svoboda.center Logo svoboda.center

Svoboda Cybersecurity Brief July 26, 2025

Jul 26, 2025

bulletproof VPN - stay anonymous

Qantas Airline Hackers Demand Ransom Within 72 Hours

A hacking collective targeting Qantas Airlines sent stolen customer data (involving 6 million customers) and demanded a response within 72 hours. The attackers used AI-powered impersonation to trick customer service. Scattered Spider is suspected.
Source: DataBreaches

Critical Honeywell Vulnerability Puts Building Systems at Risk

13 vulnerabilities in Honeywell’s Niagara Framework could let attackers manipulate HVAC, lighting, and security systems. Exploits enable unauthorized control of IoT devices in smart buildings.
Impact: Remote attackers may disrupt critical infrastructure.
Mitigation: Apply patches immediately; restrict network access to Niagara services.
Source: DataBreaches

BlackSuit Ransomware Disrupted in International Takedown

The BlackSuit ransomware leak site was seized under Operation Checkmate, halting negotiation portals. Bitdefender collaborated with law enforcement to dismantle operations.
Source: DataBreaches

Amazon AI Coding Tool Compromised with Data-Wiping Code

A hacker injected destructive prompts into Amazon Q Developer Extension (VSCode) via GitHub, forcing an update (v1.85.0). The defective code didn’t execute but exposed supply-chain risks.
Impact: Potential supply-chain attack via auto-updates.
Mitigation: Update to v1.85.0; audit third-party pull requests.
Source: BleepingComputer

North Korean IT Worker Scheme Leads to 8.5-Year Sentence

Christina Chapman facilitated $17M fraud by hosting North Korean IT workers’ laptops (90 seized). The scheme infiltrated 309 companies, including Fortune 500 firms.
Source: SecurityWeek

Chinese Cyberespionage Group Targets VMware & F5 Flaws

Fire Ant exploited CVE-2023-34048 (vCenter RCE) and CVE-2022-1388 (F5 bypass) to breach segmented networks. Used VirtualPita backdoor; overlaps with UNC3886 TTPs.
Source: SecurityWeek

Unpatchable LG Camera Flaw Exposes 1,300 Devices

CVE-2025-7742 allows unauthenticated RCE on LG Innotek LNV5110R cameras. No fix due to EOL status.
Impact: Attackers can hijack live feeds or pivot to internal networks.
Mitigation: Isolate cameras; monitor for suspicious traffic.
Source: SecurityWeek

UK Phishing Kit Seller Gets 7-Year Sentence

Ollie Holman sold 1,052 phishing kits impersonating 69 organizations, causing £100M+ losses. Operated via Telegram post-arrest.
Source: SecurityWeek

Koske Linux Malware Mines Cryptocurrency via Polyglot Files

Malware abuses misconfigured JupyterLab servers, embedding payloads in panda JPEGs to deploy GPU/CPU miners. Suspected AI-assisted development.
Source: SecurityWeek

FBI Warns of “The Com” Cybercrime Recruitment of Minors

The Com involves minors in DDoS, sextortion, and ransomware. Subgroups like IRL Com offer “violence as a service.”
Source: DataBreaches

Share this brief: https://svo.bz/FowA

If you want to support us, you can donate here: Donate