===================== = End-of-Day report = =====================

Timeframe: Mittwoch 21-01-2026 18:00 − Donnerstag 22-01-2026 18:00 Handler: Michael Schlagenhaufer Co-Handler: Guenes Holler

===================== = News = =====================

∗∗∗ A patch for the NIS2 Directive ∗∗∗ --------------------------------------------- On January 20th, 2026 the EU Commission presented a package of legislative proposals, including an update to the NIS2 directive. --------------------------------------------- https://www.cert.at/en/blog/2026/1/a-patch-for-the-nis2-directive

∗∗∗ Look at FortiCloud SSO Bypass Exploitation (CVE-2025-59718/59719) ∗∗∗ --------------------------------------------- In December last year, Fortinet disclosed [1] a vulnerability in SAML processing, which allowed full bypass of authentication to management interfaces with FortiCloud SSO enabled. According to new, still not officially confirmed reports, the vulnerability may not have been fully patched [10]. As affected devices are represented in my small high-interactive honeypots network, we have an opportunity to take a look at what the attackers do. --------------------------------------------- https://www.cert.at/en/blog/2026/1/look-at-forticloud-sso-bypass-exploitatio...

∗∗∗ New Android malware uses AI to click on hidden browser ads ∗∗∗ --------------------------------------------- A new family of Android click-fraud trojans leverages TensorFlow machine learning models to automatically detect and interact with specific advertisement elements. --------------------------------------------- https://www.bleepingcomputer.com/news/security/new-android-malware-uses-ai-t...

∗∗∗ Chainlit AI framework bugs let hackers breach cloud environments ∗∗∗ --------------------------------------------- Two high-severity vulnerabilities in Chainlit, a popular open-source framework for building conversational AI applications, allow reading any file on the server and leaking sensitive information. --------------------------------------------- https://www.bleepingcomputer.com/news/security/chainlit-ai-framework-bugs-le...

∗∗∗ Is AI-Generated Code Secure?, (Thu, Jan 22nd) ∗∗∗ --------------------------------------------- The title of this diary is perhaps a bit catchy but the question is important. I don’t consider myself as a good developer. That’s not my day job and I’m writing code to improve my daily tasks. I like to say “I’m writing sh*ty code! It works for me, no warranty that it will for for you”. Today, most of my code (the skeleton of the program) is generated by AI, probably like most of you. --------------------------------------------- https://isc.sans.edu/diary/rss/32648

∗∗∗ Malicious PyPI Package Impersonates SymPy, Deploys XMRig Miner on Linux Hosts ∗∗∗ --------------------------------------------- A new malicious package discovered in the Python Package Index (PyPI) has been found to impersonate a popular library for symbolic mathematics to deploy malicious payloads, including a cryptocurrency miner, on Linux hosts. --------------------------------------------- https://thehackernews.com/2026/01/malicious-pypi-package-impersonates.html

∗∗∗ Preparing for the EU Cyber Resilience Act (CRA) ∗∗∗ --------------------------------------------- Product security has matured significantly over the last decade. Secure defaults, defined ownership of security risk, reliable update mechanisms, and structured vulnerability handling are now mainstream and well understood by experienced engineering and security teams. These practices are no longer aspirational. They are now the minimum required to build and operate digital products responsibly. --------------------------------------------- https://www.pentestpartners.com/security-blog/preparing-for-the-eu-cyber-res...

∗∗∗ Phishing-Falle: Verlust des Zugriffs auf ChatGPT ∗∗∗ --------------------------------------------- Eine aktuell kursierende Phishing-Mail warnt vor einer Kündigung des ChatGPT-Kontos. Schuld sei eine ausgebliebene Zahlung. Das Problem ließe sich aber mit einer Aktualisierung der notwendigen Daten aus der Welt schaffen. Wer dem entsprechenden Pfad folgt, übermittelt den Kriminellen allerdings Kreditkarten- und Kontaktinformationen. --------------------------------------------- https://www.watchlist-internet.at/news/phishing-falle-chatgpt/

∗∗∗ European Space Agency’s cybersecurity in freefall as yet another breach exposes spacecraft and mission data ∗∗∗ --------------------------------------------- It has just been a few weeks since reports emerged of the Christmas cyber attack suffered by the European Space Agency (ESA), and the situation has already become worse. --------------------------------------------- https://www.bitdefender.com/en-us/blog/hotforsecurity/european-space-agencys...

∗∗∗ The Next Frontier of Runtime Assembly Attacks: Leveraging LLMs to Generate Phishing JavaScript in Real Time ∗∗∗ --------------------------------------------- Imagine visiting a webpage that looks perfectly safe. It has no malicious code, no suspicious links. Yet, within seconds, it transforms into a personalized phishing page. --------------------------------------------- https://unit42.paloaltonetworks.com/real-time-malicious-javascript-through-l...

∗∗∗ Osiris: New Ransomware, Experienced Attackers? ∗∗∗ --------------------------------------------- Poortry driver and modified Rustdesk tool used in recent attack campaign, which bears similarities to previous Inc ransomware attacks. --------------------------------------------- https://www.security.com/threat-intelligence/new-ransomware-osiris

∗∗∗ Watering Hole Attack Targets EmEditor Users with Information-Stealing Malware ∗∗∗ --------------------------------------------- TrendAI™ Research provides a technical analysis of a compromised EmEditor installer used to deliver multistage malware that performs a range of malicious actions. --------------------------------------------- https://www.trendmicro.com/en_us/research/26/a/watering-hole-attack-targets-...

∗∗∗ Cyber Is What We Make of It ∗∗∗ --------------------------------------------- Cyber Is What We Make of It "Its not what happens to you, but how you react to it that matters." — EpictetusNot long ago an Atlantic Council op-ed in CyberScoop outlined ten key reforms to close Americas cybersecurity gaps. The recommendations are sensible: migrate to memory-safe languages, apply formal verification to critical systems, establish zero trust architectures, build data resilience, conduct proactive threat hunting. Laudable, uncontroversial, and comprehensive; --------------------------------------------- https://buttondown.com/grugq/archive/cyber-is-what-we-make-of-it/

===================== = Vulnerabilities = =====================

∗∗∗ SmarterMail Auth Bypass Exploited in the Wild Two Days After Patch Release ∗∗∗ --------------------------------------------- A new security flaw in SmarterTools SmarterMail email software has come under active exploitation in the wild, two days after the release of a patch. --------------------------------------------- https://thehackernews.com/2026/01/smartermail-auth-bypass-exploited-in.html

∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by AlmaLinux (gpsd), Debian (inetutils and modsecurity-crs), Fedora (cpp-httplib, curl, mariadb11.8, mingw-libtasn1, mingw-libxslt, mingw-python3, rclone, and rpki-client), Oracle (gimp, glib2, go-toolset:rhel8, golang, kernel, mariadb-devel:10.3, and thunderbird), Red Hat (buildah, go-toolset:rhel8, golang, grafana, kernel, kernel-rt, multiple packages, openssl, osbuild-composer, podman, and skopeo), Slackware (bind), SUSE (ffmpeg-4, libsodium, libvirt, net-snmp, open-vm-tools, ovmf, postgresql17, postgresql18, python-FontTools, python-weasyprint, and webkit2gtk3), and Ubuntu (glib2.0 and opencc). --------------------------------------------- https://lwn.net/Articles/1055484/

∗∗∗ Jetzt handeln! Angreifer umgehen offenbar Fortinet-Sicherheitspatch ∗∗∗ --------------------------------------------- Medienberichten zufolge ist ein Sicherheitspatch für diverse Fortinet-Produkte defekt. Admins können Instanzen aber trotzdem schützen. --------------------------------------------- https://heise.de/-11149777

∗∗∗ Updaten! Angriffsversuche auf Sicherheitslücken in Cisco Unified Communications ∗∗∗ --------------------------------------------- In mehreren Unified-Communications-Produkten von Cisco klafft eine Sicherheitslücke, die Angreifern ohne Anmeldung das Einschleusen von Schadcode aus dem Netz und dessen Ausführung mit Root-Rechten ermöglicht. Admins sollten die bereitstehenden Aktualisierungen zügig anwenden, da Cisco bereits Angriffsversuche aus dem Netz auf die Schwachstelle beobachtet hat. --------------------------------------------- https://heise.de/-11149877

∗∗∗ Dell Data Protection Advisor über unzählige Sicherheitslücken angreifbar ∗∗∗ --------------------------------------------- Dell schließt teilweise sechzehn Jahre alte Schwachstellen in Data Protection Advisor, über die Angreifer Systeme kompromittieren können. --------------------------------------------- https://heise.de/-11150421

∗∗∗ SSA-864900 V1.6 (Last Update: 2026-01-22): Multiple Vulnerabilities in Fortigate NGFW on RUGGEDCOM APE1808 Devices ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/html/ssa-864900.html