End-of-Day report
Timeframe: Freitag 10-10-2025 18:01 - Montag 13-10-2025 18:00
Handler: Felician Fuchs
Co-Handler: Felician Fuchs
News
Oracle releases emergency patch for new E-Business Suite flaw
Oracle has issued an emergency security update over the weekend to patch another E-Business Suite (EBS) vulnerability that can be exploited remotely by unauthenticated attackers.
https://www.bleepingcomputer.com/news/security/oracle-releases-emergency-patch-for-new-e-business-suite-flaw/
Windows 11 23H2 Home and Pro reach end of support in 30 days
Microsoft has reminded customers again today that systems running Home and Pro editions of Windows 11 23H2 will stop receiving security updates next month.
https://www.bleepingcomputer.com/news/microsoft/windows-11-23h2-home-and-pro-reach-end-of-support-in-30-days/
Chinese Hackers Use Velociraptor IR Tool in Ransomware Attacks
In a new wrinkle for adversary tactics, the Storm-2603 threat group is abusing the digital forensics and incident response (DFIR) tool to gain persistent access to victim networks.
https://www.darkreading.com/cybersecurity-operations/chinese-hackers-velociraptor-ir-tool-ransomware-attacks
New Rust-Based Malware "ChaosBot" Uses Discord Channels to Control Victims PCs
Cybersecurity researchers have disclosed details of a new Rust-based backdoor called ChaosBot that can allow operators to conduct reconnaissance and execute arbitrary commands on compromised hosts.
https://thehackernews.com/2025/10/new-rust-based-malware-chaosbot-hijacks.html
Astaroth Banking Trojan Abuses GitHub to Remain Operational After Takedowns
Cybersecurity researchers are calling attention to a new campaign that delivers the Astaroth banking trojan that employs GitHub as a backbone for its operations to stay resilient in the face of infrastructure takedowns.
https://thehackernews.com/2025/10/astaroth-banking-trojan-abuses-github.html
Microsoft Locks Down IE Mode After Hackers Turned Legacy Feature Into Backdoor
Microsoft said it has revamped the Internet Explorer (IE) mode in its Edge browser after receiving "credible reports" in August 2025 that unknown threat actors were abusing the backward compatibility feature to gain unauthorized access to users devices.
https://thehackernews.com/2025/10/microsoft-locks-down-ie-mode-after.html
Invoicely Database Leak Exposes 180,000 Sensitive Records
Cybersecurity researcher Jeremiah Fowler discovered nearly 180,000 files, including PII and banking details, left exposed on an unprotected database linked to the Invoicely platform. Read about the identity theft and financial fraud risks for over 250,000 businesses worldwide.
https://hackread.com/invoicely-database-leak-expose-sensitive-records/
100,000+ IP Botnet Launches Coordinated RDP Attack Wave Against US Infrastructure
Since October 8, 2025, GreyNoise has tracked a coordinated botnet operation involving over 100,000 unique IP addresses from more than 100 countries targeting Remote Desktop Protocol (RDP) services in the United States.
https://www.greynoise.io/blog/botnet-launches-coordinated-rdp-attack-wave
Kundendaten von Qantas im Netz - auch die von Troy Hunt
Im Juli erbeuteten Angreifer wichtige Daten bei der australischen Airline. Noch ist nicht klar, was davon jetzt im Netz kursiert.
https://heise.de/-10750869
Critical GitHub Copilot Vulnerability Leaks Private Source Code
In June 2025, I found a critical vulnerability in GitHub Copilot Chat (CVSS 9.6) that allowed silent exfiltration of secrets and source code from private repos, and gave me full control over Copilot-s responses, including suggesting malicious code or links.
https://www.legitsecurity.com/blog/camoleak-critical-github-copilot-vulnerability-leaks-private-source-code
North Korea-s Contagious Interview Campaign Escalates: 338 Malicious npm Packages, 50,000 Downloads
The Contagious Interview operation continues to weaponize the npm registry with a repeatable playbook. Since our July 14, 2025 update, we have identified and analyzed more than 338 malicious packages with over 50,000 cumulative downloads.
https://socket.dev/blog/north-korea-contagious-interview-campaign-338-malicious-npm-packages
Vulnerabilities
VU#538470: Clevo UEFI firmware embedded BootGuard keys compromising Clevos implementation of BootGuard
Clevo-s UEFI firmware update packages included sensitive private keys used in their Intel Boot Guard implementation. This accidental exposure of the keys could be abused by an attacker to sign malicious firmware using Clevo-s Boot Guard trust chain, potentially compromising the pre-boot UEFI environment on systems where Clevo-s implementation has been adopted.
https://kb.cert.org/vuls/id/538470
Oracle Security Alert for CVE-2025-61884 - 11 October 2025
This Security Alert addresses vulnerability CVE-2025-61884 in Oracle E-Business Suite. This vulnerability is remotely exploitable without authentication, i.e., it may be exploited over a network without the need for a username and password. If successfully exploited, this vulnerability may allow access to sensitive resources.
https://www.oracle.com/security-alerts/alert-cve-2025-61884.html
Security updates for Monday
Security updates have been issued by AlmaLinux (compat-libtiff3, iputils, kernel, open-vm-tools, and vim), Debian (asterisk, ghostscript, kernel, linux-6.1, and tiff), Fedora (cef, chromium, cri-o1.31, cri-o1.32, cri-o1.33, cri-o1.34, docker-buildx, log4cxx, mingw-poppler, openssl, podman-tui, prometheus-podman-exporter, python-socketio, python3.10, python3.11, python3.12, python3.9, skopeo, and valkey), Mageia (open-vm-tools), Red Hat (compat-libtiff3, kernel, kernel-rt, vim, and webkit2gtk3), and SUSE (distrobuilder, docker-stable, expat, forgejo, forgejo-longterm, gitea-tea, go1.25, haproxy, headscale, open-vm-tools, openssl-3, podman, podofo, ruby3.4-rubygem-rack, and weblate).
https://lwn.net/Articles/1041779/
Two High Checkmk advisories released
SBAResearch published the following advisories for checkmk: SBA-ADV-20250724-01: Checkmk Agent Privilege Escalation via Insecure Temporary Files, SBA-ADV-20250730-01: Checkmk Path Traversal.
https://github.com/sbaresearch/advisories/commit/e84ca741ae34d372b4f7b294ad91120f78a211b4
Auth Bypass Flaw in Service Finder WordPress Plugin Under Active Exploit
An Authentication Bypass (CVE-2025-5947) in Service Finder Bookings plugin allows any unauthenticated attacker to log in as an administrator. Over 13,800 exploit attempts detected. Update to v6.1 immediately.
https://hackread.com/auth-bypass-service-finder-wordpress-plugin-exploit/
BigBlueButton: Update fürs Webkonferenz-System fixt Denial-of-Service-Lücken
Die Entwickler des quelloffenen Webkonferenz-Systems BigBlueButton (BBB) für Windows- und Linux-Server haben mit einem Update auf Version 3.0.13 mehrere Angriffsmöglichkeiten beseitigt.
https://heise.de/-10751398