svoboda.center Logo svoboda.center

Svoboda Cybersecurity Brief September 27, 2025

Private VPN — just $1.2/mo

Cisco ASA Zero-Day Exploits in ArcaneDoor Campaign

Two zero-day vulnerabilities (CVE-2025-20333 and CVE-2025-20362) in Cisco ASA firewalls were exploited by China-linked threat actors (UAT4356/Storm-1849) to deploy RayInitiator (GRUB bootkit) and LINE VIPER (user-mode shellcode loader) malware. The attacks targeted government agencies, disabling logs, intercepting CLI commands, and persisting across reboots via ROM manipulation.
Impact: Full device compromise, data exfiltration, and persistent access.
Mitigation: Patch to ASA 7.8.4/7.6.3, rotate credentials, and disconnect end-of-support devices (e.g., ASA 5500-X series).
Source: The Hacker News

Fortra GoAnywhere MFT Zero-Day Exploitation

CVE-2025-10035, a CVSS 10.0 deserialization flaw in Fortra GoAnywhere MFT, was exploited as a zero-day from September 10, 2025, to create backdoor admin accounts and deploy payloads like SimpleHelp. Over 20,000 instances are internet-exposed.
Impact: Remote code execution and unauthorized data access.
Mitigation: Patch to GoAnywhere 7.8.4/7.6.3 or restrict admin console internet access.
Source: SecurityWeek

COLDRIVER APT Delivers New Malware via ClickFix Tactics

Russian APT group COLDRIVER used ClickFix lures to deploy BAITSWITCH (downloader) and SIMPLEFIX (PowerShell backdoor), targeting NGOs and Russian exiles. The attack chain involves forged CAPTCHA prompts and Registry-based payload storage.
Impact: Data exfiltration and persistent access via command execution.
Mitigation: Block suspicious PowerShell execution and monitor for C2 traffic to domains like southprovesolutions[.]com.
Source: The Hacker News

Archer Health PHI Leak Leads to Dark Web Exposure

A misconfigured 23GB AWS bucket exposed 145k files containing patient SSNs, diagnoses, and treatment plans. Hacktivist group KillSec3 exfiltrated 8GB of data and leaked it on September 8, 2025.
Impact: Mass PHI/PII exposure and potential extortion.
Mitigation: Secure cloud buckets with encryption and access controls; audit configurations.
Source: DataBreaches

New XCSSET macOS Variant Hijacks Crypto Transactions

An updated XCSSET malware variant targets Firefox and adds a clipper module to replace wallet addresses in clipboards. It also uses LaunchDaemon persistence and exfiltrates data via modified HackBrowserData.
Impact: Cryptocurrency theft and credential harvesting.
Mitigation: Verify Xcode projects, disable unnecessary AppleScript execution, and monitor clipboard changes.
Source: SecurityWeek

ApolloMD Cyberattack Impacts 11 Physician Practices

Ransomware group Qilin claimed a May 2025 attack on ApolloMD, potentially exposing PHI (SSNs, diagnoses) for patients across 11 practices. Data was not leaked despite threats.
Impact: Patient data exposure and operational disruption.
Mitigation: Implement MFA, isolate critical systems, and monitor dark web for leaks.
Source: DataBreaches

Cognex Industrial Camera Vulnerabilities Remain Unpatched

Nine flaws (e.g., hardcoded passwords, auth bypass) in Cognex In-Sight 2000-9000 cameras allow MitM attacks and privilege escalation. Vendor advises migration to newer models.
Impact: Unauthorized access and industrial network compromise.
Mitigation: Segment networks, restrict remote access, and monitor for anomalous traffic.
Source: SecurityWeek

Neon App Leaks Call Recordings and User Data

Neon Mobile, a top-ranked social app, exposed user phone numbers and call transcripts due to a security flaw. The app paid users to record calls and sold data to AI firms.
Impact: Privacy violations and potential blackmail risks.
Mitigation: Disable app permissions and audit third-party data-sharing agreements.
Source: DataBreaches

Dutch Teens Arrested for Spying for Russian Hackers

Two 17-year-olds allegedly used WiFi sniffers near Europol and embassies in The Hague after recruitment via Telegram. One suspect’s device contained data from espionage activities.
Source: DataBreaches

Courts Raise Bar for Data-Breach Lawsuit Standing

Judges now require plaintiffs to demonstrate tangible harm (e.g., fraud losses) from breaches, dismissing cases based solely on exposure.
Source: DataBreaches

Share this brief: https://svo.bz/f86C

If you want to support us, you can donate here: Donate