End-of-Day report
Timeframe: Dienstag 21-10-2025 18:00 - Mittwoch 22-10-2025 18:00
Handler: Guenes Holler
Co-Handler: Alexander Riepl
News
Sharepoint ToolShell attacks targeted orgs across four continents
Hackers believed to be associated with China have leveraged the ToolShell vulnerability (CVE-2025-53770) in Microsoft SharePoint in attacks targeting government agencies, universities, telecommunication service providers, and finance organizations.
https://www.bleepingcomputer.com/news/security/sharepoint-toolshell-attacks-targeted-orgs-across-four-continents/
Russia Pivots, Cracks Down on Resident Hackers
Thanks to improving cybersecurity and law enforcement action from the West, Russias government is reevaluating which cybercriminals it wants to give safe haven from the law.
https://www.darkreading.com/threat-intelligence/russia-cracks-down-low-level-hackers
Veraltete Chromium-Basis: Beliebte KI-Coding-IDEs gefährden Millionen Entwickler
Forscher schlagen Alarm: Die KI-Coding-IDEs Cursor und Windsurf enthalten eine uralte Chromium-Version mit mindestens 94 bekannten Sicherheitslücken.
https://www.golem.de/news/veraltete-chromium-basis-beliebte-ki-coding-ides-gefaehrden-millionen-entwickler-2510-201423.html
Public Sector Ransomware Attacks Relentlessly Continue
In 2025, 36 years after the first ransomware attack was recorded, actors continue to zero in on the public sector, and there is no evidence they will slow down any time soon. In fact, our numbers suggest that ransomware attacks against government organizations are ramping up, causing crippling service outages, massive data loss, reputational damage, public distrust, and financial harm.
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/public-sector-ransomware-attacks-relentlessly-continue/
Researchers Identify PassiveNeuron APT Using Neursite and NeuralExecutor Malware
Government, financial, and industrial organizations located in Asia, Africa, and Latin America are the target of a new campaign dubbed PassiveNeuron, according to findings from Kaspersky.The cyber espionage activity was first flagged by the Russian ..
https://thehackernews.com/2025/10/researchers-identify-passiveneuron-apt.html
Have I Been Pwned: 183 Millionen von Infostealern erbeutete Zugänge ergänzt
"Have I Been Pwned" sammelt veröffentlichte Zugangsdaten. Nun kamen 183 Millionen von Infostealern geklaute Konten hinzu.
https://www.heise.de/news/Have-I-Been-Pwned-183-Millionen-von-Infostealern-erbeutete-Zugaenge-ergaenzt-10793974.html
Kritische Schadcode-Lücken bedrohen TP-Link Omada Gateways
Wichtige Sicherheitspatches schließen Schwachstellen in Omada Gateways. Netzwerkadmins sollten zügig handeln.
https://www.heise.de/news/Kritische-Schadcode-Luecken-bedrohen-TP-Link-Omada-Gateways-10794139.html
Jingle Thief: Inside a Cloud-Based Gift Card Fraud Campaign
Threat actors behind the gift card fraud campaign Jingle Thief target retail via phishing and smishing, maintaining long-term access in cloud environments.
https://unit42.paloaltonetworks.com/cloud-based-gift-card-fraud-campaign/
Fast, Broad, and Elusive: How Vidar Stealer 2.0 Upgrades Infostealer Capabilities
Trend Research examines the latest version of the Vidar stealer, which features a full rewrite in C, a multithreaded architecture, and several enhancements that warrant attention. Its timely evolution suggests that Vidar is positioning itself to occupy the space left after Lumma Stealer-s decline.
https://www.trendmicro.com/en_us/research/25/j/how-vidar-stealer-2-upgrades-infostealer-capabilities.html
Sicherheitsupdate: Unberechtigte Zugriffe auf Zyxel-Firewalls möglich
Angreifer können bestimmte Firewalls von Zyxel attackieren. Angriffe sind aber nicht ohne Weiteres möglich.
https://heise.de/-10794033
Schwachstelle in Rust-Library für tar-Archive entdeckt
Die Library async-tar und ihre Forks enthalten eine als TARmageddon benannte Schwachstelle. Der am weitesten verbreitete Fork tokio-tar bekommt keinen Patch.
https://heise.de/-10793899
Prompt injection to RCE in AI agents
We bypassed human approval protections for system command execution in AI agents, achieving RCE in three agent platforms.
https://blog.trailofbits.com/2025/10/22/prompt-injection-to-rce-in-ai-agents/
Vulnerabilities
Security updates for Wednesday
Security updates have been issued by Fedora (inih, mingw-exiv2, and mod_http2), SUSE (ffmpeg-4, kernel, libqt5-qtbase, protobuf, python-ldap, and python313), and Ubuntu (erlang, ffmpeg, linux, linux-aws, linux-gcp, linux-oem-6.14, linux-oracle, linux-oracle-6.14, linux-raspi, linux-realtime, linux-aws, linux-azure, linux-azure-6.14, linux-azure-nvidia-6.14, linux-azure-fips, linux-oracle-5.4, and linux-realtime-6.14).
https://lwn.net/Articles/1042911/
Multiple stored cross-site scripting vulnerabilities in Movable Type
https://jvn.jp/en/jp/JVN24333679/
Oracle Critical Patch Update Advisory - October 2025
https://www.oracle.com/security-alerts/cpuoct2025.html