Svoboda Cybersecurity Brief November 29, 2025

North Korean Hackers Flood npm with 197 Malicious Packages

North Korean threat actors have published 197 malicious npm packages, downloaded over 31,000 times, delivering an updated variant of OtterCookie malware. The malware provides remote shell access, steals credentials, clipboard contents, and cryptocurrency data, and establishes persistence.

Impact: Compromised systems suffer data theft and remote control by attackers.
Mitigation: Use software composition analysis tools to detect malicious dependencies and enforce strict npm package review policies.
Source: The Hacker News

PyPI Legacy Package Scripts Pose Domain-Takeover Risk

Legacy Python build scripts in PyPI packages (e.g., Tornado, Slapos) fetch code from the abandoned python-distribute[.]org domain, now available for sale. An attacker could hijack the domain to deliver malware via these scripts.

Impact: Supply chain compromise leading to arbitrary code execution.
Mitigation: Remove or patch affected bootstrap scripts; avoid executing untrusted legacy code.
Source: The Hacker News

GitLeak: 17,000+ Secrets Exposed in Public GitLab Repositories

A security scan of 5.6 million public GitLab repositories uncovered 17,430 live API keys, tokens, and passwords across 2,804 domains. Google Cloud credentials were the most frequently leaked (5,200+).

Impact: Unauthorized access to cloud services, databases, and third-party integrations.
Mitigation: Automate secrets detection in CI/CD pipelines and revoke exposed credentials immediately.
Source: BleepingComputer

MS Teams Guest Access Bypasses Defender Protections

Accepting guest access in external MS Teams tenants disables Defender for Office 365 protections, allowing attackers to send malicious links/files unchallenged. Attackers can exploit low-cost Microsoft 365 tenants lacking security features.

Impact: Phishing and malware delivery bypassing email security controls.
Mitigation: Restrict guest invitations to trusted domains and enforce cross-tenant access policies.
Source: The Hacker News

Evil Twin WiFi Attacker Sentenced to 7 Years in Prison

An Australian man operated fake WiFi networks on flights/airports, stealing credentials and private media. He used a WiFi Pineapple to mirror legitimate SSIDs and deployed phishing pages.

Impact: Credential theft and unauthorized access to victims’ accounts.
Mitigation: Use VPNs, disable auto-connect to WiFi, and avoid entering credentials on captive portals.
Source: BleepingComputer

French Football Federation Breach Exposes Member Data

Attackers compromised an account in the FFF’s club management software, stealing names, addresses, and license numbers of members. The breach was contained by disabling the account and resetting passwords.

Impact: Exposure of sensitive personal data to unauthorized parties.
Mitigation: Enforce MFA and monitor for anomalous access to administrative accounts.
Source: SecurityWeek

Government Agency Exposes Abuse Survivor Emails

A New Zealand Crown Response Office manager accidentally CC’d 30+ Lake Alice torture survivors in an email, exposing their identities. Repeated warnings about unsafe practices were ignored.

Impact: Privacy violation and potential retraumatization of abuse survivors.
Mitigation: Mandate BCC usage for sensitive communications and enforce email security training.
Source: DataBreaches.net

Share this brief: https://svo.bz/qrTf