===================== = End-of-Day report = =====================

Timeframe: Donnerstag 30-10-2025 18:00 − Freitag 31-10-2025 18:00 Handler: Guenes Holler Co-Handler: Felician Fuchs

===================== = News = =====================

∗∗∗ CISA and NSA Issue Urgent Guidance to Secure WSUS and Microsoft Exchange Servers ∗∗∗ --------------------------------------------- The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and National Security Agency (NSA), along with international partners from Australia and Canada, have released guidance to harden on-premise Microsoft Exchange Server instances from potential exploitation. --------------------------------------------- https://thehackernews.com/2025/10/cisa-and-nsa-issue-urgent-guidance-to.html

∗∗∗ Windows zero-day actively exploited to spy on European diplomats ∗∗∗ --------------------------------------------- A China-linked hacking group is exploiting a Windows zero-day in attacks targeting European diplomats in Hungary, Belgium, and other European nations. --------------------------------------------- https://www.bleepingcomputer.com/news/security/chinese-hackers-exploit-windo...

∗∗∗ Russian Ransomware Gangs Weaponize Open-Source AdaptixC2 for Advanced Attacks ∗∗∗ --------------------------------------------- The open-source command-and-control (C2) framework known as AdaptixC2 is being used by a growing number of threat actors, some of whom are related to Russian ransomware gangs. AdaptixC2 is an emerging extensible post-exploitation and adversarial emulation framework designed for penetration testing. --------------------------------------------- https://thehackernews.com/2025/10/russian-ransomware-gangs-weaponize-open.ht...

∗∗∗ Massive surge of NFC relay malware steals Europeans’ credit cards ∗∗∗ --------------------------------------------- Near-Field Communication (NFC) relay malware has grown massively popular in Eastern Europe, with researchers discovering over 760 malicious Android apps using the technique to steal peoples payment card information in the past few months. --------------------------------------------- https://www.bleepingcomputer.com/news/security/massive-surge-of-nfc-relay-ma...

∗∗∗ China-Linked Tick Group Exploits Lanscope Zero-Day to Hijack Corporate Systems ∗∗∗ --------------------------------------------- The exploitation of a recently disclosed critical security flaw in Motex Lanscope Endpoint Manager has been attributed to a cyber espionage group known as Tick. The vulnerability, tracked as CVE-2025-61932 (CVSS score: 9.3), allows remote attackers to execute arbitrary commands with SYSTEM privileges on on-premise versions of the program. --------------------------------------------- https://thehackernews.com/2025/10/china-linked-tick-group-exploits.html

∗∗∗ Nation-State Hackers Deploy New Airstalk Malware in Suspected Supply Chain Attack ∗∗∗ --------------------------------------------- A suspected nation-state threat actor has been linked to the distribution of a new malware called Airstalk as part of a likely supply chain attack. Palo Alto Networks Unit 42 said its tracking the cluster under the moniker CL-STA-1009, where "CL" stands for cluster and "STA" refers to state-backed motivation. --------------------------------------------- https://thehackernews.com/2025/10/nation-state-hackers-deploy-new.html

∗∗∗ Proton trains new service to expose corporate infosec cover-ups ∗∗∗ --------------------------------------------- Service will tell on compromised organizations, even if they didnt plan on doing so themselves Some orgs would rather you not know when theyve suffered a cyberattack, but a new platform from privacy-focused tech firm Proton will shine a light on the big breaches that might otherwise stay buried. --------------------------------------------- https://go.theregister.com/feed/www.theregister.com/2025/10/30/proton_data_b...

∗∗∗ Open VSX: Eclipse Foundation zieht Konsequenzen aus GlassWorm-Attacke ∗∗∗ --------------------------------------------- Die Eclipse Foundation hat ihren jüngsten Sicherheitsvorfall rund um Open VSX – den Open-Source-Marktplatz für VS-Code-Erweiterungen – aufgearbeitet. In den vergangenen Wochen war bekannt geworden, dass Zugangstokens versehentlich in öffentlichen Repositories gelandet waren. Ein Teil davon wurde missbraucht, um manipulierte Erweiterungen einzuschleusen. --------------------------------------------- https://www.heise.de/news/Open-VSX-Eclipse-Foundation-zieht-Konsequenzen-aus...

∗∗∗ Hacking India’s largest automaker: Tata Motors ∗∗∗ --------------------------------------------- If you are in the US and ask your friends and family if they have heard of “Tata Motors”, they would likely say no. However, if you go overseas, Tata Motors and the Tata Group in general are a massive, well-known conglomerate. Back in 2023, I took my hacking adventures overseas and found many vulnerabilities with Tata Motors. This post covers 4 of the most impactful findings I discovered that I am finally ready to share today. Let’s dive in! --------------------------------------------- https://eaton-works.com/2025/10/28/tata-motors-hack/

∗∗∗ Hacktivist ICS Attacks Target Canadian Critical Infrastructure ∗∗∗ --------------------------------------------- Canadian cybersecurity officials are warning that hacktivists are increasingly targeting critical infrastructure in the country. In an October 29 alert, the Canadian Centre for Cyber Security described three recent attacks on internet-accessible industrial control systems (ICS). --------------------------------------------- https://thecyberexpress.com/hacktivist-ics-attacks-canada/

===================== = Vulnerabilities = =====================

∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by AlmaLinux (java-1.8.0-openjdk, java-17-openjdk, libtiff, redis, and redis:6), Debian (chromium, mediawiki, pypy3, and squid), Fedora (openbao), SUSE (cdi-apiserver-container, cdi-cloner-container, cdi- controller-container, cdi-importer-container, cdi-operator-container, cdi- uploadproxy-container, cdi-uploadserver-container, cont, chromium, chrony, expat, haproxy, himmelblau, ImageMagick, iputils, kernel, libssh, libxslt, openssl-3, podman, strongswan, xorg-x11-server, and xwayland), and Ubuntu (kernel, libxml2, libyaml-syck-perl, linux, linux-aws, linux-aws-hwe, linux-gcp, linux-gcp-4.15, linux-hwe, linux-oracle, linux-fips, linux-aws-fips, linux-gcp-fips, linux-kvm, and netty). --------------------------------------------- https://lwn.net/Articles/1044380/

∗∗∗ ZDI-25-983: evernote-mcp-server openBrowser Command Injection Privilege Escalation Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-25-983/

∗∗∗ ZDI-25-982: oobabooga text-generation-webui trust_remote_code Reliance on Untrusted Inputs Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-25-982/

∗∗∗ ZDI-25-980: Heimdall Data Database Proxy Cross-Site Scripting Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-25-980/

∗∗∗ ZDI-25-979: Netgate pfSense CE Suricata Path Traversal Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-25-979/