===================== = End-of-Day report = =====================

Timeframe: Dienstag 11-11-2025 18:00 − Mittwoch 12-11-2025 18:00 Handler: Guenes Holler Co-Handler: n/a

===================== = News = =====================

∗∗∗ Rhadamanthys infostealer disrupted as cybercriminals lose server access ∗∗∗ --------------------------------------------- The Rhadamanthys infostealer operation has been disrupted, with numerous “customers” of the malware-as-a-service reporting that they no longer have access to their servers. --------------------------------------------- https://www.bleepingcomputer.com/news/security/rhadamanthys-infostealer-disr...

∗∗∗ VU#553375: Unprotected temporary directories in Wolfram Cloud version 14.2 may result in privilege escalation ∗∗∗ --------------------------------------------- Wolfram Cloud version 14.2 allows Java Virtual Machine (JVM) unrestricted access to temporary resources in the /tmp/ directory of the cloud environment which may result in privilege escalation, information exfiltration, and remote code execution. In the same cloud instance, temporary directories of other users may be accessible. --------------------------------------------- https://kb.cert.org/vuls/id/553375

∗∗∗ WhatsApp Malware Maverick Hijacks Browser Sessions to Target Brazils Biggest Banks ∗∗∗ --------------------------------------------- Threat hunters have uncovered similarities between a banking malware called Coyote and a newly disclosed malicious program dubbed Maverick that has been propagated via WhatsApp. --------------------------------------------- https://thehackernews.com/2025/11/whatsapp-malware-maverick-hijacks.html

∗∗∗ Cl0p Ransomware Lists NHS UK as Victim, Days After Washington Post Breach ∗∗∗ --------------------------------------------- Cl0p ransomware lists NHS UK as a victim days after The Washington Post confirms a major Oracle E-Business breach linked to CVE-2025-61882 --------------------------------------------- https://hackread.com/cl0p-ransomware-nhs-uk-washington-post-breach/

∗∗∗ @facebookmail.com Invites Exploited to Phish Facebook Business Users ∗∗∗ --------------------------------------------- If you manage Facebook advertising for a small or medium-sized business, open your inbox with suspicion, because attackers have been sending highly convincing invites that look like they come straight from Meta. --------------------------------------------- https://hackread.com/facebookmail-com-invites-phish-facebook-business/

∗∗∗ Hackers Use KakaoTalk and Google Find Hub in Android Spyware Attack ∗∗∗ --------------------------------------------- North Korea-linked KONNI hackers used KakaoTalk and Google Find Hub to spy on victims and remotely wipe Android devices in a targeted phishing campaign. --------------------------------------------- https://hackread.com/hackers-kakaotalk-google-find-hub-android-spyware/

∗∗∗ Is It CitrixBleed4? Well, No. Is It Good? Also, No. (Citrix NetScaler Memory Leak & RXSS CVE-2025-12101) ∗∗∗ --------------------------------------------- There’s an elegance to vulnerability research that feels almost poetic - the quiet dance between chaos and control. It’s the art of peeling back the layers of complexity, not to destroy but to understand; to trace the fragile threads that hold systems together and see where they might fray. --------------------------------------------- https://labs.watchtowr.com/is-it-citrixbleed4-well-no-is-it-good-also-no-cit...

∗∗∗ Miniatur Wunderland Ziel von IT-Angriff: Kreditkartendaten abgeflossen ∗∗∗ --------------------------------------------- Cyberkriminelle konnten in das Buchungssystem vom Miniatur Wunderland Hamburg eindringen. Dabei konnten sie offenbar Informationen aus dem Zahlungsverkehr mitlesen. Die Untersuchungen dauern noch an. --------------------------------------------- https://www.heise.de/news/Miniatur-Wunderland-Ziel-von-IT-Angriff-Kreditkart...

===================== = Vulnerabilities = =====================

∗∗∗ Microsoft November 2025 Patch Tuesday fixes 1 zero-day, 63 flaws ∗∗∗ --------------------------------------------- Today is Microsoft's November 2025 Patch Tuesday, which includes security updates for 63 flaws, including one actively exploited zero-day vulnerability. --------------------------------------------- https://www.bleepingcomputer.com/news/microsoft/microsoft-november-2025-patc...

∗∗∗ Synology fixes BeeStation zero-days demoed at Pwn2Own Ireland ∗∗∗ --------------------------------------------- Synology has addressed a critical-severity remote code execution (RCE) vulnerability in BeeStation products that was demonstrated at the recent Pwn2Own hacking competition. The security issue (CVE-2025-12686) is described as a ‘buffer copy without checking the size of input’ problem, and can be exploited to allow arbitrary code execution. --------------------------------------------- https://www.bleepingcomputer.com/news/security/synology-fixes-beestation-zer...

∗∗∗ Avast und AVG: Kritische Sicherheitslücke stillschweigend behoben ∗∗∗ --------------------------------------------- In den Malware-Schutzprogrammen der Marken Avast und AVG stand eine als kritisch eingeordnete Sicherheitslücke offen. Die ist inzwischen geschlossen, ebenso eine weitere, weniger schwerwiegende in Avast Free Antivirus. --------------------------------------------- https://www.heise.de/news/Avast-und-AVG-Kritische-Sicherheitsluecke-stillsch...

∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by AlmaLinux (kernel, kernel-rt, and libtiff), Debian (kernel, libarchive, rust-sudo-rs, and squid), Fedora (chromium, dotnet8.0, forgejo, ruby, and webkitgtk), Oracle (bind, bind9.18, kernel, kernel-uek*, libtiff, and runc), Red Hat (firefox, kernel, and kernel-rt), Slackware (mozilla), SUSE (buildah, colord, containerd, kernel, lasso, libsoup, micropython, ongres-scram, openssh, proxy-helm, uyuni-tools, python-pdfminer.six, qatengine, qatlib, regclient, and runc), and Ubuntu (raptor and raptor2). --------------------------------------------- https://lwn.net/Articles/1046173/

∗∗∗ Patchday Adobe: Schadcode-Lücken bedrohen InDesign & Co. ∗∗∗ --------------------------------------------- Es sind wichtige Sicherheitsupdates für unter anderem Adobe Illustrator, InCopy und Photoshop erschienen. --------------------------------------------- https://heise.de/-11074930

∗∗∗ Patchday: Intel dichtet zig Sicherheitslücken ab ∗∗∗ --------------------------------------------- Intel hat auch einen Patchday veranstaltet und 30 Sicherheitsmitteilungen mit Updates veröffentlicht. Davon sind sieben hochriskant. --------------------------------------------- https://heise.de/-11075454

∗∗∗ DSA-6053-1 linux - security update ∗∗∗ --------------------------------------------- https://lists.debian.org/debian-security-announce/2025/msg00219.html

∗∗∗ ZDI-25-991: Academy Software Foundation OpenEXR EXR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-25-991/

∗∗∗ CVE-2025-13042: Stable Channel Update for Desktop ∗∗∗ --------------------------------------------- http://chromereleases.googleblog.com/2025/11/stable-channel-update-for-deskt...

∗∗∗ CISA Adds Three Known Exploited Vulnerabilities to Catalog ∗∗∗ --------------------------------------------- https://www.cisa.gov/news-events/alerts/2025/11/12/cisa-adds-three-known-exp...