End-of-Day report
Timeframe: Montag 11-08-2025 18:00 - Dienstag 12-08-2025 18:00
Handler: Michael Schlagenhaufer
Co-Handler: Felician Fuchs
News
Netherlands: Citrix Netscaler flaw CVE-2025-6543 exploited to breach orgs
The Netherlands National Cyber Security Centre (NCSC) is warning that a critical Citrix NetScaler vulnerability tracked as CVE-2025-6543 was exploited to breach "critical organizations" in the country.
https://www.bleepingcomputer.com/news/security/netherlands-citrix-netscaler-flaw-cve-2025-6543-exploited-to-breach-orgs/
Over 3,000 NetScaler devices left unpatched against CitrixBleed 2 bug
Over 3,300 Citrix NetScaler devices remain unpatched against a critical vulnerability that allows attackers to bypass authentication by hijacking user sessions, nearly two months after patches were released.
https://www.bleepingcomputer.com/news/security/over-3-000-netscaler-devices-left-unpatched-against-actively-exploited-citrixbleed-2-flaw/
Scam hunter scammed by tax office impersonators
Scam hunter Julie-Anne Kearns, who helps scam victims online, opened up about a tax scam she fell for herself.
https://www.malwarebytes.com/blog/news/2025/08/scam-hunter-scammed-by-tax-office-impersonators
Russian-Linked Curly COMrades Deploy MucorAgent Malware in Europe
A new report from Bitdefender reveals the Russian-linked hacking group Curly COMrades is targeting Eastern Europe with a new backdoor called MucorAgent. Learn how they-re using advanced tactics to steal data.
https://hackread.com/russian-curly-comrades-mucoragent-malware-europe/
Vulnerabilities
Security Advisory Ivanti Connect Secure, Policy Secure & ZTA Gateways (Multiple CVEs)
Ivanti has released updates for Ivanti Connect Secure which addresses medium, high, and critical vulnerabilities. At the time of disclosure, there have been no reports of customers being exploited by this vulnerability.
https://forums.ivanti.com/s/article/August-Security-Advisory-Ivanti-Connect-Secure-Policy-Secure-ZTA-Gateways-Multiple-CVEs
August Security Advisory Ivanti Virtual Application Delivery Controller (vADC previously vTM) (CVE-2025-8310)
Ivanti has released updates for Ivanti Virtual Application Delivery Controller (vADC), previously Virtual Traffic Manager (vTM), which addresses one medium severity vulnerability. Successful exploitation could lead to account takeover. At the time of disclosure, there have been no reports of customers being exploited by this vulnerability.
https://forums.ivanti.com/s/article/August-Security-Advisory-Ivanti-Virtual-Application-Delivery-Controller-vADC-previously-vTM-CVE-2025-8310
40,000 WordPress Sites Affected by Arbitrary File Read Vulnerability in UiCore Elements WordPress Plugin
On June 13th, 2025, we received a submission for an Arbitrary File Read vulnerability in UiCore Elements, a WordPress plugin with more than 40,000 active installations. This vulnerability makes it possible for an unauthenticated attacker to read arbitrary files on the server, which can contain sensitive information. During the disclosure process, our investigation revealed that the vulnerability leveraged an underlying issue in Elementor-s import functionality.
https://www.wordfence.com/blog/2025/08/40000-wordpress-sites-affected-by-arbitrary-file-read-vulnerability-in-uicore-elements-wordpress-plugin/
Security updates for Tuesday
Security updates have been issued by AlmaLinux (kernel, kernel-rt, and python-requests), Debian (ca-certificates-java), Fedora (chromium, clash-meta, mingw-python3, openjpeg, php-adodb, and toolbox), Mageia (kernel and kernel-linus), SUSE (chromium, ImageMagick, libgcrypt, libssh, libxml2, opensc, postgresql14, and postgresql16), and Ubuntu (dnsmasq, linux-gcp-6.8, linux-raspi, linux-oracle-6.14, and openjdk-17).
https://lwn.net/Articles/1033445/
Vtenext 25.02: A three-way path to RCE
Multiple vulnerabilities in vtenext 25.02 and prior versions allow unauthenticated attackers to bypass authentication through three separate vectors, ultimately leading to remote code execution on the underlying server.
https://blog.sicuranext.com/vtenext-25-02-a-three-way-path-to-rce/
OMSA-2025-0004: Omnissa Workspace ONE UEM addresses multiple vulnerabilities (CVE-2025-25229, CVE-2025-25231)
https://www.omnissa.com/omsa-2025-0004/
OMSA-2025-0003: Omnissa Secure Email Gateway (SEG) updates address Server-Side Request Forgery (SSRF) vulnerability (CVE-2025-25235)
https://www.omnissa.com/omsa-2025-0003/
Matrix protocol vulnerabilities fixed in room version 12
https://matrix.org/blog/2025/08/security-release/