Svoboda Cybersecurity Brief May 16, 2025

May 16, 2025

Coinbase Data Breach via Bribed Employees

Coinbase disclosed that hackers bribed employees to steal customer data, including government IDs, and demanded a $20 million ransom. The company rejected the extortion attempt but faces potential losses up to $400 million.
Source: BleepingComputer

Russian APT28 Exploits MDaemon Zero-Day in Government Webmail Servers

Russia-linked APT28 exploited a zero-day vulnerability in MDaemon email servers to compromise government webmail accounts globally. The attack leveraged XSS flaws to steal sensitive communications.
Source: The Hacker News

Chinese Hackers Target Drone Sector in Supply Chain Attacks

Chinese state-sponsored actors conducted supply chain attacks against the drone industry, compromising vendors to distribute malware-laced updates. The campaign aimed at espionage and intellectual property theft.
Source: SecurityWeek

Nova Scotia Power Confirms Customer Data Theft in Cyberattack

Hackers stole customer data from Nova Scotia Power, including names, addresses, and account details. The utility is notifying affected individuals but has not disclosed the attack vector.
Source: BleepingComputer

FBI Warns of Voice Deepfake Attacks Targeting US Officials Since April

Attackers used AI-generated voice deepfakes to impersonate trusted contacts and manipulate US officials since April 2025. The FBI highlighted the growing sophistication of social engineering tactics.
Source: BleepingComputer

Malicious npm Package Uses Unicode Steganography to Evade Detection

A malicious npm package hid payloads using Unicode steganography and leveraged Google Calendar as a command-and-control (C2) dropper. The attack bypassed traditional signature-based detection.
Impact: Evasion of security tools and potential backdoor access.
Mitigation: Audit third-party dependencies and monitor for anomalous network traffic.
Source: The Hacker News

Chrome 136 Patches High-Severity Flaw with Exploit in the Wild

Google fixed a high-severity Chrome vulnerability (CVE-2025-XXXX) enabling cross-origin data leaks via the loader referrer policy. Active exploitation was observed before the patch.
Impact: Unauthorized data access across origins.
Mitigation: Update to Chrome 136 immediately.
Source: SecurityWeek

BreachForums Admin to Pay $700K in Healthcare Data Breach Settlement

Conor Fitzpatrick (“Pompompurin”), former BreachForums admin, will forfeit $700K in a civil settlement with Nonstop Health after stolen patient data was sold on the forum. The case sets a precedent for holding cybercriminals financially liable.
Source: Krebs on Security

Steelmaker Nucor Disrupted by Cyberattack

Nucor Corporation faced production disruptions due to a cyberattack, though the extent of operational impact remains unclear. The company has not attributed the attack to a specific threat actor.
Source: SecurityWeek

Texas Leaves $28M in School Cybersecurity Funding Unspent

Texas failed to utilize $28 million allocated for K-12 cybersecurity improvements, despite rising attacks on schools like Central Point School District 6. Unspent funds highlight gaps in resource deployment.
Source: DataBreaches.net

Indiana Gov Email Addresses Used in Phishing Campaign

Attackers spoofed official Indiana government email addresses to phish residents, leveraging compromised accounts or SMTP flaws. The campaign targeted personal and financial data.
Source: DataBreaches.net

Windows 11 and Red Hat Linux Hacked at Pwn2Own

Researchers exploited zero-days in Windows 11 and Red Hat Linux during Pwn2Own 2025, earning $200K in prizes. Details of the vulnerabilities were withheld pending patches.
Source: BleepingComputer

Meta announced plans to use EU user data for AI training starting May 27 without explicit consent, prompting legal threats from privacy group noyb. The move tests GDPR compliance boundaries.
Source: The Hacker News

Share this brief: https://svo.bz/wnVv

If you want to support us, you can donate here: Donate