Tageszusammenfassung - 21.01.2026

End-of-Day report

Timeframe: Dienstag 20-01-2026 18:00 - Mittwoch 21-01-2026 18:00 Handler: Michael Schlagenhaufer Co-Handler: Guenes Holler

News

EU plans cybersecurity overhaul to block foreign high-risk suppliers

The European Commission has proposed new cybersecurity legislation mandating the removal of high-risk suppliers to secure telecommunications networks and strengthening defenses against state-backed and cybercrime groups targeting critical infrastructure.

https://www.bleepingcomputer.com/news/security/eu-plans-cybersecurity-overhaul-to-block-foreign-high-risk-suppliers/

VoidLink cloud malware shows clear signs of being AI-generated

The recently discovered cloud-focused VoidLink malware framework is believed to have been developed by a single person with the help of an artificial intelligence model.

https://www.bleepingcomputer.com/news/security/voidlink-cloud-malware-shows-clear-signs-of-being-ai-generated/

Hackers exploit security testing apps to breach Fortune 500 firms

Threat actors are exploiting misconfigured web applications used for security training and internal penetration testing, such as DVWA, OWASP Juice Shop, Hackazon, and bWAPP, to gain access to cloud environments of Fortune 500 companies and security vendors.

https://www.bleepingcomputer.com/news/security/hackers-exploit-security-testing-apps-to-breach-fortune-500-firms/

Mass Spam Attacks Leverage Zendesk Instances

The CRM vendor advised ignoring or deleting suspicious emails and said the attacks were not tied to any breach or software vulnerability.

https://www.darkreading.com/threat-intelligence/mass-spam-attacks-zendesk-instances

Jetzt abschalten: Zehn Jahre alte Telnetd-Lücke macht jeden Client zum Root

Seit 2015 kann sich über Telnetd jeder Client einen Root-Zugriff verschaffen. Einen Patch gibt es zwar, empfohlen wird jedoch die Abschaltung.

https://www.golem.de/news/jetzt-abschalten-zehn-jahre-alte-telnetd-luecke-macht-jeden-client-zum-root-2601-204433.html

LastPass Warns of Fake Maintenance Messages Targeting Users- Master Passwords

LastPass is alerting users to a new active phishing campaign that's impersonating the password management service, which aims to trick users into giving up their master passwords.

https://thehackernews.com/2026/01/lastpass-warns-of-fake-maintenance.html

Curl shutters bug bounty program to remove incentive for submitting AI slop

The maintainer of popular open-source data transfer tool cURL has ended the project-s bug bounty program after maintainers struggled to assess a flood of AI-generated contributions.

https://go.theregister.com/feed/www.theregister.com/2026/01/21/curl_ends_bug_bounty/

Einschränkung der Anzeigenauslieferung auf Facebook? Unternehmens-Profile im Visier von Kriminellen

Mit vermeintlich vom Meta-Konzern stammenden E-Mails versuchen Betrüger:innen, sich Zugang zu Unternehmens-Accounts zu erschleichen. Dafür haben sie eine gefälschte Login-Seite gebaut. Wie läuft die Masche konkret ab? Woran ist die Betrugsabsicht zu erkennen? Dieser Artikel liefert Antworten.

https://www.watchlist-internet.at/news/einschraenkung-der-anzeigenauslieferung-facebook/

DNS OverDoS: Are Private Endpoints Too Private?

We discovered an aspect of Azure-s Private Endpoint architecture that could expose Azure resources to denial of service (DoS) attacks. In this article, we explore how both intentional and inadvertent acts could result in limited access to Azure resources through the Azure Private Link mechanism. We uncovered this issue while investigating irregular behavior in Azure test environments.

https://unit42.paloaltonetworks.com/dos-attacks-and-azure-private-endpoint/

IT-Sicherheit: Roter Draht zwischen Peking und London

Ein neues, geheimes Forum soll die Kommunikation zwischen britischen und chinesischen Diensten verbessern. Es könnte das erste seiner Art sein.

https://heise.de/-11148209

Introducing > PowerShell.Exposed

PowerShell (PS) isn-t just a -Windows admin tool.- Once shell access is established, this is the cheapest and most powerful hands-on-keyboard control an attacker can have.

https://detect.fyi/introducing-powershell-exposed-4974fe712117?source=rssd5fd8f494f6a4

New EU Vulnerability Platform GCVE Goes Live, Reducing Reliance on Global Systems

Europe-s long-running conversation about digital autonomy quietly crossed a milestone with the launch of a new public vulnerability platform. The EU Vulnerability Database, created under the GCVE initiative, is now live. This signals a deliberate shift in how software weaknesses are identified, cataloged, and shared across Europe.

https://thecyberexpress.com/eu-launches-gcve-vulnerability-database/

Critical Vulnerability in Advanced Custom Fields: Extended Plugin Puts 100,000 WordPress Sites at Risk

A critical security flaw has been discovered in a widely used ACF add-on plugin for WordPress, placing up to 100,000 websites at risk of a full site takeover. The vulnerability affects the Advanced Custom Fields: Extended plugin, an add-on designed to extend the functionality of the popular Advanced Custom Fields ecosystem. An advisory issued about the flaw assigns a severity rating of 9.8, emphasizing the serious impact it can have if exploited.

https://thecyberexpress.com/acf-add-on-vulnerability-wordpress/

Vulnerabilities

Aktuelle Angriffswelle gegen CVE-2025-59718, Patches unzureichend

Im Dezember des vergangenen Jahres hat Fortinet Informationen über einen Login Bypass in mehreren Produkten des Unternehmens veröffentlicht (siehe dazu auch unser Warning vom 19.12.2025) und gleichzeitig Patches zur Verfügung gestellt welche das Problem beheben sollten.

https://www.cert.at/de/aktuelles/2026/1/aktuelle-angriffswelle-gegen-cve-2025-59718-patch-unzureichend

GitLab Patch Release: 18.8.2, 18.7.2, 18.6.4

Learn more about GitLab Patch Release: 18.8.2, 18.7.2, 18.6.4 for GitLab Community Edition (CE) and Enterprise Edition (EE).

https://about.gitlab.com/releases/2026/01/21/patch-release-gitlab-18-8-2-released/#cve-2026-0723unchecked-return-value-issue-in-authentication-services-impacts-gitlab-ceee

Sicherheitslücken: Nvidia CUDA Toolkit lässt Schadcode passieren

Nvidias Programmierschnittstelle CUDA weist Sicherheitslücken auf, wodurch unter anderem Schadcode auf Systeme gelangen kann. Davon sind je nach Sicherheitslücke Linux und Windows bedroht. Eine reparierte Ausgabe von CUDA Toolkit schafft Abhilfe.

https://www.heise.de/news/Sicherheitsluecken-Nvidia-CUDA-Toolkit-laesst-Schadcode-passieren-11148301.html

Sicherheitspatches: Atlassian sichert Confluence & Co. gegen mögliche Attacken

Atlassian hat für Bamboo, Bitbucket, Confluence, Crowd, Jira und Jira Service Management Data Center und Server wichtige Sicherheitsupdates veröffentlicht. Nach erfolgreichen Attacken können Angreifer in erster Linie DoS-Zustände und somit Abstürze auslösen.

https://www.heise.de/news/Sicherheitspatches-Atlassian-sichert-Confluence-Co-gegen-moegliche-Attacken-11149011.html

Security updates for Wednesday

Security updates have been issued by AlmaLinux (brotli and container-tools:rhel8), Debian (python-keystonemiddleware and python3.9), Fedora (cef, freerdp, golang-github-tetratelabs-wazero, and libpcap), Oracle (brotli, gpsd, kernel, and transfig), Red Hat (freerdp, golang, java-11-openjdk with Extended Lifecycle Support, libpng, libssh, mingw-libpng, and runc), SUSE (abseil-cpp, alloy, apache2, bind, cpp-httplib, curl, erlang, firefox, gpg2, grafana, haproxy, hauler, hawk2, libblkid-devel, libpng16, libraylib550, python-keystonemiddleware-doc, python-uv, python-weasyprint, squid, and tomcat), and Ubuntu (crawl and iperf3).

https://lwn.net/Articles/1055322/

VU#458022: Open5GS WebUI uses a hard-coded secrets including JSON Web Token signing key

https://kb.cert.org/vuls/id/458022

VU#102648: Code Injection Vulnerability in binary-parser library

https://kb.cert.org/vuls/id/102648

VU#481830: libheif Uncompressed Codec Lacks Bounds Check Leading to Application Crash

https://kb.cert.org/vuls/id/481830