===================== = End-of-Day report = =====================
Timeframe: Donnerstag 16-04-2026 18:00 − Freitag 17-04-2026 18:00 Handler: Felician Fuchs Co-Handler: n/a
===================== = News = =====================
∗∗∗ New Microsoft Defender “RedSun” zero-day PoC grants SYSTEM privileges ∗∗∗ --------------------------------------------- A researcher known as "Chaotic Eclipse" has published a proof-of-concept exploit for a second Microsoft Defender zero-day, dubbed "RedSun," in the past two weeks, protesting how the company works with cybersecurity researchers. --------------------------------------------- https://www.bleepingcomputer.com/news/microsoft/new-microsoft-defender-redsu...
∗∗∗ ZionSiphon malware designed to sabotage water treatment systems ∗∗∗ --------------------------------------------- A new malware called ZionSiphon, specifically designed for operational technology, is targeting water treatment and desalination environments to sabotage their operations. --------------------------------------------- https://www.bleepingcomputer.com/news/security/zionsiphon-malware-designed-t...
∗∗∗ Recently leaked Windows zero-days now exploited in attacks ∗∗∗ --------------------------------------------- Threat actors are exploiting three recently disclosed Windows security vulnerabilities in attacks aimed at gaining SYSTEM or elevated administrator permissions. --------------------------------------------- https://www.bleepingcomputer.com/news/security/recently-leaked-windows-zero-...
∗∗∗ Every Old Vulnerability Is Now an AI Vulnerability ∗∗∗ --------------------------------------------- AIs danger isnt that its creating new bugs, its that its amplifying old ones. --------------------------------------------- https://www.darkreading.com/vulnerabilities-threats/every-old-vulnerability-...
∗∗∗ Totalrecall Reloaded: Tool zeigt Schwachstelle in Windows Recall ∗∗∗ --------------------------------------------- Eine neue Version des Tools Totalrecall zeigt, wie sich Daten aus Windows Recall immer noch vergleichsweise leicht abgreifen lassen. --------------------------------------------- https://www.golem.de/news/totalrecall-reloaded-tool-zeigt-schwachstelle-in-w...
∗∗∗ Für 2.300 US-Dollar: Forscher entlockt Claude gefährlichen Chrome-Exploit ∗∗∗ --------------------------------------------- Ein Forscher hat mit Claude Opus in rund 20 Stunden eine funktionierende Exploit-Kette für Chrome entwickelt. Mythos braucht es dafür gar nicht. --------------------------------------------- https://www.golem.de/news/fuer-2-300-us-dollar-forscher-entlockt-claude-gefa...
∗∗∗ Joomla SEO Spam Injector: Obfuscated PHP Backdoor Hijacking Site Visitors ∗∗∗ --------------------------------------------- During a recent malware cleanup investigation, we encountered a compromised Joomla website where the site owner reported a strange issue. Their website displayed a large number of suspicious product links that had nothing to do with their business. These products were not added by the website owner and did not exist in their catalog. --------------------------------------------- https://blog.sucuri.net/2026/04/joomla-seo-spam-injector-obfuscated-php-back...
∗∗∗ North Korea targets macOS users in latest heist ∗∗∗ --------------------------------------------- Social engineering: low-cost, hard to patch, and scales well North Korean criminals set on stealing Apple users credentials and cryptocurrency are using a combination of social engineering and a fake Zoom software update to trick people into manually running malware on their own computers, according to Microsoft. --------------------------------------------- https://www.theregister.com/2026/04/16/north_korea_social_engineering_macos/
∗∗∗ Spionageangst im Bendlerblock: Pistorius verbannt Privat-Handys aus Sitzungen ∗∗∗ --------------------------------------------- Wegen akuter Abhörgefahren durch Russland und China verschärft das Verteidigungsministerium die Regeln für Smartphones und Smartwatches in sensiblen Bereichen. --------------------------------------------- https://www.heise.de/news/Spionageangst-im-Bendlerblock-Pistorius-verbannt-P...
∗∗∗ Österlicher Zertifikats-GAU bei D-Trust: Zehntausende Zertifikate ungültig ∗∗∗ --------------------------------------------- Zwischen Gründonnerstag und Ostermontag mussten Admins ihre TLS-Zertifikate austauschen. Nun gibt D-Trust bekannt: Fast 60.000 waren nicht regelkonform. --------------------------------------------- https://www.heise.de/news/Oesterlicher-Zertifikats-GAU-bei-D-Trust-Zehntause...
∗∗∗ Windows-Updates: Unerwartete Server-Reboots und Anmeldestörungen ∗∗∗ --------------------------------------------- Die Updates für Windows Server im April haben Nebenwirkungen. Server starten unerwartet neu oder erlauben keine Admin-Anmeldungen. --------------------------------------------- https://www.heise.de/news/Windows-Updates-Unerwartete-Server-Reboots-und-Anm...
∗∗∗ “Your shipment has arrived” email hides remote access software ∗∗∗ --------------------------------------------- This DHL-themed email tries to get recipients to install remote access software attackers can use to deploy further malware, including ransomware. --------------------------------------------- https://www.malwarebytes.com/blog/news/2026/04/your-shipment-has-arrived-ema...
∗∗∗ Sometimes changing the password on your email mailbox isn’t enough ∗∗∗ --------------------------------------------- Have you ever taken a look at your Microsoft 365 mailbox rules? If not, it might be worth a few minutes of your time. Because newly released research reveals that hackers may already have beaten you to it. Read more in my article on the Fortra blog. --------------------------------------------- https://www.fortra.com/blog/sometimes-changing-password-your-email-mailbox-i...
∗∗∗ A Deep Dive Into Attempted Exploitation of CVE-2023-33538 ∗∗∗ --------------------------------------------- CVE-2023-33538 allows for command injection in TP-Link routers. We discuss exploitation attempts with payloads characteristic of Mirai botnet malware. --------------------------------------------- https://unit42.paloaltonetworks.com/exploitation-of-cve-2023-33538/
∗∗∗ New CGrabber and Direct-Sys Malware Spread Through GitHub ZIP Files ∗∗∗ --------------------------------------------- Hackers spread CGrabber and Direct-Sys malware through GitHub ZIP files, bypassing security tools to steal passwords, crypto wallets, and user data. --------------------------------------------- https://hackread.com/cgrabber-direct-sys-malware-github-zip-files/
∗∗∗ New Mirai Variant Nexcorium Hijacks DVR Devices for DDoS Attacks ∗∗∗ --------------------------------------------- Cybersecurity researchers at Fortinet have discovered Nexcorium, a new Mirai-based malware targeting TBK DVR systems to turn them into a botnet for DDoS attacks. --------------------------------------------- https://hackread.com/mirai-variant-nexcorium-dvr-devices-ddos-attacks/
∗∗∗ Android 13 erreicht Support-Ende: Millionen Geräte betroffen ∗∗∗ --------------------------------------------- Android 13 ist raus. Google hat schon Anfang März den Support für die im Jahr 2022 veröffentlichte OS-Version eingestellt. --------------------------------------------- https://heise.de/-11262547
∗∗∗ Obfuscation vs the Optimizer: An LLVM Middle-End Arms Race ∗∗∗ --------------------------------------------- Obfuscation is security through obscurity; its purpose is to transform a piece of code into a much more complex representation, whilst preserving the original semantics of the code. A compilers job is to transform source code into binary code and produce the simplest and most optimized representation it can for a given architecture. These are contrary goals, yet this contradiction is where obfuscators find their greatest leverage. --------------------------------------------- http://blog.quarkslab.com/obfuscation-vs-the-optimizer-an-llvm-middle-end-ar...
∗∗∗ HTTP desync in Discords media proxy: Spying on a whole platform ∗∗∗ --------------------------------------------- In 2022, I came across a quirky behavior on media.discordapp.net when I miskeyed a space character into an attachment link: a 502 bad gateway. After some fiddling I realized that this was caused by a HTTP injection bug within the media proxy’s request to the upstream GCP bucket. The space character corrupted the proxied HTTP message, which caused the connection to prematurely terminate. --------------------------------------------- https://tmctmt.com/posts/http-desync-in-discord/
∗∗∗ Russian GRU Cyber Campaign Targets Western Logistics Firms Supporting Ukraine ∗∗∗ --------------------------------------------- A new joint cybersecurity advisory has revealed an ongoing Russian GRU cyber campaign targeting Western logistics entities and technology companies, particularly those involved in coordinating and delivering aid to Ukraine. The activity has been linked to the Russian General Staff Main Intelligence Directorate’s Unit 26165, widely tracked in the cybersecurity community as APT28 or Fancy Bear. --------------------------------------------- https://thecyberexpress.com/russian-gru-cyber-campaign-targets-logistics/
===================== = Vulnerabilities = =====================
∗∗∗ Angreifer attackieren Apache ActiveMQ Broker, Apache ActiveMQ ∗∗∗ --------------------------------------------- Admins sollten zügig die gegen derzeit laufende Attacken gerüsteten Versionen von Apache ActiveMQ Broker und Apache ActiveMQ installieren. --------------------------------------------- https://www.heise.de/news/Angreifer-attackieren-Apache-ActiveMQ-Broker-Apach...
∗∗∗ YubiKey Manager: Sicherheitslücke ermöglicht Ausführung untergeschobenen Codes ∗∗∗ --------------------------------------------- Yubico warnt vor einer Suchpfad-Schwachstelle im YubiKey Manager, libfido2 und python-fido2. Updates korrigieren die Fehler. --------------------------------------------- https://www.heise.de/news/YubiKey-Manager-Sicherheitsluecke-ermoeglicht-Ausf...
∗∗∗ LWN Security updates for Friday ∗∗∗ --------------------------------------------- https://lwn.net/Articles/1068400/