Svoboda Cybersecurity Brief September 11, 2025
Sep 11, 2025bulletproof VPN - stay anonymous
NPM Supply Chain Attack Compromises 2.6B Weekly Downloads
Attackers compromised 18 popular NPM packages (including chalk and debug-js) with cryptocurrency-stealing code after phishing a maintainer. The malicious versions reached 10% of cloud environments within 2 hours before removal. The payload targeted Ethereum/Solana wallets but yielded minimal profits ($600).
Impact: Widespread supply chain exposure; server-side usage has lower risk than frontend deployments.
Mitigation: Rotate all secrets on affected systems; audit dependencies for compromised versions (ansi-styles@6.4.1, debug@4.3.5, etc.).
Source: BleepingComputer
Chinese APT Deploys EggStreme Malware Against Philippine Military
China-linked APT group used fileless malware framework EggStreme to target Philippine military systems. The multi-stage attack involves DLL sideloading, memory injection, and a keylogger exfiltrating data via gRPC.
Impact: Persistent espionage with 58 backdoor commands enabling lateral movement and data theft.
Mitigation: Monitor for anomalous gRPC traffic (e.g., to 93.88.75[.]252); enforce strict DLL validation.
Source: The HackerNews
Adobe Commerce Flaw (CVE-2025-54236) Allows Account Takeovers
Critical session hijacking vulnerability (CVSS 9.1) in Adobe Commerce/Magento lets attackers compromise customer accounts via REST API abuse. Affects versions up to 2.4.9-alpha2.
Impact: Unauthorized account access; potential payment diversion.
Mitigation: Apply Adobe’s hotfix or enable WAF rules for cloud deployments.
Source: The HackerNews
SAP Patches Critical NetWeaver RCE (CVSS 10.0)
SAP fixed 3 critical flaws, including an unauthenticated RCE in NetWeaver (CVE-2025-42944) via RMI-P4 deserialization and a file upload bug (CVE-2025-42922).
Impact: Full system compromise via arbitrary OS command execution.
Mitigation: Block P4 port access temporarily; patch to latest versions.
Source: The HackerNews
1.5 Bpps DDoS Attack Targets Mitigation Provider
A European DDoS scrubbing service faced a 1.5 billion packets/sec UDP flood from 11K+ compromised IoT devices/MikroTik routers. FastNetMon mitigated the attack using edge-router ACLs.
Impact: Highlights ISP-level filtering gaps for IoT botnets.
Mitigation: ISPs should implement outbound attack detection.
Source: BleepingComputer
Apple Pixel 10 Introduces Anti-AI-Fake Photo Verification
Pixel 10 integrates C2PA Content Credentials to cryptographically verify photo authenticity. Uses Titan M2 chip for tamper-proof metadata and one-time keys per image.
Source: BleepingComputer
Cursor IDE Auto-Runs Malicious Code from Repos
Cursor IDE’s disabled Workspace Trust feature allows malicious tasks.json files to execute code automatically when opening repos. Developer refuses to fix, citing AI feature conflicts.
Impact: Credential theft or malware deployment via compromised projects.
Mitigation: Enable Workspace Trust manually or use VS Code for untrusted repos.
Source: BleepingComputer
Jaguar Land Rover Confirms Data Breach Post-Cyberattack
JLR admitted data theft after a Scattered Spider ransomware attack disrupted global production. No details on data type; attackers leaked SAP system screenshots.
Source: SecurityWeek
HHS Updates HIPAA Security Risk Assessment Tool
v3.6 adds NIST-aligned risk scales and audit tracking for healthcare compliance. Webinars scheduled for September 15-16.
Source: DataBreaches.net
Share this brief: https://svo.bz/SPd5
If you want to support us, you can donate here: Donate