End-of-Day report
Timeframe: Dienstag 30-09-2025 18:00 - Mittwoch 01-10-2025 18:00
Handler: Guenes Holler
Co-Handler: Alexander Riepl
News
China Imposes One-Hour Reporting Rule for Major Cyber Incidents
The sweeping new regulations show that Chinas serious about hardening its own networks after launching widespread attacks on global networks.
https://www.darkreading.com/cybersecurity-operations/china-one-hour-reporting-rule-major-cyber-incidents
MatrixPDF: Neues Hacker-Tool macht PDF-Dateien zu Phishing-Ködern
Schädliche PDF-Dateien lassen sich damit so gestalten, dass sie den Phishing-Filter von Gmail umgehen.
https://www.golem.de/news/matrixpdf-neues-hacker-tool-macht-pdf-dateien-zu-phishing-koedern-2510-200708.html
New Android Banking Trojan -Klopatra- Uses Hidden VNC to Control Infected Smartphones
A previously undocumented Android banking trojan called Klopatra has compromised over 3,000 devices, with a majority of the infections reported in Spain and Italy.Italian fraud prevention firm Cleafy, which discovered the sophisticated malware ..
https://thehackernews.com/2025/10/new-android-banking-trojan-klopatra.html
Hackers Exploit Milesight Routers to Send Phishing SMS to European Users
Unknown threat actors are abusing Milesight industrial cellular routers to send SMS messages as part of a smishing campaign targeting users in European countries since at least February 2022.French cybersecurity company SEKOIA said the attackers are exploiting ..
https://thehackernews.com/2025/10/hackers-exploit-milesight-routers-to.html
Red Hat OpenShift AI Flaw Exposes Hybrid Cloud Infrastructure to Full Takeover
A severe security flaw has been disclosed in the Red Hat OpenShift AI service that could allow attackers to escalate privileges and take control of the complete infrastructure under certain conditions.OpenShift AI is a platform for managing the lifecycle ..
https://thehackernews.com/2025/10/critical-red-hat-openshift-ai-flaw.html
OneLogin Bug Let Attackers Use API Keys to Steal OIDC Secrets and Impersonate Apps
A high-severity security flaw has been disclosed in the One Identity OneLogin Identity and Access Management (IAM) solution that, if successfully exploited, could expose sensitive OpenID Connect (OIDC) application client secrets under certain ..
https://thehackernews.com/2025/10/onelogin-bug-let-attackers-use-api-keys.html
Neue Phishing-Wellen im Namen der WKO
Kriminelle versuchen aktuell über zwei Maschen im Namen der Wirtschaftskammer Österreich für Schaden zu sorgen. Dabei geht es um die Aktualisierung von Unternehmensdaten und Zahlungsinformationen zum Mitgliedsbeitrag. Besonders gefährlich: Für ..
https://www.watchlist-internet.at/news/phishing-wellen-wko/
TOTOLINK X6000R: Three New Vulnerabilities Uncovered
Researchers identified vulnerabilities in TOTOLINK X6000R routers: CVE-2025-52905, CVE-2025-52906 and CVE-2025-52907. We discuss root cause and impact.
https://unit42.paloaltonetworks.com/totolink-x6000r-vulnerabilities/
North Korea IT worker scheme expanding to more industries, countries outside of US tech sector
Okta said their new research into the scheme revealed that North Korea has honed its skills on U.S.-based companies and has expanded into dozens of different countries and industries.
https://therecord.media/north-korea-it-worker-scheme-expands-outisde-us-tech
Detour Dog-s DNS Hijacking Infects 30,000 Websites with Strela Stealer
Infoblox reveals how the Detour Dog group used server-side DNS to compromise 30,000+ sites across 89 countries, installing the stealthy Strela Stealer malware.
https://hackread.com/detour-dog-dns-hijacking-websites-strela-stealer/
Sicherheitsupdate: Schadcode-Lücke bedroht NAS-Modelle von Western Digital
Angreifer können bestimmte Netzwerkspeicher von Western Digital mit My Cloud OS attackieren.
https://heise.de/-10696726
Vulnerabilities
Security updates for Wednesday
Security updates have been issued by AlmaLinux (kernel, kernel-rt, mysql:8.0, and openssh), Debian (libcommons-lang-java, libcommons-lang3-java, libcpanel-json-xs-perl, libjson-xs-perl, libxml2, open-vm-tools, and u-boot), Fedora (bird, dnsdist, mapserver, ntpd-rs, python-nh3, and rust-ammonia), Oracle (kernel and mysql:8.0), Red Hat (cups, postgresql:12, and postgresql:13), SUSE (cJSON-devel, gimp, kernel-devel, kubecolor, open-vm-tools, openssl-1_1, openssl-3, and ruby3.4-rubygem-rack), ..
https://lwn.net/Articles/1040375/
CISA Releases Ten Industrial Control Systems Advisories
CISA released ten Industrial Control Systems (ICS) advisories on September 30, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.ICSA-25-273-01 MegaSys Enterprises Telenium Online Web ApplicationICSA-25-273-02 Festo SBRD-Q/SBOC-Q/SBOI-QICSA-25-273-03 Festo CPX-CEC-C1 and ..
https://www.cisa.gov/news-events/alerts/2025/09/30/cisa-releases-ten-industrial-control-systems-advisories