Svoboda Cybersecurity Brief October 24, 2025

Critical Lanscope Endpoint Manager Vulnerability Actively Exploited

A critical flaw (CVE-2025-61932, CVSS 9.3) in Motex Lanscope Endpoint Manager allows remote code execution via crafted packets. Exploitation has been confirmed in customer environments, primarily in Japan. Patches are available for versions 9.4.7.2 and earlier.
Impact: Attackers can execute arbitrary code on unpatched systems.
Mitigation: Upgrade to patched versions (e.g., 9.4.7.3). Federal agencies must patch by November 12 per CISA directive.
Source: BleepingComputer

Adobe Commerce Flaw (CVE-2025-54236) Exploited in Mass Attacks

A session hijacking vulnerability in Adobe Commerce/Magento (CVSS 9.1) is being exploited to deploy PHP webshells. Over 250 attacks were observed in 24 hours, with 62% of stores still unpatched.
Impact: Attackers can takeover customer accounts and inject malicious code.
Mitigation: Apply Adobe’s hotfix immediately. Monitor for suspicious uploads to /customer/address_file/upload.
Source: The Hacker News

North Korean Lazarus Targets European Defense Firms via Fake Job Offers

Lazarus Group compromised three European defense companies using trojanized open-source tools (e.g., MuPDF, Notepad++) via DLL sideloading. Targets included UAV component manufacturers. The campaign deployed the ScoringMathTea RAT with 40+ commands for full system control.
Source: BleepingComputer

AI Sidebar Spoofing Attacks Target ChatGPT Atlas and Perplexity Comet

Malicious browser extensions can overlay fake AI sidebars to trick users into executing harmful commands (e.g., reverse shells, phishing). Attacks require only basic permissions (host and storage).
Impact: Credential theft, malware deployment, and OAuth abuse.
Mitigation: Disable unnecessary extensions; restrict AI browser use for sensitive tasks.
Source: BleepingComputer

Toys “R” Us Canada Confirms Data Breach Exposing Customer Records

Threat actors leaked customer data (names, addresses, emails) stolen from Toys “R” Us Canada’s database. No financial data was exposed. The breach was discovered on July 30, 2025, via dark web postings.
Impact: Phishing risks for affected customers.
Mitigation: Monitor for phishing attempts; reset passwords if reused elsewhere.
Source: BleepingComputer

Russian Cybercriminals Now State-Managed, Says Recorded Future

Russian authorities are actively managing cybercrime groups, selectively targeting low-value enablers (e.g., money launderers) while protecting high-value ransomware operators. Leaked chats reveal direct coordination with intelligence services.
Source: SecurityWeek

BIND DNS Server Patches High-Severity Cache Poisoning Flaws

Updates address CVE-2025-40780 (PRNG weakness) and CVE-2025-40778 (cache injection), both scoring 8.6 CVSS. A third flaw (CVE-2025-8677) allows DoS via malformed DNSKEY records.
Impact: Spoofing attacks and service disruption for resolvers.
Mitigation: Upgrade to BIND 9.18.41/9.20.15/9.21.14 or Supported Preview Edition.
Source: SecurityWeek

Jingle Thief Group Exploits Cloud for Gift Card Fraud

The Moroccan-linked group uses phishing to breach cloud environments, then issues fraudulent gift cards. Attacks involve lateral movement and MFA bypass via rogue authenticator apps.
Source: The Hacker News

Fake Chrome Installers Drop ValleyRAT in China

Attackers distribute malicious Chrome installers delivering ValleyRAT, which kills AV processes using a kernel driver. Targets Chinese users with localized strings.
Impact: Full system compromise via RAT.
Mitigation: Download software only from official sources.
Source: The Hacker News

Verizon Reports Surge in Mobile Attacks, AI Threats

85% of organizations saw increased mobile attacks, with AI-powered SMS phishing and deepfakes raising concerns. Only 17% have defenses against AI-assisted threats.
Source: SecurityWeek

Share this brief: https://svo.bz/JhCm