svoboda.center Logo svoboda.center

Svoboda Cybersecurity Brief September 12, 2025

Sep 12, 2025

bulletproof VPN - stay anonymous

High-End Fashion Retailers Hit by Salesforce Attacks

ShinyHunters breached Kering subsidiaries (Gucci, Balenciaga, Brioni, Alexander McQueen) via Salesforce CRM, exfiltrating 56M+ records. Negotiations with Balenciaga collapsed, and data may be leaked. No public disclosure or customer notifications from Kering.
Source: DataBreaches.net

Akira Ransomware Exploits Critical SonicWall SSL VPN Flaw

Akira ransomware actively targets CVE-2024-40766 (CVSS 9.3), a SonicWall SSL VPN vulnerability, to gain network access. Exploits default configurations and weak credentials for lateral movement.
Impact: Unauthorized access, ransomware deployment.
Mitigation: Patch to firmware 7.3.0+, rotate passwords, enforce MFA, restrict Virtual Office Portal access.
Source: BleepingComputer

Senator Wyden Accuses Microsoft of Cybersecurity Negligence

Senator Wyden urges FTC to investigate Microsoft for RC4 encryption defaults in Kerberos, enabling ransomware (e.g., Ascension breach). Claims Microsoft’s monopoly exacerbates national security risks.
Impact: Kerberoasting attacks via weak RC4 encryption.
Mitigation: Disable RC4, enforce AES 128/256, use 14+ char passwords for service accounts.
Source: BleepingComputer

Apple Warns of Mercenary Spyware Attacks

Apple alerted users in 150+ countries about zero-click exploits (e.g., CVE-2025-43300 chained with WhatsApp CVE-2025-55177). Targets journalists, activists, and politicians.
Source: BleepingComputer

Panama Ministry of Economy Breached by INC Ransomware

INC Ransom claims theft of 1.5TB of financial data from Panama’s Ministry of Economy. Ministry confirms breach but denies core system impact.
Source: BleepingComputer

Cisco Patches High-Severity IOS XR Vulnerabilities

Fixed CVE-2025-20248 (image verification bypass, CVSS 6) and CVE-2025-20340 (ARP DoS, CVSS 7.4) in IOS XR. No active exploits detected.
Impact: Unauthorized code execution or network disruption.
Mitigation: Apply updates for IOS XR.
Source: SecurityWeek

Fake Browser Extensions Hijack Meta Business Accounts

Malicious extensions (SocialMetrics Pro, Madgicx Plus) steal Facebook session cookies via Telegram bots and Facebook Graph API. Targets advertisers.
Impact: Account takeover, credential theft.
Mitigation: Audit browser extensions, monitor for unusual login activity.
Source: The Hacker News

UK Train Operator LNER Discloses Third-Party Breach

LNER confirms breach via third-party supplier, exposing customer contact details and travel history. No financial data compromised.
Source: SecurityWeek

Critical Chrome Flaw Earns Researcher $43K

Google patched CVE-2025-10200, a critical use-after-free bug in Serviceworker, and paid $43K bounty. No active exploitation detected.
Source: SecurityWeek

VMScape Attack Breaks Guest-Host Isolation on AMD/Intel CPUs

New Spectre-like attack (CVE-2025-40300) leaks hypervisor secrets from QEMU via speculative execution. Impacts AMD Zen 1-5 and Intel Coffee Lake.
Impact: Cross-VM data leaks (e.g., encryption keys).
Mitigation: Apply Linux kernel patches with IBPB on VMEXIT.
Source: BleepingComputer

Share this brief: https://svo.bz/WTEV

If you want to support us, you can donate here: Donate