Tageszusammenfassung - 13.11.2025

End-of-Day report

Timeframe: Mittwoch 12-11-2025 18:00 - Donnerstag 13-11-2025 18:00 Handler: Alexander Riepl Co-Handler: n/a

News

November Patch Tuesday does its chores

A cleanup month brings 63 patches- wait, no, 68- how about 61?

https://news.sophos.com/en-us/2025/11/12/november-patch-tuesday-does-its-chores/

Over 67,000 Fake npm Packages Flood Registry in Worm-Like Spam Attack

Cybersecurity researchers are calling attention to a large-scale spam campaign that has flooded the npm registry with thousands of fake packages since early 2024 as part of a likely financially motivated effort."The packages were systematically published ..

https://thehackernews.com/2025/11/over-46000-fake-npm-packages-flood.html

Zohocorp ManageEngine: Mehrere Sicherheitslücken in unterschiedlichen Produkten

Mehrere Schwachstellenberichte zu Lücken in mehreren Zohocorp-ManageEngine-Produkten sind erschienen. Updates stehen bereit.

https://www.heise.de/news/Zohocorp-ManageEngine-Mehrere-Sicherheitsluecken-in-unterschiedlichen-Produkten-11076609.html

Operation Endgame 3: 1025 Server von Netz genommen

Internationalen Strafverfolgern ist ein neuerlicher Schlag gegen Malware und dahinterliegende Infrastruktur gelungen.

https://www.heise.de/news/Operation-Endgame-3-1025-Server-von-Netz-genommen-11077049.html

Citrix Netscaler ADC und Gateway: Update schließt Cross-Site-Scripting-Lücke

In den Netscaler ADCs und Gateways von Citrix können Angreifer eine Cross-Site-Scripting-Lücke ausnutzen. Updates schließen sie.

https://www.heise.de/news/Citrix-Netscaler-ADC-und-Gateway-Update-schliesst-Cross-Site-Scripting-Luecke-11077335.html

Google Sues to Disrupt Chinese SMS Phishing Triad

Google is suing more than two dozen unnamed individuals allegedly involved in peddling a popular China-based mobile phishing service that helps scammers impersonate hundreds of trusted brands, blast out text message lures, and convert phished payment card data into mobile wallets from Apple and Google.

https://krebsonsecurity.com/2025/11/google-sues-to-disrupt-chinese-sms-phishing-triad/

Wenn sich die angebliche Copyright-Verletzung als Betrugsversuch entpuppt

Immer wieder sorgen E-Mails von vermeintlichen Anwaltskanzleien für Aufregung. Die Empfänger:innen haben angeblich gegen Urheberrechte verstoßen, die Geschädigten fordern Wiedergutmachung. Tatsächlich stimmt hier aber gar nichts. Die Copyright-Verletzung hat nicht stattgefunden, die Anwaltskanzlei existiert nicht.

https://www.watchlist-internet.at/news/copyright-verletzung-betrugsversuch/

TAG Bulletin: Q3 2025

Our bulletin covering coordinated influence operation campaigns terminated on our platforms in Q3 2025.

https://blog.google/threat-analysis-group/tag-bulletin-q3-2025/

Contagious Interview Actors Now Utilize JSON Storage Services for Malware Delivery

NVISO reports a new development to the Contagious Interview campaign. The threat actors have recently resorted to utilizing JSON storage services like JSON Keeper, JSONsilo and npoint.io to host and deliver malware from trojanized code projects, with the lure being a use case or demo project as part of an interview process. Background Contagious Interview ..

https://blog.nviso.eu/2025/11/13/contagious-interview-actors-now-utilize-json-storage-services-for-malware-delivery/

CISA and Partners Release Advisory Update on Akira Ransomware

Today, Cybersecurity and Infrastructure Security Agency (CISA), in collaboration with the Federal Bureau of Investigation, Department of Defense Cyber Crime Center, Department of Health and Human Services, and international partners, released an updated joint Cybersecurity Advisory, #StopRansomware: Akira Ransomware, to provide network defenders with the latest indicators ..

https://www.cisa.gov/news-events/alerts/2025/11/13/cisa-and-partners-release-advisory-update-akira-ransomware

Vulnerabilities