End-of-Day report
Timeframe: Freitag 09-01-2026 18:00 - Montag 12-01-2026 18:00
Handler: Felician Fuchs
Co-Handler: Alexander Riepl
News
Max severity Ni8mare flaw impacts nearly 60,000 n8n instances
Nearly 60,000 n8n instances exposed online remain unpatched against a maximum-severity vulnerability dubbed "Ni8mare."
https://www.bleepingcomputer.com/news/security/max-severity-ni8mare-flaw-impacts-nearly-60-000-n8n-instances/
Spanish energy giant Endesa discloses data breach affecting customers
Spanish energy provider Endesa and its Energía XXI operator are notifying customers that hackers accessed the companys systems and accessed contract-related information, which includes personal details.
https://www.bleepingcomputer.com/news/security/spanish-energy-giant-endesa-discloses-data-breach-affecting-customers/
Hidden Telegram proxy links can reveal your IP address in one click
A single click on what may appear to be a Telegram username or harmless link is all it takes to expose your real IP address to attackers due to how proxy links are handled. Telegram says it will add warnings to proxy links after researchers demonstrated that such one-click interactions could reveal a Telegram users real IP address.
https://www.bleepingcomputer.com/news/security/hidden-telegram-proxy-links-can-reveal-your-ip-address-in-one-click/
Illicit Crypto Economy Surges Amid Increased Nation-State Activity
Cybercriminal cryptocurrency transactions totaled billions in 2025, with activity from sanctioned countries like Russia and Iran causing the largest jump.
https://www.darkreading.com/cyber-risk/illicit-crypto-economy-surges-nation-states
Russia-s Fancy Bear APT Doubles Down on Global Secrets Theft
The notorious state-sponsored group relies on basic techniques that are highly effective, often delivering greater ROI than more complex malware-heavy operations.
https://www.darkreading.com/cyberattacks-data-breaches/russian-apt-credentials-global-targets
Two Separate Campaigns Target Exposed LLM Services
A total of 91,403 sessions targeted public LLM endpoints to find leaks in organizations use of AI and map an expanding attack surface.
https://www.darkreading.com/endpoint-security/separate-campaigns-target-exposed-llm-services
Cybersecurity Act: EU-Kommission will hartes Verbot von Huawei
Bisher freiwillige Beschränkungen gegen chinesische Ausrüster will die EU-Kommission nun zwangsweise umsetzen. Das ist in der EU stark umstritten und erscheint aus der Zeit gefallen.
https://www.golem.de/news/cybersecurity-act-eu-kommission-will-hartes-verbot-von-huawei-2601-204031.html
Lohnabrechnungen falsch verschickt: DSGVO-Vorfall bei der Datev
Nach einer technischen Störung bei der Datev-Lohnabrechnung sind Kundendaten in falsche Hände gelangt. Auslöser war ausgerechnet ein Problemlösungsversuch.
https://www.golem.de/news/lohnabrechnungen-falsch-verschickt-dsgvo-vorfall-bei-der-datev-2601-204034.html
Researchers Uncover Service Providers Fueling Industrial-Scale Pig Butchering Fraud
Cybersecurity researchers have shed light on two service providers that supply online criminal networks with the necessary tools and infrastructure to fuel the pig butchering-as-a-service (PBaaS) economy.
https://thehackernews.com/2026/01/researchers-uncover-service-providers.html
GoBruteforcer Botnet Targets Crypto Project Databases by Exploiting Weak Credentials
A new wave of GoBruteforcer attacks has targeted databases of cryptocurrency and blockchain projects to co-opt them into a botnet thats capable of brute-forcing user passwords for services such as FTP, MySQL, PostgreSQL, and phpMyAdmin on Linux servers.
https://thehackernews.com/2026/01/gobruteforcer-botnet-targets-crypto.html
UK government exempting itself from flagship cyber law inspires little confidence
Ministers promise equivalent standards just without the legal obligation ANALYSIS From Mays cyberattack on the Legal Aid Agency to the Foreign Office breach months later, cyber incidents have become increasingly common in UK government.
https://www.theregister.com/2026/01/10/csr_bill_analysis/
Instagram-Datenleck: Daten von 6,2 Millionen Konten bei Have-I-Been-Pwned
Daten von 6,2 Millionen Instagram-Nutzern sind beim Have-I-Been-Pwned-Projekt gelandet.
https://www.heise.de/news/Instagram-6-2-Millionen-Nutzerdaten-mittels-Scraping-abgegriffen-11137222.html
ÖIAT-Schwerpunkterhebung deckt auf: Massive Präsenz von Abo-Fallen in Google-Anzeigen
Bei einer eingehenden Analyse der Google Werbebibliothek entdeckte das Österreichische Institut für angewandte Telekommunikation (ÖIAT) eine große Menge an gefährlichen Ads. Insgesamt waren es weit über 27.000 problematische Werbeanzeigen, die als Köder für Abo-Fallen dienten. Auf Beschwerden reagierte Google bisher nicht.
https://www.watchlist-internet.at/news/schwerpunkterhebung-abo-fallen-google/
Basketball player arrested for alleged ransomware ties freed in Russia-France prisoner swap
Daniil Kasatkin, 26, was seen in a video shared by Russian state news outlet TASS emerging from a plane that was then used to send French researcher Laurent Vinatier back to France.
https://therecord.media/france-frees-russian-basketball-player-ransomware-swap
MC1215070: MFA für Microsoft 365 Admin Center ab Feb. 2026 Pflicht
Noch eine kurze Information für Administratoren von Microsoft 365-Tenants. Microsoft erzwingt aus Sicherheitsgründen ab dem 9. Februar 2026 eine Multifaktor-Authentifizierung (MFA) zur Administratoranmeldung am Microsoft 365 Admin Center. Ohne entsprechende Maßnahmen scheitert dann die Anmeldung.
https://borncity.com/blog/2026/01/11/mc1215070-mfa-fuer-microsoft-365-admin-center-kuenftig-pflicht/
Database of 323,986 BreachForums Users Leaked as Admin Disputes Scope
Database of 323,986 BreachForums users leaked online as forum admins claim the exposed data is partial and dates back to August 2025.
https://hackread.com/breachforums-database-users-leak-admin-disputes/
Everest Ransomware Claims Breach at Nissan, Says 900GB of Data Stolen
Everest ransomware claims to have breached Nissan Motor Corporation, alleging the theft of 900GB of internal data, including documents and screenshots.
https://hackread.com/everest-ransomware-nissan-data-breach/
How Safe is the Rust Ecosystem? A Deep Dive into crates.io
The relentless wave of high-impact supply chain attacks throughout 2025-most notably the major incident within npm [..] -suggests this trend is far from peaking. In fact, with the rapid adoption of AI and LLMs in development workflows, we are likely facing an acceleration of these threats rather than a decline, in my opinion.
https://mr-leshiy-blog.web.app/blog/crates_io_analysis/
Detection of Kerberos Golden Ticket Attacks via Velociraptor
Kerberos is a strange technology. Over the years, I-ve gone through its internal workings again and again, yet parts of it always seem to slip away. It has been a while since I did my OSCP, so inevitably I-ve found myself back in this topic to refresh my knowledge.
https://detect.fyi/detection-of-kerberos-golden-ticket-attacks-via-velociraptor-cfe7cc26d3eb
Vulnerabilities
Sicherheitsupdate: Dell-Laptops mit Adreno-GPU sind verwundbar
Der Treiber von Qualcomms Adreno GPU ist löchrig und gefährdet die Sicherheit verschiedener Dell-Laptops. Ein reparierter Treiber steht zum Download bereit.
https://www.heise.de/news/Sicherheitsupdate-Dell-Laptops-mit-Adreno-GPU-sind-verwundbar-11137255.html
Security updates for Monday
Security updates have been issued by Debian (chromium and sogo), Fedora (chromium, foomuuri, libpng, libsodium, mariadb10.11, musescore, nginx, python-pdfminer, python-urllib3, python3.12, seamonkey, wasmedge, and wget2), Mageia (curl, libpcap, sodium, wget2, and zlib), Slackware (lcms2), SUSE (chromedriver, chromium, noopenh264, coredns, curl, dcmtk, fontforge, gdk-pixbuf-loader-libheif, gimp, kernel, libheif, libpng16, libsoup-2_4-1, libvirt, mariadb, php8, poppler, python-filelock, python-tornado6, python311-aiohttp, qemu, sssd, and traefik), and Ubuntu (libheif, libtasn1-6, linux-azure-nvidia, linux-kvm, linux-raspi, linux-raspi-realtime, and php7.2, php7.4, php8.1, php8.3, php8.4).
https://lwn.net/Articles/1053820/