===================== = End-of-Day report = =====================

Timeframe: Montag 11-08-2025 18:00 − Dienstag 12-08-2025 18:00 Handler: Michael Schlagenhaufer Co-Handler: Felician Fuchs

===================== = News = =====================

∗∗∗ Netherlands: Citrix Netscaler flaw CVE-2025-6543 exploited to breach orgs ∗∗∗ --------------------------------------------- The Netherlands National Cyber Security Centre (NCSC) is warning that a critical Citrix NetScaler vulnerability tracked as CVE-2025-6543 was exploited to breach "critical organizations" in the country. --------------------------------------------- https://www.bleepingcomputer.com/news/security/netherlands-citrix-netscaler-...

∗∗∗ Over 3,000 NetScaler devices left unpatched against CitrixBleed 2 bug ∗∗∗ --------------------------------------------- Over 3,300 Citrix NetScaler devices remain unpatched against a critical vulnerability that allows attackers to bypass authentication by hijacking user sessions, nearly two months after patches were released. --------------------------------------------- https://www.bleepingcomputer.com/news/security/over-3-000-netscaler-devices-...

∗∗∗ Scam hunter scammed by tax office impersonators ∗∗∗ --------------------------------------------- Scam hunter Julie-Anne Kearns, who helps scam victims online, opened up about a tax scam she fell for herself. --------------------------------------------- https://www.malwarebytes.com/blog/news/2025/08/scam-hunter-scammed-by-tax-of...

∗∗∗ Russian-Linked Curly COMrades Deploy MucorAgent Malware in Europe ∗∗∗ --------------------------------------------- A new report from Bitdefender reveals the Russian-linked hacking group Curly COMrades is targeting Eastern Europe with a new backdoor called MucorAgent. Learn how they’re using advanced tactics to steal data. --------------------------------------------- https://hackread.com/russian-curly-comrades-mucoragent-malware-europe/

===================== = Vulnerabilities = =====================

∗∗∗ Security Advisory Ivanti Connect Secure, Policy Secure & ZTA Gateways (Multiple CVEs) ∗∗∗ --------------------------------------------- Ivanti has released updates for Ivanti Connect Secure which addresses medium, high, and critical vulnerabilities. At the time of disclosure, there have been no reports of customers being exploited by this vulnerability. --------------------------------------------- https://forums.ivanti.com/s/article/August-Security-Advisory-Ivanti-Connect-...

∗∗∗ August Security Advisory Ivanti Virtual Application Delivery Controller (vADC previously vTM) (CVE-2025-8310) ∗∗∗ --------------------------------------------- Ivanti has released updates for Ivanti Virtual Application Delivery Controller (vADC), previously Virtual Traffic Manager (vTM), which addresses one medium severity vulnerability. Successful exploitation could lead to account takeover. At the time of disclosure, there have been no reports of customers being exploited by this vulnerability. --------------------------------------------- https://forums.ivanti.com/s/article/August-Security-Advisory-Ivanti-Virtual-...

∗∗∗ 40,000 WordPress Sites Affected by Arbitrary File Read Vulnerability in UiCore Elements WordPress Plugin ∗∗∗ --------------------------------------------- On June 13th, 2025, we received a submission for an Arbitrary File Read vulnerability in UiCore Elements, a WordPress plugin with more than 40,000 active installations. This vulnerability makes it possible for an unauthenticated attacker to read arbitrary files on the server, which can contain sensitive information. During the disclosure process, our investigation revealed that the vulnerability leveraged an underlying issue in Elementor’s import functionality. --------------------------------------------- https://www.wordfence.com/blog/2025/08/40000-wordpress-sites-affected-by-arb...

∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by AlmaLinux (kernel, kernel-rt, and python-requests), Debian (ca-certificates-java), Fedora (chromium, clash-meta, mingw-python3, openjpeg, php-adodb, and toolbox), Mageia (kernel and kernel-linus), SUSE (chromium, ImageMagick, libgcrypt, libssh, libxml2, opensc, postgresql14, and postgresql16), and Ubuntu (dnsmasq, linux-gcp-6.8, linux-raspi, linux-oracle-6.14, and openjdk-17). --------------------------------------------- https://lwn.net/Articles/1033445/

∗∗∗ Vtenext 25.02: A three-way path to RCE ∗∗∗ --------------------------------------------- Multiple vulnerabilities in vtenext 25.02 and prior versions allow unauthenticated attackers to bypass authentication through three separate vectors, ultimately leading to remote code execution on the underlying server. --------------------------------------------- https://blog.sicuranext.com/vtenext-25-02-a-three-way-path-to-rce/

∗∗∗ OMSA-2025-0004: Omnissa Workspace ONE UEM addresses multiple vulnerabilities (CVE-2025-25229, CVE-2025-25231) ∗∗∗ --------------------------------------------- https://www.omnissa.com/omsa-2025-0004/

∗∗∗ OMSA-2025-0003: Omnissa Secure Email Gateway (SEG) updates address Server-Side Request Forgery (SSRF) vulnerability (CVE-2025-25235) ∗∗∗ --------------------------------------------- https://www.omnissa.com/omsa-2025-0003/

∗∗∗ Matrix protocol vulnerabilities fixed in room version 12 ∗∗∗ --------------------------------------------- https://matrix.org/blog/2025/08/security-release/