Tageszusammenfassung - 30.06.2025

End-of-Day report

Timeframe: Freitag 27-06-2025 18:00 - Montag 30-06-2025 18:00 Handler: Michael Schlagenhaufer Co-Handler: Alexander Riepl

News

Scattered Spider hackers shift focus to aviation, transportation firms

Hackers associated with Scattered Spider tactics have expanded their targeting to the aviation and transportation industries after previously attacking insurance and retail sectors.

https://www.bleepingcomputer.com/news/security/scattered-spider-hackers-shift-focus-to-aviation-transportation-firms/


Let-s Encrypt ends certificate expiry emails to cut costs, boost privacy

Lets Encrypt has announced it will no longer notify users about imminent certificate expirations via email due to high costs, privacy concerns, and unnecessary complexities.

https://www.bleepingcomputer.com/news/security/lets-encrypt-ends-certificate-expiry-emails-to-cut-costs-boost-privacy/


Unveiling RIFT: Enhancing Rust malware analysis through pattern matching

As threat actors are adopting Rust for malware development, RIFT, an open-source tool, helps reverse engineers analyze Rust malware, solving challenges in the security industry.

https://www.microsoft.com/en-us/security/blog/2025/06/27/unveiling-rift-enhancing-rust-malware-analysis-through-pattern-matching/


Stealthy WordPress Malware Drops Windows Trojan via PHP Backdoor

Last month, we encountered a particularly interesting and complex malware case that stood out from the usual infections we see in compromised WordPress websites. At first glance, the site looked clean, no visible signs of defacement, no malicious redirects, and nothing suspicious in the plugin list. But beneath the surface, a hidden infection chain was ..

https://blog.sucuri.net/2025/06/stealthy-wordpress-malware-drops-windows-trojan-via-php-backdoor.html


GIFTEDCROOK Malware Evolves: From Browser Stealer to Intelligence-Gathering Tool

The threat actor behind the GIFTEDCROOK malware has made significant updates to turn the malicious program from a basic browser data stealer to a potent intelligence-gathering tool."Recent campaigns in June 2025 demonstrate GIFTEDCROOKs enhanced ..

https://thehackernews.com/2025/06/giftedcrook-malware-evolves-from.html


IGF25: Diktatoren und Demokraten im globalen Süden als Kunden von Spyware

Spyware wie Pegasus von der NSO-Group wird zunehmend ein politisches Problem. Das war eine der Erkenntnisse des Internet Governance Forums in Norwegen.

https://www.heise.de/news/IGF25-Diktatoren-und-Demokraten-im-globalen-Sueden-als-Kunden-von-Spyware-10463332.html


"CitrixBleed 2": Indizien für laufende Angriffe auf Sicherheitsleck

Eine Citrix-Netscaler-Lücke mit dem Spitznamen "CitrixBleed 2" ist gravierend. Nun wird sie offenbar attackiert.

https://www.heise.de/news/CitrixBleed-2-Indizien-fuer-laufende-Angriffe-auf-Sicherheitsleck-10464142.html


Cybergang erpresst Welthungerhilfe um 1,8 Millionen Euro

Die Cybergang Rhysida ist bei der Welthungerhilfe eingebrochen und hat Daten kopiert. Nun wollen die Täter 20 Bitcoins dafür.

https://www.heise.de/news/Ransomwareattacke-auf-Welthungerhilfe-10464644.html


Dubiose Inkassoforderungen: Was tun bei plötzlichen Mahnschreiben?

Sie öffnen Ihr E-Mail-Postfach oder Ihren Briefkasten und finden ein Schreiben eines Inkassounternehmens. Angeblich haben Sie eine Rechnung nicht bezahlt, können sich aber nicht daran erinnern, etwas bestellt zu haben. Dieses Szenario ist leider keine Seltenheit. Immer mehr Verbraucher:innen berichten über solche dubiosen Zahlungsaufforderungen. Wir zeigen Ihnen, wie Sie reagieren können.

https://www.watchlist-internet.at/news/dubiose-inkassoschreiben-was-tun-bei-ploetzlichen-mahnschreiben/


ESET Threat Report H1 2025

A view of the H1 2025 threat landscape as seen by ESET telemetry and from the perspective of ESET threat detection and research experts

https://www.welivesecurity.com/en/eset-research/eset-threat-report-h1-2025/


Hide Your RDP: Password Spray Leads to RansomHub Deployment

This intrusion began in November 2024 with a password spray attack targeting an internet-facing RDP server. Over the course of several hours, the threat actor ..

https://thedfirreport.com/2025/06/30/hide-your-rdp-password-spray-leads-to-ransomhub-deployment/


How 2 Ransomware Attacks on 2 Hospitals Led to 2 Deaths in Europe

Two deadly Ransomware Attacks on European hospitals show cybercrime now risks lives not just data with patients dying after treatment delays.

https://hackread.com/how-ransomware-attacks-hospitals-2-deaths-in-europe/


Protecting the Core: Securing Protection Relays in Modern Substations

Substations are critical nexus points in the power grid, transforming high-voltage electricity to ensure its safe and efficient delivery from power plants to millions of end-users. At the core of a modern substation lies the protection relay: an intelligent electronic device (IED) that plays a critical role in ..

https://cloud.google.com/blog/topics/threat-intelligence/securing-protection-relays-modern-substations/


GitHub Advisory Database by the numbers: Known security vulnerabilities and what you can do about them

Use these insights to automate software security (where possible) to keep your projects safe.

https://github.blog/security/github-advisory-database-by-the-numbers-known-security-vulnerabilities-and-what-you-can-do-about-them/


Ultimate Guide to API Pentesting: Hacking APIs for better Security

API Pentesting, or Application Programming Interface Penetration Testing, is the process of simulating real-world attacks against APIs to uncover vulnerabilities, misconfigurations, and flaws that could be exploited by malicious actors. Unlike traditional web applications, APIs are designed to be consumed by machines-often exposing ..

https://fortbridge.co.uk/research/ultimate-guide-to-api-pentesting-hacking-apis-for-better-security


Vulnerabilities

Security updates for Monday

Security updates have been issued by AlmaLinux (mod_proxy_cluster), Debian (catdoc, chromium, nagvis, and sudo), Fedora (chromium, gum, kubernetes1.32, moodle, podman, python3-docs, python3.13, salt, and tigervnc), Mageia (x11-server, x11-server-xwayland & tigervnc), Oracle (apache-commons-beanutils, exiv2, expat, firefox, git, git-lfs, gstreamer1-plugins-bad-free, ipa, java-21-openjdk, kea, kernel, libarchive, libblockdev, libsoup3, libvpx, libxslt, mod_auth_openidc, nodejs22, ..

https://lwn.net/Articles/1027769/


Marvell QConvergeConsole: Multible 0Day Vulnerabilities

https://www.zerodayinitiative.com/advisories/published/