Tageszusammenfassung - 22.10.2025

End-of-Day report

Timeframe: Dienstag 21-10-2025 18:00 - Mittwoch 22-10-2025 18:00 Handler: Guenes Holler Co-Handler: Alexander Riepl

News

Sharepoint ToolShell attacks targeted orgs across four continents

Hackers believed to be associated with China have leveraged the ToolShell vulnerability (CVE-2025-53770) in Microsoft SharePoint in attacks targeting government agencies, universities, telecommunication service providers, and finance organizations.

https://www.bleepingcomputer.com/news/security/sharepoint-toolshell-attacks-targeted-orgs-across-four-continents/

Russia Pivots, Cracks Down on Resident Hackers

Thanks to improving cybersecurity and law enforcement action from the West, Russias government is reevaluating which cybercriminals it wants to give safe haven from the law.

https://www.darkreading.com/threat-intelligence/russia-cracks-down-low-level-hackers

Veraltete Chromium-Basis: Beliebte KI-Coding-IDEs gefährden Millionen Entwickler

Forscher schlagen Alarm: Die KI-Coding-IDEs Cursor und Windsurf enthalten eine uralte Chromium-Version mit mindestens 94 bekannten Sicherheitslücken.

https://www.golem.de/news/veraltete-chromium-basis-beliebte-ki-coding-ides-gefaehrden-millionen-entwickler-2510-201423.html

Public Sector Ransomware Attacks Relentlessly Continue

In 2025, 36 years after the first ransomware attack was recorded, actors continue to zero in on the public sector, and there is no evidence they will slow down any time soon. In fact, our numbers suggest that ransomware attacks against government organizations are ramping up, causing crippling service outages, massive data loss, reputational damage, public distrust, and financial harm.

https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/public-sector-ransomware-attacks-relentlessly-continue/

Researchers Identify PassiveNeuron APT Using Neursite and NeuralExecutor Malware

Government, financial, and industrial organizations located in Asia, Africa, and Latin America are the target of a new campaign dubbed PassiveNeuron, according to findings from Kaspersky.The cyber espionage activity was first flagged by the Russian ..

https://thehackernews.com/2025/10/researchers-identify-passiveneuron-apt.html

Have I Been Pwned: 183 Millionen von Infostealern erbeutete Zugänge ergänzt

"Have I Been Pwned" sammelt veröffentlichte Zugangsdaten. Nun kamen 183 Millionen von Infostealern geklaute Konten hinzu.

https://www.heise.de/news/Have-I-Been-Pwned-183-Millionen-von-Infostealern-erbeutete-Zugaenge-ergaenzt-10793974.html

Kritische Schadcode-Lücken bedrohen TP-Link Omada Gateways

Wichtige Sicherheitspatches schließen Schwachstellen in Omada Gateways. Netzwerkadmins sollten zügig handeln.

https://www.heise.de/news/Kritische-Schadcode-Luecken-bedrohen-TP-Link-Omada-Gateways-10794139.html

Jingle Thief: Inside a Cloud-Based Gift Card Fraud Campaign

Threat actors behind the gift card fraud campaign Jingle Thief target retail via phishing and smishing, maintaining long-term access in cloud environments.

https://unit42.paloaltonetworks.com/cloud-based-gift-card-fraud-campaign/

Fast, Broad, and Elusive: How Vidar Stealer 2.0 Upgrades Infostealer Capabilities

Trend Research examines the latest version of the Vidar stealer, which features a full rewrite in C, a multithreaded architecture, and several enhancements that warrant attention. Its timely evolution suggests that Vidar is positioning itself to occupy the space left after Lumma Stealer-s decline.

https://www.trendmicro.com/en_us/research/25/j/how-vidar-stealer-2-upgrades-infostealer-capabilities.html

Sicherheitsupdate: Unberechtigte Zugriffe auf Zyxel-Firewalls möglich

Angreifer können bestimmte Firewalls von Zyxel attackieren. Angriffe sind aber nicht ohne Weiteres möglich.

https://heise.de/-10794033

Schwachstelle in Rust-Library für tar-Archive entdeckt

Die Library async-tar und ihre Forks enthalten eine als TARmageddon benannte Schwachstelle. Der am weitesten verbreitete Fork tokio-tar bekommt keinen Patch.

https://heise.de/-10793899

Prompt injection to RCE in AI agents

We bypassed human approval protections for system command execution in AI agents, achieving RCE in three agent platforms.

https://blog.trailofbits.com/2025/10/22/prompt-injection-to-rce-in-ai-agents/

Vulnerabilities

Security updates for Wednesday

Security updates have been issued by Fedora (inih, mingw-exiv2, and mod_http2), SUSE (ffmpeg-4, kernel, libqt5-qtbase, protobuf, python-ldap, and python313), and Ubuntu (erlang, ffmpeg, linux, linux-aws, linux-gcp, linux-oem-6.14, linux-oracle, linux-oracle-6.14, linux-raspi, linux-realtime, linux-aws, linux-azure, linux-azure-6.14, linux-azure-nvidia-6.14, linux-azure-fips, linux-oracle-5.4, and linux-realtime-6.14).

https://lwn.net/Articles/1042911/

Multiple stored cross-site scripting vulnerabilities in Movable Type

https://jvn.jp/en/jp/JVN24333679/

Oracle Critical Patch Update Advisory - October 2025

https://www.oracle.com/security-alerts/cpuoct2025.html