End-of-Day report
Timeframe: Mittwoch 15-07-2026 18:00 - Donnerstag 16-07-2026 18:00
Handler: Michael Schlagenhaufer
Co-Handler: Guenes Holler
News
Have I Been Pwned: 821.100 Datensätze von Messgerätehersteller Fluke ergänzt
Das Have-I-Been-Pwned-Projekt hat 821.100 Kontodaten des Messgeräteherstellers Fluke zur Datenhalde hinzugefügt.
https://heise.de/-11367041
GoSerpent: a persistent threat evolves with sophisticated data collection and exfiltration
Two-phase attacks with the GoSerpent backdoor, Stowaway RAT, ThumbcacheService and other tools aim to steal data from government entities in Southeast Asia.
https://securelist.com/goserpent-backdoor-in-southeast-asia/120687/
Unpatched Shark Vacuum Flaw Could Let Attackers Control Other Vacuums Region-Wide
Pull the certificate off the flash of a Shark RV2320EDUS robot vacuum, and you can run root commands on other people's Shark vacuums across the same AWS region: watch the camera, drive the robot, read the map of the house, and take the Wi-Fi password in plaintext.
https://thehackernews.com/2026/07/unpatched-shark-vacuum-flaw-could-let.html
New TELEPUZ Malware Spreads via ClickFix to Steal Data and Run Commands
Cybersecurity researchers have called attention to a new modular malware called TELEPUZ that's been spreading via websites infected with ClickFix lures since late April 2026.
https://thehackernews.com/2026/07/new-telepuz-malware-spreads-via.html
Booking-Betrug per WhatsApp: Gefälschte Nachricht fordert Datenbestätigung
Der Urlaub ist gebucht, die Vorfreude groß, und dann meldet sich plötzlich der Vermieter über WhatsApp: Die Reservierung müsse noch einmal bestätigt werden, sonst drohe die Stornierung. Klingt nach Routine, ist aber eine Falle. Dahinter stecken Kriminelle, die sich Zugang zu echten Buchungsdaten verschafft haben.
https://www.watchlist-internet.at/news/booking-betrug-per-whatsapp/
UAT-11795 deploys novel Starland RAT and bespoke WLDR C2 implant in financially motivated campaign
Cisco Talos is disclosing UAT-11795, a sophisticated, Russian-speaking, financially motivated adversary that has been conducting a malicious campaign targeting users in the U.S. and Europe since at least June 2025.
https://blog.talosintelligence.com/uat-11795-deploys-novel-starland-rat-and-bespoke-wldr-c2-implant-in-financially-motivated-campaign/
Vulnerabilities
Webkonferenztool Zoom: Kontoübernahme aus dem Netz möglich
Zoom hat mehrere Sicherheitslücken in der Webkonferenzsoftware geschlossen. Sie ermöglichen etwa Kontoübernahme aus dem Netz.
https://www.heise.de/news/Webkonferenztool-Zoom-Kontouebernahme-aus-dem-Netz-moeglich-11366838.html
Cisco RoomOS Security Hardening Release: July 2026
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-hardening-roomos-AqNMbEq
Cisco Identity Services Engine Path Traversal Vulnerability
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-traversal-xNt7wb2Y
Splunk Security Advisories 2026-07-15 (1x Critical)
https://advisory.splunk.com//advisories
Drupal Security advisories 2026-July-15
https://www.drupal.org/security
LWN Security updates for Thursday
https://lwn.net/Articles/1083201/