Svoboda Cybersecurity Brief November 06, 2025

Kansas City Police Department Hack Exposes Secret Officer Misconduct List

A major breach of the Kansas City, Kansas, Police Department revealed a secret Giglio List detailing 62 current and former officers with credibility-compromising misconduct, including theft, excessive force, and domestic violence. The leaked documents, accessed via a hack, expose systemic issues and raise concerns about prosecutorial integrity.
Source: DataBreaches.net

Swedish IT Firm Miljödata Breach Exposes 1.5 Million Users

A cyberattack on Swedish IT company Miljödata compromised personal data of 1.5 million individuals, with stolen information published on the darknet. The breach affected multiple municipalities and regional entities, prompting investigations by Swedish authorities.
Source: DataBreaches.net

Hyundai AutoEver America Data Breach Exposes SSNs and Driver’s Licenses

Hyundai’s IT affiliate HAEA suffered a breach from February 22 to March 2, 2025, exposing Social Security Numbers (SSNs) and driver’s licenses. The attacker accessed systems supporting Hyundai’s automotive IT services, including telematics and manufacturing platforms.
Source: BleepingComputer

Gootloader Malware Returns with New Evasion Tactics

After a 7-month hiatus, Gootloader resurfaces with SEO poisoning campaigns distributing malicious documents. New variants use malformed ZIP archives (extracting differently in Windows Explorer vs. security tools) and custom web fonts to evade detection.
Impact: Delivers Supper SOCKS5 backdoor, enabling ransomware affiliates like Vanilla Tempest to infiltrate networks.
Mitigation: Avoid downloading legal templates from untrusted sites; monitor for anomalous ZIP extraction behavior.
Source: BleepingComputer

CISA Warns of Actively Exploited CentOS Web Panel (CWP) Bug

CVE-2025-48703 (CVSS 9.0) allows unauthenticated RCE via shell metacharacters in the t_total parameter. CWP versions before 0.9.8.1204 are vulnerable.
Impact: Attackers can execute arbitrary commands on servers running vulnerable CWP instances.
Mitigation: Update to CWP 0.9.8.1205 or disable file-manager endpoints.
Source: BleepingComputer

Google Discovers AI-Powered Malware Families in the Wild

Google’s Threat Intelligence Group identified PromptFlux (self-modifying VBScript dropper using Gemini API) and PromptSteal (data miner leveraging Hugging Face) among new malware leveraging LLMs for dynamic evasion. State actors (China, Iran, North Korea) abuse AI for phishing, reconnaissance, and code obfuscation.
Source: The Hacker News

University of Pennsylvania Confirms Data Theft in Cyberattack

Hackers breached Penn’s systems via social engineering, stealing 1.71 GB of internal documents and a 1.2M-record Salesforce donor database. The attackers sent offensive emails to 700,000 recipients using compromised credentials.
Source: BleepingComputer

Europol Busts Credit Card Fraud Rings Stealing €300 Million

Operation Chargeback dismantled three networks defrauding 4.3 million cardholders across 193 countries via fake subscriptions (pornography, dating, streaming). Arrests included executives from German payment providers facilitating laundering.
Source: BleepingComputer

US Sanctions North Korean Entities Laundering Cybercrime Proceeds

OFAC sanctioned Ryujong Credit Bank and KMCTC for laundering $3 billion from ransomware and IT worker fraud. North Korean hackers funnel funds to WMD programs via cryptocurrency and shell companies.
Source: The Hacker News

Post SMTP WordPress Plugin Flaw Actively Exploited

CVE-2025-11833 (CVSS 9.8) in Post SMTP (400K+ installs) allows unauthenticated attackers to read password reset emails and hijack admin accounts.
Impact: Full site compromise via account takeover.
Mitigation: Update to version 3.6.1.
Source: SecurityWeek

Share this brief: https://svo.bz/hWQu