svoboda.center Logo svoboda.center

Svoboda Cybersecurity Brief September 10, 2025

Sep 10, 2025

bulletproof VPN - stay anonymous

Kosovo Cybercrime Marketplace Admin Pleads Guilty

Liridon Masurica, administrator of the BlackDB.cc cybercrime marketplace, pleaded guilty to conspiracy to commit access device fraud. The marketplace sold stolen credentials, credit card data, and PII, primarily targeting US victims. Masurica faces up to 10 years in prison.
Source: DataBreaches.net

Ukrainian Ransomware Administrator Charged in Global Attacks

Volodymyr Tymoshchuk, linked to LockerGoga, MegaCortex, and Nefilim ransomware, was charged for attacks on over 250 US companies and hundreds globally. The DOJ alleges he customized ransomware for each victim and demanded decryption payments.
Source: DataBreaches.net

Massive npm Supply Chain Attack Targets Crypto Wallets

Attackers compromised 20 popular npm packages (2B+ weekly downloads) via a phishing attack on a maintainer. The malware hijacks crypto transactions by swapping wallet addresses. Ledger’s CTO claims “almost no victims” due to rapid response.
Impact: Potential theft of cryptocurrency funds.
Mitigation: Reset npm credentials, audit dependencies, and monitor wallet transactions.
Source: DataBreaches.net

St. Joseph City Hit by Cyberattack, Data Potentially Stolen

A June 2024 cyberattack on St. Joseph, Missouri, crippled city services and potentially exposed police and health department records. The city spent over $1M on recovery and infrastructure upgrades.
Source: DataBreaches.net

Adobe Patches Critical Magento Vulnerability (CVE-2025-54236)

A critical flaw in Adobe Commerce and Magento Open Source (SessionReaper) allows unauthenticated attackers to bypass security features via the REST API. Adobe deployed a WAF rule as an interim fix.
Impact: Potential account takeover and data compromise.
Mitigation: Apply the patch immediately; disable unused REST API endpoints.
Source: BleepingComputer

SAP Fixes Maximum-Severity NetWeaver Flaw (CVE-2025-42944)

SAP patched 21 vulnerabilities, including a 10.0 CVSS-rated insecure deserialization bug in NetWeaver’s RMI-P4 module, allowing unauthenticated RCE. Two other critical flaws (CVE-2025-42922, CVE-2025-42958) were also addressed.
Impact: Full system compromise via arbitrary OS command execution.
Mitigation: Apply SAP patches; restrict access to port 5999.
Source: SecurityWeek

Docker API Exploitation Campaign Evolves into Botnet Threat

Attackers abuse exposed Docker APIs (port 2375) to deploy malware, block external access, and scan for new victims. The campaign now includes dormant Telnet (port 23) and Chromium debug port (9222) exploitation logic.
Impact: Potential botnet formation and lateral movement.
Mitigation: Secure Docker APIs; disable unnecessary ports.
Source: BleepingComputer

Plex Confirms Data Breach, Urges Password Resets

Plex disclosed a breach compromising emails, usernames, and hashed passwords. No evidence of misuse exists, but users must reset passwords and enable MFA.
Source: BleepingComputer

RatOn Android Malware Combines NFC Relay and ATS Fraud

RatOn targets Czech/Slovak users via fake TikTok apps, locking devices and stealing crypto wallet seed phrases. It also performs Automated Transfer System (ATS) fraud and displays ransomware-like overlays.
Impact: Financial theft and device lockout.
Mitigation: Avoid third-party app stores; monitor wallet activity.
Source: The Hacker News

Microsoft Patch Tuesday: 86 Flaws, Including Critical NTLM Bug

September updates fixed 86 vulnerabilities, including CVE-2025-54918 (NTLM privilege escalation) and CVE-2025-55234 (SMB client flaw). No zero-days were exploited.
Impact: Potential privilege escalation and RCE.
Mitigation: Apply patches; restrict NTLM usage.
Source: SecurityWeek

US Sanctions Southeast Asian Cyber Scammers

The Treasury sanctioned 19 entities linked to scam operations in Burma and Cambodia, which stole $10B+ from Americans in 2024 via romance scams and fake crypto schemes.
Source: BleepingComputer

English Court Rules on GDPR Compensation for Non-Material Damage

The Court of Appeal upheld claims for distress/anxiety from GDPR breaches, even without proof of third-party data access.
Source: DataBreaches.net

Salt Typhoon Domains Reveal Longstanding Chinese Espionage

45 unreported domains linked to China-backed Salt Typhoon and UNC4841 groups date back to 2020, confirming prolonged cyber espionage activity.
Source: The Hacker News

Axios Abuse in Microsoft 365 Phishing Campaigns

Threat actors use Axios HTTP client and Microsoft Direct Send to bypass security, achieving a 70% success rate in phishing attacks targeting finance, healthcare, and manufacturing sectors.
Impact: Credential theft and session hijacking.
Mitigation: Disable unused Direct Send; train users on phishing.
Source: The Hacker News

Wayne Memorial Hospital Notifies 163K of Ransomware Breach

A May 2024 ransomware attack exposed SSNs, medical records, and insurance data. Monti ransomware claimed responsibility.
Source: SecurityWeek

Mitsubishi Electric Acquires Nozomi Networks for $883M

The industrial giant will fully acquire OT/IoT security firm Nozomi Networks, valuing it at nearly $1B. Nozomi will operate independently post-acquisition.
Source: SecurityWeek

Ex-WhatsApp Employee Sues Meta Over Security Retaliation

Attaullah Baig alleges Meta ignored critical security flaws (unrestricted engineer access, account takeovers) and retaliated when he reported them. Meta denies the claims.
Source: SecurityWeek

Share this brief: https://svo.bz/IykG

If you want to support us, you can donate here: Donate