End-of-Day report
Timeframe: Freitag 27-06-2025 18:00 - Montag 30-06-2025 18:00
Handler: Michael Schlagenhaufer
Co-Handler: Alexander Riepl
News
Scattered Spider hackers shift focus to aviation, transportation firms
Hackers associated with Scattered Spider tactics have expanded their targeting to the aviation and transportation industries after previously attacking insurance and retail sectors.
https://www.bleepingcomputer.com/news/security/scattered-spider-hackers-shift-focus-to-aviation-transportation-firms/
Let-s Encrypt ends certificate expiry emails to cut costs, boost privacy
Lets Encrypt has announced it will no longer notify users about imminent certificate expirations via email due to high costs, privacy concerns, and unnecessary complexities.
https://www.bleepingcomputer.com/news/security/lets-encrypt-ends-certificate-expiry-emails-to-cut-costs-boost-privacy/
Unveiling RIFT: Enhancing Rust malware analysis through pattern matching
As threat actors are adopting Rust for malware development, RIFT, an open-source tool, helps reverse engineers analyze Rust malware, solving challenges in the security industry.
https://www.microsoft.com/en-us/security/blog/2025/06/27/unveiling-rift-enhancing-rust-malware-analysis-through-pattern-matching/
Stealthy WordPress Malware Drops Windows Trojan via PHP Backdoor
Last month, we encountered a particularly interesting and complex malware case that stood out from the usual infections we see in compromised WordPress websites. At first glance, the site looked clean, no visible signs of defacement, no malicious redirects, and nothing suspicious in the plugin list. But beneath the surface, a hidden infection chain was ..
https://blog.sucuri.net/2025/06/stealthy-wordpress-malware-drops-windows-trojan-via-php-backdoor.html
GIFTEDCROOK Malware Evolves: From Browser Stealer to Intelligence-Gathering Tool
The threat actor behind the GIFTEDCROOK malware has made significant updates to turn the malicious program from a basic browser data stealer to a potent intelligence-gathering tool."Recent campaigns in June 2025 demonstrate GIFTEDCROOKs enhanced ..
https://thehackernews.com/2025/06/giftedcrook-malware-evolves-from.html
IGF25: Diktatoren und Demokraten im globalen Süden als Kunden von Spyware
Spyware wie Pegasus von der NSO-Group wird zunehmend ein politisches Problem. Das war eine der Erkenntnisse des Internet Governance Forums in Norwegen.
https://www.heise.de/news/IGF25-Diktatoren-und-Demokraten-im-globalen-Sueden-als-Kunden-von-Spyware-10463332.html
"CitrixBleed 2": Indizien für laufende Angriffe auf Sicherheitsleck
Eine Citrix-Netscaler-Lücke mit dem Spitznamen "CitrixBleed 2" ist gravierend. Nun wird sie offenbar attackiert.
https://www.heise.de/news/CitrixBleed-2-Indizien-fuer-laufende-Angriffe-auf-Sicherheitsleck-10464142.html
Cybergang erpresst Welthungerhilfe um 1,8 Millionen Euro
Die Cybergang Rhysida ist bei der Welthungerhilfe eingebrochen und hat Daten kopiert. Nun wollen die Täter 20 Bitcoins dafür.
https://www.heise.de/news/Ransomwareattacke-auf-Welthungerhilfe-10464644.html
Dubiose Inkassoforderungen: Was tun bei plötzlichen Mahnschreiben?
Sie öffnen Ihr E-Mail-Postfach oder Ihren Briefkasten und finden ein Schreiben eines Inkassounternehmens. Angeblich haben Sie eine Rechnung nicht bezahlt, können sich aber nicht daran erinnern, etwas bestellt zu haben. Dieses Szenario ist leider keine Seltenheit. Immer mehr Verbraucher:innen berichten über solche dubiosen Zahlungsaufforderungen. Wir zeigen Ihnen, wie Sie reagieren können.
https://www.watchlist-internet.at/news/dubiose-inkassoschreiben-was-tun-bei-ploetzlichen-mahnschreiben/
ESET Threat Report H1 2025
A view of the H1 2025 threat landscape as seen by ESET telemetry and from the perspective of ESET threat detection and research experts
https://www.welivesecurity.com/en/eset-research/eset-threat-report-h1-2025/
Hide Your RDP: Password Spray Leads to RansomHub Deployment
This intrusion began in November 2024 with a password spray attack targeting an internet-facing RDP server. Over the course of several hours, the threat actor ..
https://thedfirreport.com/2025/06/30/hide-your-rdp-password-spray-leads-to-ransomhub-deployment/
How 2 Ransomware Attacks on 2 Hospitals Led to 2 Deaths in Europe
Two deadly Ransomware Attacks on European hospitals show cybercrime now risks lives not just data with patients dying after treatment delays.
https://hackread.com/how-ransomware-attacks-hospitals-2-deaths-in-europe/
Protecting the Core: Securing Protection Relays in Modern Substations
Substations are critical nexus points in the power grid, transforming high-voltage electricity to ensure its safe and efficient delivery from power plants to millions of end-users. At the core of a modern substation lies the protection relay: an intelligent electronic device (IED) that plays a critical role in ..
https://cloud.google.com/blog/topics/threat-intelligence/securing-protection-relays-modern-substations/
GitHub Advisory Database by the numbers: Known security vulnerabilities and what you can do about them
Use these insights to automate software security (where possible) to keep your projects safe.
https://github.blog/security/github-advisory-database-by-the-numbers-known-security-vulnerabilities-and-what-you-can-do-about-them/
Ultimate Guide to API Pentesting: Hacking APIs for better Security
API Pentesting, or Application Programming Interface Penetration Testing, is the process of simulating real-world attacks against APIs to uncover vulnerabilities, misconfigurations, and flaws that could be exploited by malicious actors. Unlike traditional web applications, APIs are designed to be consumed by machines-often exposing ..
https://fortbridge.co.uk/research/ultimate-guide-to-api-pentesting-hacking-apis-for-better-security
Vulnerabilities
Security updates for Monday
Security updates have been issued by AlmaLinux (mod_proxy_cluster), Debian (catdoc, chromium, nagvis, and sudo), Fedora (chromium, gum, kubernetes1.32, moodle, podman, python3-docs, python3.13, salt, and tigervnc), Mageia (x11-server, x11-server-xwayland & tigervnc), Oracle (apache-commons-beanutils, exiv2, expat, firefox, git, git-lfs, gstreamer1-plugins-bad-free, ipa, java-21-openjdk, kea, kernel, libarchive, libblockdev, libsoup3, libvpx, libxslt, mod_auth_openidc, nodejs22, ..
https://lwn.net/Articles/1027769/
Marvell QConvergeConsole: Multible 0Day Vulnerabilities
https://www.zerodayinitiative.com/advisories/published/