Tageszusammenfassung - 01.10.2025

End-of-Day report

Timeframe: Dienstag 30-09-2025 18:00 - Mittwoch 01-10-2025 18:00 Handler: Guenes Holler Co-Handler: Alexander Riepl

News

China Imposes One-Hour Reporting Rule for Major Cyber Incidents

The sweeping new regulations show that Chinas serious about hardening its own networks after launching widespread attacks on global networks.

https://www.darkreading.com/cybersecurity-operations/china-one-hour-reporting-rule-major-cyber-incidents

MatrixPDF: Neues Hacker-Tool macht PDF-Dateien zu Phishing-Ködern

Schädliche PDF-Dateien lassen sich damit so gestalten, dass sie den Phishing-Filter von Gmail umgehen.

https://www.golem.de/news/matrixpdf-neues-hacker-tool-macht-pdf-dateien-zu-phishing-koedern-2510-200708.html

New Android Banking Trojan -Klopatra- Uses Hidden VNC to Control Infected Smartphones

A previously undocumented Android banking trojan called Klopatra has compromised over 3,000 devices, with a majority of the infections reported in Spain and Italy.Italian fraud prevention firm Cleafy, which discovered the sophisticated malware ..

https://thehackernews.com/2025/10/new-android-banking-trojan-klopatra.html

Hackers Exploit Milesight Routers to Send Phishing SMS to European Users

Unknown threat actors are abusing Milesight industrial cellular routers to send SMS messages as part of a smishing campaign targeting users in European countries since at least February 2022.French cybersecurity company SEKOIA said the attackers are exploiting ..

https://thehackernews.com/2025/10/hackers-exploit-milesight-routers-to.html

Red Hat OpenShift AI Flaw Exposes Hybrid Cloud Infrastructure to Full Takeover

A severe security flaw has been disclosed in the Red Hat OpenShift AI service that could allow attackers to escalate privileges and take control of the complete infrastructure under certain conditions.OpenShift AI is a platform for managing the lifecycle ..

https://thehackernews.com/2025/10/critical-red-hat-openshift-ai-flaw.html

OneLogin Bug Let Attackers Use API Keys to Steal OIDC Secrets and Impersonate Apps

A high-severity security flaw has been disclosed in the One Identity OneLogin Identity and Access Management (IAM) solution that, if successfully exploited, could expose sensitive OpenID Connect (OIDC) application client secrets under certain ..

https://thehackernews.com/2025/10/onelogin-bug-let-attackers-use-api-keys.html

Neue Phishing-Wellen im Namen der WKO

Kriminelle versuchen aktuell über zwei Maschen im Namen der Wirtschaftskammer Österreich für Schaden zu sorgen. Dabei geht es um die Aktualisierung von Unternehmensdaten und Zahlungsinformationen zum Mitgliedsbeitrag. Besonders gefährlich: Für ..

https://www.watchlist-internet.at/news/phishing-wellen-wko/

TOTOLINK X6000R: Three New Vulnerabilities Uncovered

Researchers identified vulnerabilities in TOTOLINK X6000R routers: CVE-2025-52905, CVE-2025-52906 and CVE-2025-52907. We discuss root cause and impact.

https://unit42.paloaltonetworks.com/totolink-x6000r-vulnerabilities/

North Korea IT worker scheme expanding to more industries, countries outside of US tech sector

Okta said their new research into the scheme revealed that North Korea has honed its skills on U.S.-based companies and has expanded into dozens of different countries and industries.

https://therecord.media/north-korea-it-worker-scheme-expands-outisde-us-tech

Detour Dog-s DNS Hijacking Infects 30,000 Websites with Strela Stealer

Infoblox reveals how the Detour Dog group used server-side DNS to compromise 30,000+ sites across 89 countries, installing the stealthy Strela Stealer malware.

https://hackread.com/detour-dog-dns-hijacking-websites-strela-stealer/

Sicherheitsupdate: Schadcode-Lücke bedroht NAS-Modelle von Western Digital

Angreifer können bestimmte Netzwerkspeicher von Western Digital mit My Cloud OS attackieren.

https://heise.de/-10696726

Vulnerabilities

Security updates for Wednesday

Security updates have been issued by AlmaLinux (kernel, kernel-rt, mysql:8.0, and openssh), Debian (libcommons-lang-java, libcommons-lang3-java, libcpanel-json-xs-perl, libjson-xs-perl, libxml2, open-vm-tools, and u-boot), Fedora (bird, dnsdist, mapserver, ntpd-rs, python-nh3, and rust-ammonia), Oracle (kernel and mysql:8.0), Red Hat (cups, postgresql:12, and postgresql:13), SUSE (cJSON-devel, gimp, kernel-devel, kubecolor, open-vm-tools, openssl-1_1, openssl-3, and ruby3.4-rubygem-rack), ..

https://lwn.net/Articles/1040375/

CISA Releases Ten Industrial Control Systems Advisories

CISA released ten Industrial Control Systems (ICS) advisories on September 30, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.ICSA-25-273-01 MegaSys Enterprises Telenium Online Web ApplicationICSA-25-273-02 Festo SBRD-Q/SBOC-Q/SBOI-QICSA-25-273-03 Festo CPX-CEC-C1 and ..

https://www.cisa.gov/news-events/alerts/2025/09/30/cisa-releases-ten-industrial-control-systems-advisories