Svoboda Cybersecurity Brief July 11, 2025
Jul 11, 2025UK Police Arrest Four in Connection with Cyberattacks on Major Retailers
UK authorities arrested four individuals linked to cyberattacks targeting Marks & Spencer, Co-op, and Harrods, costing M&S an estimated £300 million in losses. The suspects, aged 17-20, are accused of Computer Misuse Act offenses, blackmail, and money laundering, with ties to the Scattered Spider cybercrime group.
Source: Databreaches.net
Critical Bluetooth Vulnerabilities (PerfektBlue) Affect Millions of Cars
Researchers uncovered flaws in OpenSynergy’s BlueSDK Bluetooth stack, allowing remote code execution in infotainment systems of Mercedes-Benz, Volkswagen, and Skoda vehicles. Attackers could exploit these to track vehicles, eavesdrop, or potentially escalate to critical systems.
Impact: Remote exploitation via Bluetooth, potentially enabling spying or vehicle control.
Mitigation: Apply patches released by OpenSynergy since September 2024.
Source: SecurityWeek
Russian Basketball Player Arrested for Ransomware Negotiation
Daniil Kasatkin, a Russian pro basketball player, was arrested in France for allegedly negotiating ransom payments for a hacker group targeting 900 companies, including US federal agencies. He denies involvement, claiming his purchased second-hand computer was compromised.
Source: BleepingComputer
ServiceNow Vulnerability (CVE-2025-3648) Exposes Data via Misconfigured ACLs
A high-severity flaw in ServiceNow’s platform allows unauthorized data inference via misconfigured conditional ACLs, potentially exposing PII and credentials. The issue affects unauthenticated and authenticated users leveraging range queries.
Impact: Unauthorized data access due to ACL misconfigurations.
Mitigation: Apply ServiceNow’s guidance, including Query ACLs and Security Data Filters.
Source: The Hacker News
Critical mcp-remote Vulnerability (CVE-2025-6514) Enables Remote Code Execution
A flaw in the mcp-remote project (437,000+ downloads) allows arbitrary OS command execution when connecting to untrusted MCP servers. The vulnerability affects versions 0.0.5 to 0.1.15, patched in version 0.1.16.
Impact: Full system compromise via malicious MCP servers.
Mitigation: Update to v0.1.16 and use HTTPS for trusted servers.
Source: The Hacker News
Fake AI/Gaming Firms Spread Malware via Telegram and Discord
Cybercriminals impersonate AI and gaming startups (e.g., Eternal Decay, BeeSync) to distribute malware via trojanized apps like Termius, targeting cryptocurrency users. The campaign uses compromised X accounts and fake websites to appear legitimate.
Source: The Hacker News
AMD Warns of Transient Scheduler Attacks (TSA) Affecting CPUs
AMD disclosed four vulnerabilities (CVE-2024-36350, CVE-2024-36357, etc.) in its CPUs, allowing data leakage via speculative side channels. Microcode updates are available for affected EPYC, Ryzen, and Instinct processors.
Impact: Information leakage across privileged boundaries.
Mitigation: Apply AMD’s microcode updates.
Source: The Hacker News
Qantas Confirms 5.7 Million Impacted by Third-Party Breach
Hackers breached a call center platform used by Qantas, exposing customer data (emails, Frequent Flyer details, and partial addresses). No financial or passport data was compromised.
Source: SecurityWeek
New ZuRu Malware Targets Developers via Trojanized Termius App
A macOS malware variant masquerading as Termius drops a modified Khepri backdoor, enabling remote control. The attack requires initial physical access but can escalate via OTA mechanisms.
Source: The Hacker News
Ingram Micro Recovers from Ransomware Attack
The IT giant restored systems after a ransomware attack disrupted services last weekend. The SafePlay group is suspected, though no extortion claims have surfaced.
Source: SecurityWeek
Kerberos DoS Vulnerability (CVE-2025-47978) Patched by Microsoft
A flaw in Windows Kerberos’ Netlogon protocol allows authorized attackers to crash domain controllers via crafted RPC messages. Fixed in July’s Patch Tuesday updates.
Impact: Denial of service via LSASS crashes.
Mitigation: Apply Microsoft’s July 2025 patches.
Source: The Hacker News
Share this brief: https://svo.bz/J2IC
If you want to support us, you can donate here: Donate