===================== = End-of-Day report = =====================

Timeframe: Dienstag 20-01-2026 18:00 − Mittwoch 21-01-2026 18:00 Handler: Michael Schlagenhaufer Co-Handler: Guenes Holler

===================== = News = =====================

∗∗∗ EU plans cybersecurity overhaul to block foreign high-risk suppliers ∗∗∗ --------------------------------------------- The European Commission has proposed new cybersecurity legislation mandating the removal of high-risk suppliers to secure telecommunications networks and strengthening defenses against state-backed and cybercrime groups targeting critical infrastructure. --------------------------------------------- https://www.bleepingcomputer.com/news/security/eu-plans-cybersecurity-overha...

∗∗∗ VoidLink cloud malware shows clear signs of being AI-generated ∗∗∗ --------------------------------------------- The recently discovered cloud-focused VoidLink malware framework is believed to have been developed by a single person with the help of an artificial intelligence model. --------------------------------------------- https://www.bleepingcomputer.com/news/security/voidlink-cloud-malware-shows-...

∗∗∗ Hackers exploit security testing apps to breach Fortune 500 firms ∗∗∗ --------------------------------------------- Threat actors are exploiting misconfigured web applications used for security training and internal penetration testing, such as DVWA, OWASP Juice Shop, Hackazon, and bWAPP, to gain access to cloud environments of Fortune 500 companies and security vendors. --------------------------------------------- https://www.bleepingcomputer.com/news/security/hackers-exploit-security-test...

∗∗∗ Mass Spam Attacks Leverage Zendesk Instances ∗∗∗ --------------------------------------------- The CRM vendor advised ignoring or deleting suspicious emails and said the attacks were not tied to any breach or software vulnerability. --------------------------------------------- https://www.darkreading.com/threat-intelligence/mass-spam-attacks-zendesk-in...

∗∗∗ Jetzt abschalten: Zehn Jahre alte Telnetd-Lücke macht jeden Client zum Root ∗∗∗ --------------------------------------------- Seit 2015 kann sich über Telnetd jeder Client einen Root-Zugriff verschaffen. Einen Patch gibt es zwar, empfohlen wird jedoch die Abschaltung. --------------------------------------------- https://www.golem.de/news/jetzt-abschalten-zehn-jahre-alte-telnetd-luecke-ma...

∗∗∗ LastPass Warns of Fake Maintenance Messages Targeting Users’ Master Passwords ∗∗∗ --------------------------------------------- LastPass is alerting users to a new active phishing campaign that's impersonating the password management service, which aims to trick users into giving up their master passwords. --------------------------------------------- https://thehackernews.com/2026/01/lastpass-warns-of-fake-maintenance.html

∗∗∗ Curl shutters bug bounty program to remove incentive for submitting AI slop ∗∗∗ --------------------------------------------- The maintainer of popular open-source data transfer tool cURL has ended the project’s bug bounty program after maintainers struggled to assess a flood of AI-generated contributions. --------------------------------------------- https://go.theregister.com/feed/www.theregister.com/2026/01/21/curl_ends_bug...

∗∗∗ Einschränkung der Anzeigenauslieferung auf Facebook? Unternehmens-Profile im Visier von Kriminellen ∗∗∗ --------------------------------------------- Mit vermeintlich vom Meta-Konzern stammenden E-Mails versuchen Betrüger:innen, sich Zugang zu Unternehmens-Accounts zu erschleichen. Dafür haben sie eine gefälschte Login-Seite gebaut. Wie läuft die Masche konkret ab? Woran ist die Betrugsabsicht zu erkennen? Dieser Artikel liefert Antworten. --------------------------------------------- https://www.watchlist-internet.at/news/einschraenkung-der-anzeigenauslieferu...

∗∗∗ DNS OverDoS: Are Private Endpoints Too Private? ∗∗∗ --------------------------------------------- We discovered an aspect of Azure’s Private Endpoint architecture that could expose Azure resources to denial of service (DoS) attacks. In this article, we explore how both intentional and inadvertent acts could result in limited access to Azure resources through the Azure Private Link mechanism. We uncovered this issue while investigating irregular behavior in Azure test environments. --------------------------------------------- https://unit42.paloaltonetworks.com/dos-attacks-and-azure-private-endpoint/

∗∗∗ IT-Sicherheit: Roter Draht zwischen Peking und London ∗∗∗ --------------------------------------------- Ein neues, geheimes Forum soll die Kommunikation zwischen britischen und chinesischen Diensten verbessern. Es könnte das erste seiner Art sein. --------------------------------------------- https://heise.de/-11148209

∗∗∗ Introducing > PowerShell.Exposed ∗∗∗ --------------------------------------------- PowerShell (PS) isn’t just a “Windows admin tool.” Once shell access is established, this is the cheapest and most powerful hands-on-keyboard control an attacker can have. --------------------------------------------- https://detect.fyi/introducing-powershell-exposed-4974fe712117?source=rss---...

∗∗∗ New EU Vulnerability Platform GCVE Goes Live, Reducing Reliance on Global Systems ∗∗∗ --------------------------------------------- Europe’s long-running conversation about digital autonomy quietly crossed a milestone with the launch of a new public vulnerability platform. The EU Vulnerability Database, created under the GCVE initiative, is now live. This signals a deliberate shift in how software weaknesses are identified, cataloged, and shared across Europe. --------------------------------------------- https://thecyberexpress.com/eu-launches-gcve-vulnerability-database/

∗∗∗ Critical Vulnerability in Advanced Custom Fields: Extended Plugin Puts 100,000 WordPress Sites at Risk ∗∗∗ --------------------------------------------- A critical security flaw has been discovered in a widely used ACF add-on plugin for WordPress, placing up to 100,000 websites at risk of a full site takeover. The vulnerability affects the Advanced Custom Fields: Extended plugin, an add-on designed to extend the functionality of the popular Advanced Custom Fields ecosystem. An advisory issued about the flaw assigns a severity rating of 9.8, emphasizing the serious impact it can have if exploited. --------------------------------------------- https://thecyberexpress.com/acf-add-on-vulnerability-wordpress/

===================== = Vulnerabilities = =====================

∗∗∗ Aktuelle Angriffswelle gegen CVE-2025-59718, Patches unzureichend ∗∗∗ --------------------------------------------- Im Dezember des vergangenen Jahres hat Fortinet Informationen über einen Login Bypass in mehreren Produkten des Unternehmens veröffentlicht (siehe dazu auch unser Warning vom 19.12.2025) und gleichzeitig Patches zur Verfügung gestellt welche das Problem beheben sollten. --------------------------------------------- https://www.cert.at/de/aktuelles/2026/1/aktuelle-angriffswelle-gegen-cve-202...

∗∗∗ GitLab Patch Release: 18.8.2, 18.7.2, 18.6.4 ∗∗∗ --------------------------------------------- Learn more about GitLab Patch Release: 18.8.2, 18.7.2, 18.6.4 for GitLab Community Edition (CE) and Enterprise Edition (EE). --------------------------------------------- https://about.gitlab.com/releases/2026/01/21/patch-release-gitlab-18-8-2-rel...

∗∗∗ Sicherheitslücken: Nvidia CUDA Toolkit lässt Schadcode passieren ∗∗∗ --------------------------------------------- Nvidias Programmierschnittstelle CUDA weist Sicherheitslücken auf, wodurch unter anderem Schadcode auf Systeme gelangen kann. Davon sind je nach Sicherheitslücke Linux und Windows bedroht. Eine reparierte Ausgabe von CUDA Toolkit schafft Abhilfe. --------------------------------------------- https://www.heise.de/news/Sicherheitsluecken-Nvidia-CUDA-Toolkit-laesst-Scha...

∗∗∗ Sicherheitspatches: Atlassian sichert Confluence & Co. gegen mögliche Attacken ∗∗∗ --------------------------------------------- Atlassian hat für Bamboo, Bitbucket, Confluence, Crowd, Jira und Jira Service Management Data Center und Server wichtige Sicherheitsupdates veröffentlicht. Nach erfolgreichen Attacken können Angreifer in erster Linie DoS-Zustände und somit Abstürze auslösen. --------------------------------------------- https://www.heise.de/news/Sicherheitspatches-Atlassian-sichert-Confluence-Co...

∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by AlmaLinux (brotli and container-tools:rhel8), Debian (python-keystonemiddleware and python3.9), Fedora (cef, freerdp, golang-github-tetratelabs-wazero, and libpcap), Oracle (brotli, gpsd, kernel, and transfig), Red Hat (freerdp, golang, java-11-openjdk with Extended Lifecycle Support, libpng, libssh, mingw-libpng, and runc), SUSE (abseil-cpp, alloy, apache2, bind, cpp-httplib, curl, erlang, firefox, gpg2, grafana, haproxy, hauler, hawk2, libblkid-devel, libpng16, libraylib550, python-keystonemiddleware-doc, python-uv, python-weasyprint, squid, and tomcat), and Ubuntu (crawl and iperf3). --------------------------------------------- https://lwn.net/Articles/1055322/

∗∗∗ VU#458022: Open5GS WebUI uses a hard-coded secrets including JSON Web Token signing key ∗∗∗ --------------------------------------------- https://kb.cert.org/vuls/id/458022

∗∗∗ VU#102648: Code Injection Vulnerability in binary-parser library ∗∗∗ --------------------------------------------- https://kb.cert.org/vuls/id/102648

∗∗∗ VU#481830: libheif Uncompressed Codec Lacks Bounds Check Leading to Application Crash ∗∗∗ --------------------------------------------- https://kb.cert.org/vuls/id/481830

∗∗∗ Oracle Critical Patch Update Advisory - January 2026 ∗∗∗ --------------------------------------------- https://www.oracle.com/security-alerts/cpujan2026.html

∗∗∗ Cisco Unified Communications Products Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisor...

∗∗∗ Schneider Electric EcoStruxure Foxboro DCS ∗∗∗ --------------------------------------------- https://www.cisa.gov/news-events/ics-advisories/icsa-26-020-01

∗∗∗ Rockwell Automation Verve Asset Manager ∗∗∗ --------------------------------------------- https://www.cisa.gov/news-events/ics-advisories/icsa-26-020-03

∗∗∗ Schneider Electric devices using CODESYS Runtime ∗∗∗ --------------------------------------------- https://www.cisa.gov/news-events/ics-advisories/icsa-26-020-02