End-of-Day report
Timeframe: Donnerstag 02-10-2025 18:00 - Freitag 03-10-2025 18:00
Handler: Guenes Holler
Co-Handler: Felician Fuchs
News
Oracle links Clop extortion attacks to July 2025 vulnerabilities
Oracle has linked an ongoing extortion campaign claimed by the Clop ransomware gang to E-Business Suite (EBS) vulnerabilities that were patched in July 2025.
https://www.bleepingcomputer.com/news/security/oracle-links-clop-extortion-attacks-to-july-security-flaws/
CommetJacking attack tricks Comet browser into stealing emails
A new attack called CometJacking exploits URL parameters to pass to Perplexitys Comet AI browser hidden instructions that allow access to sensitive data from connected services, like email and calendar.
https://www.bleepingcomputer.com/news/security/commetjacking-attack-tricks-comet-browser-into-stealing-emails/
Sicherheitslücke in Zahnarztpraxen-System
Bei einem von einigen Zahnarztpraxen eingesetzten Praxisverwaltungssystem hat es gravierende Schwachstellen gegeben - dadurch hätten Patientendaten gelesen und verändert werden können.
https://www.golem.de/news/security-sicherheitsluecke-in-zahnarztpraxen-system-2510-200661.html
Coordinated Grafana Exploitation Attempts on 28 September
GreyNoise observed a sharp one-day surge of exploitation attempts targeting CVE-2021-43798 - a Grafana path traversal vulnerability that enables arbitrary file reads. All observed IPs are classified as malicious.
https://www.greynoise.io/blog/coordinated-grafana-exploitation-attempts
Its Never Simple Until It Is (Dell UnityVSA Pre-Auth Command Injection CVE-2025-36604)
Welcome back, and what a week! We-re glad that happened for you and/or sorry that happened to you. It will get better and/or worse, and you will likely survive. Today, we-re walking down the garden path and digging into the archives, publishing our analysis of a vulnerability we discovered and disclosed to Dell in March 2025 within their UnityVSA solution.
https://labs.watchtowr.com/its-never-simple-until-it-is-dell-unityvsa-pre-auth-command-injection-cve-2025-36604/
Vulnerabilities
DrayTek warns of remote code execution bug in Vigor routers
Networking hardware maker DrayTek released an advisory to warn about a security vulnerability in several Vigor router models that could allow remote, unauthenticated actors to execute perform arbitrary code.
https://www.bleepingcomputer.com/news/security/draytek-warns-of-remote-code-execution-bug-in-vigor-routers/
Security updates for Friday
Security updates have been issued by AlmaLinux (idm:DL1), Debian (gegl and haproxy), Fedora (ffmpeg, firefox, freeipa, python-pip, rust-astral-tokio-tar, sqlite, uv, webkitgtk, and xen), Oracle (idm:DL1, ipa, kernel, perl-JSON-XS, and python3), Red Hat (git), SUSE (curl, frr, jupyter-jupyterlab, and libsuricata8_0_1), and Ubuntu (linux-aws, linux-lts-xenial, linux-aws-fips, linux-fips, linux-gcp-fips, linux-azure, linux-azure, linux-azure-6.8, linux-fips, linux-gcp-fips, and linux-intel-iot-realtime, linux-realtime).
https://lwn.net/Articles/1040729/
CISA Releases Two Industrial Control Systems Advisories
CISA released two Industrial Control Systems (ICS) advisories on October 2, 2025: ICSA-25-275-01 Raise3D Pro2 Series 3D Printers and ICSA-25-275-02 Hitachi Energy MSM Product.
https://www.cisa.gov/news-events/alerts/2025/10/02/cisa-releases-two-industrial-control-systems-advisories
Critical Splunk Vulnerabilities Expose Platforms to Remote JavaScript Injection and More
Splunk has disclosed six critical security vulnerabilities impacting multiple versions of both Splunk Enterprise and Splunk Cloud Platform. These Splunk vulnerabilities, collectively highlighting serious weaknesses in Splunk-s web components, could allow attackers to execute unauthorized JavaScript code remotely, access sensitive information, and perform server-side request forgery (SSRF) attacks.
https://thecyberexpress.com/critical-splunk-vulnerabilities/