Tageszusammenfassung - 30.07.2025

End-of-Day report

Timeframe: Dienstag 29-07-2025 18:00 - Mittwoch 30-07-2025 18:00 Handler: Felician Fuchs Co-Handler: Michael Schlagenhaufer

News

Attackers Can Use Browser Extensions to Inject AI Prompts

A brand-new cyberattack vector allows threat actors to use a poisoned browser extension to inject malicious prompts into all of the top generative AI tools on the market, including ChatGPT, Gemini, and others.

https://www.darkreading.com/vulnerabilities-threats/attackers-use-browser-extensions-inject-ai-prompts

PyPI Warns of Ongoing Phishing Campaign Using Fake Verification Emails and Lookalike Domain

The maintainers of the Python Package Index (PyPI) repository have issued a warning about an ongoing phishing attack thats targeting users in an attempt to redirect them to fake PyPI sites. The attack involves sending email messages bearing the subject line "[PyPI] Email verification" that are sent from the email address noreply@pypj[.]org (note that the domain is not "pypi[.]org").

https://thehackernews.com/2025/07/pypi-warns-of-ongoing-phishing-campaign.html

2025 Unit 42 Global Incident Response Report: Social Engineering Edition

Social engineering thrives on trust and is now boosted by AI. Unit 42 incident response data explains why its surging. We detail eight critical countermeasures.

https://unit42.paloaltonetworks.com/2025-unit-42-global-incident-response-report-social-engineering-edition/

Google Project Zero to publicly announce bugs within a week of reporting them

The vulnerability hunters at Google Project Zero want to address what they call the "upstream patch gap," when a vendor has a fix available but the downstream product providers havent integrated it yet.

https://therecord.media/google-project-zero-publicly-announce-vulnerabilities-week-after-reporting

Decryptor released for FunkSec ransomware; Avast works with law enforcement to help victims

Cybersecurity company Avast released a decryptor for the short-lived FunkSec ransomware and said it is assisting dozens of the gangs targets with the process.

https://therecord.media/funksec-ransomware-decryptor-avast

New Choicejacking Attack Steals Data from Phones via Public Chargers

Choicejacking is a new USB attack that tricks phones into sharing data at public charging stations, bypassing security prompts in milliseconds.

https://hackread.com/choicejacking-attack-steals-data-phones-public-chargers/

CISA Releases Part One of Zero Trust Microsegmentation Guidance

This guidance provides a high-level overview of microsegmentation, focusing on its key concepts, associated challenges and potential benefits, and includes recommended actions to modernize network security and advance zero trust principles.

https://www.cisa.gov/news-events/alerts/2025/07/29/cisa-releases-part-one-zero-trust-microsegmentation-guidance-1

Vulnerabilities

New Lenovo UEFI firmware updates fix Secure Boot bypass flaws

Lenovo is warning about high-severity BIOS flaws that could allow attackers to potentially bypass Secure Boot in all-in-one desktop PC models that use customized Insyde UEFI (Unified Extensible Firmware Interface).

https://www.bleepingcomputer.com/news/security/new-lenovo-uefi-firmware-updates-fix-secure-boot-bypass-flaws/

Apple Patches Safari Vulnerability Also Exploited as Zero-Day in Google Chrome

Apple on Tuesday released security updates for its entire software portfolio, including a fix for a vulnerability that Google said was exploited as a zero-day in the Chrome web browser earlier this month. The vulnerability, tracked as CVE-2025-6558 (CVSS score: 8.8), is an incorrect validation of untrusted input in the browser's ANGLE and GPU components that could result in a sandbox escape via a crafted HTML page.

https://thehackernews.com/2025/07/apple-patches-safari-vulnerability-also.html

Critical Dahua Camera Flaws Enable Remote Hijack via ONVIF and File Upload Exploits

Cybersecurity researchers have disclosed now-patched critical security flaws in the firmware of Dahua smart cameras that, if left unaddressed, could allow attackers to hijack control of susceptible devices.

https://thehackernews.com/2025/07/critical-dahua-camera-flaws-enable.html

Autodesk Security Advisory 29.07.2025

Certain Autodesk products use a shared component that is affected by multiple vulnerabilities listed below. Exploitation of these vulnerabilities can lead to code execution. Exploitation of these vulnerabilities requires user interaction.

https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0015

Sicherheitsupdates: Angreifer können auf Dell ECS und ObjectScale zugreifen

Angreifer können mit vergleichsweise wenig Aufwand auf Dell Elastic Cloud Storage (ECS) und ObjectScale zugreifen. Damit setzten Firmen unter anderem Cloudspeicher auf. Liegen dort wichtige Daten, können unbefugte Zugriffe weitreichende Folgen haben. Sicherheitsupdates schließen die Schwachstelle.

https://www.heise.de/news/Sicherheitsupdates-Angreifer-koennen-auf-Dell-ECS-und-ObjectScale-zugreifen-10504024.html

Stable Channel Update for Desktop

The Stable channel has been updated to 138.0.7204.183/.184 for Windows, Mac and 138.0.7204.183 for Linux which will roll out over the coming days/weeks. This update includes 4 security fixes.

http://chromereleases.googleblog.com/2025/07/stable-channel-update-for-desktop_29.html

Security updates for Wednesday

Security updates have been issued by AlmaLinux (firefox, icu, kernel-rt, libtpms, redis:6, redis:7, and sqlite), Fedora (chromium and cloud-init), Oracle (icu, java-1.8.0-openjdk, java-21-openjdk, kernel, nodejs:22, perl, and sqlite), SUSE (docker, java-1_8_0-openj9, libxml2, python-starlette, and thunderbird), and Ubuntu (cloud-init, linux-azure, linux-azure-5.4, linux-azure-fips, linux-raspi, linux-raspi-5.4, and perl).

https://lwn.net/Articles/1031919/

Zahnarzt Praxis-Verwaltung-System (PVS): Sicherheitslücken beim CGM Z1 - Teil 1

Von der Firma CompuGroup Medical (CGM) wird auch ein Praxis-Verwaltungssystem (PVS) für Zahnärzte vertrieben. Das System ist laut Firmenaussage bei über 7.000 Zahnärzten im Einsatz. Eine anonym bleiben wollende Quelle informierte mich Anfang des Jahres über potentielle Sicherheitsprobleme in dieser Software. Inzwischen hat es ein Software-Update gegeben, mit dem diese Probleme ausgeräumt sein sollten. Ich fasse mal den Sachverhalt in einigen Blog-Beiträgen zusammen.

https://www.borncity.com/blog/2025/07/30/sicherheit-beim-zahnarzt-pvs-z1/

Delta Electronics DTN Soft

According to Delta Electronics, if a version of DTN Soft prior to v2.1.0 is installed, it should be updated to v2.1.0 or later. If DTM Soft is also installed, it should be updated to v1.6.0.0 (released on March 25, 2025) or later. Successful exploitation of this vulnerability could allow an attacker to use a specially crafted project file to execute arbitrary code.

https://www.cisa.gov/news-events/ics-advisories/icsa-25-210-03