End-of-Day report
Timeframe: Donnerstag 20-11-2025 18:00 - Freitag 21-11-2025 18:00
Handler: Michael Schlagenhaufer
Co-Handler: Alexander Riepl
News
-Matrix Push- C2 Tool Hijacks Browser Notifications for Phishing
Have you ever given two seconds of thought to a browser notification? No? Thats what hackers are counting on.
https://www.darkreading.com/threat-intelligence/matrix-push-c2-tool-hijacks-browser-notifications-phishing
Schutz vor Betrug: Wo bleibt Österreichs SMS-Firewall?
Beim angekündigten Schutzmechanismus gegen Phishing-SMS hat sich offenbar kaum etwas getan.
https://futurezone.at/netzpolitik/sms-firewall-oesterreich-spamnachrichten-phishing-mobilfunk-rtr/403104541
ToddyCat: your hidden email assistant. Part 1
Kaspersky experts analyze the ToddyCat APT attacks targeting corporate email. We examine the new version of TomBerBil, the TCSectorCopy and XstReader tools, and methods for stealing access tokens from Outlook.
https://securelist.com/toddycat-apt-steals-email-data-from-outlook/118044/
Fired techie admits sabotaging ex-employer, causing $862K in damage
PowerShell script locked thousands of workers out of their accounts An Ohio IT contractor has pleaded guilty to breaking into his former employers systems and causing nearly $1 million worth of damage after being fired.
https://www.theregister.com/2025/11/20/it_contractor_sabotage/
LLM-generated malware is improving, but dont expect autonomous attacks tomorrow
Researchers tried to get ChatGPT to do evil, but it didnt do a good job LLMs are getting better at writing malware - but theyre still not ready for prime time.
https://www.theregister.com/2025/11/20/llmgenerated_malware_improving/
Virenscanner ClamAV: Große Aufräumaktion der Entwickler angekündigt
Entrümpelung beim Virenscanner ClamAV: Cisco lässt die Entwickler alte Signaturen rauswerfen, auch alte Docker-Images müssen gehen.
https://www.heise.de/news/Virenscanner-ClamAV-Entwickler-starten-Entruempelung-11087471.html
Budget Samsung phones shipped with unremovable spyware, say researchers
Samsung is under fire again for shipping phones in parts of the world with a hidden system app, AppCloud, that users can-t easily remove.
https://www.malwarebytes.com/blog/news/2025/11/budget-samsung-phones-shipped-with-unremovable-spyware-say-researchers
Vorsicht vor Fake-Shops rund um den Black Friday
Der Black Friday steht vor der Tür und viele Online-Händler locken bereits jetzt mit großzügigen Rabatten. Doch Sparfüchse sollten vor einer Bestellung genau hinsehen, denn auch betrügerische Shops versuchen, von der erhöhten Kauflaune zu profitieren.
https://www.watchlist-internet.at/news/vorsicht-vor-fake-shops-rund-um-den-black-friday/
NIS2: Gesetz für mehr Cybersicherheit ist auf dem Weg
Die Regierung holt ein Versäumnis nach: Das Gesetz hätte schon vor einem Jahr beschlossen werden sollen
https://www.derstandard.at/story/3000000297503/nis2-gesetz-fuer-mehr-cybersicherheit-ist-auf-dem-weg
Inside Europe-s AI-Fuelled GLP-1 Scam Epidemic: How Criminal Networks Are Hijacking the Identities of the NHS, AEMPS, ANSM, BfArM and AIFA to Sell Fake Weight-Loss Products
The global appetite for GLP-1 medications like Ozempic, Wegovy and Mounjaro have created something far more dangerous than a cultural trend. It has created the perfect opening for cyber criminals who understand how desperation, scarcity and online misinformation intersect. As clinics struggle with shortages and manufacturers warn of supply limits extending ..
https://blog.checkpoint.com/research/inside-europes-ai-fuelled-glp-1-scam-epidemic-how-criminal-networks-are-hijacking-the-identities-of-the-nhs-aemps-ansm-bfarm-and-aifa-to-sell-fake-weight-loss-products/
Stolen VPN Credentials Most Common Ransomware Attack Vector
Compromised VPN credentials are the most common initial access vector for ransomware attacks, according to a new report. Nearly half of ransomware attacks in the third quarter abused compromised VPN credentials as the initial access point, according to research from Beazley Security, the cybersecurity arm of Beazley Insurance. Nearly a quarter of initial access ..
https://thecyberexpress.com/stolen-vpn-credentials-most-common-ransomware-attack-vector/
Vulnerabilities
ZDI-25-885: (0Day) Digilent DASYLab DSB File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-25-885/
CVE-2025-50165: Critical Flaw in Windows Graphics Component
https://www.zscaler.com/blogs/security-research/cve-2025-50165-critical-flaw-windows-graphics-component