Svoboda Cybersecurity Brief September 15, 2025

Uvalde CISD shuts down due to ransomware attack

Uvalde Consolidated Independent School District will close for four days after detecting ransomware impacting critical systems including phones, thermostats, and security cameras. No group has claimed responsibility yet.
Source: DataBreaches.net

Jaguar Land Rover cyberattack threatens 100,000 supply chain jobs

JLR paused production globally after a cyberattack, putting 100,000 supply chain jobs at risk. Unite union warns of catastrophic impact on SMEs.
Source: DataBreaches.net

UNC6040/UNC6395 hackers target Salesforce for data theft

FBI warns of UNC6040 and UNC6395 groups compromising Salesforce environments via OAuth apps (“My Ticket Portal”) and stolen Salesloft Drift tokens. Data exfiltrated for extortion, impacting major firms like Google, Cisco, and Palo Alto Networks.
Impact: Mass data theft of customer records, AWS/Snowflake credentials.
Mitigation: Revoke unused OAuth apps, monitor token usage.
Source: BleepingComputer

VoidProxy phishing service bypasses MFA via AitM attacks

New PhaaS platform VoidProxy uses Cloudflare-hosted phishing sites to steal MFA codes and session cookies from Microsoft 365/Google accounts, including SSO (Okta). Targets receive CAPTCHA-filtered phishing pages mimicking login flows.
Impact: Credential theft, session hijacking.
Mitigation: Enforce phishing-resistant auth (e.g., Okta FastPass), restrict sensitive apps to managed devices.
Source: BleepingComputer

Share this brief: https://svo.bz/P5AD