svoboda.center Logo svoboda.center

Svoboda Cybersecurity Brief October 19, 2025

Private VPN — just $1.2/mo

Massachusetts Hospitals Hit by Cybersecurity Incident

Heywood Hospital and Athol Hospital in Massachusetts experienced a network outage caused by a cybersecurity incident. Systems were taken offline, and a third-party cybersecurity firm was engaged. Patient care continues, but communications remain disrupted.
Source: DataBreaches.net

Fake macOS Homebrew, LogMeIn, and TradingView Ads Deliver Infostealers

Attackers are using Google Ads to promote fake Homebrew, LogMeIn, and TradingView sites, tricking users into executing malicious Terminal commands. These deliver infostealers like AMOS and Odyssey, which harvest credentials, cryptocurrency wallets, and system data. Over 85 fraudulent domains were identified.
Impact: Data theft, including browser credentials and system information.
Mitigation: Avoid executing unfamiliar Terminal commands and verify download sources.
Source: BleepingComputer

New CAPI Backdoor Targets Russian Auto and E-Commerce Sectors

A phishing campaign distributes a .NET-based backdoor (CAPI Backdoor) via ZIP archives with decoy tax documents. The malware steals browser data, takes screenshots, and establishes persistence via scheduled tasks and Startup folder LNK files. Targets include impersonated domains like carprlce[.]ru.
Impact: Data exfiltration and remote system control.
Mitigation: Disable macros in documents and scrutinize unexpected email attachments.
Source: The Hacker News

Silver Fox Expands Malware Campaigns with Winos 4.0 and HoldingHands RAT

The Silver Fox group now targets Japan and Malaysia with HoldingHands RAT, delivered via phishing emails with malicious PDFs. Campaigns previously focused on China and Taiwan, using fake tax documents. The malware terminates security processes and leverages anti-VM checks.
Impact: System compromise, data theft, and evasion of security tools.
Mitigation: Employee training on phishing and endpoint detection for unusual process terminations.
Source: The Hacker News

Operation Silk Lure Delivers Winos 4.0 to Chinese Fintech Firms

A phishing campaign impersonates job seekers, sending malicious .LNK files disguised as résumés to Chinese fintech and crypto firms. The malware establishes persistence and exfiltrates screenshots, clipboard data, and system metadata.
Impact: Espionage and credential theft.
Mitigation: Sandbox email attachments and monitor for unusual scheduled tasks.
Source: The Hacker News

Share this brief: https://svo.bz/RZoD

If you want to support us, you can donate here: Donate