Svoboda Cybersecurity Brief July 09, 2025
Jul 09, 2025Massive Phishing Attack Compromises Oncology Network Patient Data
Integrated Oncology Network (ION) suffered a phishing attack between December 2024 and May 2025, exposing patient data including names, addresses, diagnoses, and lab results. Over 116,000 patients across 22 locations were affected, with some Social Security numbers compromised.
Source: DataBreaches.net
Deer Oaks Behavioral Health Settles HIPAA Violation for $225k
Deer Oaks Behavioral Health agreed to a $225k settlement with HHS OCR after a ransomware attack exposed ePHI of 171,871 patients in 2023. The investigation revealed failures in risk analysis and security controls.
Source: DataBreaches.net
Anatsa Banking Trojan Returns via Fake PDF App on Google Play
A malicious app posing as a PDF viewer on Google Play delivered the Anatsa banking trojan, targeting North American banking apps with fake maintenance overlays. The campaign infected ~90,000 users before being removed.
Impact: Credential theft and financial fraud via overlay attacks.
Mitigation: Uninstall suspicious apps, enable Play Protect, and monitor banking accounts.
Source: The Hacker News
Shellter Pen-Testing Tool Weaponized in Malware Campaigns
Hackers abused a legitimate copy of Shellter Elite (v11.0) to package Lumma Stealer, Rhadamanthys, and SectopRAT payloads since April 2025. The tool’s evasion capabilities bypassed detection while delivering infostealers.
Impact: Data exfiltration via sophisticated evasion techniques.
Mitigation: Monitor for Shellter artifacts in network traffic.
Source: The Hacker News
CitrixBleed2 Exploit Details Revealed
Researchers published technical analysis of CVE-2025-5777, a critical Citrix NetScaler flaw allowing memory leaks via HTTP requests. Exploit code can retrieve session tokens from unpatched systems.
Impact: Session hijacking and system compromise.
Mitigation: Apply NetScaler updates immediately.
Source: SecurityWeek
Qantas Extorted After Call Center Data Breach
Qantas confirmed an extortion attempt following a June 30 breach at a third-party call center platform exposing 6M customer records. No financial data was compromised, but personal details were stolen.
Source: SecurityWeek
SAP Patches Critical SRM Vulnerability
CVE-2025-30012 in SAP SRM’s Live Auction Cockpit was upgraded to critical (CVSS 10) as it allows unauthenticated RCE via insecure Java deserialization. Five other critical NetWeaver flaws were also patched.
Impact: Full system takeover via OS command execution.
Mitigation: Apply SAP Security Note 3295956.
Source: SecurityWeek
Malware-Laced Chrome Extensions with 1.7M Installs
11 malicious Chrome extensions posing as VPNs and tools tracked users and redirected traffic, with some active since 2022. Volume Max—Ultimate Sound Booster was flagged for spying.
Impact: Data theft and traffic hijacking.
Mitigation: Remove listed extensions and clear browsing data.
Source: BleepingComputer
Microsoft Fixes 130 Flaws Including SQL Server Leak
July’s Patch Tuesday addressed CVE-2025-49719, a publicly disclosed SQL Server flaw allowing information leaks, plus 12 critical RCE bugs in SharePoint and Kerberos.
Source: SecurityWeek
Batavia Spyware Targets Russian Firms
A Windows spyware campaign since July 2024 exploited CVE-2025-42967 (CVSS 9.9) in S/4HANA to execute malicious reports and compromise systems.
Impact: Full system control via arbitrary code execution.
Mitigation: Patch SAP systems and monitor for suspicious report activity.
Source: The Hacker News
Share this brief: https://svo.bz/LKmi
If you want to support us, you can donate here: Donate