Threats Affecting Austria

A new variant of the TrickMo Android banking trojan was identified between January and February 2026, representing a substantial platform redesign rather than new capabilities. The malware has migrated its command-and-control infrastructure entirely onto The Open Network (TON) using .adnl endpoints, moving away from conventional internet infrastructure. Active campaigns have targeted banking and wallet users in France, Italy, and Austria. Once accessibility permissions are granted, operators gain real-time device control including credential phishing, keylogging, screen recording, SMS interception, and bidirectional remote control. New features include network reconnaissance capabilities and SSH tunnelling that transform infected devices into programmable network pivots and SOCKS5 proxy exit nodes, enabling operators to bypass IP-based fraud detection systems while accessing victim networks.

MediumMalwareFranceItalyAustria#ton network#trickmo#device takeover

The ShinyHunters hacker group claimed to have stolen over 350GB of information from European Commission cloud systems. The post European Commission Reports Cyber Intrusion and Data Theft appeared first on SecurityWeek .

MediumVulnerabilityBelgiumFranceGermany+13

The Terrapack software, from ASTER TEC / ASTER S.p.A., with the indicated components and versions has a file upload vulnerability that may allow attackers to execute arbitrary code. Vulnerable components include Terrapack TkWebCoreNG:: 1.0.20200914, Terrapack TKServerCGI 2.5.4.150, and Terrapack TpkWebGIS Client 1.0.0.

HighVulnerabilityItalyGermanyFrance+7#cve#cve-2025-67260

Improper Restriction of XML External Entity Reference vulnerability in XMLUtils.java in Slovensko.Digital Autogram allows remote unauthenticated attacker to conduct SSRF (Server Side Request Forgery) attacks and obtain unauthorized access to local files on filesystems running the vulnerable application. Successful exploitation requires the victim to visit a specially crafted website that sends request containing a specially crafted XML document to /sign endpoint of the local HTTP server run by the application.

HighVulnerabilitySlovakiaCzech RepublicAustria+6#cve#cve-2026-3511#cwe-611

CVE-2026-30695 is a medium severity Cross-Site Scripting (XSS) vulnerability affecting the web-based configuration interface of Zucchetti Axess access control devices, including models XA4, X3/X3BIO, X4, X7, and XIO/i-door/i-door+. The vulnerability arises from improper sanitization of user input in the dirBrowse parameter of the /file_manager.cgi endpoint. Exploitation requires user interaction but no authentication, allowing an attacker to inject malicious scripts that can compromise confidentiality and integrity. There are no known exploits in the wild and no patches currently available. The vulnerability impacts the confidentiality and integrity of the device management interface but does not affect availability. Organizations using these access control devices should be aware of the risk of session hijacking, credential theft, or unauthorized actions via injected scripts. Mitigation involves restricting access to the management interface, implementing web application firewalls with XSS protections, and monitoring for suspicious activity. Countries with significant deployments of Zucchetti Axess devices, particularly in Europe and Italy, are most at risk. This vulnerability requires prompt attention to prevent potential targeted attacks on physical access control systems.

MediumVulnerabilityItalyGermanyFrance+7#cve#cve-2026-30695

The extension fails to properly reset the generated MFA code after successful authentication. This leads to a possible MFA bypass for future login attempts by providing an empty string as MFA code to the extensions MFA provider.

HighVulnerabilityGermanyUnited StatesFrance+7#cve#cve-2026-4208#cwe-639

CVE-2026-32100 is a medium severity vulnerability in the Shopware open commerce platform's swag platform-security component. The /api/_info/config API endpoint exposes sensitive information about active security fixes without requiring authentication. This information disclosure could aid attackers in identifying unpatched vulnerabilities. The issue affects versions prior to 2.0.16, 3.0.12, and 4.0.7 and has a CVSS score of 5.

MediumVulnerabilityGermanyUnited StatesUnited Kingdom+7#cve#cve-2026-32100#cwe-200

Insecure Access Control in Contact Plan, E-Mail, SMS and Fax components in Asseco SEE Live 2.0 allows remote attackers to access and execute attachments via a computable URL.

CriticalVulnerabilityPolandGermanyAustria+8#cve#cve-2025-66956

CVE-2026-31889 is a high-severity authentication bypass vulnerability in Shopware core affecting versions prior to 6.6.10.15 and 6.7.8.1. It arises from the legacy app registration flow where HMAC-based authentication does not sufficiently bind a shop installation to its original domain. Attackers who possess the app-side secret can abuse the re-registration process to update the shop URL without proving control over the original domain. This allows targeted hijacking of app communication, redirecting traffic to attacker-controlled domains and potentially stealing API credentials.

HighVulnerabilityGermanyUnited StatesUnited Kingdom+7#cve#cve-2026-31889#cwe-290

CVE-2026-31888 is a medium-severity vulnerability in Shopware core versions prior to 6.7.8.1 and 6.6.10.15. It arises from an observable response discrepancy in the Store API login endpoint, which returns different error codes and messages depending on whether an email address is registered or not. This behavior allows unauthenticated attackers to enumerate valid customer accounts by probing email addresses. The storefront login controller does not exhibit this flaw, indicating inconsistent error handling between components.

MediumVulnerabilityGermanyUnited StatesUnited Kingdom+7#cve#cve-2026-31888#cwe-204