Svoboda Cybersecurity Brief May 15, 2025
May 15, 2025bulletproof VPN - stay anonymous
Turkish-Linked Cyber Espionage Group Exploits Zero-Day in Output Messenger
Microsoft Threat Intelligence reports that Turkish-affiliated group “Marbled Dust” exploited a zero-day flaw in Output Messenger Server Manager to spy on Kurdish military operations in Iraq. The group likely conducted reconnaissance to confirm target usage before deploying the exploit.
Source: DataBreaches.net
Scattered Spider Shifts Focus to US Retail Chains
Google warns that Scattered Spider (UNC3944), previously targeting UK retailers, is now attacking US retail chains with ransomware and extortion tactics. The group uses social engineering, MFA bombing, and SIM swapping to breach networks.
Source: BleepingComputer
RansomEXX and BianLian Exploit SAP NetWeaver Vulnerability
Ransomware groups RansomEXX and BianLian are exploiting CVE-2025-31324, a critical unauthenticated file upload flaw in SAP NetWeaver Visual Composer. The groups attempted to deploy PipeMagic backdoor and Brute Ratel C2 but were blocked.
Impact: Remote code execution, potential system compromise.
Mitigation: Patch immediately or disable Visual Composer service; restrict metadata uploader access.
Source: BleepingComputer
Dior Data Breach Exposes High-Value Client Data in Asia
Luxury brand Dior confirms a breach exposing names, contact details, purchase histories, and preferences of wealthy clients in China and South Korea. The company faces fines in Korea for failing to report the incident to KISA.
Source: DataBreaches.net
BlackDB Cybercrime Marketplace Admin Extradited to US
Kosovo extradited Liridon Masurica (@blackdb), administrator of the BlackDB.cc marketplace, to face charges of selling stolen credentials and PII. The marketplace facilitated tax fraud, credit card fraud, and identity theft.
Source: BleepingComputer
Long Island Schools Hit by Cyberattacks Affecting 10,000+ Students
Over 20 school districts in Long Island, NY, suffered breaches in 2024, exposing student financial and personal data. Third-party breaches impacted districts like Great Neck and Smithtown.
Source: DataBreaches.net
Australian Human Rights Commission Exposes 670 Sensitive Documents
A misconfiguration led to the exposure of complaints and submissions containing health, employment, and religious data on the AHRC website. Documents were indexed by search engines between April 3 and May 5.
Source: BleepingComputer
Steel Giant Nucor Disrupts Production After Cyberattack
Nucor Corporation took systems offline after a cyberattack, temporarily halting production at multiple plants. The company has not confirmed whether ransomware or data theft was involved.
Source: BleepingComputer
Microsoft Patches 5 Zero-Days Including CLFS Driver Exploits
May’s Patch Tuesday addresses CVE-2025-32701 and CVE-2025-32706, actively exploited Windows CLFS driver flaws enabling privilege escalation. Also patched are flaws in DWM (CVE-2025-30400) and the Scripting Engine (CVE-2025-30397).
Impact: SYSTEM-level access for attackers.
Mitigation: Apply updates immediately; prioritize CLFS patches.
Source: KrebsOnSecurity
Twilio Denies Breach Despite Leak of Alleged Steam 2FA Codes
Twilio denies a breach after a threat actor (Machine1337) leaked 89 million Steam 2FA codes. The data includes historic SMS passcodes and phone numbers, but Twilio claims its systems were not compromised.
Source: DataBreaches.net
Share this brief: https://svo.bz/Ivg3
If you want to support us, you can donate here: Donate