svoboda.center Logo svoboda.center

Svoboda Cybersecurity Brief October 08, 2025

Private VPN — just $1.2/mo

Critical Redis Vulnerability (CVE-2025-49844) Exposes 60k Servers to RCE

CVE-2025-49844 (CVSS 10.0) is a 13-year-old use-after-free flaw in Redis’s Lua scripting engine, allowing authenticated attackers to escape the sandbox and execute arbitrary code. Roughly 60,000 internet-exposed Redis servers lack authentication, making them high-risk targets.
Impact: Remote code execution, data theft, and lateral movement in cloud environments.
Mitigation: Patch to Redis 6.2.20+/7.2.11+/8.0.4+/8.2.2+, restrict network access, disable Lua for untrusted users, and enable authentication.
Source: The Hacker News

Oracle EBS Zero-Day (CVE-2025-61882) Actively Exploited by Clop Ransomware

CVE-2025-61882 (CVSS 9.8) in Oracle E-Business Suite (EBS) enables unauthenticated RCE via malicious XSL templates. Clop ransomware group exploited it since August 2025 for data theft and extortion. The exploit chain involves SSRF, CRLF injection, and Lua script abuse.
Impact: Mass data exfiltration, ransomware deployment, and financial extortion.
Mitigation: Apply Oracle’s emergency patch (versions 6.2.20+/7.2.11+), restrict EBS internet exposure, and monitor for suspicious XSL template uploads.
Source: The Hacker News

Fortra GoAnywhere MFT Zero-Day (CVE-2025-10035) Abused by Medusa Ransomware

CVE-2025-10035 (CVSS 10.0) in Fortra GoAnywhere MFT allows RCE via forged license signatures. Chinese group Storm-1175 exploited it since September 11, 2025 to deploy Medusa ransomware and RMM tools like SimpleHelp.
Impact: Remote compromise, data exfiltration, and ransomware encryption.
Mitigation: Upgrade to GoAnywhere MFT 7.8.4+/7.6.3+, audit for backdoor .jsp files, and monitor RMM tool usage.
Source: The Hacker News

UK Nursery Chain Data Breach: Hackers Steal 8,000 Children’s Data

Two individuals (ages 17 and 22) were arrested in the UK for hacking Kido nursery chain, stealing names and photos of 8,000 children, and demanding ransom. The attackers allegedly threatened to leak the data unless paid.
Source: DataBreaches.net

XWorm 6.0 Resurfaces with 35 Plugins for Stealthy Attacks

The XWorm malware (v6.0) now includes 35 plugins for credential theft, ransomware, and RAT capabilities. Distributed via phishing emails with malicious LNK files, it targets browsers (Chromium.dll), wallets (MetaMask), and deploys NoCry ransomware.
Impact: Credential theft, ransomware, and persistent backdoor access.
Mitigation: Block suspicious LNK/JS files, monitor for PowerShell spawning RegSvcs.exe, and restrict RMM tools.
Source: The Hacker News

Google’s Gemini AI Vulnerable to ASCII Smuggling Attacks

ASCII smuggling (using Unicode tags) can manipulate Google Gemini to execute hidden commands in calendar invites/emails, enabling fake info delivery or data extraction. Google dismissed it as “not a security bug” despite PoC demonstrating real-world abuse.
Source: BleepingComputer

BatShadow Group Targets Job Seekers with Vampire Bot Malware

Vietnamese threat actor BatShadow lures digital marketers via fake job offers (“Marriott_Marketing_Job_Description.pdf.exe”) to deploy Vampire Bot, a Go-based malware stealing credentials, screenshots, and executing remote commands.
Source: The Hacker News

Docker Hardened Images Now Affordable for SMBs

Docker expanded access to its Hardened Images Catalog, offering pre-vetted container images with near-zero CVEs and a 7-day patch SLA. Independent audits confirmed no root escapes or high-severity flaws.
Source: BleepingComputer

Electronics Giant Avnet Breached, 1.3TB Data Stolen

Avnet confirmed a breach of an EMEA sales tool database, exposing PII and sales data. The attacker leaked samples but claims most data is unreadable without proprietary tools.
Source: BleepingComputer

California Court Rules Hospitals Not Liable for Insider Breaches

A California appeals court ruled hospitals cannot be fined for employee data leaks if they had policies in place. The case involved a UCLA Health worker posting patient data on Instagram in 2016.
Source: DataBreaches.net

Harris Health Discloses Decade-Long Insider Data Breach

A fired Harris Health (Texas) employee accessed/shared 5,000+ patient records from 2011–2021, including SSNs and medical data. Disclosure was delayed due to a law enforcement investigation.
Source: DataBreaches.net

Share this brief: https://svo.bz/WJ5k

If you want to support us, you can donate here: Donate