Svoboda

Svoboda Cybersecurity Brief April 13, 2025

SK Inc. allegedly hacked by Qilin ransomware group

Qilin ransomware group claims to have exfiltrated 1 TB of data from SK Inc., including documents allegedly proving ties to influential political figures. The group demands ransom, threatening to sell the data if unpaid within 48 hours.
Source: DataBreaches.net

Tycoon2FA phishing kit evolves with stealthier evasion tactics

Tycoon2FA, a PhaaS platform targeting Microsoft 365 and Gmail, now uses Unicode obfuscation, self-hosted CAPTCHA, and anti-debugging scripts to evade detection. Trustwave reports a 1,800% surge in SVG-based phishing lures.
Impact: Bypasses MFA and endpoint security.
Mitigation: Block SVG attachments, use FIDO-2 MFA, and verify sender authenticity.
Source: BleepingComputer

AI-hallucinated code dependencies pose new supply chain risk (“slopsquatting”)

Researchers warn of slopsquatting, where attackers create malicious packages matching names hallucinated by AI coding tools. Study shows 20% of AI-generated code snippets reference non-existent packages, with 58% repeatability.
Impact: Potential compromise of dev environments via fake dependencies.
Mitigation: Manually verify packages, use dependency scanners, and test AI code in isolation.
Source: BleepingComputer

UnitedHealth demands repayment of loans issued post-Change Healthcare breach

UnitedHealth is aggressively recalling no-interest loans given to healthcare providers after the 2024 Change Healthcare cyberattack, contradicting earlier assurances. Some providers face hundreds of thousands in immediate repayments.
Source: DataBreaches.net

DOJ launches Data Security Program to block foreign adversaries from sensitive data

The U.S. DOJ enforces Executive Order 14117, restricting foreign access to genomic, financial, and geolocation data. A 90-day grace period allows compliance efforts, with enforcement starting July 8, 2025.
Source: DataBreaches.net

Share this brief: https://svo.bz/C1M4