End-of-Day report
Timeframe: Dienstag 03-02-2026 18:00 - Mittwoch 04-02-2026 18:00
Handler: Alexander Riepl
Co-Handler: n/a
News
Wave of Citrix NetScaler scans use thousands of residential proxies
A coordinated reconnaissance campaign targeting Citrix NetScaler infrastructure over the past week used tens of thousands of residential proxies to discover login panels.
https://www.bleepingcomputer.com/news/security/wave-of-citrix-netscaler-scans-use-thousands-of-residential-proxies/
Schlüssel kaputt: Weitere Ransomware-Panne führt zu Totalverlust
In der Nitrogen-Ransomware klafft ein Bug, der alle Lösegeldverhandlungen ad absurdum führt. Die Daten können nicht mehr entschlüsselt werden.
https://www.golem.de/news/schluessel-kaputt-weitere-ransomware-panne-fuehrt-zu-totalverlust-2602-204974.html
AI agents cant yet pull off fully autonomous cyberattacks - but they are already very helpful to crims
Dont relax: This is a when, not if scenario AI agents and other systems cant yet conduct cyberattacks fully on their own - but they can help criminals in many stages of the attack chain, according to the International AI Safety report.
https://www.theregister.com/2026/02/03/autonomous_cyberattacks_not_real_yet/
Clouds rush to deliver OpenClaw-as-a-service offerings
As analyst house Gartner declares AI tool -comes with unacceptable cybersecurity risk- and urges admins to snuff it out If you-re brave enough to want to run the demonstrably insecure AI assistant OpenClaw, several clouds have already started offering it as a service.
https://www.theregister.com/2026/02/04/cloud_hosted_openclaw/
Angriffe auf Solarwinds Web Help Desk, FreePBX und Gitlab beobachtet
Die CISA warnt vor jüngst beobachteten Angriffen auf Sicherheitslücken in Solarwinds Web Help Desk, FreePBX und Gitlab.
https://www.heise.de/news/Angriffe-auf-Solarwinds-Web-Help-Desk-FreePBX-und-Gitlab-beobachtet-11164498.html
Phishing: Falsche Cloud-Speicher-Warnung nachverfolgt
Phishing-Mails zielen nicht nur direkt auf Zugangsdaten ab, sondern bringen Opfer öfter zu Affiliate-Marketing-Seiten.
https://www.heise.de/news/Phishing-Falsche-Cloud-Speicher-Warnung-nachverfolgt-11164973.html
Gesucht: Notfallhandwerksdienst, Gefunden: Vermittlungsagentur
Hinter zahlreichen Webseiten von Notfallinstallateuren, Schlüsseldiensten und ähnlichen Unternehmen stecken gar keine Handwerksbetriebe, sondern lediglich Vermittlungsagenturen. Das ist nicht illegal, kann für Betroffene aber dennoch unangenehme Folgen haben. Woran man die Webauftritte der Agenturen erkennt und wie man am besten für den Ernstfall vorsorgt.
https://www.watchlist-internet.at/news/vermittlungsagentur-statt-handwerksdienst/
Exclusive: US used cyber weapons to disrupt Iranian air defenses during 2025 strikes
The U.S. military digitally disrupted Iranian air missile defense systems during its operation last year against the country-s nuclear program, some of the most sophisticated action Cyber Command has taken to date against Iran.
https://therecord.media/iran-nuclear-cyber-strikes-us
Phishing Campaigns Abuse Trusted Cloud Platforms, Raising New Risks for Enterprises
ANY.RUN experts report a surge in phishing campaigns abusing trusted cloud and CDN platforms to bypass security controls and target enterprise users.
https://hackread.com/phishing-campaigns-cloud-platforms-enterprises-risks/
React Server Components Exploitation Consolidates as Two IPs Generate Majority of Attack Traffic
Two months after CVE-2025-55182 was disclosed on December 3, 2025, exploitation activity targeting React Server Components has consolidated significantly.
https://www.greynoise.io/blog/react2shell-exploitation-consolidates
Native Sysmon-Integration in Windows rückt näher
Microsoft hat Windows-Insider-Vorschauen veröffentlicht, die das mächtige Sysmon-Protokollierungstool als Windows-Feature mitbringen.
https://heise.de/-11164696
Phishing: Falsche Cloud-Speicher-Warnung nachverfolgt
Phishing-Mails zielen nicht nur direkt auf Zugangsdaten ab, sondern bringen Opfer öfter zu Affiliate-Marketing-Seiten.
https://heise.de/-11164973
Web Traffic Hijacking: When Your Nginx Configuration Turns Malicious
Datadog Security Research has identified an active web traffic hijacking campaign that targets NGINX installations and management panels like Baota (BT). In this post, we provide our analysis of the techniques this campaign uses and share indicators of compromise you can check for in your NGINX configurations.
https://securitylabs.datadoghq.com/articles/web-traffic-hijacking-nginx-configuration-malicious/
Vulnerabilities
Critical Vulnerability Alert: CVE-2025-40551 in SolarWinds Web Help Desk
https://www.bitsight.com/blog/cve-2025-40551-solarwinds-critical-vulnerability