svoboda.center Logo svoboda.center

Svoboda Cybersecurity Brief January 25, 2026

Private VPN — just $1.2/mo

Sandworm’s DynoWiper Attack on Polish Energy Grid

Russian state-sponsored group Sandworm attempted a disruptive attack on Poland’s energy infrastructure using DynoWiper, a new data-wiping malware. The attack targeted combined heat/power plants and renewable energy management systems but was unsuccessful. Polish officials linked the attack to Russian services, citing similarities to Sandworm’s 2015 Ukraine grid attack.
Source: BleepingComputer

Call-On-Doc Telehealth Breach Exposes 1.1M Patient Records

A hacking forum post claims 1.1M patient records were stolen from telehealth provider Call-On-Doc, including sensitive STD treatment details. The data lacks encryption, contradicting the company’s HIPAA compliance claims. No breach confirmation or patient notifications have been issued yet.
Source: DataBreaches

ShinyHunters Phishing Campaign Targets SSO Accounts

The ShinyHunters group is behind voice phishing (vishing) attacks impersonating IT support to steal SSO credentials for Okta, Microsoft, and Google. Compromised accounts grant access to enterprise SaaS platforms, enabling data theft for extortion.
Source: DataBreaches

Konni Hackers Use AI-Generated Malware to Target Blockchain Engineers

North Korean group Konni deployed AI-assisted PowerShell backdoors via Discord links, targeting blockchain developers in APAC. The malware uses XOR encryption, UAC bypass, and Telegram C2 to steal crypto wallets and API credentials.
Source: BleepingComputer

Multi-Stage Phishing Campaign Drops Amnesia RAT and Ransomware in Russia

A campaign using cloud-hosted payloads (GitHub/Dropbox) delivers Amnesia RAT and Hakuna Matata ransomware. Attackers abuse defendnot to disable Microsoft Defender and hijack file associations for extortion.
Source: TheHackerNews

VMware vCenter CVE-2024-37079 Exploited in the Wild

CISA added CVE-2024-37079, a critical heap overflow in VMware vCenter’s DCE/RPC protocol, to its KEV catalog. Exploits enable remote code execution, with Broadcom confirming active attacks.
Impact: Unauthorized root access to ESXi hosts.
Mitigation: Apply patches (June 2024) and enable Tamper Protection.
Source: TheHackerNews

Nike Investigates Data Theft After WorldLeaks Ransom Threat

Nike is probing a potential breach after the WorldLeaks gang threatened to leak stolen data. The group, formerly Hunters International, shifted from ransomware to pure extortion.
Source: SecurityWeek

Waltio Crypto Tax Platform Threatened by ShinyHunters

French crypto tax firm Waltio faces ransom demands from ShinyHunters, who claim to hold 50K user tax reports. The company asserts no banking/crypto data was compromised.
Source: DataBreaches

AI Agents Create Authorization Bypass Risks in Enterprises

AI agents with delegated permissions enable users to bypass access controls, accumulating unchecked privileges. Organizational agents pose the highest risk due to unclear ownership and broad access.
Source: TheHackerNews

Share this brief: https://svo.bz/YszY

If you want to support us, you can donate here: Donate