svoboda.center Logo svoboda.center

Svoboda Cybersecurity Brief August 01, 2025

Aug 01, 2025

bulletproof VPN - stay anonymous

Russian Hackers Exploit ISP-Level Access to Target Moscow Embassies

Russian state-sponsored hackers (UNC1945/Turla) exploited vulnerabilities in local ISPs to deploy CAKETAP malware on diplomatic networks in Moscow. The attack involved impersonating Kaspersky AV to install root certificates for persistence. Impact: Long-term intelligence gathering via compromised devices. Mitigation: Route traffic through encrypted tunnels/VPNs and implement least privilege.
Source: The Hacker News

UNC2891 Breaches ATM Networks Using Raspberry Pi and CAKETAP Rootkit

Financially motivated threat actors (UNC2891) physically installed 4G-equipped Raspberry Pis on ATM networks to bypass firewalls and deploy CAKETAP rootkit. Attackers leveraged TINYSHELL backdoor for C2 communication via Dynamic DNS. Impact: Fraudulent cash withdrawals and persistent network access. Mitigation: Monitor for unauthorized devices and update network segmentation policies.
Source: The Hacker News

Chinese Companies Linked to State-Sponsored Hacking Tools

SentinelLabs traced offensive tooling used by Silk Typhoon (APT40/Hafnium) to Chinese firms like Shanghai Firetech and iSoon, revealing patent filings for forensic/exploit tech. MSS (Ministry of State Security) collaboration suspected in ProxyLogon exploitation.
Source: SecurityWeek

Honeywell Experion PKS Flaws Allow Industrial Process Manipulation

Six vulnerabilities (critical RCE via Control Data Access component) in Honeywell’s Experion PKS could let attackers execute code or cause incorrect system behavior. Affects critical infrastructure sectors worldwide. Mitigation: Update to R520.2 TCU9 HF1 or R530 TCU3 HF1.
Source: SecurityWeek

CISA Releases Open-Source Thorium Platform for Malware Analysis

CISA’s Thorium automates malware analysis workflows, integrating 1,700+ jobs/sec and supporting Docker-based tooling. Designed for govt/private sector use with Kubernetes scalability and ScyllaDB.
Source: BleepingComputer

WordPress “Alone” Theme Vulnerability Actively Exploited (CVE-2025-5394)

Critical unauthenticated arbitrary plugin install flaw (CVSS 9.8) in Alone WordPress theme allows remote code execution. Over 120K exploit attempts logged since July 12. Mitigation: Update to v7.8.5+.
Source: The Hacker News

Google Project Zero Trials Vulnerability Reporting Transparency

New policy discloses vulnerability reports within 7 days (vendor/product/90-day deadline) to reduce upstream patch gaps. No technical details shared initially.
Source: SecurityWeek

Kali Linux Now Runs on macOS via Apple Containers

Apple Silicon users can now launch Kali Linux in virtualized containers on macOS Sequoia. Limitations include no Intel support and networking bugs.
Source: BleepingComputer

Proton Launches Cross-Platform Authenticator App

End-to-end encrypted Proton Authenticator supports TOTP generation, encrypted backups, and exportable seeds across Windows/macOS/Linux/iOS/Android. No account required.
Source: BleepingComputer

Share this brief: https://svo.bz/RzHQ

If you want to support us, you can donate here: Donate