End-of-Day report
Timeframe: Montag 04-05-2026 18:00 - Dienstag 05-05-2026 18:00
Handler: Felician Fuchs
Co-Handler: n/a
News
Trellix discloses data breach after source code repository hack
Cybersecurity firm Trellix disclosed a data breach after attackers gained access to "a portion" of its source code repository.
https://www.bleepingcomputer.com/news/security/trellix-discloses-data-breach-after-source-code-repository-hack/
Amazon SES increasingly abused in phishing to evade detection
The Amazon Simple Email Service (SES) is being increasingly abused to send convincing phishing emails that can bypass standard security filters and render reputation-based blocks ineffective.
https://www.bleepingcomputer.com/news/security/amazon-ses-increasingly-abused-in-phishing-to-evade-detection/
Weaver E-cology critical bug exploited in attacks since March
Hackers have been exploiting a critical vulnerability (CVE-2026-22679) in the Weaver E-cology office automation since mid-March to run discovery commands.
https://www.bleepingcomputer.com/news/security/weaver-e-cology-critical-bug-exploited-in-attacks-since-march/
CloudZ malware abuses Microsoft Phone Link to steal SMS and OTPs
A new version of the CloudZ remote access tool (RAT) is deploying a previously unseen malicious plugin called Pheno that hijacks the Microsoft Phone Link connection to steal sensitive codes from mobile devices.
https://www.bleepingcomputer.com/news/security/cloudz-malware-abuses-microsoft-phone-link-to-steal-sms-and-otps/
Webbrowser: Klartext-Passwörter im Speicher von Microsoft Edge entdeckt
Der in Edge integrierte Passwortmanager ist offenbar keine sichere Wahl. Passwörter landen beim Start im Prozessspeicher und lassen sich auslesen.
https://www.golem.de/news/webbrowser-klartext-passwoerter-permanent-im-speicher-von-microsoft-edge-2605-208315.html
Phishing Campaign Hits 80+ Orgs Using SimpleHelp and ScreenConnect RMM Tools
An active phishing campaign has been observed targeting multiple vectors since at least April 2025 with legitimate Remote Monitoring and Management (RMM) software as a way to establish persistent remote access to compromised hosts.
https://thehackernews.com/2026/05/phishing-campaign-hits-80-orgs-using.html
Microsoft Details Phishing Campaign Targeting 35,000 Users Across 26 Countries
Microsoft has disclosed details of a large-scale credential theft campaign that has leveraged a combination of code of conduct-themed lures and legitimate email services to direct users to attacker-controlled domains and steal authentication tokens.
https://thehackernews.com/2026/05/microsoft-details-phishing-campaign.html
Vimeo-Datenleck: 119.000 E-Mail-Adressen betroffen
Die Cybergang ShinyHunters hat Daten von Vimeo bei Anodot gestohlen und ins Darknet gestellt. Nun hat Have-I-Been-Pwned sie aufgenommen.
https://www.heise.de/news/Vimeo-Datenleck-119-000-E-Mail-Adressen-betroffen-11281379.html
Datenschutzvorfall bei Verlag Delius Klasing
Der Verlag Delius Klasing räumt in einer E-Mail an Kunden einen IT-Vorfall ein. Personenbezogene Kundendaten wurden offengelegt.
https://www.heise.de/news/Datenschutzvorfall-bei-Verlag-Delius-Klasing-11281800.html
Quasar Linux (QLNX) - A Silent Foothold in the Supply Chain: Inside a Full-Featured Linux RAT With Rootkit, PAM Backdoor, Credential Harvesting Capabilities
TrendAI- Research breaks down Quasar Linux (QLNX), a previously undocumented sophisticated Linux RAT with low detection rates. In this blog, we examine a full-featured Linux threat incorporating a rootkit, a PAM backdoor, credential harvesting, and more, revealing how this malware enables stealthy access, persistence, and potential supply-chain attacks.
https://www.trendmicro.com/en_us/research/26/e/quasar-linux-qlnx-a-silent-foothold-in-the-software-supply-chain.html
CISA Unveils New Initiative to Fortify America-s Critical Infrastructure
Today, the Cybersecurity and Infrastructure Security Agency (CISA) released guidance to help critical infrastructure (CI) entities across all sectors prepare to operate through a crisis or conflict, continuing vital service delivery even as their systems are under attack.
https://www.cisa.gov/news-events/news/cisa-unveils-new-initiative-fortify-americas-critical-infrastructure
Vulnerabilities
Patchday: Kritische Schadcode-Lücke bedroht Android 14, 15 und 16
Schadcode kann durch ein fehlerhaftes Debugging-Modul auf Androidgeräte schlüpfen. Nun hat Google die kritische Schwachstelle geschlossen.
https://www.heise.de/news/Patchday-Kritische-Schadcode-Luecke-bedroht-Android-14-15-und-16-11281884.html
Daemon Tools Lite: Infizierte Installer durch Supply-Chain-Attacke
Offiziell signierte Daemon-Tools-Installer von der Herstellerseite bringen Malware mit. Offenbar durch einen Lieferkettenangriff.
https://www.heise.de/news/Daemon-Tools-Lite-Infizierte-Installer-durch-Supply-Chain-Attacke-11282006.html
Progress Patches Critical MOVEit Automation Bug Enabling Authentication Bypass
Progress Software has released updates to address two security flaws in MOVEit Automation, including a critical bug that could result in an authentication bypass. MOVEit Automation (formerly Central) is a secure, server-based managed file transfer (MFT) solution used to schedule and automate file movement workflows in enterprise environments without requiring any custom scripts.
https://thehackernews.com/2026/05/progress-patches-critical-moveit.html
LWN Security updates for Tuesday
https://lwn.net/Articles/1071324/