Archiv für September 2025

Die EU-Chatkontrolle ist gescheitert. Als Übergangsregelung durften Messengerdienste Chats freiwillig durchsuchen, um die Verbreitung von Kinderporonografie zu verhindern. Doch die Regelung galt nur bis 3. April 2026. Wie geht es nun weiter?

Das BSI wird zu Beginn des kommenden Jahres eine Technische Richtlinie (TR) veröffentlichen, die Sicherheitsvorgaben zum Einsatz Künstlicher Intelligenz (KI) in Fahrzeugen macht. Dies kündigte BSI-Vizepräsident Thomas Caspers auf der Internationalen Automobil-Ausstellung (IAA Mobility) in München an.

Microsoft Patch Tuesday As part of its September patch Tuesday, Microsoft addressed 177 different vulnerabilities, 86 of which affect Microsoft products. None of the vulnerabilities has been exploited before today. Two of the vulnerabilities were already made public. Microsoft rates 13 of the vulnerabilities are critical. https://isc.sans.edu/diary/Microsoft%20Patch%20Tuesday%20September%202025/32270 Adobe Patches Adobe released patches for nine products, […]

Cyberkriminalität betrifft auch junge Menschen. Das BSI veröffentlicht daher ein umfassendes Medienpaket zur Vermittlung grundlegender Cybersicherheitskompetenzen. Mit diesem Angebot möchte das BSI Lehrkräfte und weiteres pädagogisches Fachpersonal dabei unterstützen, Jugendliche für digitale Risiken zu sensibilisieren.

Das BSI hat mit der südkoreanischen Cybersicherheitsbehörde (KISA) ein Abkommen zur gegenseitigen Anerkennung von Cybersicherheitskennzeichnungen geschlossen und damit ein wichtiges Etappenziel im Bereich der internationalen Zusammenarbeit erreicht.

Major npm compromise A number of high-profile npm libraries were compromised after developers fell for a phishing email. This compromise affected libraries with a total of hundreds of millions of downloads a week. https://bsky.app/profile/bad-at-computer.bsky.social/post/3lydioq5swk2y https://github.com/orgs/community/discussions/172738 https://github.com/chalk/chalk/issues/656#issuecomment-3266894253 https://www.aikido.dev/blog/npm-debug-and-chalk-packages-compromised HTTP Request Signatures It looks like some search engines and AI bots are starting to use the HTTP […]

From YARA Offsets to Virtual Addresses Xavier explains how to convert offsets reported by YARA into offsets suitable for the use with debuggers. https://isc.sans.edu/diary/From%20YARA%20Offsets%20to%20Virtual%20Addresses/32262 Phishing via JavaScript in SVG Files Virustotal uncovered a Colombian phishing campaign that takes advantage of JavaScript in SVG files. https://blog.virustotal.com/2025/09/uncovering-colombian-malware-campaign.html FreePBX Patches FreePBX released details regarding two vulnerabilities patched last […]

Unauthorized Issuance of Certificate for 1.1.1.1 Cloudflare published a blog post with more details regarding the bad 1.1.1.1 certificate that was issued by Fina. https://blog.cloudflare.com/unauthorized-issuance-of-certificates-for-1-1-1-1/ AI Model Namespace Reuse Deleted accounts on Huggingface can be taken over by other entities unrelated to the original owner. https://unit42.paloaltonetworks.com/model-namespace-reuse/ macOS vulnerability allowed Keychain and iOS app decryption without […]

Exploit Attempts for Dassault DELMIA Apriso. CVE-2025-5086 Our honeypots detected attacks against the manufacturing management system DELMIA Apriso. The deserialization vulnerability was patched in June and is one of a few critical vulnerabilities patched in recent months. https://isc.sans.edu/diary/Exploit%20Attempts%20for%20Dassault%20DELMIA%20Apriso.%20CVE-2025-5086/32256 Android Bulletin Google released its September update, fixing two already-exploited privilege escalation flaws and some remote code […]