svoboda.center Logo svoboda.center

Svoboda Cybersecurity Brief September 08, 2025

Private VPN — just $1.2/mo

SalesLoft+Drift breach update: Threat actor accessed GitHub, AWS, and OAuth tokens

Mandiant’s investigation reveals a threat actor accessed SalesLoft’s GitHub account (March–June 2025), downloaded repositories, and compromised Drift’s AWS environment to steal OAuth tokens for customer integrations. The incident has been contained, with credentials rotated and environments hardened.
Impact: Unauthorized access to customer data via stolen OAuth tokens.
Mitigation: Rotation of credentials, isolation of compromised infrastructure, and proactive threat hunting.
Source: DataBreaches

CISA mandates patch for Sitecore zero-day (CVE-2025-53690) after active exploitation

CISA orders federal agencies to patch a Sitecore vulnerability involving a hardcoded sample machine key from 2017 deployment guides, exploited in recent attacks. Mandiant disrupted one such attack leveraging this flaw.
Impact: Unauthorized system access via exposed machine keys.
Mitigation: Patch affected Sitecore products and rotate machine keys.
Source: DataBreaches

iCloud Calendar exploited to deliver phishing emails via Apple’s servers

Threat actors abuse iCloud Calendar invites to send phishing emails (disguised as PayPal receipts) from noreply@email.apple.com, bypassing spam filters via SPF/DKIM validation. Targets are tricked into calling fraudulent support numbers.
Impact: Increased phishing success due to trusted Apple domain and email authentication.
Mitigation: Treat unexpected calendar invites with suspicion; verify payment alerts directly via official channels.
Source: BleepingComputer

Czech cyber agency warns against Chinese tech in critical infrastructure

NUKIB raises China’s threat level to “High”, citing APT31 attacks and risks from Chinese-made devices (smartphones, IoT, cloud services) that may expose data to the PRC. Critical infrastructure operators must reassess risk mitigation strategies.
Impact: Potential state-sponsored espionage or disruption via compromised supply chains.
Mitigation: Avoid Chinese tech in critical systems; implement strict data governance and network segmentation.
Source: BleepingComputer

Share this brief: https://svo.bz/ptuh

If you want to support us, you can donate here: Donate