svoboda.center Logo svoboda.center

Svoboda Cybersecurity Brief July 25, 2025

Jul 25, 2025

bulletproof VPN - stay anonymous

SharePoint Breach Hits US Nuclear Agency and NIH

Chinese state-sponsored hackers exploited Microsoft SharePoint flaws (CVE-2025-49706, CVE-2025-49704) to breach National Nuclear Security Administration (NNSA) and National Institutes of Health (NIH). No classified data confirmed stolen, but investigations continue.
Impact: Unauthorized access to sensitive government systems, potential data exfiltration.
Mitigation: Apply Microsoft’s July patches immediately; restrict SharePoint internet exposure.
Source: The Washington Post

Dutch Prosecution Service Hacked via Citrix Flaw

Russian hackers exploited a Citrix vulnerability to breach Dutch prosecution systems, accessing investigation data and staff details. Attackers had 7-day window due to delayed patching.
Impact: Potential compromise of ongoing legal cases and sensitive personnel data.
Mitigation: Patch Citrix devices immediately; implement strict access controls for sensitive systems.
Source: Dutch News

SonicWall SMA 100 Critical RCE Flaw Patched

CVE-2025-40599 allows authenticated attackers to upload malicious files via SMA 100 web interface. SonicWall warns of ongoing Overstep malware attacks using compromised credentials.
Impact: Full system takeover possible for SMA 100 series appliances.
Mitigation: Upgrade to v10.2.2.1-90sv; enforce MFA; monitor for UNC6148 IoCs.
Source: SecurityWeek

HAESUNG DS Fined $250K for Shareholder Data Breach

Korean semiconductor firm fined 343 million won after SSL-VPN vulnerability led to leak of 70,000 shareholders’ data and ransomware infection.
Impact: Financial and reputational damage; ransomware deployment.
Mitigation: Regular vulnerability assessments; network segmentation for critical assets.
Source: Chosun Biz

Fire Ant APT Exploits VMware Zero-Day CVE-2023-34048

Chinese group UNC3886 leveraged unpatched VMware vCenter flaw to persist in virtual environments for espionage. Used PhantomNet backdoor and disabled logging.
Impact: Long-term undetected access to virtualized infrastructure.
Mitigation: Patch VMware immediately; monitor for unusual vCenter activity.
Source: The Hacker News

CastleLoader Malware Spreads via Fake GitHub Repos

New loader distributes DeerStealer, RedLine, and NetSupport RAT via Cloudflare-themed phishing and spoofed GitHub repositories. 5,000+ downloads recorded.
Impact: Multi-stage infections across 469 devices; data theft.
Mitigation: Verify repository authenticity; restrict PowerShell execution.
Source: The Hacker News

Koske Linux Malware Hidden in Panda Images

Polyglot JPEGs containing malware deployed cryptocurrency miners on misconfigured JupyterLab instances. Targets 18+ coin types with GPU/CPU optimization.
Impact: Resource hijacking for cryptomining; persistent rootkit installation.
Mitigation: Secure JupyterLab instances; monitor for unusual process spikes.
Source: BleepingComputer

Mitel MiVoice MX-ONE Authentication Bypass

CVE-2025-40599 lets attackers bypass login on MiVoice systems (CVSS 9.4). Patches available for versions 7.8+.
Impact: Unauthorized admin access to VoIP systems.
Mitigation: Apply MXO-15711_78SP1 update; restrict internet-facing interfaces.
Source: The Hacker News

Sophos Firewall SPX Feature RCE Vulnerability

CVE-2025-6704 (CVSS 9.8) allows pre-auth RCE if SPX enabled in HA mode. Affects 0.05% of devices.
Impact: Complete firewall compromise.
Mitigation: Disable SPX in HA configurations until patched.
Source: SecurityWeek

BlackSuit Ransomware Sites Seized in Operation Checkmate

International law enforcement took down BlackSuit’s data leak and negotiation sites. Linked to Royal ransomware rebrand.
Impact: Disruption of ongoing extortion campaigns.
Source: BleepingComputer

XSS Forum Admin Arrested After 12 Years

Europol arrested Ukrainian administrator of XSS.is cybercrime marketplace handling $7M in profits. Forum had 50,000+ users.
Source: The Hacker News

Taos County Child Abuse Case Data Held Hostage

Kairos group threatens to leak 2TB of files including child sexual abuse case details after failed ransom negotiations.
Impact: Severe privacy violations for vulnerable victims.
Source: DataBreaches

NPM Developers Targeted in Sophisticated Phishing

Attackers compromised high-value maintainers via typosquatted npnjs.com domain, pushing malicious eslint-config-prettier updates.
Impact: Supply chain attack affecting millions of weekly downloads.
Mitigation: Audit NPM account activity; enforce MFA.
Source: SecurityWeek

Share this brief: https://svo.bz/O14w

If you want to support us, you can donate here: Donate