Svoboda Cybersecurity Brief July 18, 2025
Jul 18, 2025bulletproof VPN - stay anonymous
Gladney Adoption Center Exposes Sensitive Data in Recurring Breaches
Gladney Adoption Center suffered two separate data exposures in 2025, exposing 1.1M+ and 1.9M+ records respectively, including social security numbers, passport details, and adoption records stored in plaintext. Despite remediation efforts, the same data was briefly re-exposed in July 2025.
Source: DataBreaches.net
Former US Soldier Pleads Guilty to Telecom Hacking and Extortion
Cameron John Wagenius, a former Army soldier, admitted to conspiring to hack telecom companies, steal data, and extort victims for $1M+ via SIM-swapping and credential theft using SSH Brute tools. He faces up to 20 years in prison.
Source: DataBreaches.net
Citrix Bleed 2 Exploited Weeks Before PoCs Despite Denial
CVE-2025-5777 (CitrixBleed 2), a memory overread flaw in Citrix NetScaler, was actively exploited since June 23 despite Citrix initially denying attacks. Exploits leak session tokens, enabling unauthorized access.
Impact: Compromised session hijacking.
Mitigation: Patch NetScaler ADC/Gateway (versions 12.1/13.0 EOL require upgrade).
Source: BleepingComputer
VMware Fixes 4 Zero-Days Exploited at Pwn2Own Berlin
VMware patched CVE-2025-41236, CVE-2025-41237, CVE-2025-41238 (9.3 CVSS), and CVE-2025-41239, allowing VM escape to host OS. Flaws were demonstrated at Pwn2Own Berlin 2025, earning hackers $340K.
Impact: Host OS code execution via guest VM privileges.
Mitigation: Upgrade to ESXi 3.3 Patch 7 or 3.4 Patch 2.
Source: BleepingComputer
Chinese Hackers Breach US National Guard for 9 Months
Salt Typhoon (APT) infiltrated a US Army National Guard network, stealing network configs, admin credentials, and service member PII to enable further attacks. Exploited Cisco IOS XE (CVE-2023-20198, CVE-2023-20273) and Palo Alto PAN-OS (CVE-2024-3400).
Impact: Data exfiltration and lateral movement to other government networks.
Mitigation: Patch vulnerable devices, disable unused services.
Source: BleepingComputer
Google Sues BadBox 2.0 Botnet Operators Over 10M Infected Android Devices
Google filed a lawsuit against BadBox 2.0 operators, who infected AOSP devices (smart TVs, streaming boxes) to conduct ad fraud, proxy services, and crypto mining. The botnet resurfaced after a 2024 disruption.
Source: BleepingComputer
LameHug Malware Uses AI to Generate Data-Theft Commands
APT28 (Fancy Bear) deployed LameHug, a Python malware leveraging Hugging Face’s Qwen 2.5-Coder-32B LLM to dynamically generate recon/data exfiltration commands. Targets Ukrainian government via phishing.
Impact: Real-time system reconnaissance and data theft.
Mitigation: Monitor for suspicious PowerShell/SFTP activity.
Source: BleepingComputer
Europol Disrupts NoName057(16) Hacktivist Group
Europol dismantled NoName057(16)’s infrastructure, arresting 2 and issuing warrants for 6 Russians linked to DDoS attacks against Ukraine/allies. The group used DDoSia to mobilize 4K+ supporters, extorting $100M+.
Source: The Hacker News
Cisco Patches Critical ISE Flaw (CVE-2025-20337) Allowing RCE as Root
CVE-2025-20337 (CVSS 10.0) in Cisco ISE/ISE-PIC permits unauthenticated RCE as root via API abuse. Patched in 3.3 Patch 7 and 3.4 Patch 2.
Impact: Full system compromise.
Mitigation: Immediate upgrade required (no workarounds).
Source: The Hacker News
BigONE Exchange Loses $27M in Supply-Chain Attack
Cryptocurrency exchange BigONE lost $27M in a supply-chain attack targeting its hot wallet. Funds were laundered into 120 BTC, 1.2K ETH. SlowMist is tracking the stolen assets.
Source: BleepingComputer
Share this brief: https://svo.bz/r7OV
If you want to support us, you can donate here: Donate