svoboda.center Logo svoboda.center

Svoboda Cybersecurity Brief August 13, 2025

Aug 13, 2025

bulletproof VPN - stay anonymous

ShinyHunters and Scattered Spider Merge in Salesforce Data Extortion Campaign

Cybercrime groups ShinyHunters and Scattered Spider are collaborating in a widespread extortion campaign targeting Salesforce CRM instances. The attackers use social engineering to trick employees into linking malicious OAuth apps, exfiltrating data, and demanding ransoms. Allianz Life confirmed a breach involving 2.8M records, including sensitive customer and partner data.
Source: BleepingComputer

Over 3,000 Unpatched NetScaler Devices Vulnerable to Exploited CitrixBleed 2 Flaw

At least 3,312 Citrix NetScaler devices remain unpatched against CVE-2025-5777 (CitrixBleed 2), an auth-bypass flaw allowing session hijacking. Dutch NCSC confirmed zero-day exploitation since May 2025, with attackers covering tracks using web shells. Another critical flaw, CVE-2025-6543, is also actively exploited for DoS.
Impact: Unauthenticated attackers can bypass MFA and access sensitive data.
Mitigation: Apply patches (NetScaler ADC/Gateway 14.1-47.46 or 13.1-59.19) and terminate active sessions.
Source: BleepingComputer

North Korean Kimsuky Hackers Suffer Data Leak by Insiders

Insiders leaked hundreds of GBs of internal tools and operational files from North Korea’s Kimsuky APT group, exposing backdoors, phishing frameworks, and reconnaissance tools. The data originated from systems tied to operator “KIM,” providing rare insights into state-sponsored espionage tactics.
Source: DataBreaches.net

Docker Hub Hosts 35+ Linux Images with XZ Utils Backdoor

Despite its 2024 disclosure, the XZ Utils backdoor (CVE-2024-3094) persists in 35+ Docker Hub images, including Debian-based layers. The backdoor enables remote code execution via SSH but Debian maintains the images for “historical” reasons.
Impact: Compromised containers risk unauthorized root access if SSH is exposed.
Mitigation: Verify xz-utils version (≥5.6.2) and avoid legacy base images.
Source: BleepingComputer

BreachForums Allegedly Compromised by Law Enforcement

ShinyHunters claimed BreachForums is under FBI/French control, citing a $500K bounty on ally “Yukari” as fabricated evidence. The forum remains offline, while linked Telegram channels were repeatedly banned. Law enforcement has not confirmed involvement.
Source: DataBreaches.net

New Russian-Linked APT “Curly COMrades” Targets Georgia and Moldova

The group hijacks COM objects via NGEN persistence and deploys MucorAgent, a .NET backdoor executing encrypted PowerShell scripts. Targets include Georgian government/judicial bodies and Moldovan energy firms, aligning with Russian geopolitical interests.
Source: BleepingComputer

US Seizes $1M Crypto from BlackSuit Ransomware Gang

The DoJ confiscated $1.09M in Bitcoin tied to BlackSuit, part of a ransom paid in April 2023. The seizure follows Operation Checkmate, which disrupted the group’s extortion sites. BlackSuit affiliates are linked to 450+ attacks in healthcare, education, and energy sectors.
Source: BleepingComputer

Fortinet SSL VPNs Targeted in Global Brute-Force Campaign

GreyNoise observed 780+ IPs brute-forcing Fortinet SSL VPNs, shifting to FortiManager post-August 5. Attacks originated from the US, Canada, Russia, and the Netherlands, suggesting a coordinated campaign.
Impact: Unauthorized network access via weak credentials.
Mitigation: Enforce MFA and monitor for suspicious login attempts.
Source: The Hacker News

Microsoft Patch Tuesday Fixes Critical Exchange and Kerberos Flaws

August updates address 100+ vulnerabilities, including CVE-2025-53786 (Exchange Server-to-Cloud pivot) and CVE-2025-53779 (Kerberos privilege escalation dubbed “BadSuccessor”). 29,000+ vulnerable Exchange servers remain exposed.
Impact: Domain admin compromise and cloud takeover.
Mitigation: Apply patches and follow hybrid connection hardening guidelines.
Source: KrebsOnSecurity

Erlang/OTP SSH Flaw Exploited in OT Networks (CVE-2025-32433)

Palo Alto observed attacks delivering reverse shells via Erlang/OTP’s SSH flaw, with 70% targeting OT systems in healthcare and agriculture. The vulnerability allows RCE on unpatched servers.
Impact: Full host compromise in high-availability environments.
Mitigation: Upgrade to OTP-27.3.3, OTP-26.2.5.11, or OTP-25.3.2.20.
Source: SecurityWeek

Share this brief: https://svo.bz/MFWL

If you want to support us, you can donate here: Donate