End-of-Day report
Timeframe: Dienstag 13-01-2026 18:00 - Mittwoch 14-01-2026 18:30
Handler: Felician Fuchs
Co-Handler: n/a
News
Target employees confirm leaked source code is authentic
Multiple current and former Target employees confirmed that leaked source code samples posted by a threat actor match real internal systems. The company also rolled out an "accelerated" lockdown of its Git server, requiring VPN access, a day after being contacted by BleepingComputer.
https://www.bleepingcomputer.com/news/security/target-employees-confirm-leaked-source-code-is-authentic/
Microsoft: Windows 365 update blocks access to Cloud PC sessions
Microsoft confirmed that a recent Windows 365 update is blocking customers from accessing their Microsoft 365 Cloud PC sessions.
https://www.bleepingcomputer.com/news/microsoft/microsoft-windows-365-update-blocks-access-to-cloud-pc-sessions/
Cloud marketplace Pax8 accidentally exposes data on 1,800 MSP partners
Cloud marketplace and distributor Pax8 has confirmed that it mistakenly sent an email to fewer than 40 UK-based partners containing a spreadsheet with internal business information, including MSP customer and Microsoft licensing data.
https://www.bleepingcomputer.com/news/security/cloud-marketplace-pax8-accidentally-exposes-data-on-1-800-msp-partners/
Reprompt attack let hackers hijack Microsoft Copilot sessions
Researchers identified an attack method dubbed "Reprompt" that could allow attackers to infiltrate a users Microsoft Copilot session and issue commands to exfiltrate sensitive data.
https://www.bleepingcomputer.com/news/security/reprompt-attack-let-hackers-hijack-microsoft-copilot-sessions/
ConsentFix debrief: Insights from the new OAuth phishing attack
ConsentFix is an OAuth phishing technique abusing browser-based authorization flows to hijack Microsoft accounts. Push Security shares new insights from continued tracking, community research, and evolving attacker techniques.
https://www.bleepingcomputer.com/news/security/consentfix-debrief-insights-from-the-new-oauth-phishing-attack/
Microsoft updates Windows DLL that triggered security alerts
Microsoft has resolved a known issue that was causing security applications to incorrectly flag a core Windows component, the company said in a service alert posted this week.
https://www.bleepingcomputer.com/news/microsoft/microsoft-updates-windows-dll-that-triggered-security-alerts/
Ohne Authentifizierung: Broadcom-Lücke lässt Angreifer ganze WLAN-Netze lahmlegen
Zahlreiche WLAN-Netze, die auf Broadcom-Chipsätzen basieren, lassen sich mit nur einem Datenpaket lahmlegen. Angreifer brauchen dafür keinen Schlüssel.
https://www.golem.de/news/ohne-authentifizierung-broadcom-luecke-laesst-angreifer-ganze-wlan-netze-lahmlegen-2601-204166.html
Corrupting LLMs Through Weird Generalizations
Abstract LLMs are useful because they generalize so well. But can you have too much of a good thing? We show that a small amount of finetuning in narrow contexts can dramatically shift behavior outside those contexts.
https://www.schneier.com/blog/archives/2026/01/corrupting-llms-through-weird-generalizations.html
Malware Intercepts Googlebot via IP-Verified Conditional Logic
Some attackers are increasingly moving away from simple redirects in favor of more -selective- methods of payload delivery. This approach filters out regular human visitors, allowing attackers to serve malicious content to search engine crawlers while remaining invisible to the website owner.
https://blog.sucuri.net/2026/01/malware-intercepts-googlebot-via-ip-verified-conditional-logic.html
Malicious Chrome Extension Steals MEXC API Keys by Masquerading as Trading Tool
Cybersecurity researchers have disclosed details of a malicious Google Chrome extension thats capable of stealing API keys associated with MEXC, a centralized cryptocurrency exchange (CEX) available in over 170 countries, while masquerading as a tool to automate trading on the platform.
https://thehackernews.com/2026/01/malicious-chrome-extension-steals-mexc.html
New Research: 64% of 3rd-Party Applications Access Sensitive Data Without Justification
Research analyzing 4,700 leading websites reveals that 64% of third-party applications now access sensitive data without business justification, up from 51% in 2024. Government sector malicious activity spiked from 2% to 12.9%, while 1 in 7 Education sites show active compromise.
https://thehackernews.com/2026/01/new-research-64-of-3rd-party.html
Hackers Exploit c-ares DLL Side-Loading to Bypass Security and Deploy Malware
Security experts have disclosed details of an active malware campaign thats exploiting a DLL side-loading vulnerability in a legitimate binary associated with the open-source c-ares library to bypass security controls and deliver a wide range of commodity trojans and stealers.
https://thehackernews.com/2026/01/hackers-exploit-c-ares-dll-side-loading.html
Interrail meldet Datenleck: Auch Ausweisdaten betroffen
Bei Eurail flossen mutmaßlich Daten ab. Der Anbieter stellt Interrail-Pässe auch im Auftrag der deutschen, österreichischen und Schweizer Bahn aus.
https://www.heise.de/news/Interrail-meldet-Datenleck-Auch-Ausweisdaten-betroffen-11140218.html
Kritik an GnuPG und seinem Umgang mit gemeldeten Lücken
Die auf dem 39C3 demonstrierten Probleme in der PGP-Implementierung GnuPG riefen vielfältige Kritik an GnuPGs Umgang damit, aber auch an PGP insgesamt hervor.
https://www.heise.de/hintergrund/Kritik-an-GnuPG-und-seinem-Umgang-mit-gemeldeten-Luecken-11132888.html
Malware-Masche: Jobangebote jubeln Entwicklern bösartige Repositories unter
Entwickler müssen bei Jobangeboten inzwischen aufpassen. Kriminelle versuchen, Infostealer darüber zu verteilen.
https://www.heise.de/news/Malware-Masche-Jobangebote-jubeln-Entwicklern-boesartige-Repositories-unter-11140776.html
How real software downloads can hide remote backdoors
Attackers use legitimate open-source software as cover, relying on user trust to compromise systems. We dive into an example.
https://www.malwarebytes.com/blog/threat-intel/2026/01/how-real-software-downloads-can-hide-remote-backdoors
Instagram dementiert Hack nach massenhaften Passwort-Reset-Mails
Zuvor waren Berichte über entwendete Daten von 17 Millionen Usern kursiert. Das Unternehmen widerspricht und rät zum Ignorieren der Mails
https://www.derstandard.at/story/3000000303975/instagram-dementiert-hack-nach-massenhaften-passwort-reset-mails
Ransomware: Tactical Evolution Fuels Extortion Epidemic
New whitepaper reveals record number of attacks as threat landscape evolves with new players and new tactics.
https://www.security.com/threat-intelligence/ransomware-extortion-epidemic
More than 40 countries impacted by North Korea IT worker scams, crypto thefts
Eleven countries led a session at the UN headquarters in New York centered around a 140-page report released last fall that covered North Korea-s extensive cyber-focused efforts to fund its nuclear and ballistic weapons program.
https://therecord.media/40-countries-impacted-nk-it-thefts-united-nations
Poland says it repelled major cyberattack on power grid, blames Russia
Poland narrowly avoided a large-scale power outage by thwarting what officials described as the most serious cyberattack on its energy infrastructure in years.
https://therecord.media/poland-cyberattack-grid-russia
Western cyber agencies warn about threats to industrial operational technology
New guidance issued by Britain-s National Cyber Secure Centre (NCSC), a part of signals and cyber intelligence agency GCHQ, sets out how organizations should securely connect equipment such as industrial control systems, sensors and other critical services.
https://therecord.media/cyber-agencies-warn-of-industrial-system-threats
Telegram to Add Warning for Proxy Links After IP Leak Concerns
Telegram will add a warning for proxy links after reports showed they can expose user IP addresses with a single click, bypassing VPN or privacy settings.
https://hackread.com/telegram-add-warning-proxy-links-ip-leak/
Hacker Claims Full Breach of Russia-s Max Messenger, Threatens Public Leak
A hacker claims a full breach of Russia-s Max Messenger, threatening to leak user data and backend systems if demands are not met.
https://hackread.com/hacker-russia-max-messenger-breach-data-leak/
Secure Connectivity Principles for Operational Technology (OT)
CISA and the UK National Cyber Security Centre (NCSC-UK), in collaboration with federal and international partners, have released Secure Connectivity Principles for Operational Technology (OT) guidance to help asset owners address increasing business and regulatory pressures for connectivity into operational technology (OT) networks.
https://www.cisa.gov/resources-tools/resources/secure-connectivity-principles-operational-technology-ot
Unpatchable Vulnerabilities of Kubernetes: CVE-2020-8554
This blog is the first part of a mini-series looking at the four unpatchable CVEs in every Kubernetes cluster.
https://securitylabs.datadoghq.com/articles/unpatchable-kubernetes-vulnerabilities-cve-2020-8554/
Wireless-(in)Fidelity: Pentesting Wi-Fi in 2025
Despite the advancements that have been made in Wi-Fi security with the arrival of WPA3, some misconfigurations and legacy protocols still remain. In this blogpost, we share insights into Wi-Fi related findings encountered during penetration testing engagements.
https://www.synacktiv.com/en/publications/wireless-infidelity-pentesting-wi-fi-in-2025.html
Vulnerabilities
Multiple vulnerabilities in EATON UPS Companion
EATON UPS Companion provided by Eaton contains multiple vulnerabilities.
https://jvn.jp/en/jp/JVN48187396/
Patchday Microsoft: Attacken auf Windows und Windows Server beobachtet
Es sind wichtige Sicherheitsupdates für Office, Windows & Co. erschienen. Angreifer nutzen bereits eine Lücke aus. Weitere Attacken können bevorstehen.
https://www.heise.de/news/Patchday-Microsoft-Angreifer-spionieren-Speicherbereiche-in-Windows-aus-11140152.html
Patchday Adobe: Schadcode-Lücken bedrohen Dreamweaver & Co.
Wichtige Sicherheitsupdates reparieren unter anderem Adobe ColdFusion und InDesign.
https://www.heise.de/news/Patchday-Adobe-Schadcode-Luecken-bedrohen-Dreamweaver-Co-11140224.html
Security updates for Wednesday
Security updates have been issued by AlmaLinux (sssd), Debian (linux-6.1 and python-parsl), Fedora (chezmoi, complyctl, composer, and firefox), Oracle (kernel), Red Hat (buildah, libpq, podman, postgresql, postgresql16, postgresql:13, postgresql:15, and postgresql:16), SUSE (avahi, curl, ffmpeg-4, ffmpeg-7, firefox, istioctl, k6, kubelogin, libmicrohttpd, libpcap-devel, libpng16, libtasn1-6-32bit, matio, ovmf, python-tornado6, python311-Authlib, and teleport), and Ubuntu (angular.js, python-urllib3, and webkit2gtk).
https://lwn.net/Articles/1054167/
Mitigating Denial-of-Service Vulnerability from Unrecoverable Stack Space Exhaustion for React, Next.js, and APM Users
This bug highlights how deeply async_hooks has become embedded in the Node.js ecosystem. What started as a low-level debugging API is now a critical dependency for React Server Components, Next.js, every major APM tool, and any code using AsyncLocalStorage.
https://nodejs.org/en/blog/vulnerability/january-2026-dos-mitigation-async-hooks
F5: K000159546, Python vulnerability CVE-2024-5642
https://my.f5.com/manage/s/article/K000159546