Tageszusammenfassung - 15.10.2025

End-of-Day report

Timeframe: Dienstag 14-10-2025 18:00 - Mittwoch 15-10-2025 18:00 Handler: Michael Schlagenhaufer Co-Handler: n/a

News

F5 says hackers stole undisclosed BIG-IP flaws, source code

U.S. cybersecurity company F5 disclosed that nation-state hackers breached its systems and stole undisclosed BIG-IP security vulnerabilities and source code.

https://www.bleepingcomputer.com/news/security/hackers-breach-f5-to-steal-undisclosed-big-ip-flaws-source-code/

Exploit-as-a-Service Resurgence in 2025 - Broker Models, Bundles & Subscription Access

Exploit-as-a-Service in 2025: how exploit brokerages, subscription bundles, and underground access models are reshaping cyber crime economics.

https://www.darknet.org.uk/2025/10/exploit-as-a-service-resurgence-in-2025-broker-models-bundles-subscription-access/

Microsoft: Exchange 2016 and 2019 have reached end of support

Microsoft has reminded that Exchange Server 2016 and 2019 reached the end of support and advised IT administrators to upgrade servers to Exchange Server SE or migrate to Exchange Online.

https://www.bleepingcomputer.com/news/microsoft/microsoft-exchange-2016-and-2019-have-reached-end-of-support/

Microsoft signalisiert Windows 10 21H2 Enterprise LTSC als EOL

Kurze Information an Besitzer bzw. Administratoren von Windows 10 21H2 Enterprise LTSC (und natürlich der IoT-Version). Administratoren dieser Maschinen erhalten (fälschlich) die Information angezeigt, dass der Support für diese Version nun ende.

https://www.borncity.com/blog/2025/10/15/mega-pleite-microsoft-signalisiert-windows-10-21h2-enterprise-ltsc-als-eol/

Oops! Its a kernel stack use-after-free: Exploiting NVIDIAs GPU Linux drivers

This article details two bugs discovered in the NVIDIA Linux Open GPU Kernel Modules and demonstrates how they can be exploited. [..] They were reported to NVIDIA and the vendor issued fixes in their NVIDIA GPU Display Drivers update of October 2025.

http://blog.quarkslab.com/nvidia_gpu_kernel_vmalloc_exploit.html

Credential Attacks Detected on SonicWall SSLVPN Devices

A managed security services provider has detected credential attacks on SonicWall SSLVPN devices. The attacks, reported by Huntress, involve -widespread compromise- of SonicWall SSLVPN devices. [..] The report follows a SonicWall advisory that an unauthorized party had accessed firewall configuration backup files for all SonicWall customers who have used the company-s cloud backup service.

https://thecyberexpress.com/credential-attacks-on-sonicwall-sslvpn-devices/

Dismantling a Critical Supply Chain Risk in VSCode Extension Marketplaces

Wiz Research identified a pattern of secret leakage by publishers of VSCode IDE Extensions. This occurred across both the VSCode and Open VSX marketplaces, the latter of which is used by AI-powered VSCode forks like Cursor and Windsurf. Critically, in over a hundred cases this included leakage of access tokens granting the ability to update the extension itself. [..] An attacker who discovered this issue would have been able to directly distribute malware to the cumulative 150,000 install base.

https://www.wiz.io/blog/supply-chain-risk-in-vscode-extension-marketplaces

LinkPro: eBPF rootkit analysis

eBPF (extended Berkeley Packet Filter) is a technology adopted in Linux for its numerous use cases (observability, security, networking, etc.) and its ability to run in the kernel context while being orchestrated from user space. Threat actors are increasingly abusing it to create sophisticated backdoors and evade traditional system monitoring tools.

https://www.synacktiv.com/en/publications/linkpro-ebpf-rootkit-analysis.html

Vulnerabilities

Patchday XXL: Microsoft schließt teils aktiv attackierte Schwachstellen

Mit mehr als 170 geschlossenen Sicherheitslücken ist Microsofts Patchday diesen Monat überdurchschnittlich umfangreich ausgefallen. Gleich 17 Fixes für kritische Lücken stehen unter anderem für Azure, Copilot, Office sowie den Windows Server Update Service (WSUS) bereit. Überdies machen drei aktiv angegriffene Schwachstellen mit "Important"-Einstufung das (bestenfalls automatische) Einspielen der verfügbaren Updates besonders dringlich.

https://heise.de/-10764876

Patchday: Adobe schließt kritische Lücken in mehreren Produkten

Gefährliche Lücken stecken unter anderem in Substance 3D Stager, Connect, Dimension und Illustrator. Aktuelle Security-Fixes schließen sie.

https://www.heise.de/news/Patchday-Adobe-schliesst-kritische-Luecken-in-mehreren-Produkten-10765058.html

Fortinet aktualisiert unter anderem FortiOS, FortiPAM und FortiSwitch Manager

Mit dem Schweregrad "High" bewertet wurden Schwachstellen in FortiOS, FortiPAM, FortiSwitch Manager, FortiDLP, Fortilsolator sowie im FortiClient Mac. [..] Zur unbefugten Ausführung von Systembefehlen per Kommandozeile könnten lokale, authentifizierte Angreifer die Schwachstelle CVE-2025-58325 ("Restricted CLI command bypass"; CVSS-Score 7.8) missbrauchen.

https://www.heise.de/news/Fortinet-aktualisiert-unter-anderem-FortiOS-FortiPAM-und-FortiSwitch-Manager-10767296.html

Security updates for Wednesday

Security updates have been issued by AlmaLinux (kernel, kernel-rt, vim, and webkit2gtk3), Debian (distro-info-data, https-everywhere, and php-horde-css-parser), Fedora (inih, mingw-exiv2, mirrorlist-server, rust-maxminddb, rust-monitord-exporter, rust-prometheus, rust-prometheus_exporter, rust-protobuf, rust-protobuf-codegen, rust-protobuf-parse, and rust-protobuf-support), Mageia (fetchmail), Oracle (gnutls, kernel, vim, and webkit2gtk3), Red Hat (kernel, kernel-rt, and webkit2gtk3), Slackware (mozilla), SUSE (curl, libxslt, and net-tools), and Ubuntu (linux-azure-5.15, linux-azure-6.8, linux-azure-fips, linux-oracle, linux-oracle-6.14, and linux-raspi).

https://lwn.net/Articles/1042076/