Svoboda Cybersecurity Brief November 15, 2025

Russian Hacker Detained in Thailand, Faces US Extradition

A suspected Russian hacker was arrested in Thailand at the request of the US for alleged cybercrimes. Thai police seized laptops, phones, and digital wallets during the raid, and the suspect awaits extradition.
Source: DataBreaches

Logitech Confirms Data Breach After Clop Ransomware Attack

Logitech suffered a data breach via a third-party zero-day flaw (likely CVE-2025-61882 in Oracle E-Business Suite), exposing employee and customer data. Clop ransomware leaked 1.8 TB of data but no sensitive info like credit cards.
Impact: Limited data exposure, no operational disruption.
Mitigation: Patch Oracle EBS systems and monitor for unauthorized access.
Source: BleepingComputer

FortiWeb Zero-Day Exploited to Create Admin Accounts

A path traversal flaw (CVE-2025-64446) in FortiWeb WAF allows unauthenticated attackers to create admin accounts. Exploits target versions 8.0.1 and earlier.
Impact: Full device compromise via unauthorized admin access.
Mitigation: Upgrade to FortiWeb 8.0.2+, disable HTTP/HTTPS for management interfaces.
Source: SecurityWeek

North Korean IT Worker Fraud Scheme: Five Plead Guilty

Five individuals aided North Korean operatives in infiltrating US firms via stolen identities, generating $2.2M for the regime. The DOJ seized $15M in crypto linked to APT38 heists.
Source: BleepingComputer

ShinyHunters Leaks 380M Millicom Records After Failed Ransom Negotiation

ShinyHunters exploited CVE-2024-2577 to access AWS backups, stealing 380M customer records. Millicom sent unsolicited $10K ransom installment, which ShinyHunters rejected.
Source: DataBreaches

DoorDash Breach Exposes User Data via Social Engineering

An October 2025 breach exposed names, emails, and addresses after an employee fell for a social engineering attack. This is DoorDash’s third breach since 2019.
Source: BleepingComputer

ASUS Warns of Critical Router Auth Bypass (CVE-2025-59367)

ASUS DSL routers (AC51, N16, AC750) are vulnerable to unauthenticated remote access. No active exploits reported yet.
Impact: Full device control if exposed online.
Mitigation: Update to firmware 1.1.2.3_1010 or disable WAN services.
Source: BleepingComputer

Iranian APT42 Targets Defense Officials with TAMECAT Backdoor

APT42 used WhatsApp phishing to deploy the TAMECAT PowerShell backdoor, leveraging Cloudflare Workers for C2. Attacks targeted high-value defense and government personnel.
Source: The Hacker News

AI Model Vulnerabilities Expose Meta, NVIDIA, and Microsoft Frameworks

CVE-2024-50050 (Meta Llama) and related flaws in NVIDIA TensorRT-LLM, Microsoft Sarathi-Serve, and others allow RCE via unsafe deserialization in ZeroMQ.
Impact: Arbitrary code execution in AI inference engines.
Mitigation: Patch affected frameworks; audit for ShadowMQ patterns.
Source: The Hacker News

Checkout.com Breached via Legacy System, Refuses Ransom

ShinyHunters accessed a legacy cloud storage system containing merchant data but failed to extort Checkout.com, which donated the ransom amount to cybersecurity research.
Source: SecurityWeek

Share this brief: https://svo.bz/FXs0