End-of-Day report
Timeframe: Mittwoch 03-09-2025 18:00 - Donnerstag 04-09-2025 18:00
Handler: Alexander Riepl
Co-Handler: n/a
News
Mis-issued certificates for 1.1.1.1 DNS service pose a threat to the Internet
The three certificates were issued in May but only came to light Wednesday.
https://arstechnica.com/security/2025/09/mis-issued-certificates-for-1-1-1-1-dns-service-pose-a-threat-to-the-internet/
Automated Sextortion Spyware Takes Webcam Pics of Victims Watching Porn
A new specimen of -infostealer- malware offers a disturbing feature: It monitors a targets browser for NSFW content, then takes simultaneous screenshots and webcam photos of the victim.
https://www.wired.com/story/stealerium-infostealer-porn-sextortion/
Serientäter bekennen sich zu IT-Angriff auf Jaguar Land Rover
Drei britische Verbrecherbanden haben sich offenbar zusammengetan. Sie prahlen mit der IT-Attacke auf Jaguar Land Rover.
https://www.heise.de/news/Serientaeter-bekennen-sich-zu-IT-Angriff-auf-Jaguar-Land-Rover-10631395.html
Kritische Infrastrukturen: Attacken auf industrielle Kontrollsysteme möglich
Es sind wichtige Sicherheitsupdates für industrielle Kontrollsysteme von unter anderem Hitachi erschienen. Ein Patch steht aber noch aus.
https://www.heise.de/news/Kritische-Infrastrukturen-Attacken-auf-industrielle-Kontrollsysteme-moeglich-10631872.html
TP-Link warns of botnet infecting routers and targeting Microsoft 365 accounts
The Quad7 botnet is adding End-of-Life TP-Link routers to its arsenal and using them to steal Microsoft 365 accounts.
https://www.malwarebytes.com/blog/news/2025/09/tp-link-warns-of-botnet-infecting-routers-and-targeting-microsoft-365-accounts
Microsoft-Support-Betrug: Phishing-Falle statt Online-Hilfe
Drängt ein Pop-up-Fenster zu einem Anruf bei der Microsoft-Helpline, ist allerhöchste Vorsicht angesagt! Hinter der Aufforderung warten nämlich keine IT-Expert:innen darauf, bei Computerproblemen weiterzuhelfen. Vielmehr wollen Kriminelle auf diesem Weg Zugriff auf das Konto ihrer Opfer bekommen.
https://www.watchlist-internet.at/news/microsoft-support-betrug/
Scattered Lapsus$ Hunters Demand Google Fire Security Experts or Face Data Leak
Scattered Lapsus$ Hunters threaten Google, demanding that two security experts, Austin Larsen of Google-s Threat Intelligence Group and Charles Carmakal of Mandiant, be fired or they will leak alleged stolen Google data.
https://hackread.com/scattered-lapsus-hunters-google-fire-experts-data-leak/
25,000 IPs Scanned Cisco ASA Devices - New Vulnerability Potentially Incoming
GreyNoise observed two scanning surges against Cisco Adaptive Security Appliance (ASA) devices in late August including more than 25,000 unique IPs in a single burst. This activity represents a significant elevation above baseline, typically registering at less than 500 IPs per day.
https://www.greynoise.io/blog/scanning-surge-cisco-asa-devices
ViewState Deserialization Zero-Day Vulnerability in Sitecore Products (CVE-2025-53690)
In a recent investigation, Mandiant Threat Defense discovered an active ViewState deserialization attack affecting Sitecore deployments leveraging a sample machine key that had been exposed in Sitecore deployment guides from 2017 and earlier. An attacker leveraged the exposed ASP.NET machine keys to perform remote code ..
https://cloud.google.com/blog/topics/threat-intelligence/viewstate-deserialization-zero-day-vulnerability/
Cookie Chaos: How to bypass __Host and __Secure cookie prefixes
Browsers added cookie prefixes to protect your sessions and stop attackers from setting harmful cookies. In this post, you-ll see how to bypass cookie defenses using discrepancies in browser and ..
https://portswigger.net/research/cookie-chaos-how-to-bypass-host-and-secure-cookie-prefixes
Linux Kernel SMB 0-Day Vulnerability CVE-2025-37899 Uncovered Using ChatGPT o3
For the first time, a zero-day vulnerability in the Linux kernel has been discovered using a large language model, OpenAI-s o3. Discovered by security researcher Sean Heelan and assigned ..
https://www.upwind.io/feed/linux-kernel-smb-0-day-vulnerability-cve-2025-37899-uncovered-using-chatgpt-o3
s1ngularitys Aftermath: AI, TTPs, and Impact in the Nx Supply Chain Attack
A deeper look at the Nx supply chain attack: analyzing the performance of AI-powered malware, calculating incident impact, and sharing novel TTPs for further investigation.
https://www.wiz.io/blog/s1ngularitys-aftermath
Nx Investigation Reveals GitHub Actions Workflow Exploit Led to npm Token Theft, Prompting Switch to Trusted Publishing
On August 26, 2025, the JavaScript ecosystem witnessed a watershed moment in supply chain security. The popular Nx build system, with over 4.6 million weekly downloads, fell victim to an attack that stole thousands of credentials and pioneered a disturbing new technique: weaponizing AI developer tools for scaling reconnaissance and data theft.The Nx team ..
https://socket.dev/blog/nx-supply-chain-attack-investigation-github-actions-workflow-exploit?utm_medium=feed
Exploit development for IBM i
At TROOPERS24, we demonstrated how IBM i systems - still widely used in enterprise environments - can be compromised in both authenticated and unauthenticated scenarios, using only built-in services and a basic understanding of the underlying mechanisms. Despite being labeled -legacy,- these systems remain active in finance, logistics, and manufacturing, often handling critical workloads with little attention paid to their security posture.
https://blog.silentsignal.eu/2025/09/04/Exploit-development-for-IBM-i/