===================== = End-of-Day report = =====================
Timeframe: Mittwoch 13-05-2026 18:00 − Freitag 15-05-2026 18:00 Handler: Guenes Holler Co-Handler: n/a
===================== = News = =====================
∗∗∗ West Pharmaceutical says hackers stole data, encrypted systems ∗∗∗ --------------------------------------------- West Pharmaceutical Services disclosed that it was the target of a cyberattack that resulted in data exfiltration and system encryption. --------------------------------------------- https://www.bleepingcomputer.com/news/security/west-pharmaceutical-says-hack...
∗∗∗ KongTuke hackers now use Microsoft Teams for corporate breaches ∗∗∗ --------------------------------------------- Initial access broker KongTuke has moved to Microsoft Teams for social engineering attacks, taking as little as five minutes to gain persistent access to corporate networks. --------------------------------------------- https://www.bleepingcomputer.com/news/security/kongtuke-hackers-now-use-micr...
∗∗∗ Inside the REMUS Infostealer: Session Theft, MaaS, and Rapid Evolution ∗∗∗ --------------------------------------------- Stolen browser sessions and authentication tokens are becoming more valuable than stolen passwords. Flare explains how the REMUS infostealer evolved around session theft and operational scalability. --------------------------------------------- https://www.bleepingcomputer.com/news/security/inside-the-remus-infostealer-...
∗∗∗ SOHO router attack by APT28 ∗∗∗ --------------------------------------------- Few weeks ago, one particular large scale cyber-attack hit the mainstream news everywhere. Russian cyber actor APT28 attacked SOHO routers and managed to compromise some credentials through that. The attack itself was carried in multiple phases and was quite interesting. --------------------------------------------- https://en.blog.nic.cz/2026/05/14/soho-router-attack-by-apt28/
∗∗∗ Kimsuky targets organizations with PebbleDash-based tools ∗∗∗ --------------------------------------------- Kaspersky researchers analyze a range of new PebbleDash-based tools used in recent Kimsuky campaigns and reveal their connection to the AppleSeed malware cluster. --------------------------------------------- https://securelist.com/kimsuky-appleseed-pebbledash-campaigns/119785/
∗∗∗ How AI Hallucinations Are Creating Real Security Risks ∗∗∗ --------------------------------------------- AI hallucinations are introducing serious security risks into critical infrastructure decision-making by exploiting human trust through highly confident yet incorrect outputs. --------------------------------------------- https://thehackernews.com/2026/05/how-ai-hallucinations-are-creating-real.ht...
∗∗∗ PraisonAI CVE-2026-44338 Auth Bypass Targeted Within Hours of Disclosure ∗∗∗ --------------------------------------------- Threat actors have been observed attempting to exploit a recently disclosed security vulnerability in PraisonAI, an open-source multi-agent orchestration framework, within four hours of its public disclosure. --------------------------------------------- https://thehackernews.com/2026/05/praisonai-cve-2026-44338-auth-bypass.html
∗∗∗ FrostyNeighbor: Fresh mischief and digital shenanigans ∗∗∗ --------------------------------------------- ESET researchers uncovered new activities attributed to FrostyNeighbor, updating its compromise chain to support the group’s continual cyberespionage operations. --------------------------------------------- https://www.welivesecurity.com/en/eset-research/frostyneighbor-fresh-mischie...
∗∗∗ Device Code Phishing via Fake File-Sharing Invitation ∗∗∗ --------------------------------------------- Truesec has observed a phishing attempt where a customer received an email claiming that a sender wanted to share a document. The message prompted the recipient to click “Open”, which redirected the user to a website designed to appear legitimate. --------------------------------------------- https://www.truesec.com/hub/blog/device-code-phishing-via-fake-file-sharing-...
∗∗∗ China-Linked Twill Typhoon Uses Fake Apple and Yahoo Sites for Espionage ∗∗∗ --------------------------------------------- A new Darktrace report reveals how Chinese hackers use fake Apple and Yahoo sites and the FDMTP malware framework to spy on organisations. --------------------------------------------- https://hackread.com/chinatwill-typhoon-fake-apple-yahoo-sites-espionage/
∗∗∗ FamousSparrow Targeted Oil and Gas Industry via MS Exchange Server Exploit ∗∗∗ --------------------------------------------- Bitdefender Labs reveals how the China-linked FamousSparrow hacking group targeted an Azerbaijani energy firm using ProxyNotShell, Deed RAT, and Terndoor malware across three persistent waves. --------------------------------------------- https://hackread.com/famoussparrow-oil-gas-ms-exchange-server-exploit/
∗∗∗ CalPhishing Scam Uses EvilTokens Kit, Outlook Invites to Steal M365 Sessions ∗∗∗ --------------------------------------------- Hackers are exploiting Outlook calendar invites and device code phishing to steal M365 session tokens, bypass MFA and breach enterprise accounts. --------------------------------------------- https://hackread.com/calphishing-eviltokens-kit-outlook-invites-m365/
∗∗∗ Anatomy of a WooCommerce Skimmer: A Technical Deep-Dive ∗∗∗ --------------------------------------------- One malicious change to a trusted JavaScript file can turn your checkout page into a silent credit-card skimmer, siphoning customer data off to criminals while the website looks secure and continues to work as normal. That creates serious organisational risk: PCI exposure, regulatory consequences, reputational damage, and a breach that remains invisible until long after the damage is done. --------------------------------------------- https://scotthelme.ghost.io/anatomy-of-a-woocommerce-skimmer-a-technical-dee...
∗∗∗ Backdoored Cemu release linked to TanStack and Mistral supply chain campaign ∗∗∗ --------------------------------------------- We investigate how a coordinated supply chain campaign that compromised npm and PyPI packages also backdoored the official Cemu Nintendo Wii U emulator GitHub release, reaching nearly 20,000 Linux users. --------------------------------------------- https://securitylabs.datadoghq.com/articles/backdoored-cemu-release-teampcp-...
∗∗∗ Backdoored node-ipc npm releases steal developer credentials through DNS queries ∗∗∗ --------------------------------------------- An analysis of backdoored node-ipc npm releases that add an obfuscated credential collection and DNS exfiltration payload to the CommonJS entrypoint. --------------------------------------------- https://securitylabs.datadoghq.com/articles/node-ipc-npm-malware-analysis/
∗∗∗ New critical Exim mailer flaw allows remote code execution ∗∗∗ --------------------------------------------- A critical vulnerability affecting certain configurations of the Exim open-source mail transfer agent could be exploited by an unauthenticated remote attacker to execute arbitrary code. --------------------------------------------- https://www.bleepingcomputer.com/news/security/new-critical-exim-mailer-flaw...
===================== = Vulnerabilities = =====================
∗∗∗ Fragnesia: Schon wieder gefährliche Root-Lücke im Linux-Kernel ∗∗∗ --------------------------------------------- Dirty Frag und Copy Fail beschäftigen bereits unzählige Linux-Admins. Die nächste Root-Lücke ist bereits identifiziert – und die Patches sind spät dran. --------------------------------------------- https://www.golem.de/news/fragnesia-schon-wieder-gefaehrliche-root-luecke-im...
∗∗∗ Webserver gefährdet: 18 Jahre alte Sicherheitslücke in Nginx entdeckt ∗∗∗ --------------------------------------------- Nginx-Webserver sollen sich durch eine seit 2008 präsente Lücke zum Absturz bringen lassen. Manchmal ist wohl auch eine Schadcodeausführung möglich. --------------------------------------------- https://www.golem.de/news/webserver-gefaehrdet-18-jahre-alte-sicherheitsluec...
∗∗∗ Update stopft 79 Sicherheitslücken in Google Chrome ∗∗∗ --------------------------------------------- Das wöchentliche Chrome-Update schließt insgesamt 79 Sicherheitslücken. Davon gelten 14 als kritisch. --------------------------------------------- https://www.heise.de/news/Update-stopft-79-Sicherheitsluecken-in-Google-Chro...
∗∗∗ Jetzt patchen! Angreifer attackieren Cisco Catalyst SD-WAN Controller ∗∗∗ --------------------------------------------- Angreifer nutzen derzeit eine kritische Sicherheitslücke in Cisco Catalyst SD-WAN Controller aus. Sicherheitsupdates sind verfügbar. --------------------------------------------- https://heise.de/-11294491
∗∗∗ Ivanti EPM: Sicherheitslücken ermöglichen SQL-Iinjection und Rechteausweitung ∗∗∗ --------------------------------------------- Ivanti warnt vor drei Sicherheitslücken im Endpoint Manager (EPM). Sie ermöglichen SQL-Injection oder Rechteausweitung. --------------------------------------------- https://heise.de/-11294605
∗∗∗ VMware Fusion: Angreifer können sich root-Rechte verschaffen ∗∗∗ --------------------------------------------- Nutzen Angreifer eine Schwachstelle in VMware Fusion erfolgreich aus, können sie sich unter bestimmten Bedingungen Root-Nutzerrechte verschaffen. Nun haben die Entwickler die Lücke geschlossen. --------------------------------------------- https://heise.de/-11294685
∗∗∗ F5 BIG-IP: Quartalssicherheitsupdate schließt zahlreiche Lücken ∗∗∗ --------------------------------------------- Der Netzwerkausrüster F5 hat unter anderem für verschiedene BIG-IP-Produkte wichtige Sicherheitsupdates veröffentlicht. --------------------------------------------- https://heise.de/-11294929
∗∗∗ Zero-Click-Lücke in Outlook: Angreifer können Systeme per E-Mail kompromittieren ∗∗∗ --------------------------------------------- Das bloße Senden einer E-Mail reicht aus, um über Microsoft Outlook Schadcode zur Ausführung zu bringen. Ein Klick auf einen Link ist nicht nötig. --------------------------------------------- https://www.golem.de/news/zero-click-luecke-in-outlook-angreifer-koennen-sys...
∗∗∗ Mdash: Microsofts KI findet vier kritische Lücken in Windows ∗∗∗ --------------------------------------------- Microsofts Projekt MDash soll beim Finden von Sicherheitslücken sogar noch besser sein als Anthropics Claude Mythos. --------------------------------------------- https://www.golem.de/news/mdash-microsofts-ki-findet-vier-kritische-luecken-... ∗∗∗ telnetd 2.7 Buffer Overflow ∗∗∗ --------------------------------------------- https://cxsecurity.com/issue/WLB-2026050010
∗∗∗ WPS Office improper access restriction to its named pipe ∗∗∗ --------------------------------------------- https://jvn.jp/en/jp/JVN14434132/
∗∗∗ Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability ∗∗∗ --------------------------------------------- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisor...
∗∗∗ Cisco Catalyst SD-WAN Manager Vulnerabilities ∗∗∗ --------------------------------------------- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisor...
∗∗∗ Cisco Crosswork Network Controller and Cisco Network Services Orchestrator Advisory ∗∗∗ --------------------------------------------- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisor...
∗∗∗ [R1] Tenable Network Monitor 6.5.4 Fixes Multiple Vulnerabilities ∗∗∗ --------------------------------------------- https://www.tenable.com/security/tns-2026-14
∗∗∗ LWN Security updates for Thursday ∗∗∗ --------------------------------------------- https://lwn.net/Articles/1072838/
∗∗∗ LWN Security updates for Friday ∗∗∗ --------------------------------------------- https://lwn.net/Articles/1073059/