===================== = End-of-Day report = =====================

Timeframe: Freitag 09-01-2026 18:00 − Montag 12-01-2026 18:00 Handler: Felician Fuchs Co-Handler: Alexander Riepl

===================== = News = =====================

∗∗∗ Max severity Ni8mare flaw impacts nearly 60,000 n8n instances ∗∗∗ --------------------------------------------- Nearly 60,000 n8n instances exposed online remain unpatched against a maximum-severity vulnerability dubbed "Ni8mare." --------------------------------------------- https://www.bleepingcomputer.com/news/security/max-severity-ni8mare-flaw-imp...

∗∗∗ Spanish energy giant Endesa discloses data breach affecting customers ∗∗∗ --------------------------------------------- Spanish energy provider Endesa and its Energía XXI operator are notifying customers that hackers accessed the companys systems and accessed contract-related information, which includes personal details. --------------------------------------------- https://www.bleepingcomputer.com/news/security/spanish-energy-giant-endesa-d...

∗∗∗ Hidden Telegram proxy links can reveal your IP address in one click ∗∗∗ --------------------------------------------- A single click on what may appear to be a Telegram username or harmless link is all it takes to expose your real IP address to attackers due to how proxy links are handled. Telegram says it will add warnings to proxy links after researchers demonstrated that such one-click interactions could reveal a Telegram users real IP address. --------------------------------------------- https://www.bleepingcomputer.com/news/security/hidden-telegram-proxy-links-c...

∗∗∗ Illicit Crypto Economy Surges Amid Increased Nation-State Activity ∗∗∗ --------------------------------------------- Cybercriminal cryptocurrency transactions totaled billions in 2025, with activity from sanctioned countries like Russia and Iran causing the largest jump. --------------------------------------------- https://www.darkreading.com/cyber-risk/illicit-crypto-economy-surges-nation-...

∗∗∗ Russia’s Fancy Bear APT Doubles Down on Global Secrets Theft ∗∗∗ --------------------------------------------- The notorious state-sponsored group relies on basic techniques that are highly effective, often delivering greater ROI than more complex malware-heavy operations. --------------------------------------------- https://www.darkreading.com/cyberattacks-data-breaches/russian-apt-credentia...

∗∗∗ Two Separate Campaigns Target Exposed LLM Services ∗∗∗ --------------------------------------------- A total of 91,403 sessions targeted public LLM endpoints to find leaks in organizations use of AI and map an expanding attack surface. --------------------------------------------- https://www.darkreading.com/endpoint-security/separate-campaigns-target-expo...

∗∗∗ Cybersecurity Act: EU-Kommission will hartes Verbot von Huawei ∗∗∗ --------------------------------------------- Bisher freiwillige Beschränkungen gegen chinesische Ausrüster will die EU-Kommission nun zwangsweise umsetzen. Das ist in der EU stark umstritten und erscheint aus der Zeit gefallen. --------------------------------------------- https://www.golem.de/news/cybersecurity-act-eu-kommission-will-hartes-verbot...

∗∗∗ Lohnabrechnungen falsch verschickt: DSGVO-Vorfall bei der Datev ∗∗∗ --------------------------------------------- Nach einer technischen Störung bei der Datev-Lohnabrechnung sind Kundendaten in falsche Hände gelangt. Auslöser war ausgerechnet ein Problemlösungsversuch. --------------------------------------------- https://www.golem.de/news/lohnabrechnungen-falsch-verschickt-dsgvo-vorfall-b...

∗∗∗ Researchers Uncover Service Providers Fueling Industrial-Scale Pig Butchering Fraud ∗∗∗ --------------------------------------------- Cybersecurity researchers have shed light on two service providers that supply online criminal networks with the necessary tools and infrastructure to fuel the pig butchering-as-a-service (PBaaS) economy. --------------------------------------------- https://thehackernews.com/2026/01/researchers-uncover-service-providers.html

∗∗∗ GoBruteforcer Botnet Targets Crypto Project Databases by Exploiting Weak Credentials ∗∗∗ --------------------------------------------- A new wave of GoBruteforcer attacks has targeted databases of cryptocurrency and blockchain projects to co-opt them into a botnet thats capable of brute-forcing user passwords for services such as FTP, MySQL, PostgreSQL, and phpMyAdmin on Linux servers. --------------------------------------------- https://thehackernews.com/2026/01/gobruteforcer-botnet-targets-crypto.html

∗∗∗ UK government exempting itself from flagship cyber law inspires little confidence ∗∗∗ --------------------------------------------- Ministers promise equivalent standards just without the legal obligation ANALYSIS From Mays cyberattack on the Legal Aid Agency to the Foreign Office breach months later, cyber incidents have become increasingly common in UK government. --------------------------------------------- https://www.theregister.com/2026/01/10/csr_bill_analysis/

∗∗∗ Instagram-Datenleck: Daten von 6,2 Millionen Konten bei Have-I-Been-Pwned ∗∗∗ --------------------------------------------- Daten von 6,2 Millionen Instagram-Nutzern sind beim Have-I-Been-Pwned-Projekt gelandet. --------------------------------------------- https://www.heise.de/news/Instagram-6-2-Millionen-Nutzerdaten-mittels-Scrapi...

∗∗∗ ÖIAT-Schwerpunkterhebung deckt auf: Massive Präsenz von Abo-Fallen in Google-Anzeigen ∗∗∗ --------------------------------------------- Bei einer eingehenden Analyse der Google Werbebibliothek entdeckte das Österreichische Institut für angewandte Telekommunikation (ÖIAT) eine große Menge an gefährlichen Ads. Insgesamt waren es weit über 27.000 problematische Werbeanzeigen, die als Köder für Abo-Fallen dienten. Auf Beschwerden reagierte Google bisher nicht. --------------------------------------------- https://www.watchlist-internet.at/news/schwerpunkterhebung-abo-fallen-google...

∗∗∗ Basketball player arrested for alleged ransomware ties freed in Russia-France prisoner swap ∗∗∗ --------------------------------------------- Daniil Kasatkin, 26, was seen in a video shared by Russian state news outlet TASS emerging from a plane that was then used to send French researcher Laurent Vinatier back to France. --------------------------------------------- https://therecord.media/france-frees-russian-basketball-player-ransomware-sw...

∗∗∗ MC1215070: MFA für Microsoft 365 Admin Center ab Feb. 2026 Pflicht ∗∗∗ --------------------------------------------- Noch eine kurze Information für Administratoren von Microsoft 365-Tenants. Microsoft erzwingt aus Sicherheitsgründen ab dem 9. Februar 2026 eine Multifaktor-Authentifizierung (MFA) zur Administratoranmeldung am Microsoft 365 Admin Center. Ohne entsprechende Maßnahmen scheitert dann die Anmeldung. --------------------------------------------- https://borncity.com/blog/2026/01/11/mc1215070-mfa-fuer-microsoft-365-admin-...

∗∗∗ Database of 323,986 BreachForums Users Leaked as Admin Disputes Scope ∗∗∗ --------------------------------------------- Database of 323,986 BreachForums users leaked online as forum admins claim the exposed data is partial and dates back to August 2025. --------------------------------------------- https://hackread.com/breachforums-database-users-leak-admin-disputes/

∗∗∗ Everest Ransomware Claims Breach at Nissan, Says 900GB of Data Stolen ∗∗∗ --------------------------------------------- Everest ransomware claims to have breached Nissan Motor Corporation, alleging the theft of 900GB of internal data, including documents and screenshots. --------------------------------------------- https://hackread.com/everest-ransomware-nissan-data-breach/

∗∗∗ How Safe is the Rust Ecosystem? A Deep Dive into crates.io ∗∗∗ --------------------------------------------- The relentless wave of high-impact supply chain attacks throughout 2025—most notably the major incident within npm [..] —suggests this trend is far from peaking. In fact, with the rapid adoption of AI and LLMs in development workflows, we are likely facing an acceleration of these threats rather than a decline, in my opinion. --------------------------------------------- https://mr-leshiy-blog.web.app/blog/crates_io_analysis/

∗∗∗ Detection of Kerberos Golden Ticket Attacks via Velociraptor ∗∗∗ --------------------------------------------- Kerberos is a strange technology. Over the years, I’ve gone through its internal workings again and again, yet parts of it always seem to slip away. It has been a while since I did my OSCP, so inevitably I’ve found myself back in this topic to refresh my knowledge. --------------------------------------------- https://detect.fyi/detection-of-kerberos-golden-ticket-attacks-via-velocirap...

===================== = Vulnerabilities = =====================

∗∗∗ Sicherheitsupdate: Dell-Laptops mit Adreno-GPU sind verwundbar ∗∗∗ --------------------------------------------- Der Treiber von Qualcomms Adreno GPU ist löchrig und gefährdet die Sicherheit verschiedener Dell-Laptops. Ein reparierter Treiber steht zum Download bereit. --------------------------------------------- https://www.heise.de/news/Sicherheitsupdate-Dell-Laptops-mit-Adreno-GPU-sind...

∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (chromium and sogo), Fedora (chromium, foomuuri, libpng, libsodium, mariadb10.11, musescore, nginx, python-pdfminer, python-urllib3, python3.12, seamonkey, wasmedge, and wget2), Mageia (curl, libpcap, sodium, wget2, and zlib), Slackware (lcms2), SUSE (chromedriver, chromium, noopenh264, coredns, curl, dcmtk, fontforge, gdk-pixbuf-loader-libheif, gimp, kernel, libheif, libpng16, libsoup-2_4-1, libvirt, mariadb, php8, poppler, python-filelock, python-tornado6, python311-aiohttp, qemu, sssd, and traefik), and Ubuntu (libheif, libtasn1-6, linux-azure-nvidia, linux-kvm, linux-raspi, linux-raspi-realtime, and php7.2, php7.4, php8.1, php8.3, php8.4). --------------------------------------------- https://lwn.net/Articles/1053820/