svoboda.center Logo svoboda.center

Svoboda Cybersecurity Brief November 13, 2025

Private VPN — just $1.2/mo

Doctor Alliance Healthcare Data Breach Exposes 353GB of Patient Files

A ransomware group claims to have stolen 353GB of sensitive patient data from Doctor Alliance, a Texas-based healthcare vendor. The data includes names, addresses, Medicare numbers, diagnoses, and treatment plans. The attackers demand $200,000 and threaten to sell the data if unpaid. Doctor Alliance has not confirmed the breach but acknowledged reviewing a sample of leaked files.
Impact: Potential HIPAA violations and class-action lawsuits.
Mitigation: Patch vulnerabilities, enforce BAA compliance, and monitor dark web for data leaks.
Source: DataBreaches.net

Google Sues Chinese Hackers Behind Lighthouse Phishing-as-a-Service Platform

Google filed a lawsuit to dismantle Lighthouse, a Chinese-operated phishing platform linked to 1M+ victims across 120 countries. The service impersonates USPS, E-ZPass, and Google-branded login pages to steal payment card data. The group uses RCS/iMessage for smishing and charges $88–$1,588 for kit subscriptions.
Impact: Estimated 115M payment cards stolen in the U.S. alone (2023–2024).
Mitigation: Block suspicious domains, enable MFA, and educate users on smishing.
Source: BleepingComputer

Citrix Bleed 2 and Cisco ISE Zero-Days Exploited in Advanced Attacks

An APT group exploited CVE-2025-5777 (Citrix Bleed 2) and CVE-2025-20337 (Cisco ISE) as zero-days to deploy a custom Java-based web shell named IdentityAuditAction. The attacks targeted unpatched systems for privilege escalation and lateral movement.
Impact: Compromised network access controls and credential theft.
Mitigation: Apply patches for Citrix NetScaler ADC/Gateway and Cisco ISE immediately.
Source: The Hacker News

DanaBot Malware Resurfaces with Tor-Based C2 Infrastructure

The DanaBot banking trojan returned after a 6-month hiatus post-Operation Endgame, now using Tor (.onion) C2 servers and updated evasion tactics. It targets credentials and crypto wallets via malvertising and SEO poisoning.
Impact: Financial fraud and ransomware precursor.
Mitigation: Update endpoint protection, block Tor traffic, and monitor for IOCs.
Source: BleepingComputer

UK Cyber Security Bill Mandates Critical Infrastructure Protections

New UK legislation requires medium/large MSPs to adopt stricter security standards and report incidents within 24 hours. The law covers energy, healthcare, and transport sectors, with penalties for non-compliance.
Impact: Reduced downtime for essential services; estimated £14.7B/year saved from cyberattacks.
Source: SecurityWeek

Synnovis Finally Notifies Patients After 2024 Qilin Ransomware Attack

UK pathology provider Synnovis confirmed a 2024 ransomware attack by Qilin exposed NHS numbers, test results, and patient names. Data was “unstructured and fragmented,” delaying notifications by 17 months.
Impact: Delayed breach disclosure risks patient trust and regulatory fines.
Mitigation: Encrypt sensitive data and audit third-party vendors.
Source: BleepingComputer

Rhadamanthys Infostealer Disrupted by Law Enforcement

Cybercriminals lost access to Rhadamanthys C2 panels after law enforcement hijacked servers. The malware-as-a-service operation stole credentials via malicious ads and fake software cracks.
Impact: Disruption of a major credential theft operation.
Mitigation: Revoke exposed credentials and monitor for reused passwords.
Source: BleepingComputer

Microsoft Patches Actively Exploited Windows Kernel Zero-Day (CVE-2025-62215)

A race condition flaw in Windows Kernel allows local attackers to escalate to SYSTEM privileges. The bug is chained with other exploits in active attacks.
Impact: Full system compromise via low-privilege access.
Mitigation: Apply November 2025 Windows updates immediately.
Source: The Hacker News

Alpha Omega Winery Notifies Customers 2 Years Post-Breach

The California winery disclosed a 2023 ransomware incident exposing SSNs, medical data, and IDs—but only notified victims in November 2025. No ransomware group claimed responsibility.
Impact: Violation of California’s 60-day breach notification law.
Source: DataBreaches.net

Wiltshire Police Leaks Safe House Codes and Prison Officer Data

A misconfigured document exposed door codes for rape victim safe houses, police system passwords, and prison officer contacts. The data was publicly accessible for days before removal.
Impact: Endangerment of vulnerable individuals and operational security risks.
Mitigation: Enforce strict access controls for sensitive documents.
Source: DataBreaches.net

Share this brief: https://svo.bz/Cn4V

If you want to support us, you can donate here: Donate