Tageszusammenfassung - 23.10.2025

End-of-Day report

Timeframe: Mittwoch 22-10-2025 18:00 - Donnerstag 23-10-2025 18:00 Handler: Guenes Holler Co-Handler: n/a

News

Cache poisoning vulnerabilities found in 2 DNS resolving apps

The makers of BIND, the Internet-s most widely used software for resolving domain names, are warning of two vulnerabilities that allow attackers to poison entire caches of results and send users to malicious destinations that are indistinguishable from the real ones.

https://arstechnica.com/security/2025/10/bind-warns-of-bugs-that-could-bring-dns-cache-attack-back-from-the-dead/

BSI warnt: Laufende Angriffe gefährden fast 7.000 deutsche Firewalls

Die Anzahl anfälliger Watchguard-Firewalls geht bisher nur schleppend zurück. Jetzt schlägt das BSI Alarm und warnt vor laufenden Attacken.

https://www.golem.de/news/bsi-warnt-laufende-angriffe-gefaehrden-fast-7-000-deutsche-firewalls-2510-201466.html

Over 250 Magento Stores Hit Overnight as Hackers Exploit New Adobe Commerce Flaw

E-commerce security company Sansec has warned that threat actors have begun to exploit a recently disclosed security vulnerability in Adobe Commerce and Magento Open Source platforms, with more than 250 attack attempts recorded against multiple stores over the past 24 hours.

https://thehackernews.com/2025/10/over-250-magento-stores-hit-overnight.html

The Smishing Deluge: China-Based Campaign Flooding Global Text Messages

We are attributing an ongoing smishing (phishing via text message) campaign of fraudulent toll violation and package misdelivery notices to a group widely known as the Smishing Triad. Our analysis indicates this campaign is a significantly more extensive and complex threat than previously reported. Attackers have impersonated international services across a wide array of critical sectors.

https://unit42.paloaltonetworks.com/global-smishing-campaign/

Bitter APT Exploiting Old WinRAR Vulnerability in New Backdoor Attacks

A cyber-espionage group known as Bitter (APT-Q-37), widely thought to operate from South Asia, is using new, sneaky methods to install a malicious backdoor program on computers belonging to high-value targets.

https://hackread.com/bitter-apt-winrar-vulnerability-backdoor-attacks/

PhantomCaptcha RAT Attack Targets Aid Groups Supporting Ukraine

SentinelLABS- research reveals PhantomCaptcha, a highly coordinated, one-day cyber operation on Oct 8, 2025, targeting the International Red Cross, UNICEF, and Ukraine government groups using fake emails and a Remote Access Trojan (RAT) linked to Russian infrastructure.

https://hackread.com/phantomcaptcha-rat-attack-targets-ukraine/

North Korean Hackers Lure Defense Engineers With Fake Jobs to Steal Drone Secrets

Threat actors with ties to North Korea have been attributed to a new wave of attacks targeting European companies active in the defense industry as part of a long-running campaign known as Operation Dream Job.

https://thehackernews.com/2025/10/north-korean-hackers-lure-defense.html

Vulnerabilities

Sicherheitslücken: GitLab-Entwickler raten zu zügigem Update

Um GitLab-Instanzen gegen mögliche Angriffe zu schützen, sollten Admins die verfügbaren Sicherheitspatches zeitnah installieren. Geschieht das nicht, können Angreifer an sieben Sicherheitslücken ansetzen.

https://www.heise.de/news/Sicherheitsluecken-GitLab-Entwickler-raten-zu-zuegigem-Update-10812208.html

Security updates for Thursday

Security updates have been issued by AlmaLinux (ipa, kernel, and thunderbird), Debian (gdk-pixbuf, gegl, gimp, intel-microcode, raptor2, request-tracker4, and request-tracker5), Fedora (samba and wireshark), Mageia (haproxy, nginx, openssl, and python-django), Oracle (kernel and thunderbird), Red Hat (redis and redis:7), Slackware (bind), SUSE (aws-cli, local-npm-registry, python-boto3, python- botocore, python-coverage, python-flaky, python-pluggy, python-pytest, python- pytest-cov, python-pytest-html, python-pytest-metada, cargo-audit-advisory-db-20251021, fetchmail, git-bug, ImageMagick, istioctl, kernel, krb5, libsoup, libxslt, python-Authlib, and sccache), and Ubuntu (bind9, linux, linux-aws, linux-azure, linux-azure-6.8, linux-gcp, linux-gkeop, linux-ibm, linux-ibm-6.8, linux-lowlatency, linux-lowlatency-hwe-6.8, linux-oracle, linux-azure, linux-azure-5.15, linux-gcp-5.15, linux-gcp-6.8, linux-gke, linux-nvidia, linux-nvidia-6.8, linux-nvidia-lowlatency, and linux-realtime, linux-realtime-6.8).

https://lwn.net/Articles/1043027/

OpenWRT: Updates schließen Sicherheitslücken in Router-Betriebssystem

Im quelloffenen Linux-Betriebssystem OpenWRT haben die Entwickler zwei Sicherheitslücken geschlossen. Sie ermöglichen unter Umständen das Einschleusen und Ausführen von Schadcode sowie die Ausweitung von Rechten. Die Schwachstellen gelten als hochriskant. Wer OpenWRT einsetzt, sollte daher die aktualisierten Images installieren.

https://heise.de/-10811056