92 is half of 99

News from the KW50.2025

Wews re-reading. Everything that happened between 8.12 and 14.12 in KW 50, 2025. Enriched with personal opinion, I present you some of the highlights that we would otherwise have missed this week.

Prompt philosophy | Netflix VS Paramount | Notepad++ | MCP OpenSource | U.S. Entry Downgrade | Spiderman phishing kit | WinRAR gap | Diablo4 Addon Lord of Hatred | Social Media ab16

Article 1

The Art of Good Prompting: Philosophy meets AI

What makes a really good prompt? Amanda Askell of Anthropic shows how philosophical thinking helps to make the most of AI tools.

Anyone who works with AI tools such as Claude or ChatGPT on a daily basis knows the problem: Sometimes the AI delivers exactly the desired results and sometimes it shoots completely past the target. The difference often lies in the way we formulate our requests. On t3n.de there is a nice article about it.

More than just experimenting

Amanda Askell, philosopher and AI researcher at Anthropic, gave a fascinating insight into how she works in the company’s own podcast ‘Ask Me Anything’. Your approach: Prompt engineering is much more than trial-and-error.

"It's about being willing to interact a lot with the models and really looking at every single outcome," Askell explains. Experimentation is only part of the equation. The other, often underestimated part: crystal clear communication.

The philosophical advantage

Askell's academic background: She received her doctorate in ‘Infinite Ethics’ from New York University and studied philosophy at Oxford. This proves to be a surprising advantage.

Here I actually think that philosophy can be useful for prompting, because much of my work is to explain certain problems, concerns or thoughts to the model as clearly as possible.

At Anthropic, she has been leading a team working to make language models more honest and with better ‘characteristics’ since 2021, a fascinating project at the intersection of technology and ethics.

The new colleague needs context

Anthropic itself compares AI tools with new team members: They are competent, but do not know the internal processes or the preferred ways of working. In its July 2024 Prompt Engineering Overview, the company recommends that AI be briefed accordingly in detail.

In concrete terms, this means:

  • Define clear role distribution
  • Precisely describe the desired format and style
  • Provide relevant context
  • Provide concrete examples, if possible

Prompt engineering is not dead.

The need for highly specialized prompt engineers with six-figure salaries may have declined, but Askell's work shows: The ability to formulate precise instructions remains valuable.

As tools become more accessible, the quality of communication continues to determine success. If you really want to exploit AI tools, you can't avoid thoughtful prompting.

conclusion

The most important lesson: Treat your AI like a capable but inexperienced colleague. Take the time to formulate your request precisely. And don't be afraid to work iteratively, because every interaction helps you understand how to achieve better results.

Sometimes it is the ‘soft’ skills such as clear communication and structured thinking that make the difference, especially in the age of artificial intelligence.

Article 2

PLOT TWIST! Paramount scrambles Netflix in between when Warner takes over.

The deal that seemed safe? I guess it wasn't so sure. Now there are 108 billion on the table!

Do you remember last weekend? Netflix announced Warner Bros. Discovery for $82.7 billion. The streaming crown should belong to Netflix, Harry Potter, Game of Thrones, DC; All under one roof. We wrote about it and it looked like a Done deal.

Well, yeah. Welcome to Hollywood, where nothing is ever really safe.

Now comes Paramount Skydance around the corner and pops in $108 billion offer on the table. These are 25.7 billion more It was Netflix. And while Netflix offers a mix of cash and stocks, Paramount comes with Complete cash: $30 per share, full in cash. No stocks, no games, just cash.

The best? Paramount is turning Directly to Warner shareholders – past the board. This is called a hostile takeover. Or in German: "We don't ask politely, we just offer more and you decide."

What was the Netflix deal again?

In case you missed the original story:

Netflix offered:

  • $27.75 per Warner Bros. Discovery share
  • Equity value: $72 billion ($23.25 cash + $4.50 Netflix shares)
  • Total value including debt: $82.7 billion
  • Break-up Fairy: $5.8 billion (Netflix will pay Warner if deal breaks)

What Netflix should get:

  • Warner Bros. Studios (film production)
  • HBO Max (130 million subscriptions worldwide) + HBO
  • The complete film library (Casablanca to Dune)
  • DC Studios (Superman, Batman, Wonder Woman)
  • Harry Potter & Lord of the Rings
  • Game of Thrones, The Last of Us, Succession, Friends
  • Warner Bros. Games (Hogwarts Legacy, Batman Arkham)

What NOT to do with Netflix:

  • CNN, TNT Sports, Discovery+ and all Discovery channels

Netflix just wanted it. Studio and streaming fillets, Warner should continue the rest as a stand-alone company called ‘Discovery Global’.

Paramount says: ‘Not so fast, buddy!’

Paramount Skydance, even newly merged under CEO David Ellison (son of Oracle billionaire Larry Ellison) had previously tried to buy Warner. Two previous offers (First $20 per share, then $24) Warner had rejected. But $30? It's a completely different house number.

What makes Paramount different:

1. More money:

  • $30 per share (vs. $27.75 from Netflix)
  • Total value: $108.4 billion
  • 100% Cash, no stock trickery

2. Complete takeover: Paramount wants to!everything! including CNN, TNT Sports, Discovery+ and all the Discovery stuff. No splitting, no complications. One big media empire.

3. Political connections: David Ellison Good relations with Donald Trump. This could make all the difference for the antitrust authorities (more on that).

Why Paramount calls Netflix 'inferior'

In a public letter to Warner shareholders, Paramount argues razor-sharply:

Netflix's deal is problematic because:

  • Volatil: The stock component makes the deal unsafe (stock market caps, anyone?)
  • Regulatory risk: 43% Market share in streaming? That cries out for antitrust alerts!
  • Inexperienced: Netflix has never made a mega-acquisition of this magnitude.
  • Complicated: Breaking Warner into two parts is difficult and time-consuming

Paramount deal is better because:

  • Cash is King: Immediate liquidity for shareholders, no bets on Netflix shares
  • Faster: No complicated splitting, just take over everything
  • Regulatory easier: Paramount + Warner is still smaller than Netflix + Warner
  • Experienced: Paramount just bought Skydance for $8 billion and knows how it works

And then comes the Trump card (Word play intended): David Ellison's family are massive Trump supporters. Donald Trump has already cautious I'm talking about the Netflix deal, and I think I'd prefer a Paramount deal. In the United States in 2025, political influence can make all the difference.

Here, too, I have a video for reading rotten with details:

The antitrust minefield

This is where it becomes political (and dangerous) because both deals have Massive regulatory hurdles.

Netflix scenario:

  • Over 302 million Netflix subscriptions + 130 million HBO Max subscriptions = Potentially 430+ million users
  • That would be about 30% the US Streaming Market (YouTube excluded)
  • Content monopoly: Netflix has a library that no one can keep up with.
  • Political headwinds: U.S. Congressmen, the Directors Guild of America (DGA) and anonymous film producers have already issued warnings
  • International problems: In the EU, Netflix would merge with the second or third largest competitor in many countries

This U.S. Department of Justice I am sure it will be examined intensively. Netflix expects 12-18 months until approval.

Paramount scenario:

  • Paramount + Warner still smaller Netflix alone
  • But: Here, too, there is consolidation in an already shrinking market
  • Trump factor: Could speed up permits (or not, who knows exactly?)
  • Paramount argues the deal is "Competitive", Because it doesn't make Netflix any bigger.

Now what? Who wins?

This is the The billion-dollar question (literally). Warner Bros. Discovery must now decide:

Netflix offer:

  • Low per share ($27.75)
  • Part cash, part shares (volatil)
  • Only Studio + Streaming, Discovery Global remains independent
  • Regulatory riskier
  • Longer approval period (12-18 months)

Paramount offer:

  • Higher per share ($30)
  • 100% Cash (safe)
  • Complete takeover, no splitting
  • Possibly easier to regulate
  • Political Connections (Trump Factor)

At first glance, Paramount is more attractive to shareholders: More money, immediately, in cash. But Netflix has already secured exclusive bargaining rights, and the board recommends shareholders wait for now.

Paramount has the offer up to 8 January 2026 It is valid (but can be extended). Netflix co-CEO Ted Sarandos said: The Paramount offer was ‘fully expected’ and one is ‘super confident’ that one’s own deal is going through.

Conclusion: Popcorn ready, folks!

What we are experiencing here is Pure Hollywood drama This time it's not on the big screen, it's on the board.

The Netflix deal would result in:

  • The world's largest streaming platform
  • One of the most legendary studios in film history under one roof
  • HBO, DC, Harry Potter, Lord of the Rings, Game of Thrones
  • Over 430 million potential subscribers

This is power. Enormous, concentrated power. As with Spider-Man: With great power comes great responsibility.

But now Paramount comes and says: ‘Not so fast!’ With a higher offer, political connections and the promise to preserve competition instead of destroying it.

The question is: Who wins? Netflix with the structured deal and streaming dominance? Or Paramount with more cash and political tailwind?

The next Weeks and months Get wild. Antitrust authorities, trade unions, filmmakers, politicians and, of course, shareholders will have a say. What about us? We look at how the future of film, television and entertainment is shaping up.

James Cameron put it in a nutshell: “A vibrant, competitive industry is essential.” But with both Deals will make the industry less competitive, not more. The question is only: What is the lesser evil?

TL;DR

  • Netflix offered last week: $82.7 billion for Warner Bros. Studio + streaming
  • Paramount counters NOW: $108 billion for full Warner Bros. Discovery, 100% Cash
  • The problem: Both deals have massive regulatory hurdles and opponents
  • For us: HBO Max launches in Germany in January, but the future is completely unclear
  • James Cameron: If Netflix is catastrophic, Paramount would prefer
  • The reality: No matter who wins, Hollywood will change fundamentally.

One thing is certain: After this deal, Hollywood will never be the same again. Is it good or bad? We won't really know until a few years from now. Until then: Stay tuned, stay critical, and maybe... go to the movies again? As long as there are still some.

The poker for Hollywood's crown jewels goes into prolongation. And we have the best seats in the front row. ⁇

Article 3

Notepad++ Updater distributed malware: Update to version 8.8.9 now!

That's bad: The integrated updater of the popular open source text editor Notepad++ has installed malware on some PCs.

Attackers were able to intercept and manipulate update traffic to subvert malicious software. Developer Don Ho has come up with the versions 8.8.8 and 8.8.9 Respond, so you should Instantly update manually!

What happened?

According to Don Ho, security experts have reported incidents, where the Internet traffic was hijacked by Notepad++. During the investigations, it came out: The traffic of the Notepad++ updater WinGUp was ‘occasionally redirected to malicious servers’, resulting in the downloading and installation of compromised executable files.

IT security researcher Kevin Beaumont reports at least three organisations with ‘interests in South Asia’, They were targeted in this way. So these are targeted attacks, but theoretically any Notepad++ user could be affected.

How did the attack work?

So far, the updater has worked like this: He asked the URL. https://notepad-plus-plus.org/update/getDownloadUrl.php and evaluated the returned XML file. This XML contains the download URL for the update, which is then %TEMP%-folder was saved and executed.

The problem: Anyone who could intercept and manipulate this traffic (e.g. through man-in-the-middle attacks) could change the download URL and point it to their own malicious server. Until Version 8.8.7 Notepad++ used a self-signed certificate whose code was publicly stored on GitHub. This made it possible to create manipulated updates that were accepted as legitimate by the updater.

Since v8.8.7, Notepad++ has been using a legitimate GlobalSign certificate, But that alone did not prevent the attacks.

What was fixed?

Don Ho responded quickly and released two updates in a row:

Version 8.8.8:

  • The updater WinGUp now uses mandatory github.com as download source

Version 8.8.9 (latest version):

  • Notepad++ and WinGUp now correctly check the Signatures and certificates Downloaded installers
  • If the check fails, the update process is aborted
  • More hardening measures against traffic hijacking

The investigations are still ongoing, by the way; It is still analysed how exactly the traffic hijacking took place in the observed cases.

How do you know if you are affected?

Kevin Beaumont has some Indicators of Compromise (IOCs) Here's what you should look out for:

Suspicious links:

  • If: gup.exe Links to URLs other than notepad-plus-plus.org, github.com or release-assets.githubusercontent.com builds

Unusual processes:

  • If: gup.exe Processes other than explorer.exe or npp*-related Notepad++ installer starts
  • Legitimate installers have been signed with GlobalSign certificate since version 8.8.8

Suspicious files:

  • Files named update.exe or AutoUpdater.exe in the user TEMP directory
  • Notepad++ itself does not use these names at all!

If you find such traces, you should check your computer thoroughly for malware.

What do you have to do now?

Important: The integrated updater does not yet find version 8.8.9 automatically! Tools such as winget I don't have the update yet. So you have to manually become active:

Go to the official Notepad++ website (notepad-plus-plus.org)

Load up Version 8.8.9 manually down + Installs the update

Beaumont recommends at least v8.8.8, but v8.8.9 is even better secured

Context: Notepad++ frequently in the sights

Unfortunately, the fact that Notepad++ is being attacked is not an isolated case. The software is extremely popular and widespread – an attractive target for attackers. Last year, Don Ho had to take action against a ‘parasitic website’ that approached the original Notepad++ page in Google search results and offered fake, virus-infected downloads.

Remember: Always loads Notepad++ only From the official site notepad-plus-plus.org down!

Article 4

Anthropic hands over Model Context Protocol (MCP) to new Agentic AI Foundation

Interesting development in the AI world, read on heise.de: Anthropic separates from Model Context Protocol (MCP) Not because the project failed, but on the contrary: The Linux Foundation has Agentic AI Foundation (AAIF) MCP will continue as an open source project in neutral hands. A clever move for the future of AI agents!

What is the Agentic AI Foundation?

Under the new umbrella of AAIF, the Linux Foundation is collecting open source projects around agent-based AI. We start with three well-known projects:

  • Model Context Protocol (MCP) by Anthropic
  • goose platform from Block
  • Agents.md specification by OpenAI

The objective: One independent and open basis create agent-based AI projects that can be developed in a transparent, stable and collaborative manner. The Linux Foundation is positioning itself as a neutral home for an AI infrastructure ‘on which the world can rely’. Would say that is a great claim!

Who's behind it?

The list of main members reads like the tech industry’s who’s who:

Main members are Amazon Web Services, Anthropic, Block, Bloomberg, Cloudflare, Google, Microsoft and OpenAI

Other notable members (not less spectacular) Docker, Hugging Face, IBM, JetBrains, Oracle, Snowflake, SUSE, Kubermatic – and many more!

It is noteworthy that here direct competitors such as Google, Microsoft, OpenAI and Anthropic sit together at the same table. This shows how important open standards are for the future of AI agents.

Why does Anthropic release MCP?

Anthropic justifies the handover by “promoting innovation in the agent-based AI ecosystem”. The move aims to ensure that “these enabling technologies remain neutral, open and community driven”.

Sounds like a selfless act, right? Yes, but it also makes strategic sense: A neutral protocol, which is not controlled by any single company, has a better chance of establishing itself as a standard. And when MCP becomes the de facto standard for AI agents, everyone benefits in the end, including Anthropic.

Important: Anthropic does not withdraw completely! The company assures, Continue to invest in the growth of MCP to want. The governance model and the role of maintainers are preserved! So it's not about getting rid of the project, it's about leading it into a sustainable community-driven future.

What does this mean for the future?

The establishment of the AAIF could be an important step for standardization in the field of AI agents. Currently, each company develops its own approaches and protocols, which leads to fragmentation and makes interoperability more difficult.

With the AAIF under the roof of the Linux Foundation, there is now a neutral platform, where different players can work together. This is reminiscent of other successful open source initiatives of the Linux Foundation such as the Cloud Native Computing Foundation (CNCF) with Kubernetes.

Sidenote: Online conference on AI-enabled development

If you are interested in the topic: On 29 January 2026 Find the Online Conference betterCode() GenAI instead. It covers all important topics related to AI-enabled software development: From the right tools to Agentic AI and Vibe Coding to security and migrating legacy systems with AI support.

conclusion: The handover of MCP to the AAIF is a clever move by Anthropic and could be a turning point for the standardization of AI agents. If the big players actually work together instead of each cooking their own soup, it could significantly speed up the development of AI agents. We'll stay tuned!

Article 5

U.S. wants 5 years of social media history on arrival: That's what you need to know

Krasser Plan from the USA, read on golem.de: The U.S. Authority Customs and Border Protection (CBP) published a proposal, It could massively change the way you enter the United States. Millions of travelers from 42 countries. (including Germany) In the future, their entire Social media history of the last 5 years disclose. This Could Make U.S. Travel Much More Complicated The New York Times also.

Who would be affected?

The proposal applies to all countries of the Visa waiver programme (ESTA). These are countries whose citizens have so far been able to enter the United States without a visa. These include:

  • Germany
  • France
  • Japan
  • And 39 other countries (Romania was removed from the list)

Until now, it was sufficient to provide an e-mail address, telephone number and an emergency contact when submitting an ESTA application. That could change drastically.

What will travelers say in the future?

The amount of data CBP wants to collect is enormous:

Social media & Communication:

  • All social media accounts of the last 5 years
  • E-mail addresses of the last 10 years
  • IP addresses and metadata from uploaded photos

Family data:

  • Names, dates of birth, places of residence and places of birth of parents, partners, siblings and children

Biometric data: In the list of targeted “High Value Data Fields”, CBP also mentions:

  • Facial recognition, fingerprints, DNA and iris patterns

Important: So far, this is just a proposal! However, the direction appears ‘crystal clear’.

Data protectionists and the tourism industry are sounding the alarm

Reactions are expected to be severe. Bo Cooper The law firm Fragomen warns against a fundamental system change: While previous social media audits verified concrete facts such as possible crimes, the new system would make online statements. comprehensively assess, with decisions at the discretion of the Authority.

Sophia Cope From the Electronic Frontier Foundation: “Finding terrorists and other criminals has not proven effective.” Rather, such measures would have affected the freedom of expression and privacy of travellers and their American contacts.

Legal basis: Executive Orders of 2025

CBP invokes the following justification:

  • Executive Order 14161 of January 2025 (‘Protecting the United States From Foreign Terrorists and Other National Security and Public Safety Threats’)
  • A memorandum of 4 April 2025 on the collection of ‘baseline data’ in all government forms

Even more drastic: Exit control via smartphone

Another controversial point that the New York Times has not taken up: CBP plans to Voluntary Self-Reported Exit (VSRE) pilot programme in the CBP mobile home app.

Travellers should be able to report their departure ‘voluntarily’ by: Transmitting biometric data:

First face recognition, then geolocation (to confirm that you are actually outside the US) and finally a so-called ‘liveness detection’ (check if it is a real live photo).

The transmitted data are compared with already stored facial photos, thus creating a ‘biometrically confirmed exit record’. Officially, this should close an information gap between entry and exit.

ESTA website is shut down

A drastic change is also imminent: The ESTA website will be completely disabled for new applications. In the future, applications should exclusively via the ESTA mobile app submitted. The website remains online only as an information source and for the status query.

CBP’s explanatory memorandum: The National Targeting Center identified over 2,400 bad passport photos and over 8,000 invalid photographs that resulted in failed facial recognition matches. CBP suspects that travelers are deliberately exploiting this vulnerability to bypass auto-checking with intentionally blurred images. The agency said it had identified hundreds of fraudulent ESTAs with forged passport data.

New requirements for ESTA applications

The mobile app will use new authentication methods:

  • Liveness detection (No pre-made photos)
  • Face recognition
  • NFC-based passport scanning Validation of the electronic chip

Also Third party applications Travel agencies or family members must include a self-portrait of the applicant in the future. The previous selfie requirement becomes optionally obligatory.

What's next?

The authority is now taking 60 days of public statements to the contrary. If the proposal is approved, implementation could: within a few weeks or months take place.

The time window for contradiction is therefore very short!

What does this mean for you?

If these rules do come true, you should be prepared for the following:

U.S. travel is much more expensive

  • Plans more time for ESTA application
  • Think about which social media accounts you want/need to include
  • Checks if old posts could be problematic

Data protection becomes a problem

  • Your complete online history of the last 5 years lies with U.S. authorities
  • Your family members are also affected.
  • Biometric data is collected comprehensively

Smartphone is mandatory

  • ESTA application no longer possible without a mobile app
  • Exit control via app with face recognition and GPS

Refusal to enter possible

  • Social media posts can lead to rejection
  • Decision is at the discretion of the authority
  • No clear criteria as to what is ‘problematic’

conclusion: This proposal goes far beyond previous entry controls and could make U.S. travel significantly more difficult for millions of people. Whether the measures actually increase security or only massively interfere with privacy is controversial. The next 60 days will show whether enough resistance is coming to stop or mitigate the plans. If you want to travel to the USA in the near future, you should keep an eye on the development!

Article 6

Spiderman phishing kit: Major threats to European banking customers

Red alert for bank customers in Europe: A new phishing kit called ‘Spiderman’ makes it terrifyingly easy for cybercriminals to attack customers of dozens of European banks. The special feature: With just a few clicks Attackers can create pixel-perfect clones of banking sites! Phishing SaaS without any programming skills. Deutsche Bank, Commerzbank, ING and many more are affected.

What makes Spiderman so dangerous?

The kit is an Complete all-in-one framework for phishing attacks. It provides a professional platform for cybercriminals to launch phishing campaigns, intercept credentials and manage stolen data in real time.

The really frightening thing: No more technical knowledge needed! Previously, web development and phishing expertise was needed. A few clicks are enough today:

  1. Select a bank
  2. Create the perfect clone of the login page
  3. Send finished phishing mail that looks like from the real institute

This automation is part of an alarming trend with tools like SpamGPT, MatrixPDF, and Atroposia making mass attacks ever easier.

Scope: Dozens of banks, several countries

While many phishing kits focus on a single bank, Spiderman consolidates dozens of European financial markets in a kit for transnational attacks on a large scale.

Affected banks (excerpt):

  • Deutsche Bank
  • Commerzbank
  • ING (Germany & Belgium)
  • Sparkasse
  • And many more

Also crypto wallets in the sights: Ledger, Metamask and Exodus

Even government portals They are replicated!

The scope suggests that the framework is already Used on a large scale will. A Signal group linked to Spiderman's salesman has around 750 members, This shows a large, active user community.

For the reading lazy Jim Love from (minute 1:30) in the video also has a summary:

The professional control panel

Spiderman's Operator Dashboard is terrifyingly mature and features real-time victim sessions:

Live session monitoring Tracks every target status in real time

One-click credential export can export stolen data with one click

PhotoTAN capture Real-time interception of OTP codes (2FA)

Complete harvesting of credit cards and identity data

The flexible, multi-level approach is particularly effective in European banking fraud: Login credentials alone are often not enough for transactions. That's why Spiderman can enter after the first Trigger additional prompts: Credit card number, expiration date, phone number, PhotoTAN code

Each session is logged with a unique ID so that attackers can maintain continuity throughout the phishing workflow.

This is how the attack works

Step 1: Select a bank The attacker selects the bank or service they want to imitate, clicks on ‘Index This Bank’ and the kit automatically prepares a phishing page copy. Unfortunately also complete with login, password, PhotoTAN/2FA prompts and credit card entry forms.

Step 2: Victim enters data As soon as the victim enters the username and password, the data immediately sent to the operator panel.

Step 3: Real-time requests The operator can then trigger further requests in real time and retrieve the following data:

  • Username and password
  • Full name
  • telephone
  • birthday
  • Credit card details
  • User Agent & IP metadata

The result: More than enough information for account takeovers, SIM swap attacks, credit card fraud and identity theft.

Advanced targeting and filtering features

Spiderman comes with an unusually detailed Access control module, which optimizes attacks and makes detection more difficult:

Country whitelisting: Only allow traffic from certain countries (Germany, Austria, Switzerland, Belgium, etc.)

ISP/ASN whitelisting: Block visits to known data centers, VPNs or unwanted networks

Device type filtering: Deliver phishing page only for specific device types (Desktop, Mobile, Android, iOS)

Custom redirect control: redirect unwanted visitors to Google or another harmless site instead of the phishing site

These anti-analysis controls allow the kit to: bypass automated crawlers, security scanners and threat intelligence tools, which makes detection much more difficult.

Why Spiderman is Dangerous

1. Consolidation in an interface

Most phishing kits focus on a bank or region. Spiderman brings together dozens of institutions across five countries. This increases efficiency and enables fast pivots between regions.

2. Bypass traditional detection

With ISP whitelisting, geo-blocking, and device filtering, Spiderman dramatically reduces visibility for cybersecurity professionals. Many phishing detection products are designed to scan exactly the infrastructure that this kit explicitly filters out.

3. Strong focus on crypto theft

The capture modules for crypto-seed phrases (ledger, metamask, exodus) signal a shift to hybrid banking + crypto fraud operations.

4. Real-time OTP interception becomes the norm

The inclusion of phototan and OTP capture shows a high level of sophistication. European banks that rely on TAN authentication remain particularly vulnerable.

5. Long-term evolution is inevitable.

Because Spiderman is modular, new banks, portals and authentication methods can be added. If European countries update their e-banking flows, this kit is likely to evolve in parallel.

What can you do?

For bank customers:

  • Examine URLs closely
    Even if the page looks real, the URL checks in the address bar
  • Never follow links from emails
    Always enter banking URLs manually or use bookmarks
  • Activates strong 2FA
    But be careful: PhotoTAN can also be intercepted
  • Be suspicious of additional queries
    Banks don't usually ask for all the data in one go
  • Reports suspicious emails
    Best to go directly to your bank

For companies:

  • Training for employees
    Phishing awareness is essential.
  • Advanced email filtering
  • Threat intelligence
    Use it to identify Spiderman infrastructure
  • Zero trust architectures

For security teams:

  • Pay attention to the characteristic filter mechanisms by Spiderman
  • Uses various test environments (various ISPs, devices, locations)
  • Monitors signal groups and underground forums on kit distribution

conclusion: Spiderman is one of the most dangerous phishing kits we've seen this year. The combination of professional structure, broad target coverage, real-time data collection and anti-detection features makes it a serious threat to European banking customers. With around 750 active users in the corresponding Signal group, this kit is not a theoretical threat, but already in use.
If in doubt, doubt too much rather than too little!

Article 7

WinRAR gap is actively exploited: Update immediately!

Bad news for those who still use old WinRAR versions: A security vulnerability (which was patched in the summer) is now actively attacked! The vulnerability allows attackers to inject malicious code. If you are using WinRAR, you should immediately update to version 7.13.

What happened?

The U.S. security agency CISA has identified the WinRAR vulnerability in its Known Exploited Vulnerabilities catalogue recorded. This is the official collection of security vulnerabilities that have been proven to be under attack. In other words: This is no longer a theoretical threat, but attackers are already actively exploiting the gap!

The vulnerability became known at the end of June when WinRAR closed it in version 7.12b1. Nevertheless, many users are still on the road with vulnerable versions, and that is exactly what they are now targeting.

Which versions are affected?

All WinRAR versions up to 7.11 are vulnerable. This applies not only to WinRAR itself, but also to RAR, UnRAR, Portable UnRAR and UnRAR.dll. Only from version 7.12 Beta 1 is the gap patched.

What makes the gap so dangerous?

The vulnerability (CVE-2025-6218) has a CVSS score of 7.8 (high risk) and allows code smuggling through manipulated archives. The way it works is treacherous: When extracting files, WinRAR can be made to use a path specified in a manipulated archive instead of using the path selected by the user.

Trend Micro's Zero Day Initiative explains it in more detail: The error lies in the handling of paths within archive files. A prepared file path can cause the process to migrate to unintended directories, a classic path traversal attack. The result is bad: Attackers can execute arbitrary malicious code in the context of the current user. So if you unzip a manipulated RAR file, attackers could execute arbitrary code on your system with your user rights.

What do the attacks look like?

Unfortunately, the details are unclear. Neither Rarlabs nor ZDI specify which file types are specifically affected. But it is clear: Attackers can and do exploit this with manipulated files. CISA does not reveal what exactly the attacks look like, nor to what extent they take place, nor is there any indication of how to find out if you are affected yourself.

This makes it particularly uncomfortable: You don't know if you've already been attacked, and you can't just check it out. The only safe solution is the update.

Why is this particularly critical?

WinRAR is one of the most widely used pack programs for Windows, making it an attractive target for attackers. Millions of users worldwide have installed it, often on company computers, and many of them use old versions. The perfidious: Archives are often unpacked from emails or downloads, and users usually trust these files. Path traversal attacks are difficult to detect.

The fact that CISA has listed the gap definitely means that attacks are taking place. The exploit could already be used in phishing campaigns, putting both companies and private users at risk.

Context: WinRAR and Security Vulnerabilities

Unfortunately, this is not the first time WinRAR has made headlines with critical security vulnerabilities. There was a severe code execution gap in 2023 (CVE-2023-40477) and a critical vulnerability was discovered in 2019 that went unnoticed for 19 years (CVE-2018-20250). The difference this time: This "new" gap is already being actively exploited!

Alternatives to WinRAR

If you're thinking about switching, there are good free open source alternatives. Yes, I am aware that there are people who only ‘try’ WinRAR so far. But at least one of them is known to have actually bought it! See for yourself:

For everyone else: 7-Zip supports most formats including RAR and is very reliable. PeaZip offers a modern UI and many formats, while Bandizip It is particularly fast and user-friendly. All these programs can also open RAR archives and are regularly maintained.

For IT admins

If you use WinRAR in your company, there is a lot to do. As an immediate measure, you should check which versions are in use, roll out version 7.13 about your software distribution and inform users and ask for manual updates. During monitoring, you should check logs for suspicious extraction operations, pay attention to unexpected processes after archive unpacking and keep your EDR/AV systems up to date.

In the long term, it is worth evaluating whether WinRAR is still necessary to consider migrating to open source alternatives and implementing application whitelisting.

Article 8

‘Hell is cooking again, because Diablo 4: Lord of Hatred is just around the corner!’

So guys, hold on to your Crusader helmets, Blizzard has at the Game Awards News delivered! With Lord of Hatred This is the second major expansion for Diablo 4 This brings not only fresh wind (or rather sacred storm) to Sanctuary, but also a new/old playable class: the Paladin!

Yes, read correctly: The legendary Paladin is back and pre-orders can from now on play. The holy warrior goes into battle with sword, shield and divine powers. Who is already in Diablo 2 Beaten by the hordes with a "Blessed Hammer" or "Fireman", you can look forward to many well-known skills, but also to new ones, especially for Diablo 4 Developed skills.

And the best part: This is just the beginning. Blizzard confirmed that in April A second new class to come. Officially, the studio is still covered, but the community is already heavily speculating about a return of the Amazon. It would be an epic duo start into the new age of hate, wouldn't it?

New regions, new systems and leisure activities!?

With Skovos There is also a completely new area to explore (the ancient home of Lilith and Inarius). A dark mixture of volcanic landscapes, sunken temples and ancient ruins, populated by new enemies and dark dungeons awaits you.

A lot is also being reworked in a playful way:

  • The Skill tree Get new branches.
  • One Loot filter Helps with targeted farming of top gear.
  • The Horadrim cubes celebrates its comeback as a central crafting tool.

If you like it a little more relaxed: There are It's fishing! Yes, seriously! You can now cast the rod in Sanctuary (and probably be eaten by demons again...).

Everything in it (and more)

To the release on 28 April 2026 gives’s Lord of Hatred in several editions, all including the first expansion Vessel of Hatred. In addition, Blizzard releases a complete collection; Perfect for those who want to discover the chaos of hell only now. Newcomers also get a little insight here:

Whether you're playing on PC, Xbox or PlayStation, crossplay and cross-platform progress are back in action. So, grab your hammer of faith, polish your shield and get ready: The war against Mephisto is getting hot!

Article 9

Social media? Only from 16! The majority of Germans support it

Well, would you have thought that? More and more people in Germany are in favour of completely banning social media for kids under the age of 16. According to a current Survey of the Institute INSA (for the Photo on Sunday) are 60% The Germans for it.

The whole thing is oriented Australia, Where since 10. December 2025 There is a social media ban for people under the age of 16.. Instagram, TikTok, Snapchat, YouTube, Facebook, X (formerly Twitter), Reddit are all there. If you are under 16, you may no longer have your own account on these platforms. That's a tough number, isn't it?

Do you agree with the younger ones, (no) big surprise?

Exciting: It's not just older people who celebrate the idea. Even among the under 30 years of age is a Larger group (40 percent) for such a ban. Only 37% are against it. Apparently, many young adults see the downsides of social media; constant pressure, comparisons, FOMO and Co.

Politically, this goes through the parties: Followers of Greens (71 %)CDU (70 %) and SPD (69 %) are especially for it. Even at AfD– and FDPVoters are still around 57%.

Australia is the beginning

Down Under, the government had already waved through the law in 2024 and now it is official. Ten platforms must introduce age controls to lock out minors. Technically, of course, this is a huge challenge, and many are already wondering: How do you actually want to check this?

The platform Reddit In any case, he has no buck on it and has gone straight to court. Your argument: The whole thing restricts them. Freedom of Political Communication one. In addition, Reddit (attention, self-description) is not a classic social network, because there the content comes from the community itself. Clever move or rather a desperate attempt to talk yourself out?

Now what?

Whether Germany ever goes as far as Australia is open. But the mood shows clearly: Many would have no problem with it if social media for teens paused for the first time. Maybe because everyone wants the youth to live more offline again, or just get less toxic online stuff.

Sun-Tsu Tech tip this week deals with the following:
‘He whose heart and mind are prepared will win.’

Meaning: Training and awareness-raising of employees (the ‘human element’) is the basis for any defence. Even the best technology fails when people act carelessly.

Stephan
|
| | | | | | | | |
to the top | homepage | to search