===================== = End-of-Day report = =====================
Timeframe: Dienstag 10-03-2026 18:00 − Mittwoch 11-03-2026 18:00 Handler: Michael Schlagenhaufer Co-Handler: Guenes Holler
===================== = News = =====================
∗∗∗ Analyzing "Zombie Zip" Files (CVE-2026-0866), (Wed, Mar 11th) ∗∗∗ --------------------------------------------- A new vulnerability (CVE-2026-0866) has been published: Zombie Zip. It's a method to create a malformed ZIP file that will bypass detection by most anti-virus engines. The malformed ZIP file can not be opened with a ZIP utility, a custom loader is required. [..] I will show you how to use my tools to analyze such a malformed ZIP file. --------------------------------------------- https://isc.sans.edu/diary/rss/32786
∗∗∗ Claude Tried to Hack 30 Companies. Nobody Asked It To. ∗∗∗ --------------------------------------------- We gave AI agents simple research tasks on cloned corporate websites. When the legitimate path was broken, the agents autonomously discovered and exploited SQL injection vulnerabilities to complete the task — with zero hacking instructions in any prompt. --------------------------------------------- https://trufflesecurity.com/blog/claude-tried-to-hack-30-companies-nobody-as...
∗∗∗ Sextortion “I recorded you” emails reuse passwords found in disposable inboxes ∗∗∗ --------------------------------------------- I found that one particular sender using the name Jenny Green and the Gmail address JennyGreen64868@gmail.com sent many of these emails to people that use the FakeMailGenerator service. [..] My guess is that the scammer searched these public inboxes for passwords and then reused those passwords in their sextortion emails. --------------------------------------------- https://www.malwarebytes.com/blog/news/2026/03/sextortion-i-recorded-you-ema...
∗∗∗ Bitpanda-Falle: Warnung vor unautorisiertem Wallet-Transfer ist ein Phishing-Versuch! ∗∗∗ --------------------------------------------- Seit längerer Zeit nutzen nun bereits Kriminelle den Finanzdienstleister Bitpanda als Deckmantel für eine massive Phishing-Welle. Mithilfe von Meldungen zu angeblich unautorisierten Wallet-Transfers oder Auszahlungsversuchen üben sie Druck auf ihre Opfer aus. Die Ziele sind der Zugriff auf das Bankkonto und die Freigabe von Überweisungen. --------------------------------------------- https://www.watchlist-internet.at/news/bitpanda-wallet-transfer-phishing/
∗∗∗ Sednit reloaded: Back in the trenches ∗∗∗ --------------------------------------------- In this blogpost, we have shown that Sednit’s advanced development team is active once again, operating an arsenal centered on two implants – BeardShell and Covenant – deployed in tandem and each leveraging a different cloud provider. This setup enables operators to reestablish access quickly if the infrastructure for one is taken down. We believe that this dual-implant strategy is not new. [..] The Sednit group – also known as APT28, Fancy Bear, Forest Blizzard, or Sofacy – has been operating since at least 2004. --------------------------------------------- https://www.welivesecurity.com/en/eset-research/sednit-reloaded-back-trenche...
∗∗∗ BlackSanta Malware Targets HR Staff with Fake CV Downloads ∗∗∗ --------------------------------------------- It is a classic case of hackers exploiting the one thing recruiters have to do every day: open files from strangers. [..] The threat, dubbed the BlackSanta malware [..] they target the specific workflows of recruiters, sending harmless-looking emails with links to CVs on sites like Dropbox. [..] the attackers are using a technique called steganography. For your information, this involves hiding malicious code inside a normal-looking image. --------------------------------------------- https://hackread.com/blacksanta-malware-hr-staff-fake-cv-downloads/
∗∗∗ RondoDox Botnet: From Zero to 174 Exploited Vulnerabilities ∗∗∗ --------------------------------------------- A deep dive into the RondoDox botnet, examining its infrastructure, exploit adoption timeline, and methods used to target internet-exposed systems. --------------------------------------------- https://www.bitsight.com/blog/rondodox-botnet-infrastructure-analysis
∗∗∗ Microsoft releases Windows 10 KB5078885 extended security update ∗∗∗ --------------------------------------------- Microsoft has released the Windows 10 KB5078885 extended security update to fix the March 2026 Patch Tuesday vulnerabilities, including 2 zero-days and an issue that prevent some devices from shutting down. --------------------------------------------- https://www.bleepingcomputer.com/news/microsoft/microsoft-releases-windows-1...
===================== = Vulnerabilities = =====================
∗∗∗ Microsoft Patch Tuesday for March 2026 — Snort rules and prominent vulnerabilities ∗∗∗ --------------------------------------------- Microsoft has released its monthly security update for March 2026 which includes 79 vulnerabilities, including three that Microsoft marked as “critical.” --------------------------------------------- https://blog.talosintelligence.com/microsoft-patch-tuesday-march-2026/
∗∗∗ HPE warns of critical AOS-CX flaw allowing admin password resets ∗∗∗ --------------------------------------------- Hewlett Packard Enterprise (HPE) has patched multiple security vulnerabilities in the Aruba Networking AOS-CX operating system, including several authentication and code execution issues. [..] The most severe security flaw today is a critical authentication bypass vulnerability (tracked as CVE-2026-23813) that attackers without privileges can exploit in low-complexity attacks to reset admin passwords. --------------------------------------------- https://www.bleepingcomputer.com/news/security/hpe-warns-of-critical-aos-cx-...
∗∗∗ Adobe-Patchday: Schadcodeschmuggel in Reader, Illustrator und weiteren möglich ∗∗∗ --------------------------------------------- Die Patchday-Übersicht von Adobe listet die acht Sicherheitsmitteilungen zu den einzelnen Produkten auf. In Adobe Commerce, Commerce B2B und Magento Open Source schließen die Entwickler 19 Sicherheitslücken. --------------------------------------------- https://www.heise.de/news/Adobe-Patchday-Schadcodeschmuggel-in-Reader-Illust...
∗∗∗ Passwort-Manager KeePassXC 2.7.12: Was Nutzer beim Update beachten müssen ∗∗∗ --------------------------------------------- Der quelloffene Passwort-Manager KeePassXC ist in Version 2.7.12 erschienen. [..] Wie die Entwickler in ihrem Release-Blog mitteilen, enthält die neue Version Mitigationen gegen Exploits über manipulierte OpenSSL-Konfigurationsdateien auf Windows. --------------------------------------------- https://www.heise.de/news/KeePassXC-2-7-12-DLL-Schutz-Passkey-Aenderungen-un...
∗∗∗ Fortinet schließt Brute-Force- und Befehlsschmuggel-Lücken in FortiWeb & Co. ∗∗∗ --------------------------------------------- Fortinet schließt Lücken in FortiWeb oder FortiManager, die etwa Einschleusen von Befehlen erlauben. [..] Unzureichende Prüfung der Interaktionsfrequenz ermöglicht nicht authentifizierten Angreifern, das Authentifizierungs-Rate-Limit von FortiWeb mit manipulierten Anfragen auszuhebeln (CVE-2026-24017, CVSS 7.3, Risiko „hoch“). --------------------------------------------- https://www.heise.de/news/Fortinet-schliesst-Brute-Force-und-Befehlsschmugge...
∗∗∗ Drupal: Unpublished Node Permissions - Critical - Access bypass - SA-CONTRIB-2026-029 ∗∗∗ --------------------------------------------- https://www.drupal.org/sa-contrib-2026-029
∗∗∗ Drupal: AI (Artificial Intelligence) - Moderately critical - Information Disclosure - SA-CONTRIB-2026-028 ∗∗∗ --------------------------------------------- https://www.drupal.org/sa-contrib-2026-028
∗∗∗ Cisco: Cisco IOS XR Egress Packet Network Interface Aligner Interrupt Denial of Service Vulnerability ∗∗∗ --------------------------------------------- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisor...
∗∗∗ Cisco: Cisco Multiple Cisco Contact Center Products Cross-Site Scripting Vulnerabilities ∗∗∗ --------------------------------------------- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisor...
∗∗∗ Cisco: Cisco IOS XR Software CLI Privilege Escalation Vulnerabilities ∗∗∗ --------------------------------------------- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisor...
∗∗∗ Cisco: Cisco IOS XR Software Multi-Instance Intermediate System-to-Intermediate System Denial of Service Vulnerability ∗∗∗ --------------------------------------------- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisor...
∗∗∗ Splunk: Security Advisories 2026-03-11 ∗∗∗ --------------------------------------------- https://advisory.splunk.com//advisories
∗∗∗ WordPress 6.9.4 Release ∗∗∗ --------------------------------------------- https://wordpress.org/news/2026/03/wordpress-6-9-4-release/
∗∗∗ LWN: Security updates for Wednesday ∗∗∗ --------------------------------------------- https://lwn.net/Articles/1062403/
∗∗∗ Paloalto: CVE-2026-0230 Cortex XDR Agent: Local Administrator can disable the agent on macOS (Severity: MEDIUM) ∗∗∗ --------------------------------------------- https://security.paloaltonetworks.com/CVE-2026-0230
∗∗∗ Paloalto: CVE-2026-0231 Cortex XDR Broker VM: Sensitive Information Disclosure Vulnerability (Severity: MEDIUM) ∗∗∗ --------------------------------------------- https://security.paloaltonetworks.com/CVE-2026-0231