Tageszusammenfassung - 07.01.2026

End-of-Day report

Timeframe: Montag 05-01-2026 18:00 - Mittwoch 07-01-2026 18:00 Handler: Alexander Riepl Co-Handler: n/a

News

New D-Link flaw in legacy DSL routers actively exploited in attacks

Threat actors are exploiting a recently discovered command injection vulnerability that affects multiple D-Link DSL gateway routers that went out of support years ago.

https://www.bleepingcomputer.com/news/security/new-d-link-flaw-in-legacy-dsl-routers-actively-exploited-in-attacks/

ownCloud urges users to enable MFA after credential theft reports

File-sharing platform ownCloud warned users today to enable multi-factor authentication (MFA) to block attackers using compromised credentials from stealing their data.

https://www.bleepingcomputer.com/news/security/owncloud-urges-users-to-enable-mfa-after-credential-theft-reports/

Microsoft: Classic Outlook bug prevents opening encrypted emails

Microsoft has confirmed a known issue that prevents recipients from opening encrypted emails in classic Outlook.

https://www.bleepingcomputer.com/news/microsoft/microsoft-classic-outlook-bug-prevents-opening-encrypted-emails/

Founder of Spyware Maker PcTattletale Pleads Guilty To Hacking, Advertising Surveillance Software

An anonymous reader quotes a report from TechCrunch: The founder of a U.S.-based spyware company, whose surveillance products allowed customers to spy on the phones and computers of unsuspecting victims, pleaded guilty to federal charges linked to his long-running operation. pcTattletale founder Bryan Fleming entered a guilty plea in a San Diego federal ..

https://yro.slashdot.org/story/26/01/07/0033238/founder-of-spyware-maker-pctattletale-pleads-guilty-to-hacking-advertising-surveillance-software

UK injects just £210M into cyber plan to stop Whitehall getting pwnd

Central government will supposedly be as secure as energy facilities and datacenters under new proposals The UK today launches its Government Cyber Action Plan, committing £210 million ($282 million) to strengthen defenses across digital public services and hold itself to the same cybersecurity standards its imposing on critical infrastructure operators.

https://www.theregister.com/2026/01/06/government_cyber_action_plan/

Malicious NPM Packages Deliver NodeCordRAT

Zscaler ThreatLabz regularly monitors the npm database for suspicious packages. In November 2025, ThreatLabz identified three malicious packages: bitcoin-main-lib, bitcoin-lib-js, and bip40. The bitcoin-main-lib and bitcoin-lib-js packages execute a postinstall.cjs script during installation, which installs bip40, the package that contains the ..

https://www.zscaler.com/blogs/security-research/malicious-npm-packages-deliver-nodecordrat

CISA-Katalog attackierter Schwachstellen wuchs 2025 um 20 Prozent

Die US-amerikanische IT-Sicherheitsbehörde CISA pflegt einen Katalog angegriffener Schwachstellen. Der wuchs 2025 etwas schneller.

https://www.heise.de/news/CISA-Katalog-attackierter-Schwachstellen-wuchs-2025-um-20-Prozent-11130460.html

Patchday: Dolby-Digital-Sicherheitslücke in Android geschlossen

Androidgeräte sind für eine Zero-Click-Attacke anfällig. Dieses Sicherheitsproblem wurde nun gelöst.

https://www.heise.de/news/Patchday-Dolby-Digital-Sicherheitsluecke-in-Android-geschlossen-11130450.html

Ubiquiti UniFi Protect: Sicherheitslücke ermöglicht Zugriff auf Kameras

In der UniFi Protect Application können Angreifer Schwachstellen für unbefugten Zugriff auf Kameras und DoS-Attacken missbrauchen.

https://www.heise.de/news/Ubiquiti-UniFi-Protect-Sicherheitsluecke-ermoeglicht-Zugriff-auf-Kameras-11131097.html

Mehrere Sicherheitslücken bedrohen Veeam Back & Replication

Ein wichtiges Sicherheitsupdate schließt mehrere Schwachstellen in Veeam Back & Replication. Bislang sind keine Attacken bekannt.

https://www.heise.de/news/Mehrere-Sicherheitsluecken-bedrohen-Veeam-Back-Replication-11132196.html

Krypto-Phishing mit angeblicher Mail des Bundeszentralamts für Steuern

Eine aktuelle Phishing-Welle behauptet Abweichungen bei -Krypto-Angaben- beim Bundeszentralamt für Steuern.

https://www.heise.de/news/Krypto-Phishing-mit-angeblicher-Mail-des-Bundeszentralamts-fuer-Steuern-11132880.html

2025, the year of the Infostealer

TL;DR Introduction Infostealers are not new malware. They have been around for decades. What has changed is how effective they have become, and how easily they blend into normal user behaviour. In 2025, infostealers became the fastest growing malware category, overtaking ransomware in terms of deployment and spread. The H1 2025 reports highlighted a sharp rise in simple ..

https://www.pentestpartners.com/security-blog/2025-the-year-of-the-infostealer/

Russian hackers target European hospitality industry with -blue screen of death- malware

The scheme starts with a fake reservation cancellation that impersonates a popular booking site, and eventually prompts victims with an error message and -Blue Screen of Death- page.

https://therecord.media/russian-hackers-europe-hospitality-blue-screen

Alleged cyber scam kingpin arrested, extradited to China

Chen Zhi-s arrest is the latest chapter in the remarkable downfall of one of the country-s most prominent businesses, with holdings in the real estate, banking, entertainment and airline industries.

https://therecord.media/alleged-cyber-scam-kingpin-cambodia-arrested-extradited

Analysis of a Fake Cloudflare Turnstile Used as a Traffic Filtering Gate

During analysis of a phishing URL chain, I observed a fake Cloudflare Turnstile verification page acting as an intelligent traffic filtering gate. Rather than protecting a website, this page selectively blocks, redirects, or allows access based on geolocation, proxy usage, and browser fingerprinting. This phishing infrastructure demonstrates Traffic Distribution System like behavior ..

https://malwr-analysis.com/2026/01/07/analysis-of-a-fake-cloudflare-turnstile-used-as-a-traffic-filtering-gate/

Vulnerabilities

Cisco Identity Services Engine XML External Entity Processing Information Disclosure Vulnerability

A vulnerability in the licensing features of Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) could allow an authenticated, remote attacker with administrative privileges to gain access to sensitive information. This vulnerability is due to improper parsing of XML that is processed by the web-based management interface of Cisco ISE and Cisco ISE-PIC. An attacker could exploit this vulnerability by uploading a malicious file to ..

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-xxe-jWSbSDKt

Multiple Cisco Products Snort 3 Distributed Computing Environment/Remote Procedure Call Vulnerabilities

Multiple Cisco products are affected by vulnerabilities in the processing of Distributed Computing Environment Remote Procedure Call (DCE/RPC) requests that could allow an unauthenticated, remote attacker to cause the Snort 3 Detection Engine to leak sensitive information or to restart, which would result in an interruption of packet inspection. For more information about these vulnerabilities, see the Details section of this advisory. Cisco has released software updates that address ..

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort3-dcerpc-vulns-J9HNF4tH