End-of-Day report
Timeframe: Freitag 24-10-2025 18:00 - Montag 27-10-2025 18:00
Handler: Alexander Riepl
Co-Handler: n/a
News
New CoPhish attack steals OAuth tokens via Copilot Studio agents
A new phishing technique dubbed CoPhish weaponizes Microsoft Copilot Studio agents to deliver fraudulent OAuth consent requests via legitimate and trusted Microsoft domains.
https://www.bleepingcomputer.com/news/security/new-cophish-attack-steals-oauth-tokens-via-copilot-studio-agents/
Hackers steal Discord accounts with RedTiger-based infostealer
Attackers are using the open-source red-team tool RedTiger to build an infostealer that collects Discord account data and payment information.
https://www.bleepingcomputer.com/news/security/hackers-steal-discord-accounts-with-redtiger-based-infostealer/
Dringend patchen: Hacker attackieren Windows-Server über kritische WSUS-Lücke
Angreifer können unter anderem manipulierte Windows-Updates einschleusen und diese an Clients verteilen lassen. Admins sollten schnell handeln.
https://www.golem.de/news/dringend-patchen-windows-server-werden-ueber-wsus-luecke-attackiert-2510-201545.html
Mem3nt0 mori - The Hacking Team is back!
Kaspersky researchers discovered previously unidentified commercial Dante spyware developed by Memento Labs (formerly Hacking Team) and linked it to the ForumTroll APT attacks.
https://securelist.com/forumtroll-apt-hacking-team-dante-spyware/117851/
North Korea Has Stolen Billions in Cryptocurrency and Tech Firm Salaries, Report Says
The Associated Press reports that "North Korean hackers have pilfered billions of dollars" by breaking into cryptocurrency exchanges and by creating fake identities to get remote tech jobs at foreign companies - all orchestrated by the North Korean government to finance R&D on nuclear arms. Thats according to a new the 138-page report by a group watching ..
https://yro.slashdot.org/story/25/10/25/1246241/north-korea-has-stolen-billions-in-cryptocurrency-and-tech-firm-salaries-report-says
ChatGPT Atlas Browser Can Be Tricked by Fake URLs into Executing Hidden Commands
The newly released OpenAI Atlas web browser has been found to be susceptible to a prompt injection attack where its omnibox can be jailbroken by disguising a malicious prompt as a seemingly harmless URL to ..
https://thehackernews.com/2025/10/chatgpt-atlas-browser-can-be-tricked-by.html
Qilin Ransomware Combines Linux Payload With BYOVD Exploit in Hybrid Attack
The ransomware group known as Qilin (aka Agenda, Gold Feather, and Water Galura) has claimed more than 40 victims every month since the start of 2025, barring January, with the number of postings on its data leak site touching a high of 100 cases in ..
https://thehackernews.com/2025/10/qilin-ransomware-combines-linux-payload.html
X says passkey reset isnt about a security issue - its to finally kill off twitter.com
Social media site dispatches crucial clarification days after curious announcement X (formerly Twitter) sparked security concerns over the weekend when it announced users must re-enroll their security keys by November 10 or face account lockouts - without initially explaining why.
https://www.theregister.com/2025/10/27/x_passkey_reset/
Collins Aerospace: Alte Passwörter und verzögerte Reaktion ermöglichen Datenklau
Neue Details zum Cyberangriff auf Collins Aerospace: Alte Passwörter ermöglichten Datenklau, wohl Millionen Passagierdaten betroffen - mehr als nur Ransomware.
https://www.heise.de/news/Collins-Aerospace-Alte-Passwoerter-und-verzoegerte-Reaktion-ermoeglichen-Datenklau-10900172.html
Ubiquiti UniFi Access: Angreifer können sich unbefugt Zugriff verschaffen
In Ubiquitis UniFi Door Access klafft eine kritische Sicherheitslücke, die Angreifern unbefugten Zugriff ermöglicht.
https://www.heise.de/news/Ubiquiti-UniFi-Access-Angreifer-koennen-sich-unbefugt-Zugriff-verschaffen-10900318.html
Angreifer können Authentifizierung bei Dell Storage Manager umgehen
In einer aktuellen Version von Dells Storage Manager haben die Entwickler drei Sicherheitslücken geschlossen.
https://www.heise.de/news/Angreifer-koennen-Authentifizierung-bei-Dell-Storage-Manager-umgehen-10900228.html
Schneider Electric Opfer der Oracle E-Business Suite 0-day Schwachstelle CVE-2025-61882
Nutzer der Oracle Oracle E-Business Suite (EBS) werden seit Juli 2025 über eine erst am 4. Oktober 2025 gepatchte 0-day-Schwachstelle CVE-2025-61882 erfolgreich angegriffen. Inzwischen werden die Namen von Opfern bekannt. So ist ..
https://www.borncity.com/blog/2025/10/24/oracle-e-business-suite-0-day-schwachstelle-cve-2025-61882/
Distribution of Rhadamanthys Malware Disguised as a Game Developed with Ren-Py
AhnLab SEcurity intelligence Center (ASEC) has confirmed that the Infostealer malware Rhadamanthys is being distributed disguised as a game created with RenPy. RenPy is a game development tool based on Python that allows users to easily ..
https://asec.ahnlab.com/en/90767/
Uncovering Qilin attack methods exposed through multiple cases
Cisco Talos investigated the Qilin ransomware group, uncovering its frequent attacks on the manufacturing sector, use of legitimate tools for credential theft and data exfiltration, and sophisticated methods for lateral movement, evasion, and persistence.
https://blog.talosintelligence.com/uncovering-qilin-attack-methods-exposed-through-multiple-cases/
Vulnerabilities
Unauthenticated Local File Disclosure in MPDV Mikrolab MIP 2 / FEDRA 2 / HYDRA X Manufacturing Execution System
https://sec-consult.com/vulnerability-lab/advisory/unauthenticated-local-file-disclosure-in-mpdv-mikrolab-mip-2-fedra-2-hydra-x-manufacturing-execution-system/
Potential Security Impact of ASP.NET Vulnerability on NetBak PC Agent
https://www.qnap.com/en-us/security-advisory/QSA-25-44