Svoboda Cybersecurity Brief October 31, 2025

Conduent Data Breach Impacts 105 Million People

BPO giant Conduent confirmed a data breach affecting 105 million individuals, exposing sensitive personal information. The breach underscores the risks of handling massive datasets in outsourcing services.
Source: BleepingComputer

Major Telecom Provider Ribbon Breached by State Hackers

Ribbon Communications, a major US telecom backbone firm, was hacked by nation-state actors, potentially compromising critical infrastructure. The breach highlights the growing threat to global telecom networks.
Source: BleepingComputer

CISA Demands Patching of VMware Tools Flaw Exploited by Chinese Hackers

CISA has ordered federal agencies to patch a VMware Tools flaw (CVE-2024-XXXX) exploited by Chinese hackers since October 2024.
Impact: The flaw allows unauthorized access to systems running VMware Tools.
Mitigation: Agencies must apply the latest patches immediately.
Source: BleepingComputer

Russian Ransomware Gangs Weaponize Open-Source AdaptixC2

Russian ransomware groups are using AdaptixC2, an open-source command-and-control framework, to launch advanced attacks. This tool enhances their ability to evade detection and automate attacks.
Source: The Hacker News

NFC Relay Malware Steals European Credit Cards

A massive surge in NFC relay malware has been reported, targeting European credit cards through contactless payment systems. The malware intercepts and relays NFC data to conduct unauthorized transactions.
Source: BleepingComputer

PhantomRaven Malware Found in 126 npm Packages

126 npm packages were found to contain PhantomRaven malware, which steals GitHub tokens from developers. The packages were downloaded over 100,000 times before detection.
Source: The Hacker News

Ex-L3Harris Exec Guilty of Selling Cyber Exploits to Russian Broker

A former executive of defense contractor L3Harris admitted to selling cyber exploits to a Russian broker, exposing sensitive US defense technologies to foreign adversaries.
Source: BleepingComputer

Brash Exploit Crashes Chromium Browsers Instantly

A new exploit, Brash, instantly crashes Chromium-based browsers using a single malicious URL. The vulnerability highlights the risks of unpatched browser flaws.
Impact: Users may experience crashes and potential data loss.
Mitigation: Update browsers to the latest version to mitigate the risk.
Source: The Hacker News

WhatsApp Introduces Passwordless Chat Backups

WhatsApp has rolled out passwordless chat backups for iOS and Android, leveraging device encryption to secure user data without requiring passwords.
Source: BleepingComputer

LinkedIn Phishing Targets Finance Execs with Fake Board Invites

Finance executives are being targeted by LinkedIn phishing campaigns that use fake board meeting invites to steal credentials and sensitive information.
Source: BleepingComputer

CISA and NSA have released a joint advisory with best practices for securing Microsoft Exchange servers, following a rise in attacks targeting unpatched systems.
Source: BleepingComputer

Share this brief: https://svo.bz/kvfT