End-of-Day report
Timeframe: Dienstag 14-10-2025 18:00 - Mittwoch 15-10-2025 18:00
Handler: Michael Schlagenhaufer
Co-Handler: n/a
News
F5 says hackers stole undisclosed BIG-IP flaws, source code
U.S. cybersecurity company F5 disclosed that nation-state hackers breached its systems and stole undisclosed BIG-IP security vulnerabilities and source code.
https://www.bleepingcomputer.com/news/security/hackers-breach-f5-to-steal-undisclosed-big-ip-flaws-source-code/
Exploit-as-a-Service Resurgence in 2025 - Broker Models, Bundles & Subscription Access
Exploit-as-a-Service in 2025: how exploit brokerages, subscription bundles, and underground access models are reshaping cyber crime economics.
https://www.darknet.org.uk/2025/10/exploit-as-a-service-resurgence-in-2025-broker-models-bundles-subscription-access/
Microsoft: Exchange 2016 and 2019 have reached end of support
Microsoft has reminded that Exchange Server 2016 and 2019 reached the end of support and advised IT administrators to upgrade servers to Exchange Server SE or migrate to Exchange Online.
https://www.bleepingcomputer.com/news/microsoft/microsoft-exchange-2016-and-2019-have-reached-end-of-support/
Microsoft signalisiert Windows 10 21H2 Enterprise LTSC als EOL
Kurze Information an Besitzer bzw. Administratoren von Windows 10 21H2 Enterprise LTSC (und natürlich der IoT-Version). Administratoren dieser Maschinen erhalten (fälschlich) die Information angezeigt, dass der Support für diese Version nun ende.
https://www.borncity.com/blog/2025/10/15/mega-pleite-microsoft-signalisiert-windows-10-21h2-enterprise-ltsc-als-eol/
Oops! Its a kernel stack use-after-free: Exploiting NVIDIAs GPU Linux drivers
This article details two bugs discovered in the NVIDIA Linux Open GPU Kernel Modules and demonstrates how they can be exploited. [..] They were reported to NVIDIA and the vendor issued fixes in their NVIDIA GPU Display Drivers update of October 2025.
http://blog.quarkslab.com/nvidia_gpu_kernel_vmalloc_exploit.html
Credential Attacks Detected on SonicWall SSLVPN Devices
A managed security services provider has detected credential attacks on SonicWall SSLVPN devices. The attacks, reported by Huntress, involve -widespread compromise- of SonicWall SSLVPN devices. [..] The report follows a SonicWall advisory that an unauthorized party had accessed firewall configuration backup files for all SonicWall customers who have used the company-s cloud backup service.
https://thecyberexpress.com/credential-attacks-on-sonicwall-sslvpn-devices/
Dismantling a Critical Supply Chain Risk in VSCode Extension Marketplaces
Wiz Research identified a pattern of secret leakage by publishers of VSCode IDE Extensions. This occurred across both the VSCode and Open VSX marketplaces, the latter of which is used by AI-powered VSCode forks like Cursor and Windsurf. Critically, in over a hundred cases this included leakage of access tokens granting the ability to update the extension itself. [..] An attacker who discovered this issue would have been able to directly distribute malware to the cumulative 150,000 install base.
https://www.wiz.io/blog/supply-chain-risk-in-vscode-extension-marketplaces
LinkPro: eBPF rootkit analysis
eBPF (extended Berkeley Packet Filter) is a technology adopted in Linux for its numerous use cases (observability, security, networking, etc.) and its ability to run in the kernel context while being orchestrated from user space. Threat actors are increasingly abusing it to create sophisticated backdoors and evade traditional system monitoring tools.
https://www.synacktiv.com/en/publications/linkpro-ebpf-rootkit-analysis.html
Vulnerabilities
Patchday XXL: Microsoft schließt teils aktiv attackierte Schwachstellen
Mit mehr als 170 geschlossenen Sicherheitslücken ist Microsofts Patchday diesen Monat überdurchschnittlich umfangreich ausgefallen. Gleich 17 Fixes für kritische Lücken stehen unter anderem für Azure, Copilot, Office sowie den Windows Server Update Service (WSUS) bereit. Überdies machen drei aktiv angegriffene Schwachstellen mit "Important"-Einstufung das (bestenfalls automatische) Einspielen der verfügbaren Updates besonders dringlich.
https://heise.de/-10764876
Patchday: Adobe schließt kritische Lücken in mehreren Produkten
Gefährliche Lücken stecken unter anderem in Substance 3D Stager, Connect, Dimension und Illustrator. Aktuelle Security-Fixes schließen sie.
https://www.heise.de/news/Patchday-Adobe-schliesst-kritische-Luecken-in-mehreren-Produkten-10765058.html
Fortinet aktualisiert unter anderem FortiOS, FortiPAM und FortiSwitch Manager
Mit dem Schweregrad "High" bewertet wurden Schwachstellen in FortiOS, FortiPAM, FortiSwitch Manager, FortiDLP, Fortilsolator sowie im FortiClient Mac. [..] Zur unbefugten Ausführung von Systembefehlen per Kommandozeile könnten lokale, authentifizierte Angreifer die Schwachstelle CVE-2025-58325 ("Restricted CLI command bypass"; CVSS-Score 7.8) missbrauchen.
https://www.heise.de/news/Fortinet-aktualisiert-unter-anderem-FortiOS-FortiPAM-und-FortiSwitch-Manager-10767296.html
Security updates for Wednesday
Security updates have been issued by AlmaLinux (kernel, kernel-rt, vim, and webkit2gtk3), Debian (distro-info-data, https-everywhere, and php-horde-css-parser), Fedora (inih, mingw-exiv2, mirrorlist-server, rust-maxminddb, rust-monitord-exporter, rust-prometheus, rust-prometheus_exporter, rust-protobuf, rust-protobuf-codegen, rust-protobuf-parse, and rust-protobuf-support), Mageia (fetchmail), Oracle (gnutls, kernel, vim, and webkit2gtk3), Red Hat (kernel, kernel-rt, and webkit2gtk3), Slackware (mozilla), SUSE (curl, libxslt, and net-tools), and Ubuntu (linux-azure-5.15, linux-azure-6.8, linux-azure-fips, linux-oracle, linux-oracle-6.14, and linux-raspi).
https://lwn.net/Articles/1042076/
Google Chrome: Stable Channel Update for Desktop
http://chromereleases.googleblog.com/2025/10/stable-channel-update-for-desktop_14.html
Rockwell Automation 1715 EtherNet/IP Comms Module
https://www.cisa.gov/news-events/ics-advisories/icsa-25-287-01
F5: K000156572: Quarterly Security Notification (October 2025)
https://my.f5.com/manage/s/article/K000156572