Tageszusammenfassung - 05.05.2025

End-of-Day report

Timeframe: Freitag 02-05-2025 18:00 - Montag 05-05-2025 18:00 Handler: Alexander Riepl

News

Magento supply chain attack compromises hundreds of e-stores

A supply chain attack involving 21 backdoored Magento extensions has compromised between 500 and 1,000 e-commerce stores, including one belonging to a $40 billion multinational.

https://www.bleepingcomputer.com/news/security/magento-supply-chain-attack-compromises-hundreds-of-e-stores/


StealC malware enhanced with stealth upgrades and data theft tools

The creators of StealC, a widely-used information stealer and malware downloader, have released its second major version, bringing multiple stealth and data theft enhancements.

https://www.bleepingcomputer.com/news/security/stealc-malware-enhanced-with-stealth-upgrades-and-data-theft-tools/


Shuffling the Greatest Hits: How DragonForce Ransomware Samples LockBit and Conti Into a Ransomware Jukebox

DragonForce ransomware has been assessed as a sophisticated threat that tactically deploys payloads derived from leaked source code of both the notorious LockBit 3.0 and Conti ransomware families. While the samples share some similar core functionality, DragonForce distinguishes itself in several ..

https://hybrid-analysis.blogspot.com/2025/05/shuffling-greatest-hits-how-dragonforce.html


Iranian Hackers Maintain 2-Year Access to Middle East CNI via VPN Flaws and Malware

An Iranian state-sponsored threat group has been attributed to a long-term cyber intrusion aimed at a critical national infrastructure (CNI) in the Middle East that lasted nearly two years.The activity, which lasted from at least May 2023 to February 2025, ..

https://thehackernews.com/2025/05/iranian-hackers-maintain-2-year-access.html


CISA Adds Two Known Exploited Vulnerabilities to Catalog

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.

https://www.cisa.gov/news-events/alerts/2025/05/02/cisa-adds-two-known-exploited-vulnerabilities-catalog


CVE-2025-31324: Critical SAP NetWeaver Vulnerability Actively Exploited

SAP has recently released a critical security patch for a severe vulnerability in SAP NetWeaver Visual Composer that has been actively exploited in the wild. The vulnerability, tracked as CVE-2025-31324, has recently been patched with the release of SAP Security Note 3594142.

https://www.truesec.com/hub/blog/cve-2025-31324-critical-sap-netweaver-vulnerability-actively-exploited


DragonForce Ransomware Cartel attacks on UK high street retailers: walking in the front door

The individuals operating under the DragonForce banner and attacking UK high street retailers are using social engineering for entry. I think it-s in the public interest to break down what is happening.

https://doublepulsar.com/dragonforce-ransomware-cartel-attacks-on-uk-high-street-retailers-walking-in-the-front-door-52ed8ba68534


NPM targeted by malware campaign mimicking familiar library names

Developers looking for familiar packages from other programming languages are increasingly falling victim to malicious attacks. Summary #The Socket threat research team uncovered a coordinated malware operation across the NPM ecosystem. The actor behind the campaign published dozens of malicious NPM packages that mimic well-known Python, Java, C++, .NET, ..

https://socket.dev/blog/npm-targeted-by-malware-campaign-mimicking-familiar-library-names


Apache Parquet Java Vulnerability CVE-2025-46762 Exposes Systems to Remote Code Execution Attacks

A vulnerability has been identified in Apache Parquet Java, which could leave systems exposed to remote code execution (RCE) attacks. Apache Parquet contributor Gang Wu discovered, this flaw, tracked as CVE-2025-46762, ..

https://thecyberexpress.com/apache-parquet-java-flaw-cve-2025-46762/


Vulnerabilities

Security updates for Monday

Security updates have been issued by Debian (ansible, containerd, and vips), Fedora (chromium, java-17-openjdk, nodejs-bash-language-server, nodejs-pnpm, ntpd-rs, redis, rust-hickory-proto, thunderbird, and valkey), Mageia (apache-mod_auth_openidc, fcgi, graphicsmagick, kernel-linus, pam, poppler, and tomcat), Red Hat (firefox, libsoup, nodejs:20, redis:6, ..

https://lwn.net/Articles/1020130/