svoboda.center Logo svoboda.center

Svoboda Cybersecurity Brief August 22, 2025

Aug 22, 2025

bulletproof VPN - stay anonymous

Scattered Spider Hacker Gets 10 Years for SIM Swapping Attacks

Noah Michael Urban, a key member of Scattered Spider, was sentenced to 10 years in prison and ordered to pay $13 million in restitution for SIM-swapping attacks that stole $800,000 from victims. Urban used aliases like “King Bob” and targeted telecom providers to hijack accounts and cryptocurrency wallets.
Source: KrebsOnSecurity

Intel Websites Compromised Exposing 270K Employee Records

Intel’s internal web infrastructure was breached due to critical security flaws, exposing 270,000 employees’ personal data and sensitive corporate/supplier information. Attackers exploited four separate systems to exfiltrate global employee directories and gain admin access.
Source: DataBreaches.net

MPOWERHealth Suffers 1.5TB Data Leak Including PHI

A cyberattack on MPOWERHealth resulted in 1.5TB of data theft, including unencrypted protected health information (PHI) found in the Recycle Bin. The attackers accessed insurance claims, EOBs, and even cyberinsurance policy details.
Source: DataBreaches.net

Colt Confirms Data Breach as Warlock Ransomware Auctions Files

Colt Technology Services confirmed customer documentation was stolen after Warlock ransomware group listed 1 million files for auction, including network architecture and financial data. The breach occurred on August 12, with data posted on dark web leak sites.
Source: BleepingComputer

Russian APT Exploiting 7-Year-Old Cisco Vulnerability

FSB-linked hackers exploited CVE-2018-0171 in Cisco devices to collect configuration files and enable unauthorized access. The flaw in Cisco’s Smart Install allows remote code execution and has been actively used since 2021.
Impact: Lateral movement, privilege escalation, and long-term persistence in critical infrastructure.
Mitigation: Apply patches or disable Smart Install feature.
Source: SecurityWeek

Orange Belgium Discloses Breach Impacting 850K Customers

Orange Belgium confirmed a July cyberattack exposed data of 850,000 customers, including names, phone numbers, SIM card details, and PUK codes. No financial data or passwords were compromised.
Source: SecurityWeek

Apple Patches Zero-Day Exploited in Targeted Attacks

Apple fixed CVE-2025-43300, an ImageIO framework flaw allowing memory corruption via malicious images, exploited in “extremely sophisticated” attacks. Patches released for iOS, iPadOS, and macOS.
Impact: Potential remote code execution in targeted campaigns.
Mitigation: Update to latest OS versions.
Source: The Hacker News

Dev Gets 4 Years for Sabotaging Ex-Employer with Kill Switch

A developer embedded malware and a kill switch in his ex-employer’s systems, locking out thousands of users when his account was disabled. The attack caused significant operational disruptions and financial losses.
Source: BleepingComputer

CORNFLAKEV3 Backdoor Deployed via Fake CAPTCHA Pages

UNC5518 used ClickFix social engineering to deploy CORNFLAKE.V3, a backdoor delivering payloads like WINDYTWIST.SEA. Attackers lured victims with fake CAPTCHA pages to execute malicious PowerShell scripts.
Source: The Hacker News

Pre-Auth Exploit Chains in Commvault Lead to RCE

Four vulnerabilities (CVE-2025-57788 to CVE-2025-57791) in Commvault allowed pre-auth remote code execution via path traversal and default credential abuse. Patched in versions 11.32.102 and 11.36.60.
Impact: Unauthorized file system access and command injection.
Mitigation: Update to latest versions and change default credentials.
Source: The Hacker News

Fake Europol Reward for Qilin Ransomware Admins

A fake Telegram channel impersonating Europol offered a $50K reward for Qilin ransomware operators “Haise” and “XORacle.” The channel later admitted it was a troll operation targeting researchers/journalists.
Source: BleepingComputer

Password Managers Vulnerable to Clickjacking Attacks

11 password managers (including 1Password, LastPass) were found susceptible to DOM-based clickjacking, allowing data theft via autofill abuse. Some vendors have patched, but fixes are pending for others.
Source: SecurityWeek

QuirkyLoader Malware Spreads Agent Tesla, AsyncRAT

A new loader (QuirkyLoader) delivered via spam emails distributes malware like Agent Tesla, AsyncRAT, and Snake Keylogger. Attacks target Taiwan and Mexico, using DLL side-loading and process hollowing.
Source: The Hacker News

Share this brief: https://svo.bz/FwPl

If you want to support us, you can donate here: Donate