===================== = End-of-Day report = =====================
Timeframe: Dienstag 31-03-2026 18:00 − Mittwoch 01-04-2026 18:00 Handler: Felician Fuchs Co-Handler: n/a
===================== = News = =====================
∗∗∗ Cisco source code stolen in Trivy-linked dev environment breach ∗∗∗ --------------------------------------------- Cisco has suffered a cyberattack after threat actors used stolen credentials from the recent Trivy supply chain attack to breach its internal development environment and steal source code belonging to the company and its customers. --------------------------------------------- https://www.bleepingcomputer.com/news/security/cisco-source-code-stolen-in-t...
∗∗∗ FBI warns against using Chinese mobile apps due to privacy risks ∗∗∗ --------------------------------------------- The U.S. Federal Bureau of Investigation (FBI) warned Americans against using foreign-developed mobile applications, particularly those created by Chinese developers. --------------------------------------------- https://www.bleepingcomputer.com/news/security/fbi-warns-against-using-chine...
∗∗∗ A laughing RAT: CrystalX combines spyware, stealer, and prankware features ∗∗∗ --------------------------------------------- Kaspersky researchers analyze a new CrystalX RAT distributed as MaaS and featuring extensive spyware, stealer, and prankware capabilities. --------------------------------------------- https://securelist.com/crystalx-rat-with-prankware-features/119283/
∗∗∗ Claude Code Source Leaked via npm Packaging Error, Anthropic Confirms ∗∗∗ --------------------------------------------- Anthropic on Tuesday confirmed that internal code for its popular artificial intelligence (AI) coding assistant, Claude Code, had been inadvertently released due to a human error." No sensitive customer data or credentials were involved or exposed," an Anthropic spokesperson said in a statement shared with CNBC News. --------------------------------------------- https://thehackernews.com/2026/04/claude-code-tleaked-via-npm-packaging.html
∗∗∗ Apple Will Push Out Rare ‘Backported’ Patches to Protect iOS 18 Users From DarkSword Hacking Tool ∗∗∗ --------------------------------------------- As DarkSword spreads, Apple tells WIRED it will enable iOS 18-specific fixes for millions of iPhone owners who remain on that iOS version rather than force them to update to iOS 26. --------------------------------------------- https://www.wired.com/story/apple-will-push-out-rare-backported-patches-to-p...
∗∗∗ Hands-Free Lockpicking: Critical Vulnerabilities in dormakaba’s Physical Access Control System ∗∗∗ --------------------------------------------- In this post, Clemens Stockenreitner and Werner Schober of the SEC Consult Vulnerability Lab highlight several critical vulnerabilities found in dormakaba’s physical access control systems based on exos 9300. --------------------------------------------- https://sec-consult.com/blog/detail/hands-free-lockpicking-critical-vulnerab...
∗∗∗ Weaponizing the Protectors: TeamPCP’s Multi-Stage Supply Chain Attack on Security Infrastructure ∗∗∗ --------------------------------------------- TeamPCP continues its string of supply chain attacks, and announces a partnership with Vect ransomware group. --------------------------------------------- https://unit42.paloaltonetworks.com/teampcp-supply-chain-attacks/
∗∗∗ Databricks mutmaßlich Opfer des TeamPCP LiteLLM-Lieferkettenangriffs ∗∗∗ --------------------------------------------- Es gibt die Aussage, dass Databricks (eine cloudbasierte Datenanalyseplattform, die von Unternehmen weltweit zur Verwaltung riesiger Datensätze genutzt wird) mutmaßlich Opfer der Cybergruppe TeamPCP geworden ist. --------------------------------------------- https://borncity.com/blog/2026/03/30/databricks-mutmasslich-opfer-des-teampc...
∗∗∗ The Real Risk of Vibecoding ∗∗∗ --------------------------------------------- This blog looks at how AI‑driven vibecoding speeds up software development while increasing security risk by outpacing traditional review and ownership. It explains why security needs to move earlier and be built into modern development workflows. --------------------------------------------- https://www.trendmicro.com/en_us/research/26/c/the-real-risk-of-vibecoding.h...
∗∗∗ North Korea-Nexus Threat Actor Compromises Widely Used Axios NPM Package in Supply Chain Attack ∗∗∗ --------------------------------------------- Google Threat Intelligence Group (GTIG) is tracking an active software supply chain attack targeting the popular Node Package Manager (NPM) package "axios." Between March 31, 2026, 00:21 and 03:20 UTC, an attacker introduced a malicious dependency named "plain-crypto-js" into axios NPM releases versions 1.14.1 and 0.30.4. --------------------------------------------- https://cloud.google.com/blog/topics/threat-intelligence/north-korea-threat-...
∗∗∗ Claude Wrote a Full FreeBSD Remote Kernel RCE with Root Shell (CVE-2026-4747) ∗∗∗ --------------------------------------------- To our knowledge, this is the first remote kernel exploit both discovered and exploited by an AI. --------------------------------------------- https://blog.calif.io/p/mad-bugs-claude-wrote-a-full-freebsd
∗∗∗ AI Startup Mercor Hit by Supply Chain Attack Linked to LiteLLM ∗∗∗ --------------------------------------------- A recent Mercor cyberattack has brought renewed attention to the risks associated with open-source software dependencies, after the AI recruiting startup confirmed it was impacted by a broader supply chain compromise. The Mercor data breach, which is still under investigation, has been linked to a malicious incident involving the widely used LiteLLM project. --------------------------------------------- https://thecyberexpress.com/mercor-cyberattack/
===================== = Vulnerabilities = =====================
∗∗∗ Schadcode per Klick: Attackierte Chrome-Lücke gefährdet Millionen von Nutzern ∗∗∗ --------------------------------------------- In Google Chrome klafft eine Sicherheitslücke, mit der sich per Webseitenaufruf Schadcode einschleusen lässt. Angreifer nutzen das bereits aus. --------------------------------------------- https://www.golem.de/news/schadcode-per-klick-attackierte-chrome-luecke-gefa...
∗∗∗ Gigabyte Control Center: Schadcode-Lücke in verbreitetem Hardware-Steuertool ∗∗∗ --------------------------------------------- Viele Nutzer mit Gigabyte-Hardware verwenden das Gigabyte Control Center. Eine Lücke darin lässt Angreifer unter anderem Schadcode einschleusen. --------------------------------------------- https://www.golem.de/news/gigabyte-control-center-schadcode-luecke-in-verbre...
∗∗∗ KI findet kritische ImageMagick-Lücken in Standardkonfigurationen ∗∗∗ --------------------------------------------- Ein KI-Pentesting-Tool hat in Standardkonfigurationen von ImageMagick kritische Sicherheitslücken aufgespürt. Workarounds schützen. --------------------------------------------- https://www.heise.de/news/KI-findet-kritische-ImageMagick-Luecken-in-Standar...
∗∗∗ LWN Security updates for Wednesday ∗∗∗ --------------------------------------------- https://lwn.net/Articles/1065814/