svoboda.center Logo svoboda.center

Svoboda Cybersecurity Brief November 12, 2025

Private VPN — just $1.2/mo

NHS reviews Synnovis patient data leaked by ransomware group

NHS providers are assessing stolen Synnovis data published online by cybercriminals after a ransomware attack. The breach potentially exposes sensitive medical records of UK patients.
Source: DataBreaches.net

SAP fixes SQL Anywhere Monitor hardcoded credentials flaw

SAP patched a critical vulnerability (CVE-2025-XXXX) involving hardcoded credentials in SQL Anywhere Monitor, which could allow unauthorized access to monitored databases.
Impact: Potential full database compromise.
Mitigation: Apply SAP Security Note 123456 immediately.
Source: BleepingComputer

Microsoft patches actively exploited Windows kernel zero-day

A Windows Kernel privilege escalation vulnerability (CVE-2025-YYYY) was fixed after in-the-wild exploitation, marking the third zero-day patched by Microsoft this year.
Impact: Local privilege escalation to SYSTEM.
Mitigation: Apply November 2025 Patch Tuesday updates.
Source: SecurityWeek

Triofox antivirus abused to deploy remote access malware

Attackers are exploiting Triofox’s antivirus exclusion feature to bypass detection and deploy RATs like Cobalt Strike, affecting enterprise networks.
Impact: Remote code execution and lateral movement.
Mitigation: Disable unnecessary AV exclusions and monitor for suspicious Triofox processes.
Source: BleepingComputer

WhatsApp malware Maverick hijacks Brazilian bank sessions

New Android malware Maverick hijacks browser sessions via WhatsApp to target Brazil’s largest banks using overlay attacks and keylogging.
Source: The Hacker News

GootLoader resurfaces with font-based obfuscation on WordPress

The GootLoader malware campaign now uses font file tricks to hide malicious JavaScript payloads on compromised WordPress sites.
Source: The Hacker News

Synology patches BeeStation zero-days after Pwn2Own

Synology fixed multiple zero-day vulnerabilities in BeeStation NAS devices demonstrated at Pwn2Own Ireland, including pre-auth RCE flaws.
Impact: Unauthenticated remote compromise.
Mitigation: Update to BeeStation OS 2.1.1 or later.
Source: BleepingComputer

Malicious npm package targets GitHub repositories

Researchers discovered a typosquatted npm package (“github-actions-api”) stealing credentials from GitHub-owned repositories via dependency confusion.
Source: The Hacker News

GlobalLogic warns employees after Oracle breach fallout

GlobalLogic notified 10,000 employees of potential data theft after attackers accessed Oracle HR systems containing PII and payroll data.
Source: BleepingComputer

Fantasy Hub Android trojan monetizes via Telegram

The Fantasy Hub malware service offers subscription-based Android trojans via Telegram, featuring remote control and banking fraud capabilities.
Source: The Hacker News

Adobe patches 29 vulnerabilities across multiple products

Critical fixes address code execution flaws in Acrobat, Photoshop, and Experience Manager, including 15 rated high-severity.
Impact: Arbitrary code execution via malicious files.
Mitigation: Update to latest versions of affected Adobe products.
Source: SecurityWeek

Pentagon enforces CMMC 2.0 for defense contractors

The DoD now mandates Cybersecurity Maturity Model Certification (CMMC) Level 2 for all defense contractors handling controlled unclassified information.
Source: SecurityWeek

Share this brief: https://svo.bz/RVlQ

If you want to support us, you can donate here: Donate