svoboda.center

Svoboda Cybersecurity Brief August 17, 2025

bulletproof VPN - stay anonymous

Fundamental Administrative Services data breach exposes 56,235 patients

A breach at Fundamental Administrative Services, a provider for long-term care facilities, exposed sensitive data including Social Security numbers, health insurance details, and medical treatment information. Unauthorized access occurred between October 2024 and January 2025 but was only detected months later.
Source: DataBreaches.net

FortiWeb authentication bypass vulnerability (CVE-2025-52970)

A critical flaw in FortiWeb’s cookie parsing allows attackers to bypass authentication by forging session cookies, potentially impersonating administrators. Exploiting it requires brute-forcing a small numeric field (~30 guesses).
Impact: Full system compromise via admin impersonation.
Mitigation: Upgrade to patched versions (FortiWeb 7.6.4+, 7.4.8+, 7.2.11+, or 7.0.11+).
Source: BleepingComputer

ERMAC 3.0 banking trojan source code leaked

The entire infrastructure of the ERMAC Android banking trojan was exposed, revealing targeting of 700+ apps and flaws like hardcoded credentials. The leak aids defenders in tracking active operations.
Source: The Hacker News

EncryptHub exploits MSC EvilTwin (CVE-2025-26633) to deploy Fickle Stealer

The Russian group uses social engineering and the patched Windows MMC flaw to execute malicious MSC files, deploying stealers and backdoors like SilentCrystal. Attacks leverage compromised Brave Support accounts for hosting payloads.
Impact: Data theft and persistent system control.
Mitigation: Patch CVE-2025-26633 and monitor for suspicious MSC files.
Source: The Hacker News

NYDFS fines Healthplex $2M for phishing-related failings

Healthplex’s lack of MFA and data retention policies led to a 2021 breach exposing 89,000 individuals’ data. The insurer delayed reporting by 4 months, violating NYDFS’s 72-hour rule.
Source: DataBreaches.net

UK MoD subcontractor breach endangers 3,700 Afghan evacuees

A cyber incident at Inflite–The Jet Centre, a MoD supplier, exposed names, passport details, and relocation data of Afghan nationals brought to the UK.
Source: DataBreaches.net

Kokomo24/7 breach impacts LAUSD student telehealth data

The telehealth provider detected unauthorized access to student records in December 2024 but delayed notification until August 2025. LAUSD was informed a day after detection.
Source: DataBreaches.net

UK HMRC fires 50 staff for snooping on taxpayer records

Employees accessed confidential salary and earnings data without authorization, among other breaches. Over 186 staff have been dismissed since 2022 for similar violations.
Source: DataBreaches.net

Microsoft Teams to block malicious files and URLs

New protections will block executable files and flag malicious links in chats/channels, with Defender integration for domain blocking. Rolling out globally by September 2025.
Source: BleepingComputer

Share this brief: https://svo.bz/MTpB

If you want to support us, you can donate here: Donate