Svoboda Cybersecurity Brief October 17, 2025

Critical Adobe AEM Forms Vulnerability Exploited in Attacks

A critical vulnerability (CVE-2025-54253, CVSS 10.0) in Adobe Experience Manager (AEM) Forms on JEE allows unauthenticated RCE via Struts DevMode misconfiguration. CISA confirms active exploitation and mandates patching for federal agencies by November 5.
Impact: Arbitrary code execution on unpatched systems.
Mitigation: Update to AEM Forms 6.5.0-0108 or restrict internet access to AEM Forms instances.
Source: BleepingComputer

F5 Discloses Nation-State Breach with Prolonged Access

F5 confirmed a nation-state attack on its infrastructure, discovered August 9, with prolonged access allowed under DOJ secrecy due to national security risks. The breach targeted application security and delivery systems.
Source: CyberScoop

Cisco SNMP Flaw Exploited to Deploy Rootkits on Switches

Threat actors exploited CVE-2025-20352 (patched Sept 2025) in Cisco IOS/IOS XE to deploy rootkits on older Linux systems lacking EDR. The malware (“ZeroDisco”) sets a universal password and hides config changes via UDP-controlled backdoors.
Impact: Persistent unauthorized access, lateral movement across VLANs.
Mitigation: Patch Cisco devices, monitor for suspicious UDP traffic, and inspect firmware/ROM regions.
Source: BleepingComputer

Oracle EBS Zero-Day Exploit Leaked by ShinyHunters

Oracle silently patched CVE-2025-61884, an E-Business Suite flaw actively exploited after ShinyHunters leaked a PoC. The vulnerability allows remote code execution without authentication.
Impact: Unauthorized access to sensitive resources.
Mitigation: Apply Oracle’s out-of-band update (Oct 2025).
Source: BleepingComputer

Qilin Ransomware Linked to Bulletproof Hosting Networks

Resecurity revealed Qilin RaaS relies on bulletproof hosting providers across pro-secrecy jurisdictions. The group recently crippled Asahi Group Holdings for two weeks via ransomware.
Source: Resecurity

North Korean Hackers Use EtherHiding for Malware Delivery

UNC5342 leveraged EtherHiding (storing malware in blockchain smart contracts) to distribute JADESNOW and InvisibleFerret malware via fake job interviews. Targets included cryptocurrency wallets and credentials.
Source: The Hacker News

Heritage Provider Network Settles $50M Class Action

Heritage agreed to a $49.99M settlement for a 2022 breach exposing 3.4M patients’ SSNs, medical data, and addresses. Affiliates include Regal Medical Group and Lakeside Medical.
Source: DataBreaches.net

Integris Health Pays $30M for 2023 Breach Extortion

Integris settled a lawsuit after hackers stole 2M records (SSNs, insurance info) and extorted victims for $50 payments to prevent dark web sales.
Source: Newsweek

Kelowna Airport Disrupted by Anti-Israel Hacktivists

Pro-Hamas group SiberIslam hijacked flight info screens and PA systems at Kelowna Airport (YLW), displaying “Israel lost the war” messages.
Source: The National Post

Sotheby’s Confirms Employee Data Breach

A July 2025 breach exposed employee SSNs and financial data, not customer records. The auction house offered TransUnion monitoring.
Source: BleepingComputer

Prosper Financial Services Breach Impacts 17.6M Accounts

Hackers stole SSNs, income data, and employment status from Prosper’s lending platform in September 2025. No evidence of account/fund access.
Source: BleepingComputer

LinkPro Linux Rootkit Uses eBPF for Stealth

A new rootkit (LinkPro) deployed via Jenkins CVE-2024-23897 exploits Docker images to hide via eBPF modules and activates via magic TCP packets (window size 54321).
Impact: Full system control, persistence via systemd.
Mitigation: Audit Docker Hub images, monitor eBPF module loads.
Source: The Hacker News

Fuji Electric HMI Configurator Flaws Expose OT Systems

Multiple vulnerabilities in V-SFT software (patched in v6.2.9.0) allow RCE via malicious project files, risking industrial HMI compromises.
Impact: Arbitrary code execution on OT systems.
Mitigation: Update to V-SFT 6.2.9.0, restrict project file sources.
Source: SecurityWeek

Share this brief: https://svo.bz/yEEV