Svoboda Cybersecurity Brief July 31, 2025

Jul 31, 2025

SafePay Ransomware Threatens to Leak 35TB from Ingram Micro

SafePay ransomware gang added IT giant Ingram Micro to its dark web leak site, claiming to have stolen 35TB of data. The attack caused global outages, forcing password and MFA resets, but critical systems were restored within days.
Source: BleepingComputer

Small Hospitals Face Cyberattack Insurance Crisis Following Breaches

Four cyberattacks on rural hospitals in Washington led insurers to drop excess coverage, forcing hospitals to seek new policies with higher limits ($28M-$35M). Some hospitals were unable to access systems for weeks.
Source: DataBreaches.net

ShinyHunters Linked to Salesforce CRM Data Theft at Major Corporations

ShinyHunters (UNC6040) used voice phishing to steal data from Salesforce CRM instances at Qantas, Allianz Life, LVMH, and Adidas. Attackers impersonated IT support to trick employees into linking malicious Salesforce Data Loader apps.
Source: BleepingComputer

Florida Prison Exposes Visitor Data to Inmates in Accidental Breach

Everglades Correctional Institution mistakenly shared visitors’ names, emails, and phone numbers with inmates. The Florida Department of Corrections has not commented on the incident.
Source: DataBreaches.net

WordPress Alone Theme Exploited for Remote Code Execution

CVE-2025-5394 in Alone theme (≤v7.8.3) allows unauthenticated RCE via alone_import_pack_install_plugin(). Over 120K attacks detected, with threat actors deploying webshells and creating admin accounts.
Impact: Full site takeover.
Mitigation: Update to v7.8.5.
Source: BleepingComputer

Apple Patches Chrome Zero-Day Exploit in Safari (CVE-2025-6558)

A sandbox escape flaw in ANGLE/GPU components, exploited in Chrome, was patched in iOS 18.6, macOS Sequoia 15.6, and other Apple OS versions. Google TAG confirmed active exploitation.
Impact: Arbitrary code execution.
Mitigation: Apply updates immediately.
Source: The Hacker News

Scattered Spider Activity Drops Post-Arrests but Tactics Persist

Following UK arrests, Mandiant observed reduced Scattered Spider activity, but UNC6040 adopted similar social engineering tactics. Recent attacks involved DragonForce ransomware and VMware ESXi targeting.
Source: SecurityWeek

Dahua Camera Flaws Allow Remote Hijacking (CVE-2025-31700/31701)

Critical buffer overflows in ONVIF and file upload handlers affect Dahua cameras (pre-April 2025 firmware). Exploitable over LAN for RCE or DoS.
Impact: Root-level device compromise.
Mitigation: Update firmware and restrict network exposure.
Source: The Hacker News

Raspberry Pi Used in Bank Heist Attempt via SMM Exploits

UNC2891 planted a 4G-equipped Raspberry Pi on a bank’s network to bypass defenses and spoof ATM authorizations. Attack was halted before deploying Caketap rootkit.
Source: BleepingComputer

Python Developers Targeted by Fake PyPI Phishing Site

Attackers sent emails from noreply@pypj.org urging developers to “verify” accounts on a fake PyPI site stealing credentials.
Impact: Account takeover and malware uploads.
Mitigation: Avoid clicking links and enable MFA.
Source: BleepingComputer

EU Proposes Standardized Breach Notification Template

EDPB plans to release an EU-wide template to streamline GDPR breach reporting across member states, aiding cross-border compliance.
Source: DataBreaches.net

JSCEAL Malware Spread via Fake Crypto Apps on Facebook Ads

Fake TradingView ads led to JSCEAL malware stealing credentials, wallets, and enabling AitM attacks via Node.js. Campaign active since March 2024.
Source: The Hacker News

FunkSec Ransomware Decryptor Released After Group Goes Inactive

Gen Digital released a free decryptor for Rust-based FunkSec ransomware, which targeted 172 victims (mostly US, India, Brazil) before disappearing in March 2025.
Source: The Hacker News

Scam Gambling Sites Use 1,200 Domains to Steal Crypto

Over 1,200 fake gaming domains lured users with “$2,500 credits” but required crypto deposits to withdraw “winnings,” which were never paid.
Source: KrebsOnSecurity

Orange Telecom Hit by Cyberattack, Services Disrupted

France’s Orange suffered an attack on July 25, forcing system isolation and service outages. No data exfiltration confirmed.
Source: SecurityWeek

Catasauqua Borough Accidentally Shares Employee SSNs

Unredacted W-2 forms for 70 employees were emailed to a watchdog group due to a Right-to-Know request error.
Source: DataBreaches.net

Indian Crypto Firm Loses $46M in Suspected Insider Attack

Neblio Technologies blamed an employee’s hacked laptop for the theft of $46M in cryptocurrency. The employee claimed involvement in a “part-time job.”
Source: DataBreaches.net

Lovense Sex Toy Maker Leaks User Emails, Exposes Accounts

Two unpatched flaws allowed attackers to access user emails and account takeovers. Vendor claimed fixes would take 14 months.
Source: DataBreaches.net

Share this brief: https://svo.bz/p5fH

If you want to support us, you can donate here: Donate