svoboda.center Logo svoboda.center

Svoboda Cybersecurity Brief July 27, 2025

Jul 27, 2025

bulletproof VPN - stay anonymous

Allianz Life confirms major customer data breach via third-party CRM

Allianz Life disclosed a breach affecting the “majority” of its 1.4 million customers after hackers accessed a cloud-based CRM system using social engineering on July 16, 2025. Compromised data includes PII of customers, financial professionals, and employees. The attack is attributed to ShinyHunters, known for recent Salesforce CRM targeting.
Impact: Exposure of sensitive personal and financial data.
Mitigation: Notify affected parties, enforce multi-factor authentication, and audit third-party access controls.
Source: BleepingComputer

BreachForums resurfaces under new ownership amid arrests

The darkweb forum BreachForums reappeared with a new owner (“N/A”) after going offline in April 2025, preserving user databases and posts. Former owner ShinyHunters was arrested in June, raising questions about N/A’s legitimacy. The forum denies infrastructure compromise but lists detained admins.
Source: DataBreaches

Post SMTP plugin flaw exposes 200K WordPress sites to account hijacking

A broken access control flaw (CVE-2025-24000) in Post SMTP plugin versions ≤3.2.0 lets low-privileged users access email logs containing sensitive content, enabling admin account takeover. Only 48.5% of users have patched to v3.3.0 (released June 11).
Impact: Full site compromise via intercepted password reset emails.
Mitigation: Immediate update to v3.3.0, restrict REST API endpoints.
Source: BleepingComputer

Tea app breach leaks 13K women’s IDs and photos

Hackers exposed 13,000 verification photos and government IDs from the Tea app, a platform for women to discuss men safely. The breach affects 72,000 images total, with leaked data searchable online.
Source: DataBreaches

Infinite Services ransomware attack interrupts encryption, avoids payout

New York-based Infinite Services suffered a limited ransomware attack on May 5, 2025, where threat actors accessed a server but failed full encryption. Patient and employee PII was exposed, but no ransom was paid.
Source: DataBreaches

NASCAR confirms ransomware breach, fans react

NASCAR acknowledged a ransomware attack, though specifics on data exposure or operational impact remain unclear. Public reaction highlights concerns over data security in sports organizations.
Source: DataBreaches

Share this brief: https://svo.bz/5mvC

If you want to support us, you can donate here: Donate