End-of-Day report
Timeframe: Montag 29-12-2025 18:00 - Dienstag 30-12-2025 18:00
Handler: Michael Schlagenhaufer
Co-Handler: n/a
News
European Space Agency confirms breach of "external servers"
The European Space Agency (ESA) confirmed that attackers recently breached servers outside its corporate network, which contained what it described as "unclassified" information on collaborative engineering activities.
https://www.bleepingcomputer.com/news/security/european-space-agency-confirms-breach-of-external-servers/
Zoom Stealer browser extensions harvest corporate meeting intelligence
A newly discovered campaign, which researchers call Zoom Stealer, is affecting 2.2 million Chrome, Firefox, and Microsoft Edge users through 18 extensions that collect online meeting-related data like URLs, IDs, topics, descriptions, and embedded passwords. [..] Because many of these extensions operated innocuously for extended periods, users should carefully review the permissions the extensions require and limit their number to the necessary minimum. Koi Security reported the offending extensions, but many are still present on the Chrome Web Store. The researchers published the complete list of active DarkSpectre extensions.
https://www.bleepingcomputer.com/news/security/zoom-stealer-browser-extensions-harvest-corporate-meeting-intelligence/
Mustang Panda Uses Signed Kernel-Mode Rootkit to Load TONESHELL Backdoor
The Chinese hacking group known as Mustang Panda has leveraged a previously undocumented kernel-mode rootkit driver to deliver a new variant of backdoor dubbed TONESHELL in a cyber attack detected in mid-2025 targeting an unspecified entity in Asia. The findings come from Kaspersky, which observed the new backdoor variant in cyber espionage campaigns mounted by the hacking group targeting government organizations in Southeast and East Asia, primarily Myanmar and Thailand.
https://thehackernews.com/2025/12/mustang-panda-uses-signed-kernel-driver.html
Trends, Highlights und Skurrilitäten: Das Jahr 2025 aus Sicht der Watchlist Internet
Welche Entwicklungen brachte 2025 im Bereich des Online-Betrugs? Welche Artikel waren bei unseren Leser:innen besonders beliebt? Und mit welchen skurrilen Schmankerln hatte es die Redaktion in den vergangenen 12 Monaten zu tun? Ein Rückblick zum Jahreswechsel!
https://www.watchlist-internet.at/news/jahresrueckblick-watchlist-2025/
39C3: Schwachstellen in Xplora-Smartwatches gefährdeten Millionen Kinder
Forscher konnten Nachrichten mitlesen, Standorte fälschen und beliebige Uhren übernehmen - demonstriert aus der Perspektive einer kinderfressenden Waldhexe.
https://heise.de/-11126122
Vulnerabilities
Security updates for Tuesday
Security updates have been issued by Debian (openjpeg2, osslsigncode, php-dompdf, and python-django), Fedora (fluidsynth, golang-github-alecthomas-chroma-2, golang-github-evanw-esbuild, golang-github-jwt-5, and opentofu), Mageia (ceph and ruby-rack), and SUSE (anubis, apache2-mod_auth_openidc, dpdk22, kernel, libpng16, and python311-openapi-core).
https://lwn.net/Articles/1052327/
ZDI-25-1195: (0Day) FontForge SFD File Parsing Use-After-Free Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-25-1195/
ZDI-25-1184: (0Day) FontForge GUtils BMP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-25-1184/
ZDI-25-1201: (0Day) Anritsu VectorStar CHX File Parsing Deserialization of Untrusted Data Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-25-1201/
ZDI-25-1199: (0Day) Anritsu ShockLine CHX File Parsing Deserialization of Untrusted Data Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-25-1199/