Svoboda Cybersecurity Brief August 26, 2025
Aug 26, 2025bulletproof VPN - stay anonymous
Farmers Insurance breach impacts 1.1M customers via Salesforce attack
Farmers Insurance disclosed a breach affecting 1.1M customers after attackers compromised a third-party vendor’s Salesforce database via OAuth app hijacking (UNC6040/UNC6240 group). Stolen data includes names, addresses, SSN fragments, and driver’s license numbers.
Source: BleepingComputer
Critical Docker Desktop flaw (CVE-2025-9074) allows host takeover
A 9.3 CVSS vulnerability in Docker Desktop (Windows/macOS) lets malicious containers bypass isolation via unauthenticated API access to Docker Engine (192.168.65.7:2375). Attackers can mount host drives and execute arbitrary commands.
Impact: Full host compromise on Windows; limited on macOS due to permission prompts.
Mitigation: Upgrade to Docker Desktop 4.44.3.
Source: BleepingComputer
Anatsa trojan targets 831 financial apps via Google Play
Zscaler discovered 77 malicious Android apps (19M+ installs) delivering Anatsa banking trojan, now targeting 831 financial/crypto apps including in Germany/South Korea. Uses accessibility abuse and runtime DES decryption to evade detection.
Impact: Credential theft, device control.
Mitigation: Enable Play Protect, review app permissions.
Source: BleepingComputer
UNC6384 deploys PlugX via captive portal hijacks
Chinese APT group UNC6384 (linked to Mustang Panda) targets diplomats using AitM attacks to deliver signed STATICPLUGIN loader, deploying PlugX via DLL sideloading (cnmpaui.dll). Uses Let’s Encrypt-certified phishing pages.
Source: TheHackerNews
AI image-scaling attack steals data via hidden prompts
Trail of Bits disclosed an attack injecting malicious prompts into downscaled images (bicubic interpolation) to manipulate AI models (Google Gemini, Vertex AI). Exfiltrates data via hidden text artifacts invisible at full resolution.
Impact: Data leakage via AI model manipulation.
Mitigation: Preview downscaled images, require user confirmation for sensitive actions.
Source: BleepingComputer
Transparent Tribe targets Indian govt with Linux .desktop malware
Pakistani APT group Transparent Tribe deployed Linux .desktop shortcuts (masquerading as PDFs) to drop Go-based ELF binaries. Targets Indian defense entities via spear-phishing and cron-based persistence.
Source: SecurityWeek
OneFlip attack flips AI weights via Rowhammer
Researchers demonstrated bit-flipping AI model weights (e.g., changing stop signs to speed limits in AVs) using Rowhammer. Requires white-box model access and same-machine execution.
Impact: Model integrity compromise.
Mitigation: Hardware memory protection, model integrity checks.
Source: SecurityWeek
Auchan retailer breach exposes loyalty program data
French retailer Auchan disclosed a breach affecting hundreds of thousands of customers, leaking names, addresses, and loyalty card numbers. No financial data compromised.
Source: BleepingComputer
Aspire Rural Health breach affects 138K patients
BianLian ransomware attacked Aspire Health (Nov 2024-Jan 2025), stealing patient records. The group disappeared in March without leaking data.
Source: SecurityWeek
Arch Linux under sustained DDoS attack
Arch Linux AUR, forums, and website faced week-long DDoS attacks, partially mitigated. Mirrors remain operational.
Source: SecurityWeek
Share this brief: https://svo.bz/yNJn
If you want to support us, you can donate here: Donate