketplace Pax8 accidentally exposes data on 1,800 MSP partners ∗∗∗ --------------------------------------------- Cloud marketplace and distributor Pax8 has confirmed that it mistakenly sent an email to fewer than 40 UK-based partners containing a spreadsheet with internal business information, including MSP customer and Microsoft licensing data. --------------------------------------------- https://www.bleepingcomputer.com/news/security/cloud-marketplace-pax8-accide...
∗∗∗ Reprompt attack let hackers hijack Microsoft Copilot sessions ∗∗∗ --------------------------------------------- Researchers identified an attack method dubbed "Reprompt" that could allow attackers to infiltrate a users Microsoft Copilot session and issue commands to exfiltrate sensitive data. --------------------------------------------- https://www.bleepingcomputer.com/news/security/reprompt-attack-let-hackers-h...
∗∗∗ ConsentFix debrief: Insights from the new OAuth phishing attack ∗∗∗ --------------------------------------------- ConsentFix is an OAuth phishing technique abusing browser-based authorization flows to hijack Microsoft accounts. Push Security shares new insights from continued tracking, community research, and evolving attacker techniques. --------------------------------------------- https://www.bleepingcomputer.com/news/security/consentfix-debrief-insights-f...
∗∗∗ Microsoft updates Windows DLL that triggered security alerts ∗∗∗ --------------------------------------------- Microsoft has resolved a known issue that was causing security applications to incorrectly flag a core Windows component, the company said in a service alert posted this week. --------------------------------------------- https://www.bleepingcomputer.com/news/microsoft/microsoft-updates-windows-dl...
∗∗∗ Ohne Authentifizierung: Broadcom-Lücke lässt Angreifer ganze WLAN-Netze lahmlegen ∗∗∗ --------------------------------------------- Zahlreiche WLAN-Netze, die auf Broadcom-Chipsätzen basieren, lassen sich mit nur einem Datenpaket lahmlegen. Angreifer brauchen dafür keinen Schlüssel. --------------------------------------------- https://www.golem.de/news/ohne-authentifizierung-broadcom-luecke-laesst-angr...
∗∗∗ Corrupting LLMs Through Weird Generalizations ∗∗∗ --------------------------------------------- Abstract LLMs are useful because they generalize so well. But can you have too much of a good thing? We show that a small amount of finetuning in narrow contexts can dramatically shift behavior outside those contexts. --------------------------------------------- https://www.schneier.com/blog/archives/2026/01/corrupting-llms-through-weird...
∗∗∗ Malware Intercepts Googlebot via IP-Verified Conditional Logic ∗∗∗ --------------------------------------------- Some attackers are increasingly moving away from simple redirects in favor of more “selective” methods of payload delivery. This approach filters out regular human visitors, allowing attackers to serve malicious content to search engine crawlers while remaining invisible to the website owner. --------------------------------------------- https://blog.sucuri.net/2026/01/malware-intercepts-googlebot-via-ip-verified...
∗∗∗ Malicious Chrome Extension Steals MEXC API Keys by Masquerading as Trading Tool ∗∗∗ --------------------------------------------- Cybersecurity researchers have disclosed details of a malicious Google Chrome extension thats capable of stealing API keys associated with MEXC, a centralized cryptocurrency exchange (CEX) available in over 170 countries, while masquerading as a tool to automate trading on the platform. --------------------------------------------- https://thehackernews.com/2026/01/malicious-chrome-extension-steals-mexc.htm...
∗∗∗ New Research: 64% of 3rd-Party Applications Access Sensitive Data Without Justification ∗∗∗ --------------------------------------------- Research analyzing 4,700 leading websites reveals that 64% of third-party applications now access sensitive data without business justification, up from 51% in 2024. Government sector malicious activity spiked from 2% to 12.9%, while 1 in 7 Education sites show active compromise. --------------------------------------------- https://thehackernews.com/2026/01/new-research-64-of-3rd-party.html
∗∗∗ Hackers Exploit c-ares DLL Side-Loading to Bypass Security and Deploy Malware ∗∗∗ --------------------------------------------- Security experts have disclosed details of an active malware campaign thats exploiting a DLL side-loading vulnerability in a legitimate binary associated with the open-source c-ares library to bypass security controls and deliver a wide range of commodity trojans and stealers. --------------------------------------------- https://thehackernews.com/2026/01/hackers-exploit-c-ares-dll-side-loading.ht...
∗∗∗ Interrail meldet Datenleck: Auch Ausweisdaten betroffen ∗∗∗ --------------------------------------------- Bei Eurail flossen mutmaßlich Daten ab. Der Anbieter stellt Interrail-Pässe auch im Auftrag der deutschen, österreichischen und Schweizer Bahn aus. --------------------------------------------- https://www.heise.de/news/Interrail-meldet-Datenleck-Auch-Ausweisdaten-betro...
∗∗∗ Kritik an GnuPG und seinem Umgang mit gemeldeten Lücken ∗∗∗ --------------------------------------------- Die auf dem 39C3 demonstrierten Probleme in der PGP-Implementierung GnuPG riefen vielfältige Kritik an GnuPGs Umgang damit, aber auch an PGP insgesamt hervor. --------------------------------------------- https://www.heise.de/hintergrund/Kritik-an-GnuPG-und-seinem-Umgang-mit-gemel...
∗∗∗ Malware-Masche: Jobangebote jubeln Entwicklern bösartige Repositories unter ∗∗∗ --------------------------------------------- Entwickler müssen bei Jobangeboten inzwischen aufpassen. Kriminelle versuchen, Infostealer darüber zu verteilen. --------------------------------------------- https://www.heise.de/news/Malware-Masche-Jobangebote-jubeln-Entwicklern-boes...
∗∗∗ How real software downloads can hide remote backdoors ∗∗∗ --------------------------------------------- Attackers use legitimate open-source software as cover, relying on user trust to compromise systems. We dive into an example. --------------------------------------------- https://www.malwarebytes.com/blog/threat-intel/2026/01/how-real-software-dow...
∗∗∗ Instagram dementiert Hack nach massenhaften Passwort-Reset-Mails ∗∗∗ --------------------------------------------- Zuvor waren Berichte über entwendete Daten von 17 Millionen Usern kursiert. Das Unternehmen widerspricht und rät zum Ignorieren der Mails --------------------------------------------- https://www.derstandard.at/story/3000000303975/instagram-dementiert-hack-nac...
∗∗∗ Ransomware: Tactical Evolution Fuels Extortion Epidemic ∗∗∗ --------------------------------------------- New whitepaper reveals record number of attacks as threat landscape evolves with new players and new tactics. --------------------------------------------- https://www.security.com/threat-intelligence/ransomware-extortion-epidemic
∗∗∗ More than 40 countries impacted by North Korea IT worker scams, crypto thefts ∗∗∗ --------------------------------------------- Eleven countries led a session at the UN headquarters in New York centered around a 140-page report released last fall that covered North Korea’s extensive cyber-focused efforts to fund its nuclear and ballistic weapons program. --------------------------------------------- https://therecord.media/40-countries-impacted-nk-it-thefts-united-nations
∗∗∗ Poland says it repelled major cyberattack on power grid, blames Russia ∗∗∗ --------------------------------------------- Poland narrowly avoided a large-scale power outage by thwarting what officials described as the most serious cyberattack on its energy infrastructure in years. --------------------------------------------- https://therecord.media/poland-cyberattack-grid-russia
∗∗∗ Western cyber agencies warn about threats to industrial operational technology ∗∗∗ --------------------------------------------- New guidance issued by Britain’s National Cyber Secure Centre (NCSC), a part of signals and cyber intelligence agency GCHQ, sets out how organizations should securely connect equipment such as industrial control systems, sensors and other critical services. --------------------------------------------- https://therecord.media/cyber-agencies-warn-of-industrial-system-threats
∗∗∗ Telegram to Add Warning for Proxy Links After IP Leak Concerns ∗∗∗ --------------------------------------------- Telegram will add a warning for proxy links after reports showed they can expose user IP addresses with a single click, bypassing VPN or privacy settings. --------------------------------------------- https://hackread.com/telegram-add-warning-proxy-links-ip-leak/
∗∗∗ Hacker Claims Full Breach of Russia’s Max Messenger, Threatens Public Leak ∗∗∗ --------------------------------------------- A hacker claims a full breach of Russia’s Max Messenger, threatening to leak user data and backend systems if demands are not met. --------------------------------------------- https://hackread.com/hacker-russia-max-messenger-breach-data-leak/
∗∗∗ Secure Connectivity Principles for Operational Technology (OT) ∗∗∗ --------------------------------------------- CISA and the UK National Cyber Security Centre (NCSC-UK), in collaboration with federal and international partners, have released Secure Connectivity Principles for Operational Technology (OT) guidance to help asset owners address increasing business and regulatory pressures for connectivity into operational technology (OT) networks. --------------------------------------------- https://www.cisa.gov/resources-tools/resources/secure-connectivity-principle...
∗∗∗ Unpatchable Vulnerabilities of Kubernetes: CVE-2020-8554 ∗∗∗ --------------------------------------------- This blog is the first part of a mini-series looking at the four unpatchable CVEs in every Kubernetes cluster. --------------------------------------------- https://securitylabs.datadoghq.com/articles/unpatchable-kubernetes-vulnerabi...
∗∗∗ Wireless-(in)Fidelity: Pentesting Wi-Fi in 2025 ∗∗∗ --------------------------------------------- Despite the advancements that have been made in Wi-Fi security with the arrival of WPA3, some misconfigurations and legacy protocols still remain. In this blogpost, we share insights into Wi-Fi related findings encountered during penetration testing engagements. --------------------------------------------- https://www.synacktiv.com/en/publications/wireless-infidelity-pentesting-wi-...
===================== = Vulnerabilities = =====================
∗∗∗ Multiple vulnerabilities in EATON UPS Companion ∗∗∗ --------------------------------------------- EATON UPS Companion provided by Eaton contains multiple vulnerabilities. --------------------------------------------- https://jvn.jp/en/jp/JVN48187396/
∗∗∗ Patchday Microsoft: Attacken auf Windows und Windows Server beobachtet ∗∗∗ --------------------------------------------- Es sind wichtige Sicherheitsupdates für Office, Windows & Co. erschienen. Angreifer nutzen bereits eine Lücke aus. Weitere Attacken können bevorstehen. --------------------------------------------- https://www.heise.de/news/Patchday-Microsoft-Angreifer-spionieren-Speicherbe...
∗∗∗ Patchday Adobe: Schadcode-Lücken bedrohen Dreamweaver & Co. ∗∗∗ --------------------------------------------- Wichtige Sicherheitsupdates reparieren unter anderem Adobe ColdFusion und InDesign. --------------------------------------------- https://www.heise.de/news/Patchday-Adobe-Schadcode-Luecken-bedrohen-Dreamwea...
∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by AlmaLinux (sssd), Debian (linux-6.1 and python-parsl), Fedora (chezmoi, complyctl, composer, and firefox), Oracle (kernel), Red Hat (buildah, libpq, podman, postgresql, postgresql16, postgresql:13, postgresql:15, and postgresql:16), SUSE (avahi, curl, ffmpeg-4, ffmpeg-7, firefox, istioctl, k6, kubelogin, libmicrohttpd, libpcap-devel, libpng16, libtasn1-6-32bit, matio, ovmf, python-tornado6, python311-Authlib, and teleport), and Ubuntu (angular.js, python-urllib3, and webkit2gtk). --------------------------------------------- https://lwn.net/Articles/1054167/
∗∗∗ Mitigating Denial-of-Service Vulnerability from Unrecoverable Stack Space Exhaustion for React, Next.js, and APM Users ∗∗∗ --------------------------------------------- This bug highlights how deeply async_hooks has become embedded in the Node.js ecosystem. What started as a low-level debugging API is now a critical dependency for React Server Components, Next.js, every major APM tool, and any code using AsyncLocalStorage. --------------------------------------------- https://nodejs.org/en/blog/vulnerability/january-2026-dos-mitigation-async-h...
∗∗∗ F5: K000159546, Python vulnerability CVE-2024-5642 ∗∗∗ --------------------------------------------- https://my.f5.com/manage/s/article/K000159546