svoboda.center Logo svoboda.center

Svoboda Cybersecurity Brief October 18, 2025

Private VPN — just $1.2/mo

Prosper Data Breach Exposes 17.6 Million Accounts

Prosper, a peer-to-peer lending platform, disclosed a breach where attackers accessed its database, stealing confidential, proprietary, and personal information including Social Security numbers, addresses, and financial details. While customer accounts remained secure, the breach impacts 17.6 million individuals.
Source: SecurityWeek

ConnectWise Automate Vulnerabilities Enable AitM Attacks

ConnectWise patched two flaws in its Automate RMM platform, including CVE-2025-11492 (9.6 CVSS), which allows cleartext transmission of sensitive data, and CVE-2025-11493 (8.8 CVSS), which lacks integrity checks for updates. Combined, these could let attackers intercept or modify traffic and push malicious updates.
Impact: Remote code execution and data interception.
Mitigation: Update to Automate 2025.9 immediately.
Source: BleepingComputer

F5 BIG-IP Vulnerabilities Expose 266K Instances

F5 disclosed a breach by nation-state hackers who stole source code and details of undisclosed BIG-IP flaws. Over 266,000 BIG-IP instances remain exposed online, with patches released for critical vulnerabilities. CISA mandates federal agencies to patch by October 22.
Impact: Potential remote code execution and network compromise.
Mitigation: Apply F5’s latest security updates and disconnect end-of-life devices.
Source: BleepingComputer

Clop Ransomware Targets Envoy Air via Oracle Zero-Day

Envoy Air, an American Airlines subsidiary, confirmed data theft from its Oracle E-Business Suite after Clop exploited CVE-2025-61882, a zero-day flaw. Clop leaked stolen data, though Envoy claims no sensitive customer data was compromised.
Source: BleepingComputer

Europol Dismantles SIM-Box Fraud Operation

Europol’s Operation SIMCARTEL took down a criminal network running 1,200 SIM-box devices with 40,000 SIM cards, enabling 3,200 fraud cases and $5.3M in losses. The service rented phone numbers for phishing, extortion, and impersonation scams.
Source: BleepingComputer

North Korean Hackers Merge BeaverTail and OtterCookie Malware

The Contagious Interview campaign now combines BeaverTail (info-stealer) and OtterCookie (remote C2) into a single JS malware, adding keylogging and screenshot capabilities. The malware was delivered via a trojanized Node.js app hosted on Bitbucket.
Source: The Hacker News

WatchGuard VPN Zero-Day Allows Remote Code Execution

CVE-2025-9242 (9.3 CVSS) in WatchGuard Fireware OS lets unauthenticated attackers execute arbitrary code via an out-of-bounds write in the IKEv2 VPN service. Exploitation requires dynamic gateway peer configuration.
Impact: Full system compromise.
Mitigation: Update to Fireware OS 2025.1.1, 12.11.4, or 12.3.1_Update3.
Source: The Hacker News

Microsoft Revokes 200 Certificates Used by Rhysida Ransomware

Microsoft revoked 200 fraudulent certificates signed by Trusted Signing and others, used by Vanilla Tempest to deliver fake Teams installers distributing the Oyster backdoor and Rhysida ransomware. The campaign relied on SEO poisoning.
Source: The Hacker News

Zendesk Email Bombs Flood Inboxes with Fake Tickets

Cybercriminals abused Zendesk’s lack of email authentication to send thousands of threatening messages from legitimate corporate domains (e.g., The Washington Post). Zendesk recommends enabling verified user ticket submission.
Source: KrebsOnSecurity

ASP.NET Core Vulnerability Scores Record 9.9 CVSS

CVE-2025-55315 in ASP.NET Core’s Kestrel web server allows HTTP request smuggling, bypassing security controls. Exploitation could lead to credential theft, DoS, or injection attacks.
Impact: Security feature bypass and data leakage.
Mitigation: Update Visual Studio 2022 or ASP.NET Core to patched versions.
Source: SecurityWeek

Sotheby’s Discloses Data Breach Involving Sensitive Info

The auction house confirmed a breach where hackers stole names, SSNs, and financial data. The incident, discovered on July 24, impacted a small number of individuals, likely employees.
Source: SecurityWeek

Phoenix Contact UPS Devices Vulnerable to DoS Attacks

Five flaws in QUINT4 UPS devices, including CVE-2025-41703, allow unauthenticated attackers to disable power output or leak passwords. Patches are available, but devices should be isolated in industrial networks.
Impact: Denial of service and credential theft.
Mitigation: Update to firmware VC:07 and restrict network access.
Source: SecurityWeek

Gladinet CentreStack Exploited for RCE via Unpatched Flaw

CVE-2025-11371 in CentreStack lets attackers retrieve machineKey and exploit ViewState deserialization for remote code execution. Gladinet released patches in version 16.10.10408.56683.
Impact: Full system compromise.
Mitigation: Apply the latest CentreStack update immediately.
Source: SecurityWeek

Share this brief: https://svo.bz/zNlo

If you want to support us, you can donate here: Donate