Svoboda Cybersecurity Brief July 12, 2025
Jul 12, 2025McDonalds McHire platform exposed 64M job applications due to weak credentials and IDOR flaw
Security researchers Ian Carroll and Sam Curry discovered that McDonald’s McHire recruitment platform used default credentials “123456:123456” for an admin account and had an insecure API exposing applicant chat records. The IDOR vulnerability allowed accessing personal information of all 64 million applicants by manipulating lead_id parameters.
Impact: Massive exposure of PII including names, addresses, phone numbers, and interview details.
Mitigation: Credentials revoked and flaws patched within 24 hours of report; users should ensure they’re on updated versions.
Source: BleepingComputer
Critical Wing FTP Server vulnerability (CVE-2025-47812) actively exploited
The Wing FTP Server vulnerability allows attackers to inject arbitrary Lua code via null byte handling issues in username fields, enabling RCE. Huntress observed attacks downloading malicious Lua files, conducting reconnaissance, and attempting to install remote management tools.
Impact: Full server compromise possible via unauthenticated RCE.
Mitigation: Upgrade to version 7.4.4+ immediately.
Source: BleepingComputer
Fortinet patches critical SQLi in FortiWeb (CVE-2025-25257)
Fortinet fixed a 9.8 CVSS vulnerability in FortiWeb’s Fabric Connector allowing SQL injection via crafted HTTP requests. WatchTowr demonstrated how to escalate this to RCE via SELECT INTO OUTFILE to create malicious .pth files.
Impact: Pre-auth RCE possible on vulnerable instances.
Mitigation: Upgrade to FortiWeb 7.6.4, 7.4.8, 7.2.11, or 7.0.11.
Source: TheHackerNews
Iranian-linked Pay2Key ransomware resurfaces with 80% profit share
The Iranian-backed Pay2Key.I2P ransomware now offers affiliates 80% profit share for attacks against US/Israeli targets, hosted on I2P network. Linked to Fox Kitten APT, it incorporates Mimic ransomware capabilities and recently added Linux targeting.
Impact: Increased threat to Western organizations with ideological and financial motivations combined.
Source: TheHackerNews
CISA confirms Citrix Bleed 2 (CVE-2025-5777) exploitation
CISA added Citrix NetScaler vulnerability to KEV catalog as active exploits emerge, giving federal agencies 1 day to patch. The auth bypass flaw affects Gateway/AAA virtual servers in unpatched versions.
Impact: Unauthenticated attackers can bypass authentication on vulnerable systems.
Mitigation: Upgrade to 14.1-43.56+, 13.1-58.32+, or 13.1-FIPS/NDcPP 13.1-37.235+.
Source: BleepingComputer
NVIDIA GDDR6 GPUs vulnerable to Rowhammer attacks
University of Toronto researchers demonstrated GPUHammer attacks causing bit flips in NVIDIA A6000’s GDDR6 memory, showing ML model accuracy could drop from 80% to 0.1%.
Impact: Potential data corruption and ML model degradation.
Mitigation: Enable System-level ECC on affected GPUs.
Source: SecurityWeek
WordPress Gravity Forms compromised in supply chain attack
Attackers backdoored manual installers from Gravity Forms website between July 10-11, adding malicious code that drops PHP web shells enabling RCE. The plugin is used by ~1M sites including major organizations.
Impact: Compromised sites allow attackers full control via created admin accounts.
Mitigation: Reinstall from clean source and scan for infections.
Source: BleepingComputer
Accu Reference Medical Laboratory hit by second breach
Qilin ransomware group claimed attack on July 10 after Medusa Blog leaked 1.2TB of data in 2023. Screenshots show unredacted PHI exposure, with more recent files than previous breach.
Impact: Patient health information exposed in multiple incidents.
Source: DataBreaches.net
Louis Vuitton breach exposes 140k Turkish users
Unauthorized access starting June 7 via compromised third-party service provider account exposed identity/contact data. UK systems also affected but scope undisclosed.
Impact: Customer data including purchase history compromised.
Source: DataBreaches.net
Air Force employee pleads guilty to leaking classified Ukraine war info
Civilian USSTRATCOM employee David Slater transmitted SECRET data about Russian military capabilities to a supposed Ukrainian woman on dating site.
Impact: National security information compromise regarding Ukraine conflict.
Source: DataBreaches.net
Share this brief: https://svo.bz/CHD0
If you want to support us, you can donate here: Donate