End-of-Day report
Timeframe: Freitag 02-05-2025 18:00 - Montag 05-05-2025 18:00
Handler: Alexander Riepl
News
Magento supply chain attack compromises hundreds of e-stores
A supply chain attack involving 21 backdoored Magento extensions has compromised between 500 and 1,000 e-commerce stores, including one belonging to a $40 billion multinational.
https://www.bleepingcomputer.com/news/security/magento-supply-chain-attack-compromises-hundreds-of-e-stores/
StealC malware enhanced with stealth upgrades and data theft tools
The creators of StealC, a widely-used information stealer and malware downloader, have released its second major version, bringing multiple stealth and data theft enhancements.
https://www.bleepingcomputer.com/news/security/stealc-malware-enhanced-with-stealth-upgrades-and-data-theft-tools/
Shuffling the Greatest Hits: How DragonForce Ransomware Samples LockBit and Conti Into a Ransomware Jukebox
DragonForce ransomware has been assessed as a sophisticated threat that tactically deploys payloads derived from leaked source code of both the notorious LockBit 3.0 and Conti ransomware families. While the samples share some similar core functionality, DragonForce distinguishes itself in several ..
https://hybrid-analysis.blogspot.com/2025/05/shuffling-greatest-hits-how-dragonforce.html
Iranian Hackers Maintain 2-Year Access to Middle East CNI via VPN Flaws and Malware
An Iranian state-sponsored threat group has been attributed to a long-term cyber intrusion aimed at a critical national infrastructure (CNI) in the Middle East that lasted nearly two years.The activity, which lasted from at least May 2023 to February 2025, ..
https://thehackernews.com/2025/05/iranian-hackers-maintain-2-year-access.html
CISA Adds Two Known Exploited Vulnerabilities to Catalog
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.
https://www.cisa.gov/news-events/alerts/2025/05/02/cisa-adds-two-known-exploited-vulnerabilities-catalog
CVE-2025-31324: Critical SAP NetWeaver Vulnerability Actively Exploited
SAP has recently released a critical security patch for a severe vulnerability in SAP NetWeaver Visual Composer that has been actively exploited in the wild. The vulnerability, tracked as CVE-2025-31324, has recently been patched with the release of SAP Security Note 3594142.
https://www.truesec.com/hub/blog/cve-2025-31324-critical-sap-netweaver-vulnerability-actively-exploited
DragonForce Ransomware Cartel attacks on UK high street retailers: walking in the front door
The individuals operating under the DragonForce banner and attacking UK high street retailers are using social engineering for entry. I think it-s in the public interest to break down what is happening.
https://doublepulsar.com/dragonforce-ransomware-cartel-attacks-on-uk-high-street-retailers-walking-in-the-front-door-52ed8ba68534
NPM targeted by malware campaign mimicking familiar library names
Developers looking for familiar packages from other programming languages are increasingly falling victim to malicious attacks. Summary #The Socket threat research team uncovered a coordinated malware operation across the NPM ecosystem. The actor behind the campaign published dozens of malicious NPM packages that mimic well-known Python, Java, C++, .NET, ..
https://socket.dev/blog/npm-targeted-by-malware-campaign-mimicking-familiar-library-names
Apache Parquet Java Vulnerability CVE-2025-46762 Exposes Systems to Remote Code Execution Attacks
A vulnerability has been identified in Apache Parquet Java, which could leave systems exposed to remote code execution (RCE) attacks. Apache Parquet contributor Gang Wu discovered, this flaw, tracked as CVE-2025-46762, ..
https://thecyberexpress.com/apache-parquet-java-flaw-cve-2025-46762/
Vulnerabilities
Security updates for Monday
Security updates have been issued by Debian (ansible, containerd, and vips), Fedora (chromium, java-17-openjdk, nodejs-bash-language-server, nodejs-pnpm, ntpd-rs, redis, rust-hickory-proto, thunderbird, and valkey), Mageia (apache-mod_auth_openidc, fcgi, graphicsmagick, kernel-linus, pam, poppler, and tomcat), Red Hat (firefox, libsoup, nodejs:20, redis:6, ..
https://lwn.net/Articles/1020130/