End-of-Day report
Timeframe: Freitag 21-03-2025 18:00 - Montag 24-03-2025 18:00
Handler: Felician Fuchs
Co-Handler: Alexander Riepl
News
FBI warnings are true-fake file converters do push malware
The FBI is warning that fake online document converters are being used to steal peoples information and, in worst-case scenarios, lead to ransomware attacks.
https://www.bleepingcomputer.com/news/security/fbi-warnings-are-true-fake-file-converters-do-push-malware/
Cloudflare now blocks all unencrypted traffic to its API endpoints
Cloudflare announced that it closed all HTTP connections and it is now accepting only secure, HTTPS connections for api.cloudflare.com.
https://www.bleepingcomputer.com/news/security/cloudflare-now-blocks-all-unencrypted-traffic-to-its-api-endpoints/
Trusted Signing: Hacker signieren Windows-Malware über Microsoft-Plattform
Forscher haben Malware entdeckt, die über Microsofts neue Trusted-Signing-Plattform signiert wurde. Windows-Systeme lassen sich damit leichter infizieren.
https://www.golem.de/news/trusted-signing-microsoft-dienst-zum-signieren-von-malware-missbraucht-2503-194597.html
Coinbase Initially Targeted in GitHub Actions Supply Chain Attack; 218 Repositories CI/CD Secrets Exposed
The supply chain attack involving the GitHub Action "tj-actions/changed-files" started as a highly-targeted attack against one of Coinbases open-source projects, before evolving into something more widespread in scope."The payload was focused on ..
https://thehackernews.com/2025/03/github-supply-chain-breach-coinbase.html
Critical Next.js Vulnerability Allows Attackers to Bypass Middleware Authorization Checks
A critical security flaw has been disclosed in the Next.js React framework that could be potentially exploited to bypass authorization checks under certain conditions.The vulnerability, tracked as CVE-2025-29927, carries a CVSS score of 9.1 ..
https://thehackernews.com/2025/03/critical-nextjs-vulnerability-allows.html
Oracle Cloud says its not true someone broke into its login servers and stole data
Despite evidence to the contrary as alleged pilfered info goes on sale Oracle has straight up denied claims by a miscreant that its public cloud offering has been compromised and information stolen.
https://www.theregister.com/2025/03/23/oracle_cloud_customers_keys_credentials/
Verfassungsschutz: Deutsche NGOs Ziel von russischen Cyberangriffen
Das Bundesamt für Verfassungsschutz hat einige zivilgesellschaftliche Organisationen alarmiert, dass sie verstärkt im Fokus russischer Cyberattacken stünden.
https://www.heise.de/news/Verfassungsschutz-warnt-NGOs-vor-zunehmenden-russischen-Cyberangriffen-10325252.html
Google Maps: Falsche Schlüsseldienste und Co. spähen Nutzer aus
Der Navigationsdienst Google Maps klagt gegen unechte Geschäfte auf seiner Plattform, die Nutzerdaten abschöpften und verkauften.
https://heise.de/-10325360
How to find Next.js on your network
On March 22nd, 2025, Next.js disclosed an authentication bypass vulnerability in the middleware layer. Exploitation is trivial and can be achieved by sending an extra HTTP header. For specifics, please see ..
https://www.runzero.com/blog/next-js/
Next.js Patches Critical Middleware Vulnerability (CVE-2025-29927)
This weekend, the Next.js team released emergency patches addressing a critical vulnerability (CVE-2025-29927) that allowed attackers to bypass middleware-based security checks, including authentication and ..
https://socket.dev/blog/next-js-patches-critical-middleware-vulnerability