Svoboda Cybersecurity Brief August 20, 2025
Aug 20, 2025bulletproof VPN - stay anonymous
Russian Hackers Hijack Ukrainian Satellite TV Broadcast
Russian-backed hackers hijacked a satellite providing TV service to Ukraine, replacing programming with Moscow’s Victory Day parade footage. The attack aimed to intimidate and demonstrate cyberwarfare capabilities in space-based infrastructure.
Source: The Hacker News
SAP NetWeaver Exploit Chains Two Critical Vulnerabilities for RCE
A new exploit combines CVE-2025-31324 (missing auth) and CVE-2025-42999 (insecure deserialization) to achieve remote code execution on unpatched SAP NetWeaver systems. Threat actors including ransomware groups Qilin and BianLian have weaponized these flaws since March 2025.
Impact: Complete system compromise and data theft.
Mitigation: Apply SAP patches (April/May 2025), restrict internet access to SAP apps, and monitor for anomalies.
Source: The Hacker News
Qilin Ransomware Attacks Pharma Firm Inotiv, Disrupts Operations
Inotiv disclosed a ransomware attack by Qilin gang encrypting systems and exfiltrating ~162K files (176GB). The incident impacted business operations, forcing partial migration to offline processes.
Source: BleepingComputer
PyPI Blocks 1,800 Accounts Over Expired Domains to Prevent Takeovers
PyPI now scans for expired domains linked to accounts, marking emails unverified to prevent domain resurrection attacks. The move follows past incidents like the 2022 ‘ctx’ package compromise.
Impact: Account takeover leading to supply chain attacks.
Mitigation: Enable 2FA and add backup emails from non-custom domains.
Source: The Hacker News
UK Drops Apple Encryption Backdoor Demand After US Pushback
The UK rescinded its order for Apple to create a backdoor for encrypted iCloud data after US officials protested civil liberties violations. Apple had disabled Advanced Data Protection for UK users in February 2025.
Source: The Hacker News
Allianz Life Data Breach Exposes 1.1M Records via Salesforce Hack
Scattered Spider/ShinyHunters leaked 1.1M unique records (emails, phone numbers, addresses) from Allianz Life’s Salesforce CRM. The campaign also hit Adidas, Google, and others using social engineering.
Source: SecurityWeek
PipeMagic Backdoor Used in RansomEXX Attacks Exploiting Windows Zero-Day
Microsoft analyzed PipeMagic, a modular backdoor linked to Storm-2460 (RansomEXX), exploiting CVE-2025-29824. The malware uses dynamic payload execution and C&C modules, targeting US/EU/Mideast orgs.
Source: SecurityWeek
NY Business Council Breach Exposes 47K Including SSNs and Health Data
The Business Council of NY State disclosed a February 2025 breach exposing 47,329 individuals’ SSNs, financial/medical data. Attackers used stolen employee credentials for initial access.
Source: BleepingComputer
Nova Ransomware Gang Doubles Extortion Demand After Initial Payment
Dutch firm Clinical Diagnostics paid Nova ransomware to protect cervical cancer screening data, but the gang later demanded more money, claiming the firm “broke the deal.”
Source: DataBreaches
Apache ActiveMQ Flaw Exploited to Deploy DripDropper Malware
Threat actors exploit CVE-2023-46604 (RCE flaw) in Apache ActiveMQ to deploy DripDropper malware, which communicates via Dropbox for C2. Attackers patch the flaw post-exploitation to prevent rival intrusions.
Impact: Persistent cloud system access.
Mitigation: Patch ActiveMQ, restrict internet access, monitor for C2 traffic.
Source: The Hacker News
UK Hacktivist Jailed for Yemen Cyber Army Attacks and Data Theft
Al-Tahery Al-Mashriky (26) sentenced to 20 months for hacktivist attacks defacing 3K sites and possessing millions of stolen credentials from PayPal, Netflix, and Facebook.
Source: SecurityWeek
Share this brief: https://svo.bz/jL4O
If you want to support us, you can donate here: Donate