svoboda.center Logo svoboda.center

Svoboda Cybersecurity Brief November 02, 2025

Private VPN — just $1.2/mo

Veradigm’s Data Breach Claims Contradict Dark Web Leak Evidence

Veradigm, a health IT company, faces scrutiny over its breach notification claims after Veradigm client data was found in a dark web leak linked to the Rhysida ransomware group. The breach, initially reported as involving a Veradigm storage account accessed via compromised credentials, may have involved client data stored on Sunflower Medical Group’s servers. The leak includes sensitive patient data such as names, health records, Social Security numbers, and payment details.
Source: DataBreaches

Massive Leak of China’s Great Firewall Censorship Data

Over 500GB of internal data from China’s Great Firewall infrastructure, including source code, technical manuals, and operational logs, was leaked in September 2025. The data reveals deep packet inspection (DPI) techniques, SSL fingerprinting, and VPN circumvention testing methods used by Chinese censorship tools.
Source: DataBreaches

Chinese Hackers Exploit Lanscope Zero-Day for Espionage

China-linked group Bronze Butler (Tick) exploited a zero-day vulnerability (CVE-2025-61932) in Motex Lanscope Endpoint Manager to deploy the Gokcpdoor malware. The flaw, patched in October 2025, allowed attackers to execute arbitrary code with SYSTEM privileges. The updated malware now supports multiplexed C2 communication and was used alongside tools like Havoc C2 and 7-Zip for data exfiltration.
Impact: Unauthenticated attackers can gain SYSTEM-level access and deploy malware for data theft.
Mitigation: Upgrade Lanscope Endpoint Manager to versions patched for CVE-2025-61932.
Source: BleepingComputer

Ongoing BADCANDY Attacks Target Unpatched Cisco IOS XE Devices

The Australian Signals Directorate (ASD) warns of ongoing attacks exploiting CVE-2023-20198 in Cisco IOS XE devices, deploying the BADCANDY implant. The vulnerability allows attackers to create privileged accounts and control systems. Over 400 devices in Australia have been compromised since July 2025, with re-exploitation observed after reboots.
Impact: Unauthenticated attackers can gain full control of unpatched devices.
Mitigation: Patch affected devices, limit web UI exposure, and follow Cisco’s hardening guidelines.
Source: The Hacker News

Russian Police Arrest Meduza Infostealer Developers

Russian authorities arrested three IT specialists suspected of developing and selling the Meduza infostealer malware, linked to a breach of a government institution in the Astrakhan region. The malware was used to harvest credentials and sensitive data.
Source: DataBreaches

NHS Patient Records Breached by Insider in the UK

A woman in the UK has been charged for inappropriately accessing NHS Lothian patient records, potentially impacting 100 patients. The breach was detected during routine monitoring, but the motive remains unclear.
Source: DataBreaches

Share this brief: https://svo.bz/SvmR

If you want to support us, you can donate here: Donate