Svoboda Cybersecurity Brief August 08, 2025
Aug 08, 2025bulletproof VPN - stay anonymous
Fake WhatsApp Developer Libraries Contain Data-Wiping Malware
Two malicious NPM packages (naya-flore and nvlore-hsc) impersonating WhatsApp developer tools were found to include data-wiping code. The packages, downloaded over 1,100 times, execute rm -rf * to recursively delete files on victims’ systems, excluding Indonesian phone numbers via a kill switch. A dormant data exfiltration function was also discovered.
Impact: Developers’ systems could be wiped, and sensitive data exfiltrated.
Mitigation: Avoid suspicious NPM packages, review dependencies, and monitor GitHub for malicious activity.
Source: BleepingComputer
CISA Orders Federal Agencies to Patch Critical Microsoft Exchange Flaw
CVE-2025-53786, a high-severity flaw in Microsoft Exchange hybrid deployments, allows attackers with on-prem admin access to escalate privileges to cloud environments silently. Federal agencies must patch by Monday.
Impact: Lateral movement into cloud environments, potential domain compromise.
Mitigation: Apply April 2025 hotfix, migrate to dedicated service principals, and disable legacy configurations.
Source: BleepingComputer
Bouygues Telecom Breach Exposes Data of 6.4 Million Customers
The French telecom giant confirmed a cyberattack compromising customer names, contact details, contract info, and IBANs. The breach, attributed to a known cybercriminal group, did not affect passwords or credit card data.
Source: BleepingComputer
New EDR-Killer Tool Shared Among 8 Ransomware Groups
A sophisticated EDR evasion tool, used by groups like RansomHub and LockBit, employs obfuscated binaries and BYOVD (Bring Your Own Vulnerable Driver) tactics to disable security products from Sophos, Microsoft Defender, and others.
Impact: Facilitates ransomware deployment by bypassing endpoint defenses.
Mitigation: Monitor for unauthorized driver loads, enforce strict certificate validation.
Source: BleepingComputer
SonicWall Confirms Akira Ransomware Exploits Patched VPN Flaw
Recent attacks on SonicWall Gen 7 firewalls were linked to CVE-2024-40766, an SSL VPN flaw patched in 2024. Exploits involve reused credentials from Gen 6 migrations.
Impact: Unauthorized VPN access leading to ransomware deployment.
Mitigation: Reset local user passwords, upgrade to SonicOS 7.3+, enable MFA.
Source: SecurityWeek
Air France-KLM Disclose Data Breach via Third-Party Platform
Attackers accessed customer service systems, stealing names, emails, phone numbers, and loyalty program data. The breach is part of a broader campaign targeting Salesforce instances, likely orchestrated by ShinyHunters.
Source: SecurityWeek
150 Malicious Firefox Extensions Steal $1M in Crypto
The “GreedyBear” campaign uploaded 150 fraudulent wallet extensions to Mozilla’s store, impersonating MetaMask and TronLink. The malware logs keystrokes and exfiltrates wallet credentials to attacker-controlled servers.
Impact: Cryptocurrency theft and credential harvesting.
Mitigation: Verify extensions via official project websites, scrutinize reviews.
Source: BleepingComputer
HTTP Request Smuggling Attacks Hit Akamai, Cloudflare
New 0.CL and HTTP/1.1 desync variants allowed attackers to compromise CDNs, redirecting users or stealing sessions. Akamai (CVE-2025-32094) and Cloudflare patched the flaws after researchers reported them.
Impact: Credential theft, cache poisoning, and phishing redirections.
Mitigation: Migrate to HTTP/2+, enforce strict request parsing.
Source: SecurityWeek
Samourai Cryptomixer Founders Plead Guilty to Money Laundering
The creators of the Samourai Wallet admitted to laundering $200M+ for criminals via mixing services like Whirlpool and Ricochet, facilitating ransomware and dark market transactions.
Source: BleepingComputer
Axis Surveillance Servers Expose 6,500 Devices to RCE Flaws
CVE-2025-30023 (CVSS 9.0) and other flaws in Axis.Remoting protocol allow attackers to execute code or hijack camera feeds. Over 6,500 servers, mostly in the U.S., are exposed.
Impact: Remote takeover of surveillance systems.
Mitigation: Update to patched versions (Camera Station Pro 6.9, Device Manager 5.32).
Source: TheHackerNews
Share this brief: https://svo.bz/IBZi
If you want to support us, you can donate here: Donate