svoboda.center Logo svoboda.center

Svoboda Cybersecurity Brief October 21, 2025

Private VPN — just $1.2/mo

Hackers claim possession of 22,000 US government officials’ data

A hacking group named Scattered LAPSUS$ Hunters claims to have dossiers on 22,000 US government officials, including NSA, DIA, FTC, and CDC employees. The data was allegedly extracted from stolen Salesforce customer data and includes personal details. The group previously doxed DHS and ICE officials and attempted to extort Salesforce.
Source: DataBreaches.net

Critical RCE vulnerability affects 75,000+ WatchGuard Firebox devices

CVE-2025-9242 (CVSS 9.3) allows unauthenticated attackers to execute arbitrary code via crafted IKEv2 packets on WatchGuard Firebox appliances. Over 75,000 devices are exposed globally, primarily in the US, Germany, and Italy. WatchGuard released patches for supported versions (2025.1.1, 12.11.4, 12.5.13).
Impact: Remote code execution leading to device compromise.
Mitigation: Upgrade to patched versions or restrict IKEv2 VPN access.
Source: BleepingComputer

GlassWorm malware infects 35,800+ VS Code extensions with self-spreading capabilities

GlassWorm malware uses invisible Unicode characters to hide malicious code in OpenVSX and VS Code extensions, stealing GitHub/npm credentials and deploying SOCKS proxies. It spreads via compromised accounts and uses Solana blockchain for C2. At least 12 extensions were infected, including CodeJoy and git-worktree-menu.
Impact: Credential theft, remote access, and lateral movement.
Mitigation: Remove compromised extensions and monitor for suspicious activity.
Source: BleepingComputer

Windows SMB privilege escalation flaw (CVE-2025-33073) actively exploited

CISA confirmed exploitation of CVE-2025-33073 (CVSS 8.8), a Windows SMB Client flaw allowing SYSTEM privilege escalation via crafted packets. Patched in June 2025, the vulnerability affects Windows 10/11 and Server versions. No public exploits are available yet.
Impact: Privilege escalation over SMB.
Mitigation: Apply June 2025 Microsoft patches or disable SMBv1.
Source: BleepingComputer

Muji halts online sales after ransomware attack on supplier Askul

Japanese retailer Muji suspended online sales after its logistics partner Askul was hit by ransomware, disrupting order systems. Askul warned of potential data leaks, including customer information. No ransomware group has claimed responsibility.
Source: BleepingComputer

China accuses NSA of cyberattack on national time center

China’s MSS alleges the NSA hacked its National Time Service Center using 42 tools, targeting timing systems critical for infrastructure. Attacks occurred between 2022-2024 via compromised mobile devices and VPSes. No technical evidence was provided.
Source: The Hacker News

131 malicious Chrome extensions hijack WhatsApp for spam campaigns

A cluster of 131 Chrome extensions (20,905 users) hijacks WhatsApp Web to bypass anti-spam controls, sending bulk messages. Extensions like YouSeller and ZapVende share code and infrastructure, linked to DBX Tecnologia’s white-label program. Google has not yet removed all extensions.
Source: The Hacker News

Dolby Unified Decoder flaw (CVE-2025-54957) enables zero-click RCE

A vulnerability in Dolby’s Unified Decoder allows zero-click RCE on Android via malicious audio files. Patches were rolled out by Microsoft (Windows) and Google (ChromeOS). Proof-of-concept exploits demonstrate crashes on Pixel 9 and Samsung S24 devices.
Impact: Remote code execution via audio processing.
Mitigation: Apply vendor patches for Dolby decoders.
Source: SecurityWeek

SIM farm dismantled in Europe, 7 arrested for cybercrime-as-a-service

Europol dismantled a SIM farm operation (gogetsms.com, apisim.com) offering phone number spoofing for phishing and fraud. Authorities seized 1,200 SIM boxes, 40,000 SIM cards, and $800,000 in assets. The service enabled 3,200+ fraud cases across Austria and Latvia.
Source: SecurityWeek

Lumma Stealer activity declines after core members doxxed

Lumma Stealer operations dropped after a doxxing campaign exposed 5 alleged members, including administrators. Competitors leaked passports, bank details, and compromised Telegram channels. The group’s infrastructure activity sharply declined in September 2025.
Source: SecurityWeek

Share this brief: https://svo.bz/FEdI

If you want to support us, you can donate here: Donate