Svoboda Cybersecurity Brief August 30, 2025
Aug 30, 2025bulletproof VPN - stay anonymous
Massive Chinese espionage campaign compromises nearly all Americans
A China-backed espionage group, Salt Typhoon, has reportedly stolen data from nearly every American citizen through a years-long campaign targeting telecommunications networks. The campaign began in 2019 and affected 80 countries, compromising 9 US telcos and government networks.
Source: DataBreaches.net
EuroFins cancer screening database breach affects 941,000 women
A Dutch national cervical cancer screening program exposed sensitive medical and personal data of up to 941,000 women due to a hack. Initially believed to affect 485,000, the breach now potentially impacts all participants since 2017.
Source: DataBreaches.net
TransUnion breach exposes 4.4 million to credential theft
A July 28 breach at TransUnion via a third-party app compromised names, SSNs, and birth dates of 4.4 million individuals. The incident is linked to a broader Salesforce exploitation campaign attributed to ShinyHunters.
Source: SecurityWeek
Nevada confirms ransomware attack disrupting state services
A sophisticated ransomware attack forced Nevada to shut down state offices and critical systems, with data exfiltration confirmed. CISA is assisting in restoration efforts while emergency services remain operational.
Source: SecurityWeek
WhatsApp zero-day vulnerability exploited in targeted attacks
A zero-click flaw (CVE-2025-55177) in WhatsApp for iOS/macOS was chained with an Apple OS vulnerability (CVE-2025-43300) for spyware deployment. Users were warned via alerts suggesting device resets.
Impact: Targeted espionage via iOS/macOS devices.
Mitigation: Update to WhatsApp v2.25.21.73+ and patch Apple OS vulnerabilities.
Source: BleepingComputer
FreePBX zero-day (CVE-2025-57819) allows RCE, actively exploited
A critical 10.0 CVSS flaw in FreePBX versions 15-17 enables unauthenticated attackers to manipulate databases and execute code via the ACP module. IoCs include modified /etc/freepbx.conf and suspicious modular.php POST requests.
Impact: Full system compromise via public-facing ACP panels.
Mitigation: Upgrade to FreePBX 15.0.66/16.0.89/17.0.3+ and restrict ACP access.
Source: The Hacker News
APT29 exploits Microsoft device code auth in watering hole campaign
Russia-linked APT29 hijacked legitimate sites to redirect 10% of visitors to fake Cloudflare pages, stealing Microsoft OAuth tokens. The group used evasion tactics like Base64 encoding and cookie-based throttling.
Source: The Hacker News
Fake ID marketplace VerifTools seized after earning $6.4M
Dutch and US authorities dismantled VerifTools, which sold counterfeit IDs for $9+ to bypass KYC checks. Operators relaunched on veriftools[.]com after seizure of 2 physical and 21 virtual servers.
Source: The Hacker News
TamperedChef malware spreads via fake PDF editor installers
A malvertising campaign lured users to download trojanized “AppSuite PDF Editor,” which deployed the TamperedChef stealer after 56 days. The malware harvests credentials and cookies via scheduled tasks (PDFEditorScheduledTask).
Impact: Credential theft and backdoor persistence.
Mitigation: Block domains like dl.sogouzhuyin[.]com and monitor for --cm arguments in Registry.
Source: The Hacker News
Sitecore exploit chain combines cache poisoning and RCE flaws
Three vulnerabilities (CVE-2025-53693/53691/53694) in Sitecore Experience Platform allow pre-auth cache poisoning and post-auth RCE via deserialization attacks. Patches were released in June-July 2025.
Impact: Full application compromise via chained exploits.
Mitigation: Apply Sitecore patches and restrict ItemService API access.
Source: The Hacker News
Share this brief: https://svo.bz/RNZ5
If you want to support us, you can donate here: Donate