End-of-Day report
Timeframe: Dienstag 08-07-2025 18:00 - Mittwoch 09-07-2025 18:00
Handler: Alexander Riepl
Co-Handler: n/a
News
New Android TapTrap attack fools users with invisible UI trick
A novel tapjacking technique can exploit user interface animations to bypass Androids permission system and allow access to sensitive data or trick users into performing destructive actions, such as wiping the device.
https://www.bleepingcomputer.com/news/security/new-android-taptrap-attack-fools-users-with-invisible-ui-trick/
Update nicht verteilt: Mainboard-Hersteller laut AMD schuld an ungefixtem TPM-Bug
Schon seit 2022 hat AMD einen Fix für einen Bug, der Windows-Nutzer mit aktivem Bitlocker aussperren kann. Doch die Mainboard-Hersteller liefern nicht.
https://www.golem.de/news/fix-nicht-ausgeliefert-amd-kritisiert-mainboard-hersteller-fuer-umgang-mit-tpm-bug-2507-197912.html
Massive browser hijacking campaign infects 2.3M Chrome, Edge users
These extensions werent malware-laced from the start, researcher says A Chrome and Edge extension with more than 100,000 downloads that displays Googles verified badge does what it purports to do: It delivers a color picker to users. Unfortunately, it also ..
https://www.theregister.com/2025/07/08/browser_hijacking_campaign/
Patchday: Microsoft schließt 100.000-$-Lücke in SharePoint aus Hacker-Wettbewerb
Update-Sammlung veröffentlicht: Um Attacken vorzubeugen, sollten Admins sicherstellen, dass ihre Microsoft-Produkte auf dem aktuellen Stand sind.
https://www.heise.de/news/Patchday-Microsoft-schliesst-100-000-Luecke-in-SharePoint-aus-Hacker-Wettbewerb-10479811.html
Patchday: Adobe schützt After Effects & Co. vor möglichen Attacken
Mehrere Adobe-Anwendungen sind unter anderem für DoS- und Schadcode-Attacken anfällig. Sicherheitsupdates schaffen Abhilfe.
https://www.heise.de/news/Patchday-Adobe-schuetzt-After-Effects-Co-vor-moeglichen-Attacken-10479838.html
Advancing Protection in Chrome on Android
Android recently announced Advanced Protection, which extends Google-s Advanced Protection Program to a device-level security setting for Android users that need heightened security-such as journalists, elected officials, and public figures. Advanced ..
http://security.googleblog.com/2025/07/advancing-protection-in-chrome-on.html
Angeblicher Gewinn im Namen von MediaMarkt führt in Abofalle
Sie haben eine E-Mail im Namen von MediaMarkt mit einer angeblichen Gewinnbenachrichtigung erhalten? Darin sollen Sie auf einen Link klicken und zwei Euro Versandgebühr zahlen, um den Gewinn einzulösen? Dann ist Vorsicht geboten! Dahinter verbirgt sich kein Gewinn, sondern eine teure Abofalle.
https://www.watchlist-internet.at/news/angeblicher-gewinn-bei-media-markt-fuehrt-in-abofalle/
Kritische Sicherheitslücke CVE-2025-47981 in Windows SPNEGO - Update dringend empfohlen
Microsoft hat eine kritische Sicherheitslücke im Windows SPNEGO Extended Negotiation (NEGOEX) Security Mechanism veröffentlicht. Die Schwachstelle ermöglicht es Angreifern, aus der Ferne und ohne Authentifizierung beliebigen Code auf ..
https://www.cert.at/de/warnungen/2025/7/kritische-sicherheitslucke-cve-2025-47981-in-windows-spnego-update-dringend-empfohlen
Iranian ransomware group offers bigger payouts for attacks on Israel, US
The Iran-linked ransoware-as-a-service group Pay2Key.I2P told affiliates that they can keep a larger cut of extortion payments if they attack entities within Irans adversaries.
https://therecord.media/iran-ransomware-group-pay2keyi2p-israel-us-targets
Treasury sanctions key player behind North Korean IT worker scheme
The United States identified and sanctioned another North Korean involved with the countrys IT worker schemes, this time for illicit operations based in China and Russia.
https://therecord.media/north-korea-it-worker-scheme-us-sanctions-song-kum-hyok
Fake CNN and BBC sites used to push investment scams
Thousands of web pages falsely branded as popular news sites are conduits for fake cryptocurrency investment scams, researchers said.
https://therecord.media/news-websites-faked-to-spread-investment-scams
CVE-2025-48384: Breaking git with a carriage return and cloning RCE
tl;dr: On Unix-like platforms, if you use git clone --recursive on an untrusted repo, it could achieve remote code execution. Update to a fixed version of Git and other software that embeds Git (including GitHub Desktop).
https://dgl.cx/2025/07/git-clone-submodule-cve-2025-48384
Supabase MCP can leak your entire SQL database
Model Context Protocol (MCP) has emerged as a standard way for LLMs to interact with external tools. While this unlocks new capabilities, it also introduces new risk surfaces. In this post, we show how an attacker can exploit Supabase-s MCP integration to leak a developer-s private SQL tables.
https://www.generalanalysis.com/blog/supabase-mcp-blog
Vulnerabilities
A set of Git security-fix releases
Versions v2.43.7, v2.44.4, v2.45.4, v2.46.4, v2.47.3, v2.48.2, v2.49.1 andv2.50.1 of the Git source-code management system have been released."This is a set of coordinated security fix releases. Please update at your earliest convenience". See the announcement for details;many of the vulnerabilities have to do with tricks buried in untrusted repositories.
https://lwn.net/Articles/1029182/
SQL injection in forward module
An Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) vulnerability [CWE-89] in FortiManager and FortiAnalyzer may allow an authenticated attacker with high privilege to extract database information via crafted requests.
https://fortiguard.fortinet.com/psirt/FG-IR-24-437