svoboda.center Logo svoboda.center

Svoboda Cybersecurity Brief August 12, 2025

Aug 12, 2025

bulletproof VPN - stay anonymous

DOJ Disrupts BlackSuit/Royal Ransomware Operations

The U.S. Justice Department announced a coordinated takedown of BlackSuit (Royal) ransomware infrastructure, seizing 4 servers, 9 domains, and $1.09M in laundered cryptocurrency. The operation involved international law enforcement from the UK, Germany, France, and others. The group targeted critical infrastructure sectors like healthcare and government facilities.
Impact: Disrupts ongoing ransomware campaigns and recovers illicit funds.
Mitigation: Refer to FBI/CISA advisory (TTPs/IOCs) for detection guidance.
Source: DataBreaches

WinRAR Zero-Day (CVE-2025-8088) Exploited by Russian APT

Russian group RomCom exploited a WinRAR path traversal vulnerability (CVE-2025-8088) to deploy backdoors (SnipBot, RustyClaw) via malicious archive files. Targets included EU/Canadian defense, finance, and logistics firms. A similar flaw (CVE-2025-6218) was abused by Paper Werewolf against Russian entities.
Impact: Arbitrary code execution via crafted archives.
Mitigation: Update to WinRAR 7.13+.
Source: BleepingComputer

Citrix NetScaler Zero-Day (CVE-2025-6543) Breaches Dutch Orgs

A critical Citrix NetScaler flaw (CVE-2025-6543) was exploited as a zero-day since May 2025 to breach Dutch critical organizations, enabling RCE and evidence wiping. The flaw affects NetScaler ADC/Gateway versions prior to 14.1-47.46 and 13.1-59.19.
Impact: Remote code execution and persistent access.
Mitigation: Patch to fixed versions and terminate active sessions using kill icaconnection -all.
Source: BleepingComputer

485K Dutch Women’s Cervical Cancer Data Breached

Hackers accessed names, addresses, and health data of 485,000 women screened for cervical cancer via Dutch lab Clinical Diagnostics NMDL. The breach occurred in early July 2025.
Source: DataBreaches

Kimsuky APT Data Leaked by Hacktivists

Two hackers leaked 8.9GB of internal data from North Korean APT Kimsuky, exposing phishing logs, Cobalt Strike loaders, and South Korean government source code. The leak includes Defense Counterintelligence Command emails and TTPs.
Source: BleepingComputer

7-Zip Vulnerability (CVE-2025-55188) Allows Arbitrary File Writes

A flaw in 7-Zip lets attackers write files to arbitrary paths during extraction via symbolic links, potentially enabling RCE. Fixed in version 25.01.
Impact: File tampering or code execution (Unix/Windows admin contexts).
Mitigation: Update to 7-Zip 25.01+.
Source: GBHackers

Spark RAT Targets Windows, Linux, macOS

Open-source Spark RAT provides cross-platform C2 capabilities, including keylogging and payload execution, but lacks remote desktop features. Observed in recent campaigns.
Source: The Hacker News

Chrome Sandbox Escape (CVE-2025-4609) Earns $250K Bounty

A researcher demonstrated a Chrome sandbox escape via Mojo IPC, achieving RCE with 70-80% success rate. Patched in Chrome 136.
Impact: Full system compromise via malicious sites.
Mitigation: Update Chrome.
Source: SecurityWeek

Share this brief: https://svo.bz/sbaq

If you want to support us, you can donate here: Donate