===================== = End-of-Day report = =====================

Timeframe: Dienstag 14-10-2025 18:00 − Mittwoch 15-10-2025 18:00 Handler: Michael Schlagenhaufer Co-Handler: n/a

===================== = News = =====================

∗∗∗ F5 says hackers stole undisclosed BIG-IP flaws, source code ∗∗∗ --------------------------------------------- U.S. cybersecurity company F5 disclosed that nation-state hackers breached its systems and stole undisclosed BIG-IP security vulnerabilities and source code. --------------------------------------------- https://www.bleepingcomputer.com/news/security/hackers-breach-f5-to-steal-un...

∗∗∗ Exploit-as-a-Service Resurgence in 2025 – Broker Models, Bundles & Subscription Access ∗∗∗ --------------------------------------------- Exploit-as-a-Service in 2025: how exploit brokerages, subscription bundles, and underground access models are reshaping cyber crime economics. --------------------------------------------- https://www.darknet.org.uk/2025/10/exploit-as-a-service-resurgence-in-2025-b...

∗∗∗ Microsoft: Exchange 2016 and 2019 have reached end of support ∗∗∗ --------------------------------------------- Microsoft has reminded that Exchange Server 2016 and 2019 reached the end of support and advised IT administrators to upgrade servers to Exchange Server SE or migrate to Exchange Online. --------------------------------------------- https://www.bleepingcomputer.com/news/microsoft/microsoft-exchange-2016-and-...

∗∗∗ Microsoft signalisiert Windows 10 21H2 Enterprise LTSC als EOL ∗∗∗ --------------------------------------------- Kurze Information an Besitzer bzw. Administratoren von Windows 10 21H2 Enterprise LTSC (und natürlich der IoT-Version). Administratoren dieser Maschinen erhalten (fälschlich) die Information angezeigt, dass der Support für diese Version nun ende. --------------------------------------------- https://www.borncity.com/blog/2025/10/15/mega-pleite-microsoft-signalisiert-...

∗∗∗ Oops! Its a kernel stack use-after-free: Exploiting NVIDIAs GPU Linux drivers ∗∗∗ --------------------------------------------- This article details two bugs discovered in the NVIDIA Linux Open GPU Kernel Modules and demonstrates how they can be exploited. [..] They were reported to NVIDIA and the vendor issued fixes in their NVIDIA GPU Display Drivers update of October 2025. --------------------------------------------- http://blog.quarkslab.com/nvidia_gpu_kernel_vmalloc_exploit.html

∗∗∗ Credential Attacks Detected on SonicWall SSLVPN Devices ∗∗∗ --------------------------------------------- A managed security services provider has detected credential attacks on SonicWall SSLVPN devices. The attacks, reported by Huntress, involve “widespread compromise” of SonicWall SSLVPN devices. [..] The report follows a SonicWall advisory that an unauthorized party had accessed firewall configuration backup files for all SonicWall customers who have used the company’s cloud backup service. --------------------------------------------- https://thecyberexpress.com/credential-attacks-on-sonicwall-sslvpn-devices/

∗∗∗ Dismantling a Critical Supply Chain Risk in VSCode Extension Marketplaces ∗∗∗ --------------------------------------------- Wiz Research identified a pattern of secret leakage by publishers of VSCode IDE Extensions. This occurred across both the VSCode and Open VSX marketplaces, the latter of which is used by AI-powered VSCode forks like Cursor and Windsurf. Critically, in over a hundred cases this included leakage of access tokens granting the ability to update the extension itself. [..] An attacker who discovered this issue would have been able to directly distribute malware to the cumulative 150,000 install base. --------------------------------------------- https://www.wiz.io/blog/supply-chain-risk-in-vscode-extension-marketplaces

∗∗∗ LinkPro: eBPF rootkit analysis ∗∗∗ --------------------------------------------- eBPF (extended Berkeley Packet Filter) is a technology adopted in Linux for its numerous use cases (observability, security, networking, etc.) and its ability to run in the kernel context while being orchestrated from user space. Threat actors are increasingly abusing it to create sophisticated backdoors and evade traditional system monitoring tools. --------------------------------------------- https://www.synacktiv.com/en/publications/linkpro-ebpf-rootkit-analysis.html

===================== = Vulnerabilities = =====================

∗∗∗ Patchday XXL: Microsoft schließt teils aktiv attackierte Schwachstellen ∗∗∗ --------------------------------------------- Mit mehr als 170 geschlossenen Sicherheitslücken ist Microsofts Patchday diesen Monat überdurchschnittlich umfangreich ausgefallen. Gleich 17 Fixes für kritische Lücken stehen unter anderem für Azure, Copilot, Office sowie den Windows Server Update Service (WSUS) bereit. Überdies machen drei aktiv angegriffene Schwachstellen mit "Important"-Einstufung das (bestenfalls automatische) Einspielen der verfügbaren Updates besonders dringlich. --------------------------------------------- https://heise.de/-10764876

∗∗∗ Patchday: Adobe schließt kritische Lücken in mehreren Produkten ∗∗∗ --------------------------------------------- Gefährliche Lücken stecken unter anderem in Substance 3D Stager, Connect, Dimension und Illustrator. Aktuelle Security-Fixes schließen sie. --------------------------------------------- https://www.heise.de/news/Patchday-Adobe-schliesst-kritische-Luecken-in-mehr...

∗∗∗ Fortinet aktualisiert unter anderem FortiOS, FortiPAM und FortiSwitch Manager ∗∗∗ --------------------------------------------- Mit dem Schweregrad "High" bewertet wurden Schwachstellen in FortiOS, FortiPAM, FortiSwitch Manager, FortiDLP, Fortilsolator sowie im FortiClient Mac. [..] Zur unbefugten Ausführung von Systembefehlen per Kommandozeile könnten lokale, authentifizierte Angreifer die Schwachstelle CVE-2025-58325 ("Restricted CLI command bypass"; CVSS-Score 7.8) missbrauchen. --------------------------------------------- https://www.heise.de/news/Fortinet-aktualisiert-unter-anderem-FortiOS-FortiP...

∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by AlmaLinux (kernel, kernel-rt, vim, and webkit2gtk3), Debian (distro-info-data, https-everywhere, and php-horde-css-parser), Fedora (inih, mingw-exiv2, mirrorlist-server, rust-maxminddb, rust-monitord-exporter, rust-prometheus, rust-prometheus_exporter, rust-protobuf, rust-protobuf-codegen, rust-protobuf-parse, and rust-protobuf-support), Mageia (fetchmail), Oracle (gnutls, kernel, vim, and webkit2gtk3), Red Hat (kernel, kernel-rt, and webkit2gtk3), Slackware (mozilla), SUSE (curl, libxslt, and net-tools), and Ubuntu (linux-azure-5.15, linux-azure-6.8, linux-azure-fips, linux-oracle, linux-oracle-6.14, and linux-raspi). --------------------------------------------- https://lwn.net/Articles/1042076/

∗∗∗ Google Chrome: Stable Channel Update for Desktop ∗∗∗ --------------------------------------------- http://chromereleases.googleblog.com/2025/10/stable-channel-update-for-deskt...

∗∗∗ Rockwell Automation 1715 EtherNet/IP Comms Module ∗∗∗ --------------------------------------------- https://www.cisa.gov/news-events/ics-advisories/icsa-25-287-01

∗∗∗ F5: K000156572: Quarterly Security Notification (October 2025) ∗∗∗ --------------------------------------------- https://my.f5.com/manage/s/article/K000156572