Tageszusammenfassung - 14.11.2025

End-of-Day report

Timeframe: Donnerstag 13-11-2025 18:00 - Freitag 14-11-2025 18:00 Handler: Alexander Riepl Co-Handler: n/a

News

RCE flaw in ImunifyAV puts millions of Linux-hosted sites at risk

The ImunifyAV malware scanner for Linux server, used by tens of millions of websites, is vulnerable to a remote code execution vulnerability that could be exploited to compromise the hosting environment.

https://www.bleepingcomputer.com/news/security/rce-flaw-in-imunifyav-puts-millions-of-linux-hosted-sites-at-risk/

New -IndonesianFoods- worm floods npm with 100,000 packages

A self-spreading package published on npm spams the registry by spawning new packages every every seven seconds, creating large volumes of junk.

https://www.bleepingcomputer.com/news/security/new-indonesianfoods-worm-floods-npm-with-100-000-packages/

DoorDash hit by new data breach in October exposing user information

DoorDash has disclosed a data breach that hit the food delivery platform this October. Beginning yesterday evening, DoorDash, which serves millions of customers across the U.S., Canada, Australia, and New Zealand, started emailing those impacted by the newly discovered security incident.

https://www.bleepingcomputer.com/news/security/doordash-hit-by-new-data-breach-in-october-exposing-user-information/

ASUS warns of critical auth bypass flaw in DSL series routers

ASUS has released new firmware to patch a critical authentication bypass security flaw impacting several DSL series router models.

https://www.bleepingcomputer.com/news/security/asus-warns-of-critical-auth-bypass-flaw-in-dsl-series-routers/

NIS-2-Umsetzung: Bundestag beschließt umstrittenes Cybersicherheitsgesetz

NIS 2 kann für Netzbetreiber fehlende Rechtssicherheit, Wirtschaftsrisiken und unnötige Bürokratie bringen. Noch kann der Bundesrat etwas ändern.

https://www.golem.de/news/nis-2-umsetzung-bundestag-beschliesst-umstrittenes-cybersicherheitsgesetz-2511-202167.html

Chinese spies told Claude to break into about 30 critical orgs. Some attacks succeeded

Anthropic dubs this the first AI-orchestrated cyber snooping campaign Chinese cyber spies used Anthropics Claude Code AI tool to attempt digital break-ins at about 30 high-profile companies and government organizations - and the government-backed snoops "succeeded in a small number of cases," according to a Thursday report from the AI company.

https://www.theregister.com/2025/11/13/chinese_spies_claude_attacks/

Cybergang cl0p will Daten von Carglass, Fluke und NHS erbeutet haben

Auf der Darknet-Seite der kriminellen Bande cl0p sind neue Einträge zu Carglass, Fluke und NHS aufgetaucht. Dort will sie Daten geklaut haben.

https://www.heise.de/news/Datenlecks-Cybergang-cl0p-will-Daten-von-Carglass-Fluke-und-NHS-erbeutet-haben-11079113.html

FBI: Akira gang has received nearly $250 million in ransoms

The U.S. and European law enforcement released new information to help organizations defend themselves against the Akira ransomware gang, which has attacked small- and medium-sized businesses for years.

https://therecord.media/akira-gang-received-million

Suspected Russian hacker reportedly detained in Thailand, faces possible US extradition

Russian news reports and Thai sources said police had detained an alleged Russian hacker on the island of Phuket and transferred him to Bangkok for possible transfer to the U.S.

https://therecord.media/russian-hacker-detained-thailand-possible-us-extradition

Increase in Lumma Stealer Activity Coincides with Use of Adaptive Browser Fingerprinting Tactics

In this blog entry, Trend- Research analyses the layered command-and-control approaches that Lumma Stealer uses to maintain its ongoing operations while enhancing collection of victim-environment data.

https://www.trendmicro.com/en_us/research/25/k/lumma-stealer-browser-fingerprinting.html

When The Impersonation Function Gets Used To Impersonate Users (Fortinet FortiWeb (??) Auth. Bypass)

The Internet is ablaze, and once again we all have a front-row seat - a bad person, if you can believe it, is doing a bad thing!The first warning of such behaviour came from the great team at Defused:As many are now aware, an unnamed (and potentially silently

https://labs.watchtowr.com/when-the-impersonation-function-gets-used-to-impersonate-users-fortinet-fortiweb-auth-bypass/

Fortinet: Neuer Exploit missbraucht Zero-Day-Lücke in Firewalls

IT-Forscher haben neuen Exploit-Code in ihrem Honeypot gefunden. Der attackiert eine bislang unbekannte Fortinet-Sicherheitslücke.

https://heise.de/-11078310

Nation state threat actor used Claude Code to orchestrate cyber attacks

We recently argued that an inflection point had been reached in cybersecurity: a point at which AI models had become genuinely useful for cybersecurity operations, both for good and for ill. This was based on systematic evaluations showing cyber capabilities doubling in six months ..

https://www.anthropic.com/news/disrupting-AI-espionage

Vulnerabilities