===================== = End-of-Day report = =====================
Timeframe: Montag 26-01-2026 18:00 − Dienstag 27-01-2026 18:00 Handler: Guenes Holler Co-Handler: Alexander Riepl
===================== = News = =====================
∗∗∗ Over 6,000 SmarterMail servers exposed to automated hijacking attacks ∗∗∗ --------------------------------------------- Nonprofit security organization Shadowserver has found over 6,000 SmarterMail servers exposed online and likely vulnerable to attacks exploiting a critical authentication bypass vulnerability. --------------------------------------------- https://www.bleepingcomputer.com/news/security/over-6-000-smartermail-server...
∗∗∗ Nike investigates data breach after extortion gang leaks files ∗∗∗ --------------------------------------------- Nike is investigating what it described as a "potential cyber security incident" after the World Leaks ransomware gang leaked 1.4 TB of files allegedly stolen from the sportswear giant. --------------------------------------------- https://www.bleepingcomputer.com/news/security/nike-investigates-data-breach...
∗∗∗ Microsoft bringt Notfallpatch: Office-Nutzer werden über Zero-Day-Lücke attackiert ∗∗∗ --------------------------------------------- Eine gefährliche Sicherheitslücke betrifft alle gängigen Office-Versionen. Angesichts der aktiven Ausnutzung sollten Anwender zügig patchen. --------------------------------------------- https://www.golem.de/news/microsoft-bringt-notfallpatch-office-nutzer-werden...
∗∗∗ Attacken beobachtet: Uralte Telnetd-Lücke gefährdet Hunderttausende Systeme ∗∗∗ --------------------------------------------- Seit über zehn Jahren können sich Angreifer via Telnet Root-Zugriff auf unzählige Geräte verschaffen. Neue Scans zeigen das Ausmaß. --------------------------------------------- https://www.golem.de/news/attacken-beobachtet-uralte-telnetd-luecke-gefaehrd...
∗∗∗ Bypassing Windows Administrator Protection ∗∗∗ --------------------------------------------- A headline feature introduced in the latest release of Windows 11, 25H2 is Administrator Protection. The goal of this feature is to replace User Account Control (UAC) with a more robust and importantly, securable system to allow a local user to access administrator privileges only when necessary.This blog post will give a brief overview of the new feature, how it works and how it’s different from UAC. I’ll then describe some of the security research I undertook while it was in the .. --------------------------------------------- https://projectzero.google/2026/26/windows-administrator-protection.html
∗∗∗ HoneyMyte updates CoolClient and deploys multiple stealers in recent campaigns ∗∗∗ --------------------------------------------- Kaspersky researchers analyze updated CoolClient backdoor and new tools and scripts used in HoneyMyte (aka Mustang Panda or Bronze President) APT campaigns, including three variants of a browser data stealer. --------------------------------------------- https://securelist.com/honeymyte-updates-coolclient-uses-browser-stealers-an...
∗∗∗ Canva among ~100 targets of ShinyHunters Okta identity-theft campaign ∗∗∗ --------------------------------------------- Atlassian, RingCentral, ZoomInfo also among tech targets ShinyHunters has targeted around 100 organizations in its latest Okta single sign-on (SSO) credential stealing campaign, according to researchers and the criminal group itself. --------------------------------------------- https://www.theregister.com/2026/01/26/shinyhunters_okta_sso_campaign/
∗∗∗ Threat actors use FortiCloud SSO bypass to collect LDAP connection passwords ∗∗∗ --------------------------------------------- CERT.at gained access to a toolkit of an unknown threat actor targeting FortiCloud SSO bypass in Fortinet appliances (CVE-2025-59718/CVE-2025-59719). We are releasing under TLP:CLEAR key findings about likely post-exploitation goals of the attacker. The obtained exploit works only for the original vulnerability [1] and is not effective against patched .. --------------------------------------------- https://www.cert.at/en/blog/2026/1/threat-actors-use-forticloud-to-collect-l...
∗∗∗ Russian security systems firm Delta hit by cyberattack, services disrupted ∗∗∗ --------------------------------------------- Building and car alarm systems managed by Russian company Delta have been disrupted by a cyberattack blamed on a "hostile foreign state." --------------------------------------------- https://therecord.media/russia-delta-security-alarm-company-cyberattack
∗∗∗ Clawdbot: Ein OpenSource KI-Assistent – cool und ein Sicherheitsdesaster ∗∗∗ --------------------------------------------- Bisher dominierten AI-Dienste wie ChatGPT, Gemini etc. den Bereich der LLMs – und Bots setzen auf diesen LLMs auf. Peter Steinberger hat mit seinem Team einen OpenSource Bot, Clawdbot, gebaut, der lokal läuft, Schnittstellen zu diversen Diensten und Modellen bietet .. --------------------------------------------- https://borncity.com/blog/2026/01/26/clawdbot-ein-opensource-ki-assistent/
∗∗∗ Diverse Threat Actors Exploiting Critical WinRAR Vulnerability CVE-2025-8088 ∗∗∗ --------------------------------------------- The Google Threat Intelligence Group (GTIG) has identified widespread, active exploitation of the critical vulnerability CVE-2025-8088 in WinRAR, a popular file archiver tool for Windows, to establish initial access and deliver diverse payloads. Discovered and patched in July 2025, government-backed threat actors linked to Russia and China as well as financially motivated threat actors continue to exploit this n-day across disparate operations. The consistent exploitation method, a .. --------------------------------------------- https://cloud.google.com/blog/topics/threat-intelligence/exploiting-critical...
∗∗∗ Apache Hadoop: Fehler im HDFS-Native-Client lässt Schadcode passieren ∗∗∗ --------------------------------------------- Das Framework Apache Hadoop ist verwundbar. Attacken können im Kontext des HDFS-Dateisystems geschehen. Ein Sicherheitspatch ist verfügbar. --------------------------------------------- https://heise.de/-11155241
===================== = Vulnerabilities = =====================
∗∗∗ DSA-6112-1 openjdk-21 - security update ∗∗∗ --------------------------------------------- https://lists.debian.org/debian-security-announce/2026/msg00021.html
∗∗∗ DSA-6111-1 imagemagick - security update ∗∗∗ --------------------------------------------- https://lists.debian.org/debian-security-announce/2026/msg00020.html
∗∗∗ Security Vulnerabilities fixed in Firefox 147.0.2 ∗∗∗ --------------------------------------------- https://www.mozilla.org/en-US/security/advisories/mfsa2026-06/
∗∗∗ Kubernetes Remote Code Execution Via Nodes/Proxy GET Permission ∗∗∗ --------------------------------------------- https://grahamhelton.com/blog/nodes-proxy-rce