Svoboda Cybersecurity Brief July 21, 2025
Jul 21, 2025bulletproof VPN - stay anonymous
Critical SharePoint Zero-Day Exploited in Large-Scale Attacks
A critical unpatched vulnerability (CVE-2025-53770, CVSS 9.8) in Microsoft SharePoint Server is being actively exploited, allowing attackers to bypass authentication and execute arbitrary code. Over 85 servers across 29 organizations have been compromised, with attackers deploying web shells and stealing cryptographic keys.
Impact: Enables unauthenticated RCE leading to full server compromise, lateral movement, and data theft.
Mitigation: Enable AMSI integration, deploy Defender AV, disconnect vulnerable servers from internet until patched.
Source: SecurityWeek
CrushFTP Vulnerability Grants Admin Access to Attackers
A critical flaw (CVE-2025-54309, CVSS 9.0) in CrushFTP versions before 10.8.5 and 11.3.4_23 allows remote attackers to gain admin access via HTTPS. Exploitation was observed as early as July 18, with attackers creating suspicious admin accounts.
Impact: Full administrative control enabling data exfiltration and system compromise.
Mitigation: Update to patched versions, restrict admin IP access, review user.xml files for modifications.
Source: The Hacker News
npm Maintainer Tokens Stolen in Phishing Campaign
Attackers stole npm maintainer tokens via a phishing campaign impersonating npm, then pushed malicious versions of 6 popular packages (including eslint-config-prettier). The injected code attempts to execute a malicious DLL on Windows systems.
Impact: Supply chain compromise leading to potential RCE via infected dependencies.
Mitigation: Roll back to safe package versions, enable 2FA, use scoped tokens for publishing.
Source: The Hacker News
Indian Cryptocurrency Exchange CoinCDX Loses $44M in Hack
Hackers drained $44.2 million from India’s top crypto exchange CoinCDX via a targeted cyberattack. Funds were laundered through Tornado Cash and bridged from Solana to Ethereum.
Impact: Significant financial loss; customer wallets reportedly unaffected.
Source: DataBreaches
Aruba Access Points Contain Hardcoded Admin Credentials
HPE disclosed critical hardcoded credentials (CVE-2025-37103) in Aruba Instant On Access Points (firmware ≤3.2.0.1), allowing unauthorized administrative access. A second flaw (CVE-2025-37102) enables authenticated command injection.
Impact: Full device control including traffic interception and backdoor installation.
Mitigation: Upgrade to firmware ≥3.2.1.0.
Source: BleepingComputer
Web3 Developers Targeted by Fake AI Job Offers
EncryptHub group lured Web3 developers with fake AI platforms (e.g., Norlax AI) to deploy Fickle Stealer malware. Attackers harvested crypto wallets and project credentials via malicious “driver updates.”
Impact: Credential theft targeting decentralized finance (DeFi) projects.
Source: The Hacker News
Healthcare Provider Discloses 2-Year-Old Breach Affecting 10K Patients
Premier Health Partners (PHP) belatedly disclosed a 2023 breach involving sensitive data (SSNs, medical records) for 10,833 patients. The delayed notification raises HIPAA compliance concerns.
Impact: Potential regulatory penalties and patient data exposure.
Source: DataBreaches
UK Sanctions Russian GRU Officers Linked to Cyber-Enabled Murders
The UK sanctioned 18 GRU officers from Units 29155 and 26165 for cyber operations facilitating civilian killings in Ukraine, including the 2018 Skripal poisoning hack.
Source: DataBreaches
ATM Jackpotting Scheme Nets $107K in Michigan
Two Florida men used “ATM jackpotting” techniques to force ATMs in four Michigan counties to dispense $107K. Arrests followed after police found cash stacks in their Minnesota hotel.
Source: DataBreaches
Share this brief: https://svo.bz/iD05
If you want to support us, you can donate here: Donate