Svoboda Cybersecurity Brief October 22, 2025

KT CEO Resigns After Cybersecurity Breach

KT Corp’s CEO Kim Young-shub has announced his resignation following a major cybersecurity breach involving unauthorized micro-payments, taking responsibility for the incident. The breach sparked national scrutiny, with government probes alleging obstruction of investigations.
Source: DataBreaches.net

UK National Security Concerns Over Prospect Union Cyberattack

A cyberattack on Prospect, a UK union representing Ministry of Defence and civil servant members, compromised bank details, contact info, and personal identifiers for 150,000 members. The breach raises fears of national security implications due to sensitive professions affected.
Source: DataBreaches.net

NY Accounting Firm Fined $60K for Delayed Breach Notifications

Wojeski & Company faced ransomware and insider breaches, exposing SSNs, financial data, and medical info for 4,700+ New Yorkers. The firm took over a year to notify victims and failed to encrypt sensitive data.
Impact: Data exposure leading to identity theft risks.
Mitigation: Encrypt data, implement incident response plans, and enforce timely breach notifications.
Source: DataBreaches.net

Vidar Stealer 2.0 Enhances Data Theft and Evasion

Vidar Stealer rewritten in C now supports multi-threaded data theft and bypasses Chrome’s App-Bound encryption via memory injection. It targets crypto wallets, Discord, and Steam credentials.
Impact: Credential theft and financial fraud.
Mitigation: Update browsers, monitor for unusual process injections, and enforce endpoint detection.
Source: BleepingComputer

Critical Command Injection Flaws in TP-Link Omada Gateways

TP-Link disclosed CVE-2025-6542 (9.3 CVSS), allowing unauthenticated RCE on 13 Omada gateway models. A second flaw, CVE-2025-6541 (8.6 CVSS), requires authentication.
Impact: Full device compromise and lateral movement.
Mitigation: Apply firmware updates (e.g., ER605 >= v2.3.1).
Source: BleepingComputer

CISA Confirms Exploitation of Oracle EBS SSRF Flaw

CVE-2025-61884, an unauthenticated SSRF in Oracle Configurator, was exploited in July attacks linked to Clop ransomware. Oracle patched it by validating return_url inputs.
Impact: Unauthorized data access.
Mitigation: Patch Oracle EBS and monitor /configurator/UiServlet endpoints.
Source: BleepingComputer

PolarEdge Botnet Targets Cisco, ASUS, and QNAP Routers

PolarEdge malware exploits CVE-2023-20118 on routers, deploying a TLS-based backdoor for C2 communication. It masquerades as legitimate processes (e.g., httpd).
Impact: Device hijacking for proxy networks.
Mitigation: Patch routers, monitor /usr/bin/wget deletions, and inspect TLS traffic.
Source: The Hacker News

VS Code Extensions Compromised in GlassWorm Supply Chain Attack

Malware hijacks NPM/GitHub credentials, drains crypto wallets, and deploys SOCKS proxies/VNC servers. Uses Unicode obfuscation and Solana blockchain for C2.
Impact: Credential theft and remote access.
Mitigation: Audit extensions, disable auto-updates, and monitor Solana transaction memos.
Source: SecurityWeek

Over 73,000 WatchGuard Fireboxes Vulnerable to Critical RCE

CVE-2025-9242 (9.3 CVSS) in Fireware OS allows unauthenticated RCE via IKEv2. Shadowserver scans show 24,000 vulnerable devices in the US.
Impact: Network compromise.
Mitigation: Upgrade to Fireware OS 2025.1.1 or 12.11.4.
Source: SecurityWeek

Salt Typhoon Hackers Target Telecoms with Snappybee Malware

Exploiting Citrix NetScaler flaws, the group deployed Snappybee malware via DLL sideloading (masquerading as Norton AV). Targets include European telecoms.
Impact: Data exfiltration and persistent access.
Mitigation: Patch Citrix appliances, monitor DLL loads.
Source: The Hacker News

Share this brief: https://svo.bz/4jrC