End-of-Day report
Timeframe: Donnerstag 16-10-2025 18:00 - Freitag 17-10-2025 18:00
Handler: Guenes Holler
Co-Handler: Alexander Riepl
News
Microsoft: Office 2016 and Office 2019 have reached end of support
***--Microsoft reminded customers this week that Office 2016 and Office 2019 have reached the end of extended support on October 14, 2025.
https://www.bleepingcomputer.com/news/microsoft/microsoft-office-2016-and-office-2019-have-reach-end-of-support/
Hackers exploit Cisco SNMP flaw to deploy rootkit on switches
Threat actors exploited a recently patched remote code execution vulnerability (CVE-2025-20352) in Cisco networking devices to deploy a rootkit and target unprotected Linux systems.
https://www.bleepingcomputer.com/news/security/hackers-exploit-cisco-snmp-flaw-to-deploy-rootkit-on-switches/
Post-exploitation framework now also delivered via npm
The npm registry contains a malicious package that downloads the AdaptixC2 agent onto victims devices, Kaspersky experts have found. The threat targets Windows, Linux, and macOS.
https://securelist.com/adaptixc2-agent-found-in-an-npm-package/117784/
A Surprising Amount of Satellite Traffic Is Unencrypted
We pointed a commercial-off-the-shelf satellite dish at the sky and carried out the most comprehensive public study to date of geostationary satellite communication. A shockingly large amount of sensitive traffic is being broadcast unencrypted, including critical infrastructure, internal corporate and government communications, private citizens- voice calls ..
https://www.schneier.com/blog/archives/2025/10/a-surprising-amount-of-satellite-traffic-is-unencrypted.html
Microsoft Revokes 200 Fraudulent Certificates Used in Rhysida Ransomware Campaign
Microsoft on Thursday disclosed that it revoked more than 200 certificates used by a threat actor it tracks as Vanilla Tempest to fraudulently sign malicious binaries in ransomware attacks.The certificates were "used in fake Teams setup files to ..
https://thehackernews.com/2025/10/microsoft-revokes-200-fraudulent.html
Researchers Uncover WatchGuard VPN Bug That Could Let Attackers Take Over Devices
Cybersecurity researchers have disclosed details of a recently patched critical security flaw in WatchGuard Fireware that could allow unauthenticated attackers to execute arbitrary code.The vulnerability, tracked as CVE-2025-9242 (CVSS score: 9.3), is ..
https://thehackernews.com/2025/10/researchers-uncover-watchguard-vpn-bug.html
Why the F5 Hack Created an -Imminent Threat- for Thousands of Networks
Networking software company F5 disclosed a long-term breach of its systems this week. The fallout could be severe.
https://www.wired.com/story/f5-hack-networking-software-big-ip/
Cyberkriminelle erbeuten Kundendaten von Modekonzern Mango
Kundendaten von Mango geklaut - jetzt warnt der Modekonzern vor gefälschten E-Mails und Anrufen. Was Betroffene jetzt wissen müssen.
https://www.heise.de/news/Cyberkriminelle-erbeuten-Kundendaten-von-Modekonzern-Mango-10773864.html
IP-Telefonie: Cisco und Ubiquiti stellen Sicherheits-Updates bereit
Aktualisierungen für Ubiquitis UniFi Talk sowie für mehrere IP-Telefonserien von Cisco schließen Sicherheitslücken mit "High"-Einstufung.
https://www.heise.de/news/IP-Telefonie-Cisco-und-Ubiquiti-stellen-Sicherheits-Updates-bereit-10776154.html
Email Bombs Exploit Lax Authentication in Zendesk
Cybercriminals are abusing a widespread lack of authentication in the customer service platform Zendesk to flood targeted email inboxes with menacing messages that come from hundreds of Zendesk corporate customers simultaneously.
https://krebsonsecurity.com/2025/10/email-bombs-exploit-lax-authentication-in-zendesk/
Threat Brief: Nation-State Actor Steals F5 Source Code and Undisclosed Vulnerabilities
A nation-state actor stole BIG-IP source code and information on undisclosed vulnerabilities from F5. We explain what sets this theft apart from others.
https://unit42.paloaltonetworks.com/nation-state-threat-actor-steals-f5-source-code/
A review of the -Concluding report of the High-Level Group on access to data for effective law enforcement-
As I-ve written here, the EU unveiled a roadmap for addressing the encryption woes of law enforcement agencies in June 2025. As a preparation for this push, a -High-Level Group on access to data for effective ..
https://www.cert.at/en/blog/2025/10/hlg-paper-review
European police bust network selling thousands of phone numbers to scammers
Authorities raided a "SIM farm" operation that used tens of thousands of cards to enable fraud in several European countries, including Latvia and Austria.
https://therecord.media/europe-sim-farms-raided-latvia-austria-estonia
.NET Security Group: Partnerunternehmen erhalten frühzeitig Security-Patches
Unternehmen mit eigener .NET-Distribution können der bestehenden Sicherheitsgruppe beitreten und frühzeitig Patches für Sicherheitslücken einbinden.
https://heise.de/-10773932
How I Almost Got Hacked By A Job Interview
I was 30 seconds away from running malware on my machine. The attack vector? A fake coding interview from a "legitimate" blockchain company. Here's how a sophisticated scam operation almost got me, and why every developer needs to read this.
https://blog.daviddodda.com/how-i-almost-got-hacked-by-a-job-interview
Vulnerabilities
Security updates for Friday
Security updates have been issued by AlmaLinux (kernel and libssh), Debian (firefox-esr and pgpool2), Mageia (varnish & lighttpd), Red Hat (python3, python3.11, python3.12, python3.9, and python39:3.9), SUSE (expat, gstreamer-plugins-rs, kernel, openssl1, pgadmin4, python311-ldap, and squid), and Ubuntu (dotnet8, dotnet9, dotnet10 and mupdf).
https://lwn.net/Articles/1042452/