===================== = End-of-Day report = =====================
Timeframe: Dienstag 22-07-2025 18:00 − Mittwoch 23-07-2025 18:00 Handler: Felician Fuchs Co-Handler: Guenes Holler
===================== = News = =====================
∗∗∗ Major European healthcare network discloses security breach ∗∗∗ --------------------------------------------- AMEOS Group, an operator of a massive healthcare network in Central Europe, has announced it has suffered a security breach that may have exposed customer, employee, and partner information. --------------------------------------------- https://www.bleepingcomputer.com/news/security/major-european-healthcare-net...
∗∗∗ CISA warns of hackers exploiting SysAid vulnerabilities in attacks ∗∗∗ --------------------------------------------- CISA has warned that attackers are actively exploiting two security vulnerabilities in the SysAid IT service management (ITSM) software to hijack administrator accounts. --------------------------------------------- https://www.bleepingcomputer.com/news/security/cisa-warns-of-hackers-exploit...
∗∗∗ US nuclear weapons agency reportedly hacked in SharePoint attacks ∗∗∗ --------------------------------------------- Unknown threat actors have reportedly breached the National Nuclear Security Administrations (NNSA) network in attacks exploiting a recently patched Microsoft SharePoint zero-day vulnerability chain. --------------------------------------------- https://www.bleepingcomputer.com/news/security/us-nuclear-weapons-agency-rep...
∗∗∗ Mehr als 700 Modelle: Unzählige Drucker werden über Sicherheitslücken attackiert ∗∗∗ --------------------------------------------- Hunderte Druckermodelle von Brother, Fujifilm, Konica Minolta, Ricoh und Toshiba sind angreifbar. Angreifer nutzen die Sicherheitslücken nun aus. --------------------------------------------- https://www.golem.de/news/mehr-als-700-modelle-unzaehlige-drucker-werden-ueb...
∗∗∗ CCC und GFF: Verfassungsbeschwerde gegen Polizeisoftware von Palantir ∗∗∗ --------------------------------------------- Die bayerische Polizei ist begeistert von der Palantir-Software. Doch Bürgerrechtlern und Hackern geht der Einsatz zu weit. --------------------------------------------- https://www.golem.de/news/ccc-und-gff-verfassungsbeschwerde-gegen-polizeisof...
∗∗∗ Google Launches OSS Rebuild to Expose Malicious Code in Widely Used Open-Source Packages ∗∗∗ --------------------------------------------- Google has announced the launch of a new initiative called OSS Rebuild to bolster the security of the open-source package ecosystems and prevent software supply chain attacks. "As supply chain attacks continue to target widely-used dependencies, OSS Rebuild gives security teams powerful data to avoid compromise without burden on upstream maintainers" Matthew Suozzo, Google Open Source Security. --------------------------------------------- https://thehackernews.com/2025/07/google-launches-oss-rebuild-to-expose.html
∗∗∗ Malware Injected into 7 npm Packages After Maintainer Tokens Stolen in Phishing Attack ∗∗∗ --------------------------------------------- Cybersecurity researchers have alerted to a supply chain attack that has targeted popular npm packages via a phishing campaign designed to steal the project maintainers npm tokens. The captured tokens were then used to publish malicious versions of the packages directly to the registry without any source code commits or pull requests on their respective GitHub repositories. --------------------------------------------- https://thehackernews.com/2025/07/malware-injected-into-6-npm-packages.html
∗∗∗ New Coyote Malware Variant Exploits Windows UI Automation to Steal Banking Credentials ∗∗∗ --------------------------------------------- The Windows banking trojan known as Coyote has become the first known malware strain to exploit the Windows accessibility framework called UI Automation (UIA) to harvest sensitive information. --------------------------------------------- https://thehackernews.com/2025/07/new-coyote-malware-variant-exploits.html
∗∗∗ Suspected Admin of XSS.IS Cybercrime Forum Arrested in Ukraine ∗∗∗ --------------------------------------------- Suspected admin of XSS.IS, a major Russian-language cybercrime forum, arrested in Ukraine after years of running malware and data trade operations. --------------------------------------------- https://hackread.com/suspected-xss-is-admin-cybercrime-forum-arrest-ukraine/
∗∗∗ Soco404: Multiplatform Cryptomining Campaign Uses Fake Error Pages to Hide Payload ∗∗∗ --------------------------------------------- Wiz Research has identified a new iteration of a broader malicious cryptomining campaign, which we’ve dubbed Soco404. --------------------------------------------- https://www.wiz.io/blog/soco404-multiplatform-cryptomining-campaign-uses-fak...
∗∗∗ Critical Vulnerability in Popular npm form-data Package Used Across Millions of Installs ∗∗∗ --------------------------------------------- A critical security vulnerability has been disclosed in the widely used npm package form-data, which sees more than 100 million downloads each week across various projects. The vulnerability, classified as "Use of Insufficiently Random Values" affects multiple versions of the package and can lead to HTTP Parameter Pollution (HPP) attacks. --------------------------------------------- https://socket.dev/blog/critical-vulnerability-in-popular-npm-form-data-pack...
===================== = Vulnerabilities = =====================
∗∗∗ Chrome, Firefox & Thunderbird: Neue Versionen beheben Schwachstellen ∗∗∗ --------------------------------------------- Frische Browser- und Mailclient-Releases von Google und Mozilla beseitigen Lücken mit teils hohem Schweregrad. --------------------------------------------- https://www.heise.de/news/Chrome-Firefox-Thunderbird-Neue-Versionen-beheben-...
∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by AlmaLinux (cloud-init, fence-agents, git, kernel, and kernel-rt), Debian (openjdk-11), Fedora (firefox, golang, libinput, transfig, and yasm), Mageia (qtbase5, qtbase6), Red Hat (fence-agents, go-toolset:rhel8, golang, kernel, and python-setuptools), Slackware (mozilla), SUSE (cyradm, gstreamer-plugins-base, and xen), and Ubuntu (gdk-pixbuf, jq, linux-gcp, linux-gcp-6.8, linux-oracle, ruby-sinatra, thunderbird, and unbound). --------------------------------------------- https://lwn.net/Articles/1031104/
∗∗∗ CISA Releases Nine Industrial Control Systems Advisories ∗∗∗ --------------------------------------------- CISA released nine Industrial Control Systems (ICS) advisories on July 22, 2025: DuraComm DP-10iN-100-MU, Lantronix Provisioning Manager, Schneider Electric EcoStruxure, Schneider Electric EcoStruxure Power Operation, Schneider Electric System Monitor Application, Schneider Electric EcoStruxture IT Data Center Expert, ICSA-25-175-03 Schneider Electric Modicon Controllers (Update A), ICSA-25-175-04 Schneider Electric EVLink WallBox (Update A), ICSA-25-014-02 Schneider Electric Vijeo Designer (Update A). --------------------------------------------- https://www.cisa.gov/news-events/alerts/2025/07/22/cisa-releases-nine-indust...
∗∗∗ [CVE-2025-48932] Invision Community <= 4.7.20 (calendar/view.php) SQL Injection Vulnerability ∗∗∗ --------------------------------------------- https://www.reddit.com/r/netsec/comments/1m757kw/cve202548932_invision_commu...
∗∗∗ [CVE-2025-48933] Invision Community <= 5.0.7 (oauth/callback) Reflected Cross-Site Scripting Vulnerability ∗∗∗ --------------------------------------------- https://www.reddit.com/r/netsec/comments/1m7578r/cve202548933_invision_commu...
∗∗∗ ZDI-25-629: (0Day) Ashlar-Vellum Cobalt LI File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-25-629/
∗∗∗ ZDI-25-640: (0Day) Ashlar-Vellum Cobalt AR File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-25-640/
∗∗∗ ZDI-25-639: (0Day) Ashlar-Vellum Graphite VC6 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-25-639/
∗∗∗ ZDI-25-638: (0Day) Ashlar-Vellum Cobalt VC6 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-25-638/
∗∗∗ Firefox 141.0 released ∗∗∗ --------------------------------------------- https://lwn.net/Articles/1030971/