svoboda.center Logo svoboda.center

Svoboda Cybersecurity Brief September 16, 2025

Private VPN — just $1.2/mo

Kering Confirms Data Breach Impacting Gucci and Other Luxury Brands

Kering confirmed unauthorized access to customer data from brands including Gucci, Balenciaga, and Alexander McQueen, with ShinyHunters claiming theft of over 43M Gucci records. The company denies ransom negotiations, but chat logs and a Bitcoin transaction contradict this claim. No financial data was compromised.
Source: DataBreaches.net

Insider Breach at FinWise Bank Affects 689K Customers

A former FinWise Bank employee accessed sensitive customer data post-employment, impacting 689K individuals. Exposed data includes full credit/debit card details, SSNs, and medical information. The bank offers 12-24 months of credit monitoring.
Source: BleepingComputer

Mustang Panda Targets Thailand with SnakeDisk USB Worm

The China-linked group deployed SnakeDisk, a USB worm delivering the Yokai backdoor, geofenced to Thailand. The attack uses DLL sideloading and TONESHELL variants with anti-analysis techniques like junk code from ChatGPT’s website.
Impact: Enables remote code execution and data exfiltration.
Mitigation: Block unauthorized USB devices, monitor for DLL sideloading.
Source: The Hacker News

Law Enforcement Portals Targeted by Scattered LAPSUS$ Hunters

Hackers claimed access to FBI’s CJIS and Google’s LERS portals, but Google confirmed only a fraudulent account was created (no data accessed). The group is linked to recent Salesforce data theft attacks.
Source: BleepingComputer

New Phoenix Attack Bypasses DDR5 Rowhammer Defenses

A novel Rowhammer variant exploits DDR5 memory, bypassing existing mitigations like TRR. The attack enables bit flips for privilege escalation or data corruption.
Impact: Kernel-level compromise on modern systems.
Mitigation: Firmware updates and memory isolation techniques.
Source: BleepingComputer

Villager AI Pen-Testing Tool Raises Abuse Concerns

Cyberspike’s Villager framework (11K PyPI downloads) automates offensive security tasks, mimicking Cobalt Strike’s trajectory. It uses Kali Linux containers for stealth and integrates AsyncRAT plugins.
Impact: Lowers barrier for less-skilled attackers.
Mitigation: Monitor for unusual containerized activity.
Source: The Hacker News

Verily Accused of Covering Up HIPAA Violations

A whistleblower lawsuit alleges Alphabet’s Verily used 25K+ patients’ health data without consent and fired the executive who reported it. The case survived dismissal attempts.
Source: DataBreaches.net

Ex-WhatsApp Security Head Sues Meta Over User Data Risks

Former executive Attaullah Baig claims 1,500 engineers had unrestricted access to user data, and Meta ignored daily account takeovers (>100K/day). The suit alleges violations of a 2020 FTC order.
Source: The Guardian

West Virginia Credit Union Breach Exposes 187K Individuals

Black Basta ransomware attackers accessed full financial and medical data in 2023, but the breach was only confirmed in 2025. Credit union offers 24-month monitoring.
Source: SecurityWeek

Samsung Patches Zero-Day in Android Image Library

CVE-2025-21043, an out-of-bounds write flaw in libimagecodec.quram.so, was exploited in attacks likely linked to WhatsApp-targeted spyware.
Impact: Arbitrary code execution on Samsung devices.
Mitigation: Apply September 2025 security updates.
Source: SecurityWeek

Share this brief: https://svo.bz/iKEJ

If you want to support us, you can donate here: Donate