Tageszusammenfassung - 08.10.2025

End-of-Day report

Timeframe: Dienstag 07-10-2025 18:00 - Mittwoch 08-10-2025 18:00 Handler: Michael Schlagenhaufer Co-Handler: Guenes Holler

News

Severe Figma MCP Vulnerability Lets Hackers Execute Code Remotely - Patch Now

Cybersecurity researchers have disclosed details of a now-patched vulnerability in the popular figma-developer-mcp Model Context Protocol (MCP) server that could allow attackers to achieve code execution. The vulnerability, tracked as CVE-2025-53967 (CVSS score: 7.5), is a command injection bug [..] The vulnerability has been addressed in version 0.6.3 of figma-developer-mcp, which was released on September 29, 2025.

https://thehackernews.com/2025/10/severe-figma-mcp-vulnerability-lets.html

LockBit, Qilin, and DragonForce Join Forces to Dominate the Ransomware Ecosystem

Three prominent ransomware groups DragonForce, LockBit, and Qilin have announced a new strategic ransomware alliance, once underscoring continued shifts in the cyber threat landscape.

https://thehackernews.com/2025/10/lockbit-qilin-and-dragonforce-join.html

Employees regularly paste company secrets into ChatGPT

Employees could be opening up to OpenAI in ways that put sensitive data at risk. According to a study by security biz LayerX, a large number of corporate users paste Personally Identifiable Information (PII) or Payment Card Industry (PCI) numbers right into ChatGPT, even if theyre using the bot without permission.

https://go.theregister.com/feed/www.theregister.com/2025/10/07/gen_ai_shadow_it_secrets/

-Can you test my game?- Fake itch.io pages spread hidden malware to gamers

A convincing itch-style page can drop a stealthy stager instead of a game. Here-s how to spot it and what to do if you clicked.

https://www.malwarebytes.com/blog/threat-intel/2025/10/can-you-test-my-game-fake-itch-io-pages-spread-hidden-malware-to-gamers

Is your computer mouse eavesdropping on you?

Researchers have found a method they called Mic-E-Mouse, which turns your computer mouse into a spy that can listen in on your conversations. [..] The method uses high-performance optical sensors in optical mice, combined with artificial intelligence, to filter out background noise and: -achieve intelligible reconstruction of user speech.-

https://www.malwarebytes.com/blog/news/2025/10/is-your-computer-mouse-eavesdropping-on-you

Der Klimabonus ist wieder da?! Nein, nur ein neuer Phishing-Versuch!

Betrügerische SMS-Nachrichten versuchen den Eindruck einer Rückkehr des Klimabonus zu erwecken. Eine frühzeitige Registrierung bringe Informationsvorteile und bessere Chancen für eine Auszahlung. Nichts davon ist wahr. Wir haben es vielmehr mit klassischem Phishing zu tun.

https://www.watchlist-internet.at/news/klimabonus-neuer-phishing-versuch/

Salesforce data breach: what you need to know

The Scattered LAPSUS$ Hunters hacking group claims to have accessed data from around 40 customers of Salesforce, the cloud-based customer relationship management service, stealing almost one billion records. [..] The hacker are demanding payment by this Friday, 10 October 2025. [..] Allen Tsai, a Salesforce spokesperson, said the company won-t engage, negotiate with or pay any extortion demand.

https://www.fortra.com/blog/salesforce-data-breach-what-need-know

The ClickFix Factory: First Exposure of IUAM ClickFix Generator

Unit 42 discovers ClickFix phishing kits, commoditizing social engineering. This kit presents a lowered barrier for inexperienced cybercriminals.

https://unit42.paloaltonetworks.com/clickfix-generator-first-of-its-kind/

Crafting a Full Exploit RCE from a Crash in Autodesk Revit RFA File Parsing

This article will be devoted to explaining how I reached arbitrary code execution from the crash point shown above. Of particular interest is the technique I used to achieve ROP execution.

https://www.thezdi.com/blog/2025/10/6/crafting-a-full-exploit-rce-from-a-crash-in-autodesk-revit-rfa-file-parsing

Windows 11-Setup: Microsoft blockiert künftig das Anlegen lokaler Konten

Es deutet sich an, dass lokale Benutzerkonten in Windows 11 zukünftig nicht, oder nur noch mit großen Tricks beim Setup eingerichtet werden können. In der neuesten Insider Preview Build 26220.6772 (KB5065797) vom 06. Oktober 2025 gab Microsoft bekannt, dass die Befehle, um beim Setup doch noch lokale Benutzerkonten einzurichten, gestrichen werden.

https://www.borncity.com/blog/2025/10/08/windows-11-setup-microsoft-blockiert-kuenftig-das-anlegen-lokaler-konten/

Introducing HoneyBee: How We Automate Honeypot Deployment for Threat Research

HoneyBee takes popular cloud-deployed applications such as databases, storage services, and web apps, and automatically generates intentionally insecure Dockerfiles and Docker Compose manifests. [..] We know we aren't the only ones working on these challenges, which is why we-re open-sourcing HoneyBee with the hope that it can be just as useful to others in the security community.

https://www.wiz.io/blog/honeybee-threat-research

Vulnerabilities

Ivanti Endpoint Manager Multible 0Day Vulnerabilities

(ZDI-25-934 - ZDI-25-947) This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. Authentication is required to exploit this vulnerability. Mitigation: Given the nature of the vulnerability, the only salient mitigation strategy is to restrict interaction with the product.

https://www.zerodayinitiative.com/advisories/published/

Security updates for Wednesday

Security updates have been issued by Fedora (apptainer, civetweb, mod_http2, openssl, pandoc, and pandoc-cli), Oracle (kernel), Red Hat (gstreamer1-plugins-bad-free, iputils, kernel, open-vm-tools, and podman), SUSE (cairo, firefox, ghostscript, gimp, gstreamer-plugins-rs, libxslt, logback, openssl-1_0_0, openssl-1_1, python-xmltodict, and rubygem-puma), and Ubuntu (gst-plugins-base1.0, linux-aws-6.8, linux-aws-fips, linux-azure, linux-azure-nvidia, linux-gke, linux-nvidia-tegra-igx, and

https://lwn.net/Articles/1041243/

Windows und Android: Google schließt schwerwiegende Lücken in Chrome

https://www.golem.de/news/windows-und-android-google-schliesst-schwerwiegende-luecken-in-chrome-2510-200916.html

ZDI-25-895: (0Day) Wondershare Repairit Incorrect Permission Assignment Authentication Bypass Vulnerability

http://www.zerodayinitiative.com/advisories/ZDI-25-895/

B&R Automation Runtime DoS Vulnerability in System Diagnostics Manager (SDM) CVE ID: CVE-2025-3450

https://www.br-automation.com/fileadmin/SA25P002-f6a69e61.pdf

B&R Automation Runtime Vulnerabilities in System Diagnostic Manager (SDM) CVE ID: CVE-2025-3449, CVE-2025-3448

https://www.br-automation.com/fileadmin/SA25P003-178b6a20.pdf

ABB: LVS MConfig Insecure memory handling CVE ID: CVE-2025-9970

https://search.abb.com/library/Download.aspx?DocumentID=4TZ00000006008&LanguageCode=en&DocumentPartId=&Action=Launch

Tenable: [R1] Security Center Version 6.7.0 Fixes One Vulnerability

https://www.tenable.com/security/tns-2025-21