svoboda.center Logo svoboda.center

Svoboda Cybersecurity Brief November 18, 2025

Private VPN — just $1.2/mo

Malicious NPM packages evade detection using Adspect redirects

Researchers discovered malicious NPM packages using Adspect’s cloaking technology to bypass security scans. The packages contained obfuscated JavaScript that redirected to malicious sites after initial benign checks.

Impact: Could lead to supply chain attacks and credential theft.
Mitigation: Verify package sources, use npm audit, and monitor for suspicious redirects.
Source: BleepingComputer

RondoDox botnet exploits XWiki flaw for server compromise

The RondoDox botnet is now targeting XWiki instances (CVE-2023-37460) to deploy malware. The flaw allows remote code execution in XWiki versions before 15.5.

Impact: Unpatched servers risk full system compromise.
Mitigation: Update to XWiki 15.5+ and restrict network access.
Source: BleepingComputer

Eurofiber France breach exposes customer data

Eurofiber France warned of a breach after hackers attempted to sell customer data on forums. The compromised data includes contact details and contract information.
Source: BleepingComputer

Princeton University discloses donor and alumni data breach

Princeton University notified individuals of a breach affecting donor and alumni records. The incident exposed names, addresses, and donation histories.
Source: BleepingComputer

Dutch police dismantle bulletproof hosting service

Dutch authorities seized 250 servers linked to a bulletproof hosting provider used by cybercriminals. The service facilitated malware distribution and phishing campaigns.
Source: BleepingComputer

DoorDash confirms data breach amid spoofing dispute

DoorDash disclosed a breach exposing personal information, coinciding with reports of an email spoofing vulnerability. The flaw allowed attackers to impersonate DoorDash domains.

Impact: Potential phishing attacks and credential theft.
Mitigation: Implement DMARC policies and monitor for suspicious activity.
Source: BleepingComputer

Pennsylvania AG breached by INC Ransom group

The Pennsylvania Attorney General’s office confirmed a data breach after the INC Ransom group leaked stolen files. The attack compromised sensitive legal documents.
Source: BleepingComputer

EVALUSION campaign delivers Amatera stealer and NetSupport RAT

A new phishing campaign (EVALUSION ClickFix) distributes Amatera stealer and NetSupport RAT via fake software updates. The attack chain uses signed binaries to evade detection.
Source: The Hacker News

Dragon Breath malware disables security tools with RONINGLOADER

The Dragon Breath campaign uses RONINGLOADER to terminate security processes before deploying Gh0st RAT. The loader employs process hollowing for stealth.
Source: The Hacker News

Rust adoption reduces Android memory safety bugs

Google reported <20% memory safety bugs in Android for the first time, attributing the drop to Rust adoption. Critical components like Bluetooth now use Rust.
Source: The Hacker News

Iranian hackers target defense and government officials

An Iranian APT group is conducting spear-phishing attacks against defense and government personnel. The campaign uses fake job offers to deliver malware.
Source: SecurityWeek

Logitech confirms breach linked to Oracle attack

Logitech confirmed a data breach after being named as a victim of the Oracle MOVEit hack. Exposed data includes employee and customer information.
Source: SecurityWeek

5 plead guilty to aiding North Korean IT workers

Five individuals admitted to facilitating North Korean IT workers in bypassing US sanctions. The scheme involved identity theft and fraudulent contracts.
Source: SecurityWeek

Share this brief: https://svo.bz/wEyC

If you want to support us, you can donate here: Donate