svoboda.center Logo svoboda.center

Svoboda Cybersecurity Brief October 05, 2025

Private VPN — just $1.2/mo

Qantas Airways obtains permanent injunction amid impending data leak by Scattered LAPSUS$ Hunters

Qantas Airways secured a permanent injunction to prevent the leak of 153 GB of customer data stolen by Scattered LAPSUS$ Hunters, including 5M+ records with PII like names, emails, and frequent flyer numbers. Despite legal efforts, threat actors ignored the injunction and leaked court filings via Telegram. The airline also obtained a non-publication order to protect its lawyers from potential retaliation.
Source: DataBreaches

Discord discloses breach after third-party support portal compromised

Hackers stole partial payment info, PII, and government IDs from Discord users after breaching a third-party customer support system (likely Zendesk). Scattered LAPSUS$ Hunters claimed responsibility and demanded a ransom. Discord revoked access and launched an investigation, but the extent of the breach remains unclear.
Source: BleepingComputer

PowerSchool breached via Salesloft Drift campaign despite prior promises

PowerSchool suffered unauthorized access to its Salesforce database due to the Salesloft Drift campaign by Scattered LAPSUS$ Hunters, exposing customer support data. ShinyHunters, who previously extorted PowerSchool, claimed no intentional targeting and deleted the data. The breach highlights risks of third-party SaaS integration.
Source: DataBreaches

Massive spike in scans targeting Palo Alto Networks login portals

GreyNoise reported a 500% surge in suspicious scans targeting Palo Alto Networks GlobalProtect and PAN-OS portals, with 1,285 unique IPs (93% suspicious, 7% malicious). Activity clusters suggest targeted reconnaissance, possibly preluding exploit attempts. Similar scans preceded recent Cisco ASA zero-days.
Impact: Potential exploitation of unpatched vulnerabilities.
Mitigation: Ensure PAN-OS is up-to-date and monitor for unusual login attempts.
Source: BleepingComputer

CometJacking attack hijacks Perplexity’s Comet AI browser via malicious URLs

LayerX researchers revealed CometJacking, where malicious URLs trick Perplexity’s Comet AI browser into exfiltrating Gmail and Calendar data via Base64-encoded prompts. The attack exploits the browser’s authorized access to connected services, bypassing traditional defenses. Perplexity downplayed the findings despite demonstrated risks.
Impact: Unauthorized data exfiltration from AI-integrated services.
Mitigation: Disable auto-execution of prompts from untrusted URLs and audit connected service permissions.
Source: TheHackerNews

Grafana exploitation resurfaces targeting CVE-2021-43798 path traversal flaw

GreyNoise detected 110 malicious IPs (mostly from Bangladesh) exploiting CVE-2021-43798, a patched Grafana path traversal flaw, targeting U.S., Slovakian, and Taiwanese systems. Attacks appear automated, highlighting persistent abuse of outdated vulnerabilities.
Impact: Unauthorized access to sensitive files.
Mitigation: Patch Grafana instances and block listed malicious IPs.
Source: BleepingComputer

Share this brief: https://svo.bz/ZnMy

If you want to support us, you can donate here: Donate