Svoboda Cybersecurity Brief May 20, 2025

May 20, 2025

TeleMessage Signal Clone Hacked in 20 Minutes

A Signal clone app called TeleMessage was hacked in 15-20 minutes using a simple exploit. The app, used by former Trump advisor Mike Waltz, archived messages and had critical security flaws, leading to a temporary shutdown. The exploit details were withheld to prevent replication.
Impact: Potential exposure of sensitive communications, including government officials.
Mitigation: Temporarily suspend vulnerable services and conduct security audits.
Source: DataBreaches.net

Cocospy Stalkerware Apps Offline After Data Breach

Three stalkerware apps (Cocospy, Spyic, Spyzie) were taken offline after a researcher exposed a flaw allowing access to 3.2 million email addresses. The apps secretly monitored victims’ messages, call logs, and locations.
Impact: Mass exposure of victims’ data and misuse of surveillance tools.
Mitigation: Disable compromised apps and notify affected users.
Source: DataBreaches.net

Fake KeePass Installer Spreads ESXi Ransomware

A trojanized KeePass installer (“KeeLoader”) delivered via Bing ads distributed Cobalt Strike beacons, stole credentials, and deployed Black Basta ransomware on VMware ESXi servers. The malware was signed with legitimate certificates.
Impact: Credential theft, ransomware deployment, and network compromise.
Mitigation: Download software only from official sources, block typo-squatting domains.
Source: BleepingComputer

O2 UK Fixed 8-Year-Old Location Leak Bug

A flaw in O2 UK’s VoLTE/WiFi Calling exposed cell tower locations, IMSI, and IMEI via SIP headers since 2017. The bug allowed tracking with 100m² accuracy in urban areas.
Impact: Unauthorized tracking of mobile users’ locations.
Mitigation: Apply network configuration patches and monitor SIP traffic.
Source: BleepingComputer

Arla Foods Hit by Cyberattack Disrupting Production

A cyberattack on Arla Foods’ German facility disrupted dairy production, causing delivery delays. The company did not confirm ransomware but noted suspicious activity.
Impact: Operational disruption and supply chain delays.
Mitigation: Isolate affected systems and restore from backups.
Source: BleepingComputer

UK Legal Aid Agency Confirms Major Data Breach

A cyberattack on the UK Legal Aid Agency exposed applicant data since 2010, including criminal records, IDs, and financial details. Systems were secured with NCSC assistance.
Impact: Sensitive legal aid applicant data compromised.
Mitigation: Notify affected individuals and enhance access controls.
Source: BleepingComputer

Mozilla Patches Firefox Zero-Days from Pwn2Own

Mozilla fixed CVE-2025-4918 (Promise OOB access) and CVE-2025-4919 (array index confusion) after exploits earned $100K at Pwn2Own Berlin 2025. No sandbox escape was achieved.
Impact: Potential code execution via out-of-bounds reads/writes.
Mitigation: Update to Firefox 138.0.4 or ESR versions.
Source: BleepingComputer

RVTools Site Hacked to Deliver Bumblebee Malware

The official RVTools site was compromised to distribute a trojanized installer sideloading Bumblebee malware. Users were warned to verify hashes and avoid third-party downloads.
Impact: Supply-chain attack targeting VMware administrators.
Mitigation: Check file hashes and monitor for suspicious DLLs.
Source: The Hacker News

Skitnet Malware Used by Ransomware Groups for Stealth

Skitnet (Bossnet), a Rust/Nim-based malware, was sold on RAMP forums and used by Black Basta for DNS-based C2, data theft, and remote access. It evades detection via dynamic API resolution.
Impact: Persistent access and data exfiltration for ransomware operations.
Mitigation: Block DNS tunneling and monitor PowerShell activity.
Source: The Hacker News

Procolored Printer Software Bundled Malware

Procolored printer software included XRed backdoor and SnipVex clipper malware, which replaced BTC wallet addresses and logged keystrokes. The C2 server was offline since 2024.
Impact: Credential theft and cryptocurrency fraud.
Mitigation: Reinstall clean software and audit USB-sourced files.
Source: The Hacker News

Share this brief: https://svo.bz/TdDr

If you want to support us, you can donate here: Donate