svoboda.center Logo svoboda.center

Svoboda Cybersecurity Brief September 25, 2025

Private VPN — just $1.2/mo

Verily Faces Lawsuit Over Alleged HIPAA Violations

Verily, an Alphabet-owned research institution, is facing a lawsuit alleging misuse of 25,000 patients’ health data without consent and failure to report the breach under HIPAA. The lawsuit claims patient data was extracted from 14 HIPAA-covered entities and used for undisclosed purposes.
Source: DataBreaches.net

ClaimPix Data Leak Exposes 5 Million Customer Records

A 10 TB unencrypted database containing 5.1 million files with sensitive customer data, including PII, vehicle registrations, and powers of attorney, was left publicly exposed. The leak included 16,000 signed legal documents with IP addresses of signers.
Source: DataBreaches.net

Volvo Group Data Breach Affects Workforce PII

Volvo Group North America LLC suffered a breach via third-party HR software provider Miljödata, which was hit by ransomware on Aug. 20, 2025. Exposed data includes employee names and Social Security numbers, with potential identity theft risks.
Source: DataBreaches.net

Motility Data Breach Exposes SSNs of 760,000 Consumers

Motility Software Solutions, a dealer management software provider, was breached on Aug. 19, 2025, exposing names, birthdates, driver’s license numbers, and SSNs. The breach did not impact parent company Reynolds and Reynolds.
Source: DataBreaches.net

Feds Charge Scattered Spider Duo in $115M Ransom Scheme

UK nationals Thalha Jubair (19) and Owen Flowers (18) were charged for their roles in Scattered Spider, a group linked to ransomware attacks on MGM Resorts, Caesars, and UK retailers. The duo allegedly extorted $115M and hacked London’s transit system.
Source: KrebsOnSecurity

UK Arrests Suspect in Airport Cyberattack Linked to Hardbit Ransomware

A 40-year-old man was arrested in the UK for allegedly launching a cyberattack using Hardbit ransomware against Collins Aerospace’s MUSE system, disrupting European airports including Heathrow and Brussels. The attack caused widespread flight delays.
Source: SecurityWeek

Supermicro BMC Flaws Allow Persistent Backdoors

Two vulnerabilities (CVE-2025-7937 and CVE-2025-6198) in Supermicro BMC firmware enable attackers to bypass Root of Trust and install malicious firmware. Exploits allow persistent control of servers, even after OS reinstallation.
Impact: Complete server compromise, bypassing security checks.
Mitigation: Apply firmware updates from Supermicro.
Source: BleepingComputer

Cisco Warns of Zero-Day Exploited in Attacks (CVE-2025-20352)

A high-severity SNMP buffer overflow in Cisco IOS/XE allows DoS or root access if SNMP is enabled. Cisco confirmed in-the-wild exploitation and recommends patching or restricting SNMP access.
Impact: Remote code execution or system crash.
Mitigation: Apply patches or limit SNMP to trusted IPs.
Source: BleepingComputer

OnePlus Phones Leak SMS Data via Unpatched Flaw (CVE-2025-10184)

A vulnerability in OxygenOS (v12–15) allows any app to access SMS data without permissions due to unsanitized SQL queries in custom providers. Rapid7 disclosed the flaw after OnePlus ignored multiple reports.
Impact: Unauthorized SMS data access, potential credential theft.
Mitigation: Minimize app installations, use OTP apps instead of SMS 2FA.
Source: BleepingComputer

PyPI Urges Credential Reset After Phishing Attacks

Python Package Index (PyPI) warned users of phishing emails directing victims to fake sites like pypi-mirror[.]org. Attackers aim to steal credentials to push malicious packages.
Source: BleepingComputer

GitHub Notifications Abused for Crypto Drainer Scam

Attackers abused GitHub’s @mention notifications to impersonate Y Combinator, luring developers to a fake W2026 program site. The site drained crypto wallets via malicious Ethereum attestation prompts.
Source: BleepingComputer

Chinese Hackers Use Brickstorm Backdoor in Year-Long Espionage

UNC5221, a suspected Chinese group, deployed the Brickstorm backdoor in US legal and tech sectors, maintaining access for 393 days on average. The malware exfiltrates emails and evades EDR via VMware credential theft.
Source: The Hacker News

RedNovember Hackers Exploit Perimeter Appliances Globally

Chinese state-sponsored group RedNovember (Storm-2077) targeted government and defense sectors using Pantegana backdoor and Cobalt Strike. Attacks exploited flaws in Check Point, Cisco, and Ivanti devices.
Source: The Hacker News

Record-Breaking DDoS Attack Hits 22 Tbps

A UDP carpet-bombing attack peaked at 22.2 Tbps and 10.6 Bpps, targeting a European infrastructure firm. The attack was linked to the Aisuru botnet and involved 404,000 IPs.
Source: SecurityWeek

Libraesva ESG Vulnerability Exploited by Nation-State Actor

CVE-2025-59689, a command injection flaw in Libraesva Email Security Gateway, was exploited by a foreign state actor via crafted email attachments. Patches are available for ESG 5.x versions.
Impact: Arbitrary command execution as a non-privileged user.
Mitigation: Upgrade to patched versions (e.g., 5.5.7).
Source: The Hacker News

SonicWall SMA 100 Appliances Infected with Overstep Malware

UNC6148 deployed Overstep malware on SonicWall SMA 100 appliances via stolen credentials. The malware steals credentials, session tokens, and OTP seeds. A new update (10.2.2.2-92sv) removes the rootkit.
Impact: Persistent backdoor access, credential theft.
Mitigation: Apply the update and review security steps from SonicWall.
Source: SecurityWeek

Share this brief: https://svo.bz/OxMi

If you want to support us, you can donate here: Donate