===================== = End-of-Day report = =====================
Timeframe: Dienstag 21-10-2025 18:00 − Mittwoch 22-10-2025 18:00 Handler: Guenes Holler Co-Handler: Alexander Riepl
===================== = News = =====================
∗∗∗ Sharepoint ToolShell attacks targeted orgs across four continents ∗∗∗ --------------------------------------------- Hackers believed to be associated with China have leveraged the ToolShell vulnerability (CVE-2025-53770) in Microsoft SharePoint in attacks targeting government agencies, universities, telecommunication service providers, and finance organizations. --------------------------------------------- https://www.bleepingcomputer.com/news/security/sharepoint-toolshell-attacks-...
∗∗∗ Russia Pivots, Cracks Down on Resident Hackers ∗∗∗ --------------------------------------------- Thanks to improving cybersecurity and law enforcement action from the West, Russias government is reevaluating which cybercriminals it wants to give safe haven from the law. --------------------------------------------- https://www.darkreading.com/threat-intelligence/russia-cracks-down-low-level...
∗∗∗ Veraltete Chromium-Basis: Beliebte KI-Coding-IDEs gefährden Millionen Entwickler ∗∗∗ --------------------------------------------- Forscher schlagen Alarm: Die KI-Coding-IDEs Cursor und Windsurf enthalten eine uralte Chromium-Version mit mindestens 94 bekannten Sicherheitslücken. --------------------------------------------- https://www.golem.de/news/veraltete-chromium-basis-beliebte-ki-coding-ides-g...
∗∗∗ Public Sector Ransomware Attacks Relentlessly Continue ∗∗∗ --------------------------------------------- In 2025, 36 years after the first ransomware attack was recorded, actors continue to zero in on the public sector, and there is no evidence they will slow down any time soon. In fact, our numbers suggest that ransomware attacks against government organizations are ramping up, causing crippling service outages, massive data loss, reputational damage, public distrust, and financial harm. --------------------------------------------- https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/public-secto...
∗∗∗ Researchers Identify PassiveNeuron APT Using Neursite and NeuralExecutor Malware ∗∗∗ --------------------------------------------- Government, financial, and industrial organizations located in Asia, Africa, and Latin America are the target of a new campaign dubbed PassiveNeuron, according to findings from Kaspersky.The cyber espionage activity was first flagged by the Russian .. --------------------------------------------- https://thehackernews.com/2025/10/researchers-identify-passiveneuron-apt.htm...
∗∗∗ Have I Been Pwned: 183 Millionen von Infostealern erbeutete Zugänge ergänzt ∗∗∗ --------------------------------------------- "Have I Been Pwned" sammelt veröffentlichte Zugangsdaten. Nun kamen 183 Millionen von Infostealern geklaute Konten hinzu. --------------------------------------------- https://www.heise.de/news/Have-I-Been-Pwned-183-Millionen-von-Infostealern-e...
∗∗∗ Kritische Schadcode-Lücken bedrohen TP-Link Omada Gateways ∗∗∗ --------------------------------------------- Wichtige Sicherheitspatches schließen Schwachstellen in Omada Gateways. Netzwerkadmins sollten zügig handeln. --------------------------------------------- https://www.heise.de/news/Kritische-Schadcode-Luecken-bedrohen-TP-Link-Omada...
∗∗∗ Jingle Thief: Inside a Cloud-Based Gift Card Fraud Campaign ∗∗∗ --------------------------------------------- Threat actors behind the gift card fraud campaign Jingle Thief target retail via phishing and smishing, maintaining long-term access in cloud environments. --------------------------------------------- https://unit42.paloaltonetworks.com/cloud-based-gift-card-fraud-campaign/
∗∗∗ Fast, Broad, and Elusive: How Vidar Stealer 2.0 Upgrades Infostealer Capabilities ∗∗∗ --------------------------------------------- Trend Research examines the latest version of the Vidar stealer, which features a full rewrite in C, a multithreaded architecture, and several enhancements that warrant attention. Its timely evolution suggests that Vidar is positioning itself to occupy the space left after Lumma Stealer’s decline. --------------------------------------------- https://www.trendmicro.com/en_us/research/25/j/how-vidar-stealer-2-upgrades-...
∗∗∗ Sicherheitsupdate: Unberechtigte Zugriffe auf Zyxel-Firewalls möglich ∗∗∗ --------------------------------------------- Angreifer können bestimmte Firewalls von Zyxel attackieren. Angriffe sind aber nicht ohne Weiteres möglich. --------------------------------------------- https://heise.de/-10794033
∗∗∗ Schwachstelle in Rust-Library für tar-Archive entdeckt ∗∗∗ --------------------------------------------- Die Library async-tar und ihre Forks enthalten eine als TARmageddon benannte Schwachstelle. Der am weitesten verbreitete Fork tokio-tar bekommt keinen Patch. --------------------------------------------- https://heise.de/-10793899
∗∗∗ Prompt injection to RCE in AI agents ∗∗∗ --------------------------------------------- We bypassed human approval protections for system command execution in AI agents, achieving RCE in three agent platforms. --------------------------------------------- https://blog.trailofbits.com/2025/10/22/prompt-injection-to-rce-in-ai-agents...
===================== = Vulnerabilities = =====================
∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Fedora (inih, mingw-exiv2, and mod_http2), SUSE (ffmpeg-4, kernel, libqt5-qtbase, protobuf, python-ldap, and python313), and Ubuntu (erlang, ffmpeg, linux, linux-aws, linux-gcp, linux-oem-6.14, linux-oracle, linux-oracle-6.14, linux-raspi, linux-realtime, linux-aws, linux-azure, linux-azure-6.14, linux-azure-nvidia-6.14, linux-azure-fips, linux-oracle-5.4, and linux-realtime-6.14). --------------------------------------------- https://lwn.net/Articles/1042911/
∗∗∗ Multiple stored cross-site scripting vulnerabilities in Movable Type ∗∗∗ --------------------------------------------- https://jvn.jp/en/jp/JVN24333679/
∗∗∗ Oracle Critical Patch Update Advisory - October 2025 ∗∗∗ --------------------------------------------- https://www.oracle.com/security-alerts/cpuoct2025.html