End-of-Day report
Timeframe: Freitag 06-02-2026 18:00 - Montag 09-02-2026 18:00
Handler: Alexander Riepl
Co-Handler: Guenes Holler
News
Datenabfluss vermutet: Cyberangriff trifft EU-Kommission
Hackern ist ein Cyberangriff auf die EU-Kommission gelungen. Angriffspunkt war ein System zur Verwaltung mobiler Endgeräte - vermutlich von Ivanti.
https://www.golem.de/news/datenabfluss-moeglich-cyberangriff-trifft-eu-kommission-2602-205154.html
TeamPCP Worm Exploits Cloud Infrastructure to Build Criminal Infrastructure
Cybersecurity researchers have called attention to a "massive campaign" that has systematically targeted cloud native environments to set up malicious infrastructure for follow-on exploitation.
https://thehackernews.com/2026/02/teampcp-worm-exploits-cloud.html
Technical Analysis of GuLoader Obfuscation Techniques
In this blog post, Zscaler ThreatLabz explores the anti-analysis techniques that GuLoader employs including polymorphic code to dynamically construct constant and string values, as well as complex exception-based control flow obfuscation.
https://www.zscaler.com/blogs/security-research/technical-analysis-guloader-obfuscation-techniques
Novel Technique to Detect Cloud Threat Actor Operations
Cloud-based alerting systems often struggle to distinguish between normal cloud activity and targeted malicious operations by known threat actors. The difficulty doesn-t lie in an inability to identify complex alerting operations across thousands of cloud resources or in a failure to follow identity resources, the problem lies in the accurate detection of known persistent threat actor group techniques specifically within cloud environments.
https://unit42.paloaltonetworks.com/tracking-threat-groups-through-cloud-logging/
KI-Assistent OpenClaw bekommt VirusTotal an die Seite
Der Entwickler von OpenClaw beabsichtigt mit einer VirusTotal-Partnerschaft die Verbreitung von Malware-Skills einzudämmen.
https://heise.de/-11169414
Evaluating and mitigating the growing risk of LLM-discovered 0-days
Claude Opus 4.6, released today, continues a trajectory of meaningful improvements in AI models- cybersecurity capabilities. Last fall, we wrote that we believed we were at an inflection point for AI's impact on cybersecurity-that progress could become quite fast, and now was the moment to accelerate defensive use of AI. The evidence since then has only reinforced that view. AI models can now find high-severity vulnerabilities at scale. Our view is this is a moment to move quickly-to empower defenders and secure as much code as possible while the window exists.
https://red.anthropic.com/2026/zero-days/
Vulnerabilities
Security updates for Monday
Security updates have been issued by AlmaLinux (fontforge, kernel, and osbuild-composer), Debian (debian-security-support, sudo, wireshark, xrdp, and zabbix), Fedora (bind, bind-dyndb-ldap, chromium, k9s, libgit2, mingw-glib2, node-exporter, open-vm-tools, plantuml, xorgxrdp, and xrdp), Oracle (fence-agents, image-builder, kernel, libsoup3, and osbuild-composer), Red Hat (image-builder and osbuild-composer), Slackware (openssl and p11), SUSE (chromium, cockpit-354, cockpit-machines, cockpit-machines-346, cockpit-packages, cockpit-podman, cockpit-subscriptions, govulncheck-vulndb, kubernetes-old, libsnmp45-32bit, libxml2, localsearch, micropython, opencloud-server, python-django, python-djangorestframework, python-maturin, python311-Django, python311-wheel, python315, sqlite3, and xrdp), and Ubuntu (linux-fips, linux-aws-fips, linux-gcp-fips and python-pip).
https://lwn.net/Articles/1057759/
Ivanti EPMM (CVE-2026-1281 & CVE-2026-1340) Exploitation Detection RPM Package
Ivanti has released updates for Endpoint Manager Mobile (EPMM) which addresses two critical severity vulnerabilities. Successful exploitation could lead to unauthenticated remote code execution. We are aware of a very limited number of customers whose solution has been exploited at the time of disclosure.
https://hub.ivanti.com/s/article/Security-Advisory-Ivanti-Endpoint-Manager-Mobile-EPMM-CVE-2026-1281-CVE-2026-1340?language=en_US
BeyondTrust warns of critical RCE flaw in remote support software
BeyondTrust warned customers to patch a critical security flaw in its Remote Support (RS) and Privileged Remote Access (PRA) software that could allow unauthenticated attackers to execute arbitrary code remotely.
https://www.bleepingcomputer.com/news/security/beyondtrust-warns-of-critical-rce-flaw-in-remote-support-software/
Microsoft kümmert sich um kritische Sicherheitslücke im Azure-Umfeld
Microsofts Multi-Cloud-Verwaltungslösung Azure Arc, die serverlose Entwicklungsumgebung Azure Functions und das Content Delivery Network (CDN) Azure Front Door waren verwundbar. Das Technologieunternehmen stuft die Gefahr insgesamt als kritisch ein.
https://www.heise.de/news/Microsoft-kuemmert-sich-um-kritische-Sicherheitsluecke-im-Azure-Umfeld-11169145.html
Schadcode-Lücke in FortiClient EMS kann PCs kompromittieren
Admins, die in Firmen Computer mit FortiClient Endpoint Management Server (EMS) verwalten, sollten die Anwendung aus Sicherheitsgründen zeitnah auf den aktuellen Stand bringen. Eine Schwachstelle in einer bestimmten Version kann Schadcode auf Systeme lassen.
https://heise.de/-11170228
Security updates 1.6.13 and 1.5.13 released
We just published security updates to the 1.6 and 1.5 LTS versions of Roundcube Webmail. They both contain fixes for recently reported two security vulnerabilities.
https://roundcube.net/news/2026/02/08/security-updates-1.6.13-and-1.5.13
Firewalls und mehr: Fast 4.000 deutsche Edge-Devices hängen ohne Support im Netz
Deutsche Organisationen betreiben Tausende angreifbarer Edge-Devices wie Firewalls und VPN-Appliances. Es besteht dringender Handlungsbedarf.
https://www.golem.de/news/firewalls-und-mehr-fast-4-000-deutsche-edge-devices-haengen-ohne-support-im-netz-2602-205159.html