92 is half of 99

News from KW49.2025

ADVERTISING: "Your introduction could be here!" ⁇

Plex Pass | ePA Drama | Aisuru Record DDOS | Swiss NDB | React2Shell | UbuntuPro WSL | PDM 1.0 Release | Windows 11 25H2 | Grafana gap

Article 1

Plex terminates free remote access: What changes for users

As of this week, Plex is enforcing its new policies that will end free remote access to personal media servers.

The changes will initially affect Roku users before being extended to all other platforms in 2026.

What is changing in concrete terms?

Previously, users outside of a server owner's network were able to access their media library for free. The new rules announced in March Requires either the server owner Plex Pass subscription (from 7 US dollars per month), or the external users must have their own Plex Pass Or the more favorable Remote watch pass (starting at $2 per month).

The new rules officially entered into force on 29 April. According to a recent forum post by a Plex employee, the implementation begins this week with the Roku OS app. All other Plex TV apps such as Fire TV, Apple TV and Android TV, as well as third-party clients, will follow in 2026.

Background to the change

Plex justified the measures with increasing costs for the support of numerous devices and codecs. The company also plans to fund new features, including integration with Common Sense Media, an improved server management app, and an open API for server integrations.

The company is under increasing economic pressure: In January 2024, according to TechCrunch, Plex was close to profitability and raised $40 million in funding (after already $50 million in 2021). The new subscription obligations are intended to increase revenues and enable investors to generate returns.

Reactions and alternatives

The development could upset long-time users who mainly use Plex as a media server and have no interest in subscriptions, streaming channels or movie rentals. Interestingly, Plex 2023 announced that since 2022, more people have been using the online streaming service than the media server features, an indication that the company has shifted its priorities.

For users looking for a media hosting-focused solution, alternatives such as jellyfin are becoming increasingly attractive. These offer similar features without the increasing commercialization that Plex has gone through in recent years.

conclusion

The changes to Plex mark another step in the company's transformation from a pure media server provider to a comprehensive streaming service. Whether this strategy will work out in the long term will depend on how many loyal users the company retains or how many switch to open source alternatives.

Article 2

The electronic health record (ePA): Between data security and bumpy implementation

The electronic health record (ePA) is at the heart of digitalisation in the German healthcare system. It promises a better overview of your own medical history, more efficient treatments and less paperwork.

But while the benefits are clear, the issues Security, Security Vulnerabilities and Introduction continue to raise questions with insured persons and service providers.

High safety standards: The pillar of the ePA

The security of sensitive health data at the ePA highest priority. The legal requirements are strict and extensive measures have been taken to protect the data:

  • Encryption: All data in the ePA is stored encrypted and the communication is end-to-end encrypted within the Telematics Infrastructure (TI), A secure, closed network.
  • Decentralised storage: The data is stored on secure servers in Data centers in Germany, which are operated on behalf of the health insurance funds.
  • Strictly regulated access: Only the insured persons themselves or persons authorised by them (e.g. doctors, pharmacists) can view the contents. The Health insurance have no access on the medical content.
  • Logging: Any access to the ePA will be logged It can be traced by the insured.
  • Opt-out procedure: Since the nationwide start, legally insured persons automatically receive an ePA, but can object at any time (opt-out).

Vulnerabilities: The hardness test by IT experts

Despite the high safety precautions, there were reports about Potential security gaps.

  • CCC Criticism: IT security experts, such as the Chaos Computer Club (CCC), Weaknesses have been pointed out on several occasions. These included, among others, the Output processes Health cards and the possibility of using them in certain scenarios Unauthorized access to generate, for example, by means of electronic replacement certificates.
  • Consistent response: The responsible gematics (National Agency for Digital Medicine) reacted immediately to this information and stated that there were corresponding weaknesses. closed. Health ministers also acknowledged gaps shortly after the launch, but at the same time thanked gematik for the quick response.
  • Residual risk: As with any digital system, No 100% security guaranteed. Experts warn that in addition to direct attacks on the ePA, the IT systems in practices and hospitals must be seen as a potential attack point for the fastest route to patient data.

Holprige introduction: Technical and organizational challenges

The nationwide introduction of the ePA was not without stumbling blocks. The complexity of the project and the large number of actors involved led to Technical and organizational problems:

  • Technical delays: The test phases were started several times by Technical problems accompanied. So, for example, practices had to rely on necessary updates maintain their practice management systems. In addition, the release of the files at some cash registers was delayed by necessary BSI approvals (Federal Office for Information Security).
  • Lack of transparency and communication: Doctors, but also consumer organizations, criticized the Lack of transparency and communication Health insurance and gematics. This mainly concerned information on the opt-out procedure and the applications actually available at the outset (e.g. vaccination passport).
  • Usability hurdles: For insured persons, the Access to the ePA app complex authentication requirements (eGK, PIN, health ID) are perceived as complicated. In addition, people without a suitable terminal device or with insufficient technical knowledge are excluded from independent use.
  • Initial use: Acceptance is low so far: According to reports, in the past only one small percentage the insured person's ePA app on a regular basis.

Despite these challenges, the Digital Agency is working hard to address the problems encountered and to continuously improve the technical reliability of ePAs in order to realise their full potential as the digital heart of healthcare.

This video shows how the data in the electronic health record is protected:

Article 3

New DDoS record: Aisuru botnet attacks at 29.7 terabits per second

The Aisuru botnet is growing rapidly and setting new DDoS records. Now, Cloudflare has fended off an attack at an unprecedented 29.7 terabits per second. And the botnet is rented out, that is, for a few hundred dollars, theoretically anyone can paralyze the Internet of entire regions.

The new record in numbers

Cloudflare in its quarterly report for Q3 2025 Documents a new DDoS record that the company claims to have successfully fended off:

  • 29.7 terabit per second (Tbps) Data rate
  • 14.1 billion packets per second (pps)

The source? Once again this Aisuru botnet, which this year is responsible for numerous hypervolumetric attacks, which means that attacks with data rates of more than one Tbps and more than one billion pps are possible.

The botnet is growing explosively

Cloudflare estimates the number of infiltrated devices used by Aisuru worldwide to be around one to four million. For comparison:

  • Microsoft recently registered an attack with 15.72 Tbps of about 500,000 devices
  • A few weeks earlier, researchers had attributed a size of about 300,000 devices to the botnet.

Growth is massive. From the second to the third quarter of 2025, the amount of hypervolumetric DDoS attacks by Aisuru increased by a whopping 54 percent. In Q3 alone, there were 1,304 such attacks. Since the beginning of 2025, there have been a total of 2,867.

Botnet-as-a-Service: The Democratization of Chaos

Here's what's really troubling: Aisuru is apparently rented at least partially. Cloudflare warns:

“Potentially, any whole nation can plunge into chaos by shutting down backbone networks and overloading internet connections, disrupting millions of users and disrupting access to essential services, all for just a few hundred to a few thousand dollars.”

In other words: For the price of a used notebook, you can now buy massive infrastructure attacks. This is no longer science fiction, but reality.

DDoS attacks generally explode

The Aisuru botnet It's just the tip of the iceberg. The totals are alarming:

Year-on-year comparison:

  • 2023: 14 million DDoS attacks
  • 2024: 21.3 million DDoS attacks
  • 2025 (Q1-Q3 only): 36.2 million DDoS attacks – already 70% More than in the whole year 2024!

Q3 2025:

  • 8.3 million DDoS attacks
  • This is roughly equivalent to 3,780 overload attacks per hour
  • 15% Growth compared to Q2

The trend is clearly upwards, both year-on-year and quarter-on-quarter.

Where did the attacks come from?

The countries with the most observed DDoS attacks are Indonesia, Thailand, Bangladesh, Ecuador, Russia and Vietnam.

Who is attacked most often?

The top targets of the attackers are China, Turkey, Germany (in 3rd place!), Brazil, USA and Russia

Sectors concerned:

Mainly IT, Telecommunications, Gambling and Gaming

What does this mean for you?

If you work in one of the affected industries or operate critical online infrastructure, you should urgently review your DDoS protections. The attacks are not only becoming more frequent, but also more massive.

Cloudflare has in a separate blog post Details on his defense strategy are definitely worth reading if you have to deal with the topic.

conclusion

The Aisuru botnet impressively shows where the journey is going: Ever larger botnets, ever more massive attacks, ever easier access for attackers. The combination of rapid growth and availability as a rental service makes Aisuru a serious threat to critical infrastructure worldwide.

With 3,780 attacks per hour on Cloudflare alone, it becomes clear: DDoS attacks are no longer a peripheral phenomenon, but a massive and growing problem for the Internet.

Article 4

Swiss court stops mass surveillance of intelligence services

A historical verdict from Switzerland: The Federal Administrative Court has declared the nationwide surveillance by the Federal Intelligence Service (NDB) unconstitutional. Civil rights activists complained and got it right.

What does the Swiss secret service do?

The NDB snorkels all cross-border telecommunications; In other words, all calls, emails and messages that cross the Swiss border. The whole thing is automated: Huge data streams are collected and searched for search terms. A classic mass surveillance, as the Swiss Federal Court has already called it.

Officially, it is about ‘strategic telecommunications intelligence’ to obtain information on security-related events abroad. In practice, this means: suspicion-independent grid search on a large scale. The NDB has even acknowledged this.

Who complained?

The association Digitale Gesellschaft and several private individuals, including journalists and a lawyer. Your argument: The uninitiated monitoring also collects and possibly evaluates their data, and this violates their fundamental rights.

What does the court say?

The Federal Administrative Court clearly positioned itself on 19 November: The current practice is not compatible with the Swiss Federal Constitution and the European Convention on Human Rights. The main reason: There is no adequate protection against abuse.

The specific criticisms:

Lack of control: It is not ensured that the NDB only processes significant and correct data.

No special rules for sensitive communication: The law does not protect journalistic sources or particularly sensitive communications such as between lawyer and client.

Lack of supervision: There is no sufficiently effective control of information gathering.

No effective remedies: Those affected cannot defend themselves effectively afterwards.

The court was guided by the strict requirements of the European Court of Human Rights, which called for end-to-end safeguards against abuse in its ruling against the UK (Big Brother Watch).

Five years grace period

Actually, the radio and cable reconnaissance would have to be discontinued immediately. However, the court generously gives the legislature five years to remedy the shortcomings. Explanatory memorandum: The clarification is important for the information gathering of the NDB, and a legal revision is already underway.

The clear announcement: If no legally compliant state is established by 2030, monitoring must be stopped. The judgment can still be appealed to the Federal Court.

Civil rights activists cheer

The Digital Society celebrates the verdict as a historic decision. Your opinion: Mass surveillance is such a serious encroachment on freedom that it would have to be stopped immediately. The legal errors are too serious to maintain the practice.

And in Germany?

Does the situation seem familiar to you? No wonder: The Swiss NDB is most comparable to a combination of the German Federal Intelligence Service (BND) and the Office for the Protection of the Constitution (BfV).

In Germany, the Federal Constitutional Court also declared the BND data vacuum cleaner unconstitutional after the Snowden revelations. However, the Bundestag considered the tool indispensable and only reformed the conditions of use. Business as usual, with a few new rules.

Article 5

Critical Vulnerability in React (CVSS 10/10) Patch now!

Attention, all React developers: A critical vulnerability threatens the JavaScript library and certain apps created with it. Attackers can execute malicious code and take over systems completely. The good news: Security updates are available. The bad ones: You really should install them right away.

How critical is the situation?

Very critical. The vulnerability (CVE-2025-55182) has the CVSS score 10 out of 10, i.e. the highest rating. It is therefore classified as ‘critical’. A security researcher has already dubbed the gap ‘React2Shell’, alluding to the notorious Log4j gap. That alone shows how serious the matter is. According to security researchers from Wizz and Aikido the gap is based on an ‘uncertain deserialisation’ in the flight protocol of the React framework. 

What is affected?

The gap is in the React Server Components. Specifically, the following components of React versions 19.0, 19.1.0, 19.1.1 and 19.2.0 are vulnerable:

  • react-server-dom-webpack
  • react-server-dom-parcel
  • react-server-dom-turbopack

Attention: Even apps without server functions are at risk!

Here's where it gets really nasty: According to the developers, apps that do not actively use React server functions are also likely to be vulnerable. Just being able to use them is enough for a potential attack. This means: Even if you don't use these features, you may still be at risk.

Other affected frameworks

The following React frameworks and bundlers are also vulnerable:

  • next
  • React router
  • waku
  • @parcel/rsc
  • @vitejs/plugin-rsc
  • rwsdk

For these cases, the developers want to deliver security updates. Keep your eyes open!

The patched versions

The React developers fixed the security issue in the following versions:

  • React 19.0.1
  • React 19.1.2
  • React 19.2.1

If you are using one of the vulnerable versions, immediately update to the corresponding patched version!

How does an attack work?

Attacks are possible remotely without authentication. That makes it particularly dangerous. In app development, attackers can manipulate HTTP requests in the context of communication between clients and servers and ultimately execute malicious code.

The full technical details of the vulnerability will be released by the developers at a later date. They probably wait until most systems are patched.

Is an attack imminent?

That's the big question. A security researcher has posted a mysterious hash value on X/Twitter. The connection to a Proof of Concept Exploit (PoC) is obvious, but security researchers from Tenable say that there is currently no evidence of a functioning PoC for instances with standard configurations.

Nevertheless: Don't rely on it. Once the technical details are public, attackers won't take long to develop working exploits.

What do you have to do now?

Check your React version
Do you use 19.0, 19.1.0, 19.1.1 or 19.2.0?

Updated immediately to 19.0.1, 19.1.2 or 19.2.1

Check your frameworks
Do you use next, react-router or other affected tools?
Waiting for the announced updates

Inform your team
Make sure all developers know

Monitors alerts
Further information on the update process can be found in the official warning

conclusion

With a CVSS score of 10/10, this is not a gap you should put on the long bench. The combination of critical severity, lack of authentication for attacks and the fact that even apps without active server functions can be affected makes the matter explosive.

So: Patch now, not tomorrow!

Article 6

Ubuntu Pro is now available for Windows! Enterprise Linux meets WSL

Canonical brings Ubuntu Pro to the Windows Subsystem for Linux (WSL). The Enterprise version promises 15 years of updates and can be managed centrally via Microsoft management tools. It is now available in the Microsoft Store.

What is Ubuntu Pro for WSL?

Ubuntu Pro is the enterprise version of Ubuntu with everything corporate IT departments want: longer maintenance cycles, professional support and advanced security features. Now the whole thing is also available for the Windows Subsystem for Linux.

You can now install Ubuntu Pro from the Microsoft Store. If you are keen on experimentation, you will also find beta versions and the source code on GitHub.

15 years of security updates: This is the deal

The heart of Ubuntu Pro: Canonical promises up to 15 years of CVE security patches for packages from Ubuntu repositories. This means: According to the manufacturer, your WSL becomes a fully supported enterprise software, which should also meet strict security and compliance requirements.

Expanded Security Maintenance (ESM) provides continuous patches for security vulnerabilities. Not only for the operating system itself, but also for popular developer toolchains such as Python, Go and Rust. As an admin, you can control the updates according to your own guidelines.

Why is this important?

The Windows Subsystem for Linux is super convenient: You can use Linux tools natively on Windows without having to set up virtual machines or dual boot. WSL 2 even offers almost native GPU performance in cooperation with Nvidia, meaning your applications directly access the GPU drivers of the Windows host.

But: According to Canonical, the lack of enterprise support has been an obstacle for many IT departments so far. Ubuntu Pro will change that.

Central administration with landscape

Particularly interesting for corporate customers: Integration with Landscape, Canonical's system management tool for Ubuntu. The WSL management function is currently still in beta.

As an admin, you can use it to monitor all WSL instances that are deployed after you configure Ubuntu Pro. Landscape shows you which Windows hosts are compliant with your WSL deployment and configuration policies and which aren't.

Seamless Microsoft integration

Ubuntu Pro for WSL fits perfectly into existing Microsoft infrastructures:

  • MSIX package format: Fits seamlessly into your enterprise workflows
  • Microsoft Intune: Cloud-based installation and configuration
  • Active Directory: Group Policy Management
  • Internal hosting option: For companies with strict firewall rules, you can host Ubuntu images internally and manage them centrally

Support and costs

Canonical offers various support models. The ‘Ubuntu Pro + Support’ variant includes telephone and ticket support if you can't get on with it.

The Good News for Private Users: Ubuntu Pro is available for free. Businesses can purchase commercial subscriptions directly from Canonical.

For whom is it worth it?

Ubuntu Pro for WSL is primarily aimed at:

  • Developers in companies, who want to use Linux tools on Windows
  • IT Administrators, which must centrally manage and secure WSL instances
  • Companies with strict compliance requirements, which need long support periods
  • All those who rely on GPU performance At the same time, they want enterprise support.

In short: If you use WSL in a professional environment and value security, support and centralized management, Ubuntu Pro could be just the thing for you.

Article 7

Proxmox Datacenter Manager v 1.0 Finally centralized management for your Proxmox infrastructure

Good news for all Proxmox admins: Proxmox Server Solutions GmbH Datacenter Manager 1.0 This is the first release version of a tool that many of you have been waiting for. With it, you can finally manage all your Proxmox Virtual Environment (VE) instances, backup servers, clusters and nodes centrally via a single web console. No more annoying jumping back and forth between different interfaces!

What does the Datacenter Manager do for you?

At its core, it is a matter of consolidated overview Get your full Proxmox infrastructure. The central dashboard shows you at a glance the status and performance of all connected systems, including the important KPIs such as CPU, RAM and storage I/O usage. Practical: Thanks to local cache, the last known state remains available offline if something is not available.

They are particularly cool Custom Views with RBAC: You can create role-based dashboards that only show specific systems or resources. Perfect for multi-tenant environments where different teams should have different areas in view without gaining direct access to the underlying hosts.

Multicluster management and live migration

A real highlight is this Cross-cluster live migration feature. This allows you to move VMs between different clusters without downtime; super convenient for load distribution or maintenance work without downtime.

The platform also brings Centralized SDN features with EVPN support with. You can configure EVPN zones and VNets across multiple remotes in one interface, significantly reducing complexity in larger environments.

In addition, it shall: Centralized update management: See where updates are available at a glance and distribute patches for Proxmox VE and Backup Server directly from the central console. Plus: Unified shell access to all remote systems from a single console.

Technical basis: Debian 13.2 ‘Trixie’

As usual, Proxmox also installs Datacenter Manager 1.0 (and the parallel Backup Server 4.1) Debian GNU/Linux ‘Trixie’ 13.2 as a foundation. On board: Linux kernel 6.17.2 and OpenZFS 2.3.4. Updates run conveniently via the WebGUI or via apt in the terminal.

Don't forget safety!

An important note: The Datacenter Manager is of course an attractive target as a central entry point. If this is compromised, not only your nodes and clusters are affected, but in the worst case also the backups. Proxmox strongly recommends:

  • Blocks unnecessary incoming traffic to Datacenter Manager
  • Encrypts backups even on the client side
  • Uses a secure VPN for access over unsafe networks

The good news: The Datacenter Manager contacts the VE and backup server instances (not the other way around). This makes it easier to secure. Proxmox is also working on further security measures for future versions.

In other news: Proxmox Backup Server 4.1 also released

In parallel, there is also an update for the Proxmox Backup Server version 4.1. The most important innovations:

  • User-based bandwidth limits: You can now fine-tune which users or services get more bandwidth for backups and restores
  • Configurable threads for verification: Adjust the number of threads for reads and checksum calculation to your hardware, because this speeds up the verifications significantly
  • S3 bandwidth limits: S3 support introduced in version 4.0 has been enhanced with bandwidth limitation, perfect for shared environments

Prices and availability

As you know from Proxmox, everything is under the GNU AGPLv3 and is usable free of charge. Downloads are freely available. If you want the enterprise repository and support, you pay 540 euros net per year for the backup server for repo access, support costs between 1080 and 4320 euros per year, depending on the level.

Important for the Datacenter Manager: You will only get access to the Enterprise repository and support if at least 80 percent of your configured remote systems have a valid Basic subscription or higher.

conclusion: With Datacenter Manager 1.0, Proxmox is taking a big step towards enterprise-ready management of larger infrastructures. If you run multiple Proxmox clusters, you should definitely check out the tool!

Article 8

Windows 11 25H2: Microsoft launches automatic update for 24H2 users

Microsoft continues to spin on the rollout wheel: Since last night, the company has been distributing Windows 11 25H2 update (also known as ‘2025 Update’) now automatically connects to computers running Windows 11 24H2. So if you are one of those affected, your PC might want to upgrade to the new version by itself soon.

Who gets the automatic update?

First of all, only the Home and Pro editions of Windows 11 24H2, the not managed by an IT department These are typically private computers and smaller companies without centralized management. Microsoft uses a machine learning-based rollout process for distribution, which checks whether your device is ‘ready’ for the update.

The good news: You don't have to do anything active. Microsoft writes in the Windows release health notes that the update comes automatically if your system is eligible for it. However, you can set the restart time yourself or postpone the update completely if it does not fit.

This is how you control the update

If you want to control the automatic rollout, you have several options:

Restart time affect: Set up your "Use Times" in the Windows settings. Then Windows avoids restarts during these times.

Postpone update: Go to "Start" → "Settings" → "Windows Update" and use the "Suspension Updates" option. This will allow you to delay the installation.

Early birds can upgrade immediately

Who has the option in the Windows update settings ‘Receive the latest updates as they become available’ activated, gets even faster. For these users, distribution also starts on all suitable devices.

Do you want to check for yourself if yours is ready? Simply go to "Settings" → "Windows Update" and click on "Check for Updates". When your computer is ready, you will see the option to download and install Windows 11 25H2.

Context: 23H2 users are already on it

For classification: About three weeks ago, Microsoft had already announced the automatic update of Windows 11 23H2 to 25H2 started. However, this had a different background, because the 23H2 version has reached its service end and must therefore be updated.

The 24H2 users are now concerned with the ‘normal’ rollout of the new version, not with a forced update due to the end of support.

Article 9

Critical Grafana Gap with CVSS 10.0: Identity theft and admin rights possible

Attention, all Grafana Enterprise users: There is an extremely critical vulnerability with the maximum possible CVSS score of 10.0!

The vulnerability CVE-2025-41115 allows attackers to hijack user identities and even gain admin rights under certain conditions. Grafana has already provided updates, you should install this as soon as possible.

Background: What is Grafana?

For those who don't know Grafana: It is a popular tool for visualizing and analyzing data. This allows you to create interactive dashboards, define alarms and monitor your entire infrastructure and applications. Grafana is available both as an open source version and as an enterprise version with enhanced features.

What's the problem?

The gap is in Grafana Enterprise in versions 12.0.0 to 12.2.1. If you have enabled SCIM (System for Cross-domain Identity Management), attackers can create a user with a numeric external ID. Grafana then incorrectly assigns this external SCIM ID to an internal user ID and interprets the numeric values as internal user IDs.

In the worst case, this means: An attacker could create a new user, which is then treated like an existing internal account -> including admin account. The result: Identity theft, rights expansion, and full access to your Grafana instance.

Who is affected?

The weak point only affects you if both these conditions are met:

  1. The feature flag ‘enableSCIM’ is set to ‘true’
  2. The configuration option ‘user_sync_enabled’ in block ‘[auth.scim]’ is also set to ‘true’

The good news: If you do not use SCIM, you are not vulnerable. And even better: The Open source edition Grafana OSS is not affected. Managed offerings also Amazon Managed Grafana and Azure Managed Grafana are already secured. Grafana has coordinated directly with AWS and Microsoft.

What do you have to do?

Grafana has announced the Enterprise version 12.3 At the same time, three patched versions were released:

  • Grafana Enterprise 12.2.1
  • Grafana Enterprise 12.1.3
  • Grafana Enterprise 12.0.6

All three versions resolve the critical vulnerability CVE-2025-41115. If you are using an affected version and have activated SCIM, you should immediately Update to one of the patched versions.

Sun-Tsu derivation this week deals with vulnerabilities.
‘The place of least preparation is the enemy’s gateway. Protect your weakest, for they determine the strength of your walls.”

Meaning: Weaknesses in the Supply chain (Third-party risk) and End-users (Social engineering, phishing) are the primary attack vectors and require the highest level of attention.

Stephan
|
| | | | | | |
to the top | homepage | to search