Svoboda Cybersecurity Brief October 12, 2025

Widespread SonicWall VPN Compromises Using Valid Credentials

Huntress reported widespread unauthorized access to SonicWall SSL VPN devices, with over 100 accounts compromised across 16 customers. Attackers used valid credentials (not brute-forcing) and originated from IP 202.155.8[.]73. Some incidents involved network scanning and attempts to access Windows accounts.
Impact: Potential unauthorized network access, data exfiltration, and ransomware deployment.
Mitigation: Reset firewall credentials, restrict WAN management, enforce MFA, monitor logins, and revoke external API keys.
Source: The Hacker News

Hackers Weaponize Velociraptor DFIR Tool in LockBit Ransomware Attacks

Threat actor Storm-2603 abused Velociraptor (v0.73.4.0) with CVE-2025-6264 (privilege escalation) to deploy LockBit, Warlock, and Babuk ransomware. Attackers leveraged SharePoint vulnerabilities (ToolShell exploit) for initial access, modified GPOs, and disabled defenses before exfiltration.
Impact: Endpoint takeover, ransomware deployment, and data theft.
Mitigation: Patch SharePoint vulnerabilities, monitor GPO changes, restrict admin privileges, and update Velociraptor.
Source: The Hacker News

PowerSchool Hacker Faces Sentencing After Pleading Guilty

Matthew Lane (“g0retrance”) will be sentenced for hacking PowerSchool and a telecom firm, causing $14M in damages. He previously defaced the MIAA website in 2021 to “get attention” but escalated to cyber extortion and identity theft. Prosecutors seek 84 months imprisonment and restitution.
Source: DataBreaches.net

2009 Healthcare Data Breach Denied for a Decade

28,000 healthcare workers at Interior Health (BC, Canada) were victims of a 2009 breach, but the organization denied it for 10 years. Nurses like Ashley Stone faced ongoing identity theft, including fraudulent debts. Calls for an external investigation are mounting.
Source: DataBreaches.net

Share this brief: https://svo.bz/SJci