svoboda.center Logo svoboda.center

Svoboda Cybersecurity Brief November 22, 2025

Private VPN — just $1.2/mo

Major Compromise in Attleboro City IT Systems

The city of Attleboro, Massachusetts, has taken several IT systems offline following a cybersecurity incident. Public safety services remain operational, but email and most phone lines are down. No group has claimed responsibility yet.
Source: DataBreaches

Oracle Identity Manager RCE Exploited as Zero-Day

A critical Oracle Identity Manager flaw (CVE-2025-61757) allows pre-authentication RCE via REST API manipulation. Evidence suggests exploitation as early as August 2025, before Oracle patched it in October.
Impact: Full system compromise via authentication bypass and arbitrary code execution.
Mitigation: Apply Oracle’s October 2025 patches immediately.
Source: BleepingComputer

Scattered Spider Hacks UK Transport for London

Two UK teens linked to Scattered Spider pleaded not guilty to hacking Transport for London (TfL), causing disruptions and exposing customer data. The breach occurred in August 2024 and resulted in millions in damages.
Source: The Record

Chinese APT24 Deploys BadAudio in Years-Long Campaign

APT24’s campaign since 2022 involves BadAudio malware, supply chain attacks, and phishing. Over 1,000 domains were compromised via a Taiwanese marketing firm’s compromised JavaScript library.
Source: The Hacker News

Insider Threat at CrowdStrike Feeds Data to Hackers

An insider at CrowdStrike shared internal screenshots with Scattered Lapsus$ Hunters. The insider was terminated, and no customer data was compromised. The case was handed to law enforcement.
Source: BleepingComputer

Salesforce Warns of Unauthorized Access via Gainsight

Unauthorized access to Salesforce customers occurred via compromised Gainsight integrations. Salesforce revoked tokens and removed affected apps from AppExchange. Three organizations are confirmed compromised.
Source: The Hacker News

FCC Rolls Back Telecom Cybersecurity Rules Despite Risks

The FCC reversed CALEA-based rules requiring telcos to implement cybersecurity plans after lobbying. Critics argue this leaves infrastructure vulnerable to state-sponsored attacks like Salt Typhoon’s 2024 breaches.
Source: BleepingComputer

Grafana Patches Critical SCIM Impersonation Flaw

Grafana Enterprise fixed a CVSS 10.0 flaw (CVE-2025-41115) in SCIM provisioning that allows privilege escalation or admin impersonation if SCIM is enabled. Patched versions include 12.3.0 and 12.2.1+.
Impact: Admin impersonation via crafted numeric externalId in SCIM provisioning.
Mitigation: Upgrade to patched versions or disable SCIM if unused.
Source: The Hacker News

SonicWall Fixes High-Severity Firewall, Email Security Flaws

Patches address a VPN DoS flaw (CVE-2025-40601) in Gen7/8 firewalls and arbitrary code execution (CVE-2025-40604) in Email Security appliances.
Impact: Firewall crashes or system compromise.
Mitigation: Apply SonicOS 7.3.1-7013/8.0.2-8011 or Email Security 10.0.34.8215.
Source: SecurityWeek

Insider Threats Highlighted in Multiple Cases

Ezekiel Dean Potter (Des Moines) and Maxwell Schultz (Ohio) face charges for IT sabotage against former employers, causing disruptions and $862K in damages, respectively.
Source: DataBreaches

Runlayer Emerges with $11M for AI Security Platform

The startup secures AI tools via Model Context Protocol (MCP) monitoring, blocking threats in real time. It has onboarded eight unicorns since its stealth launch.
Source: SecurityWeek

Avast Launches Free AI Scam Defense Tool

Avast released a free AI-driven scam detection tool globally, leveraging machine learning to block fraudulent calls and messages.
Source: BleepingComputer

Share this brief: https://svo.bz/qsXy

If you want to support us, you can donate here: Donate