svoboda.center Logo svoboda.center

Svoboda Cybersecurity Brief October 09, 2025

Private VPN — just $1.2/mo

Ransomware Alliance Forms Between DragonForce, LockBit, and Qilin

DragonForce, LockBit, and Qilin have formed a strategic alliance to share tools and infrastructure, increasing attack effectiveness. The coalition may lead to more frequent ransomware attacks, including against critical infrastructure, and could restore LockBit’s reputation post-takedown.
Source: SecurityAffairs

Major Law Firm Williams & Connolly Hacked by Suspected Chinese Threat Actors

Suspected Chinese government-backed hackers breached U.S. law firm Williams & Connolly, targeting email accounts of attorneys. The attackers used a previously unknown software flaw for stealthy access, likely for espionage rather than extortion.
Source: CNN

FileFix Attack Evolves with Cache Smuggling to Evade Security Software

A new variant of the FileFix social engineering attack uses cache smuggling to bypass detection. The attack impersonates a Fortinet VPN Compliance Checker, tricking users into pasting a malicious PowerShell command hidden behind padded spaces.
Impact: Stealthy malware deployment via browser cache.
Mitigation: Educate users against pasting commands from untrusted sources and monitor for suspicious PowerShell activity.
Source: BleepingComputer

Qilin Ransomware Claims Attack on Asahi Brewery, Leaks Data

The Qilin ransomware group claims responsibility for the attack on Asahi, leaking 27GB of internal documents including financial records and employee data. Asahi confirmed production disruptions but has now partially resumed operations.
Source: BleepingComputer

Critical WordPress Theme Vulnerability (CVE-2025-5947) Actively Exploited

Threat actors are exploiting CVE-2025-5947, a critical auth bypass flaw in the Service Finder WordPress theme, allowing admin access without authentication. Over 13,800 exploit attempts have been recorded since August.
Impact: Full WordPress compromise.
Mitigation: Update to Service Finder 6.1 or disable the plugin.
Source: BleepingComputer

London Police Arrest Two Suspects Linked to Nursery Data Breach

UK authorities arrested two teens for doxing children after a ransomware attack on Kido nurseries. The Radiant Group leaked sensitive data, including photos and addresses, but later removed it after failed extortion.
Source: BleepingComputer

Chinese Hackers Weaponize Open-Source Nezha Tool for Gh0st RAT Attacks

Chinese threat actors repurposed the open-source Nezha monitoring tool to deploy Gh0st RAT via log poisoning. The campaign targeted over 100 machines, primarily in Taiwan, Japan, and South Korea.
Impact: Remote code execution and data exfiltration.
Mitigation: Secure exposed phpMyAdmin panels and monitor for anomalous log entries.
Source: The Hacker News

Oracle EBS Zero-Day Exploited Months Before Patch (CVE-2025-61882)

Cl0p ransomware operators exploited CVE-2025-61882, a zero-day in Oracle EBS, two months before patching. The PoC exploit is now public, increasing risk for ~2,000 exposed instances.
Impact: Remote code execution.
Mitigation: Apply Oracle’s October 2025 patches immediately.
Source: SecurityWeek

AI-SPM Emerging as Key Layer for Mitigating AI Security Risks

AI Security Posture Management (AI-SPM) is gaining traction to counter OWASP LLM risks like prompt injection and data leakage. It enforces real-time controls and integrates with existing security stacks.
Source: SecurityWeek

OpenAI Disrupts Hackers Misusing ChatGPT for Malware Development

OpenAI banned Russian, North Korean, and Chinese threat actors using ChatGPT for malware development, phishing, and influence ops. The actors bypassed content filters by generating benign code snippets.
Source: The Hacker News

Share this brief: https://svo.bz/SjYv

If you want to support us, you can donate here: Donate