End-of-Day report
Timeframe: Dienstag 11-11-2025 18:00 - Mittwoch 12-11-2025 18:00
Handler: Guenes Holler
Co-Handler: n/a
News
Rhadamanthys infostealer disrupted as cybercriminals lose server access
The Rhadamanthys infostealer operation has been disrupted, with numerous -customers- of the malware-as-a-service reporting that they no longer have access to their servers.
https://www.bleepingcomputer.com/news/security/rhadamanthys-infostealer-disrupted-as-cybercriminals-lose-server-access/
VU#553375: Unprotected temporary directories in Wolfram Cloud version 14.2 may result in privilege escalation
Wolfram Cloud version 14.2 allows Java Virtual Machine (JVM) unrestricted access to temporary resources in the /tmp/ directory of the cloud environment which may result in privilege escalation, information exfiltration, and remote code execution. In the same cloud instance, temporary directories of other users may be accessible.
https://kb.cert.org/vuls/id/553375
WhatsApp Malware Maverick Hijacks Browser Sessions to Target Brazils Biggest Banks
Threat hunters have uncovered similarities between a banking malware called Coyote and a newly disclosed malicious program dubbed Maverick that has been propagated via WhatsApp.
https://thehackernews.com/2025/11/whatsapp-malware-maverick-hijacks.html
Cl0p Ransomware Lists NHS UK as Victim, Days After Washington Post Breach
Cl0p ransomware lists NHS UK as a victim days after The Washington Post confirms a major Oracle E-Business breach linked to CVE-2025-61882
https://hackread.com/cl0p-ransomware-nhs-uk-washington-post-breach/
@facebookmail.com Invites Exploited to Phish Facebook Business Users
If you manage Facebook advertising for a small or medium-sized business, open your inbox with suspicion, because attackers have been sending highly convincing invites that look like they come straight from Meta.
https://hackread.com/facebookmail-com-invites-phish-facebook-business/
Hackers Use KakaoTalk and Google Find Hub in Android Spyware Attack
North Korea-linked KONNI hackers used KakaoTalk and Google Find Hub to spy on victims and remotely wipe Android devices in a targeted phishing campaign.
https://hackread.com/hackers-kakaotalk-google-find-hub-android-spyware/
Is It CitrixBleed4? Well, No. Is It Good? Also, No. (Citrix NetScaler Memory Leak & RXSS CVE-2025-12101)
There-s an elegance to vulnerability research that feels almost poetic - the quiet dance between chaos and control. It-s the art of peeling back the layers of complexity, not to destroy but to understand; to trace the fragile threads that hold systems together and see where they might fray.
https://labs.watchtowr.com/is-it-citrixbleed4-well-no-is-it-good-also-no-citrix-netscalers-memory-leak-rxss-cve-2025-12101/
Miniatur Wunderland Ziel von IT-Angriff: Kreditkartendaten abgeflossen
Cyberkriminelle konnten in das Buchungssystem vom Miniatur Wunderland Hamburg eindringen. Dabei konnten sie offenbar Informationen aus dem Zahlungsverkehr mitlesen. Die Untersuchungen dauern noch an.
https://www.heise.de/news/Miniatur-Wunderland-Ziel-von-IT-Angriff-Kreditkartendaten-abgeflossen-11076011.html
Vulnerabilities
Microsoft November 2025 Patch Tuesday fixes 1 zero-day, 63 flaws
Today is Microsoft's November 2025 Patch Tuesday, which includes security updates for 63 flaws, including one actively exploited zero-day vulnerability.
https://www.bleepingcomputer.com/news/microsoft/microsoft-november-2025-patch-tuesday-fixes-1-zero-day-63-flaws/
Synology fixes BeeStation zero-days demoed at Pwn2Own Ireland
Synology has addressed a critical-severity remote code execution (RCE) vulnerability in BeeStation products that was demonstrated at the recent Pwn2Own hacking competition. The security issue (CVE-2025-12686) is described as a -buffer copy without checking the size of input- problem, and can be exploited to allow arbitrary code execution.
https://www.bleepingcomputer.com/news/security/synology-fixes-beestation-zero-days-demoed-at-pwn2own-ireland/
Avast und AVG: Kritische Sicherheitslücke stillschweigend behoben
In den Malware-Schutzprogrammen der Marken Avast und AVG stand eine als kritisch eingeordnete Sicherheitslücke offen. Die ist inzwischen geschlossen, ebenso eine weitere, weniger schwerwiegende in Avast Free Antivirus.
https://www.heise.de/news/Avast-und-AVG-Kritische-Sicherheitsluecke-stillschweigend-behoben-11075740.html
Security updates for Wednesday
Security updates have been issued by AlmaLinux (kernel, kernel-rt, and libtiff), Debian (kernel, libarchive, rust-sudo-rs, and squid), Fedora (chromium, dotnet8.0, forgejo, ruby, and webkitgtk), Oracle (bind, bind9.18, kernel, kernel-uek*, libtiff, and runc), Red Hat (firefox, kernel, and kernel-rt), Slackware (mozilla), SUSE (buildah, colord, containerd, kernel, lasso, libsoup, micropython, ongres-scram, openssh, proxy-helm, uyuni-tools, python-pdfminer.six, qatengine, qatlib, regclient, and runc), and Ubuntu (raptor and raptor2).
https://lwn.net/Articles/1046173/
Patchday Adobe: Schadcode-Lücken bedrohen InDesign & Co.
Es sind wichtige Sicherheitsupdates für unter anderem Adobe Illustrator, InCopy und Photoshop erschienen.
https://heise.de/-11074930
Patchday: Intel dichtet zig Sicherheitslücken ab
Intel hat auch einen Patchday veranstaltet und 30 Sicherheitsmitteilungen mit Updates veröffentlicht. Davon sind sieben hochriskant.
https://heise.de/-11075454
DSA-6053-1 linux - security update
https://lists.debian.org/debian-security-announce/2025/msg00219.html
ZDI-25-991: Academy Software Foundation OpenEXR EXR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-25-991/
CVE-2025-13042: Stable Channel Update for Desktop
http://chromereleases.googleblog.com/2025/11/stable-channel-update-for-desktop_11.html
CISA Adds Three Known Exploited Vulnerabilities to Catalog
https://www.cisa.gov/news-events/alerts/2025/11/12/cisa-adds-three-known-exploited-vulnerabilities-catalog