Tageszusammenfassung - 09.07.2025

End-of-Day report

Timeframe: Dienstag 08-07-2025 18:00 - Mittwoch 09-07-2025 18:00 Handler: Alexander Riepl Co-Handler: n/a

News

New Android TapTrap attack fools users with invisible UI trick

A novel tapjacking technique can exploit user interface animations to bypass Androids permission system and allow access to sensitive data or trick users into performing destructive actions, such as wiping the device.

https://www.bleepingcomputer.com/news/security/new-android-taptrap-attack-fools-users-with-invisible-ui-trick/


Update nicht verteilt: Mainboard-Hersteller laut AMD schuld an ungefixtem TPM-Bug

Schon seit 2022 hat AMD einen Fix für einen Bug, der Windows-Nutzer mit aktivem Bitlocker aussperren kann. Doch die Mainboard-Hersteller liefern nicht.

https://www.golem.de/news/fix-nicht-ausgeliefert-amd-kritisiert-mainboard-hersteller-fuer-umgang-mit-tpm-bug-2507-197912.html


Massive browser hijacking campaign infects 2.3M Chrome, Edge users

These extensions werent malware-laced from the start, researcher says A Chrome and Edge extension with more than 100,000 downloads that displays Googles verified badge does what it purports to do: It delivers a color picker to users. Unfortunately, it also ..

https://www.theregister.com/2025/07/08/browser_hijacking_campaign/


Patchday: Microsoft schließt 100.000-$-Lücke in SharePoint aus Hacker-Wettbewerb

Update-Sammlung veröffentlicht: Um Attacken vorzubeugen, sollten Admins sicherstellen, dass ihre Microsoft-Produkte auf dem aktuellen Stand sind.

https://www.heise.de/news/Patchday-Microsoft-schliesst-100-000-Luecke-in-SharePoint-aus-Hacker-Wettbewerb-10479811.html


Patchday: Adobe schützt After Effects & Co. vor möglichen Attacken

Mehrere Adobe-Anwendungen sind unter anderem für DoS- und Schadcode-Attacken anfällig. Sicherheitsupdates schaffen Abhilfe.

https://www.heise.de/news/Patchday-Adobe-schuetzt-After-Effects-Co-vor-moeglichen-Attacken-10479838.html


Advancing Protection in Chrome on Android

Android recently announced Advanced Protection, which extends Google-s Advanced Protection Program to a device-level security setting for Android users that need heightened security-such as journalists, elected officials, and public figures. Advanced ..

http://security.googleblog.com/2025/07/advancing-protection-in-chrome-on.html


Angeblicher Gewinn im Namen von MediaMarkt führt in Abofalle

Sie haben eine E-Mail im Namen von MediaMarkt mit einer angeblichen Gewinnbenachrichtigung erhalten? Darin sollen Sie auf einen Link klicken und zwei Euro Versandgebühr zahlen, um den Gewinn einzulösen? Dann ist Vorsicht geboten! Dahinter verbirgt sich kein Gewinn, sondern eine teure Abofalle.

https://www.watchlist-internet.at/news/angeblicher-gewinn-bei-media-markt-fuehrt-in-abofalle/


Kritische Sicherheitslücke CVE-2025-47981 in Windows SPNEGO - Update dringend empfohlen

Microsoft hat eine kritische Sicherheitslücke im Windows SPNEGO Extended Negotiation (NEGOEX) Security Mechanism veröffentlicht. Die Schwachstelle ermöglicht es Angreifern, aus der Ferne und ohne Authentifizierung beliebigen Code auf ..

https://www.cert.at/de/warnungen/2025/7/kritische-sicherheitslucke-cve-2025-47981-in-windows-spnego-update-dringend-empfohlen


Iranian ransomware group offers bigger payouts for attacks on Israel, US

The Iran-linked ransoware-as-a-service group Pay2Key.I2P told affiliates that they can keep a larger cut of extortion payments if they attack entities within Irans adversaries.

https://therecord.media/iran-ransomware-group-pay2keyi2p-israel-us-targets


Treasury sanctions key player behind North Korean IT worker scheme

The United States identified and sanctioned another North Korean involved with the countrys IT worker schemes, this time for illicit operations based in China and Russia.

https://therecord.media/north-korea-it-worker-scheme-us-sanctions-song-kum-hyok


Fake CNN and BBC sites used to push investment scams

Thousands of web pages falsely branded as popular news sites are conduits for fake cryptocurrency investment scams, researchers said.

https://therecord.media/news-websites-faked-to-spread-investment-scams


CVE-2025-48384: Breaking git with a carriage return and cloning RCE

tl;dr: On Unix-like platforms, if you use git clone --recursive on an untrusted repo, it could achieve remote code execution. Update to a fixed version of Git and other software that embeds Git (including GitHub Desktop).

https://dgl.cx/2025/07/git-clone-submodule-cve-2025-48384


Supabase MCP can leak your entire SQL database

Model Context Protocol (MCP) has emerged as a standard way for LLMs to interact with external tools. While this unlocks new capabilities, it also introduces new risk surfaces. In this post, we show how an attacker can exploit Supabase-s MCP integration to leak a developer-s private SQL tables.

https://www.generalanalysis.com/blog/supabase-mcp-blog


Vulnerabilities

A set of Git security-fix releases

Versions v2.43.7, v2.44.4, v2.45.4, v2.46.4, v2.47.3, v2.48.2, v2.49.1 andv2.50.1 of the Git source-code management system have been released."This is a set of coordinated security fix releases. Please update at your earliest convenience". See the announcement for details;many of the vulnerabilities have to do with tricks buried in untrusted repositories.

https://lwn.net/Articles/1029182/


SQL injection in forward module

An Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) vulnerability [CWE-89] in FortiManager and FortiAnalyzer may allow an authenticated attacker with high privilege to extract database information via crafted requests.

https://fortiguard.fortinet.com/psirt/FG-IR-24-437