Svoboda Cybersecurity Brief November 09, 2025

Massive Data Breach in Pakistan Exposing Millions

The National Cyber Crime Investigation Agency (NCCIA) arrested Anees Ahmed Shah for allegedly selling sensitive personal data of millions of Pakistani citizens via 10+ black-market websites. A 1TB hard disk containing the data was recovered.
Source: DataBreaches.net

GlassWorm Malware Resurfaces with New VS Code Extensions

The GlassWorm malware campaign returned to OpenVSX with 3 new malicious VSCode extensions (10,000+ downloads), using invisible Unicode characters to steal GitHub, NPM, and crypto wallet data. Attackers leveraged Russian RedExt C2 framework, targeting global victims.
Impact: Credential theft, cryptocurrency wallet compromise.
Mitigation: Rotate exposed credentials, audit VS Code extensions, monitor for suspicious Solana transactions.
Source: BleepingComputer

Microsoft Reveals “Whisper Leak” Attack on Encrypted AI Traffic

Microsoft uncovered Whisper Leak, a side-channel attack extracting AI chat topics from encrypted TLS traffic using packet size/timing analysis. Attackers achieved 98% accuracy in classifying sensitive topics (e.g., money laundering) via trained classifiers.
Impact: Privacy breaches in AI communications.
Mitigation: Use non-streaming LLMs, VPNs, or providers implementing randomized response padding (e.g., OpenAI, Mistral).
Source: The Hacker News

Defense Contractors Fail to Meet Cybersecurity Standards Amid Whistleblower Retaliation

Over 50% of US defense contractors remain unprepared for the CMMC 2.0 framework (effective Nov 10), with firms like Raytheon facing whistleblower lawsuits over ignored cybersecurity flaws.
Source: DataBreaches.net

Share this brief: https://svo.bz/8XYx