End-of-Day report
Timeframe: Dienstag 07-10-2025 18:00 - Mittwoch 08-10-2025 18:00
Handler: Michael Schlagenhaufer
Co-Handler: Guenes Holler
News
Severe Figma MCP Vulnerability Lets Hackers Execute Code Remotely - Patch Now
Cybersecurity researchers have disclosed details of a now-patched vulnerability in the popular figma-developer-mcp Model Context Protocol (MCP) server that could allow attackers to achieve code execution. The vulnerability, tracked as CVE-2025-53967 (CVSS score: 7.5), is a command injection bug [..] The vulnerability has been addressed in version 0.6.3 of figma-developer-mcp, which was released on September 29, 2025.
https://thehackernews.com/2025/10/severe-figma-mcp-vulnerability-lets.html
LockBit, Qilin, and DragonForce Join Forces to Dominate the Ransomware Ecosystem
Three prominent ransomware groups DragonForce, LockBit, and Qilin have announced a new strategic ransomware alliance, once underscoring continued shifts in the cyber threat landscape.
https://thehackernews.com/2025/10/lockbit-qilin-and-dragonforce-join.html
Employees regularly paste company secrets into ChatGPT
Employees could be opening up to OpenAI in ways that put sensitive data at risk. According to a study by security biz LayerX, a large number of corporate users paste Personally Identifiable Information (PII) or Payment Card Industry (PCI) numbers right into ChatGPT, even if theyre using the bot without permission.
https://go.theregister.com/feed/www.theregister.com/2025/10/07/gen_ai_shadow_it_secrets/
-Can you test my game?- Fake itch.io pages spread hidden malware to gamers
A convincing itch-style page can drop a stealthy stager instead of a game. Here-s how to spot it and what to do if you clicked.
https://www.malwarebytes.com/blog/threat-intel/2025/10/can-you-test-my-game-fake-itch-io-pages-spread-hidden-malware-to-gamers
Is your computer mouse eavesdropping on you?
Researchers have found a method they called Mic-E-Mouse, which turns your computer mouse into a spy that can listen in on your conversations. [..] The method uses high-performance optical sensors in optical mice, combined with artificial intelligence, to filter out background noise and: -achieve intelligible reconstruction of user speech.-
https://www.malwarebytes.com/blog/news/2025/10/is-your-computer-mouse-eavesdropping-on-you
Der Klimabonus ist wieder da?! Nein, nur ein neuer Phishing-Versuch!
Betrügerische SMS-Nachrichten versuchen den Eindruck einer Rückkehr des Klimabonus zu erwecken. Eine frühzeitige Registrierung bringe Informationsvorteile und bessere Chancen für eine Auszahlung. Nichts davon ist wahr. Wir haben es vielmehr mit klassischem Phishing zu tun.
https://www.watchlist-internet.at/news/klimabonus-neuer-phishing-versuch/
Salesforce data breach: what you need to know
The Scattered LAPSUS$ Hunters hacking group claims to have accessed data from around 40 customers of Salesforce, the cloud-based customer relationship management service, stealing almost one billion records. [..] The hacker are demanding payment by this Friday, 10 October 2025. [..] Allen Tsai, a Salesforce spokesperson, said the company won-t engage, negotiate with or pay any extortion demand.
https://www.fortra.com/blog/salesforce-data-breach-what-need-know
The ClickFix Factory: First Exposure of IUAM ClickFix Generator
Unit 42 discovers ClickFix phishing kits, commoditizing social engineering. This kit presents a lowered barrier for inexperienced cybercriminals.
https://unit42.paloaltonetworks.com/clickfix-generator-first-of-its-kind/
Crafting a Full Exploit RCE from a Crash in Autodesk Revit RFA File Parsing
This article will be devoted to explaining how I reached arbitrary code execution from the crash point shown above. Of particular interest is the technique I used to achieve ROP execution.
https://www.thezdi.com/blog/2025/10/6/crafting-a-full-exploit-rce-from-a-crash-in-autodesk-revit-rfa-file-parsing
Windows 11-Setup: Microsoft blockiert künftig das Anlegen lokaler Konten
Es deutet sich an, dass lokale Benutzerkonten in Windows 11 zukünftig nicht, oder nur noch mit großen Tricks beim Setup eingerichtet werden können. In der neuesten Insider Preview Build 26220.6772 (KB5065797) vom 06. Oktober 2025 gab Microsoft bekannt, dass die Befehle, um beim Setup doch noch lokale Benutzerkonten einzurichten, gestrichen werden.
https://www.borncity.com/blog/2025/10/08/windows-11-setup-microsoft-blockiert-kuenftig-das-anlegen-lokaler-konten/
Introducing HoneyBee: How We Automate Honeypot Deployment for Threat Research
HoneyBee takes popular cloud-deployed applications such as databases, storage services, and web apps, and automatically generates intentionally insecure Dockerfiles and Docker Compose manifests. [..] We know we aren't the only ones working on these challenges, which is why we-re open-sourcing HoneyBee with the hope that it can be just as useful to others in the security community.
https://www.wiz.io/blog/honeybee-threat-research
Vulnerabilities
Ivanti Endpoint Manager Multible 0Day Vulnerabilities
(ZDI-25-934 - ZDI-25-947) This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. Authentication is required to exploit this vulnerability. Mitigation: Given the nature of the vulnerability, the only salient mitigation strategy is to restrict interaction with the product.
https://www.zerodayinitiative.com/advisories/published/
Security updates for Wednesday
Security updates have been issued by Fedora (apptainer, civetweb, mod_http2, openssl, pandoc, and pandoc-cli), Oracle (kernel), Red Hat (gstreamer1-plugins-bad-free, iputils, kernel, open-vm-tools, and podman), SUSE (cairo, firefox, ghostscript, gimp, gstreamer-plugins-rs, libxslt, logback, openssl-1_0_0, openssl-1_1, python-xmltodict, and rubygem-puma), and Ubuntu (gst-plugins-base1.0, linux-aws-6.8, linux-aws-fips, linux-azure, linux-azure-nvidia, linux-gke, linux-nvidia-tegra-igx, and
https://lwn.net/Articles/1041243/
Windows und Android: Google schließt schwerwiegende Lücken in Chrome
https://www.golem.de/news/windows-und-android-google-schliesst-schwerwiegende-luecken-in-chrome-2510-200916.html
ZDI-25-895: (0Day) Wondershare Repairit Incorrect Permission Assignment Authentication Bypass Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-25-895/
B&R Automation Runtime DoS Vulnerability in System Diagnostics Manager (SDM) CVE ID: CVE-2025-3450
https://www.br-automation.com/fileadmin/SA25P002-f6a69e61.pdf
B&R Automation Runtime Vulnerabilities in System Diagnostic Manager (SDM) CVE ID: CVE-2025-3449, CVE-2025-3448
https://www.br-automation.com/fileadmin/SA25P003-178b6a20.pdf
ABB: LVS MConfig Insecure memory handling CVE ID: CVE-2025-9970
https://search.abb.com/library/Download.aspx?DocumentID=4TZ00000006008&LanguageCode=en&DocumentPartId=&Action=Launch
Tenable: [R1] Security Center Version 6.7.0 Fixes One Vulnerability
https://www.tenable.com/security/tns-2025-21