Svoboda Cybersecurity Brief May 24, 2025
May 24, 2025bulletproof VPN - stay anonymous
FTC Finalizes Order with GoDaddy Over Security Failures
The FTC has settled with GoDaddy after alleging the company misled consumers about its security measures, leading to multiple breaches. Failures included lack of multi-factor authentication, inadequate monitoring, and misrepresentation of Privacy Shield compliance. GoDaddy must now implement a comprehensive security program and undergo independent audits.
Source: DataBreaches.net
$223M Crypto Heist Hits Cetus Protocol
A hacker stole $223 million from decentralized exchange Cetus Protocol by exploiting a vulnerable package. The platform paused $162M of the stolen funds and offered a $5M bounty for the attacker’s identity. The flaw involved AMM logic manipulation, possibly via flash loans.
Source: BleepingComputer
Operation Endgame Disrupts Ransomware Kill Chain
Law enforcement seized 300 servers, neutralized 650 domains, and issued 20 arrest warrants targeting malware-as-a-service (MaaS) operations like Bumblebee, Qakbot, and TrickBot. €3.5M in crypto was seized, bringing total seizures to €21.2M. The action disrupts initial access for ransomware groups.
Source: Europol
Mysterious Database Exposes 184M Records
An unsecured Elasticsearch database exposed 184 million records, including Apple, Facebook, and Google credentials, plus government-linked logins. Researcher Jeremiah Fowler found no ownership clues, raising concerns about reckless data aggregation.
Source: WIRED
DanaBot Botnet Takedown Charges 16 Suspects
The U.S. DoJ disrupted DanaBot, a MaaS operation infecting 300,000 devices and causing $50M in damages. Charges were filed against 16 individuals, including Russian nationals. DanaBot was used for ransomware, espionage, and even DDoS attacks on Ukrainian infrastructure.
Source: SecurityWeek
Malicious NPM Packages Steal Network Data
60 malicious NPM packages were found collecting hostnames, IPs, and DNS data, sending it to Discord webhooks. Packages mimicked legitimate tools like react-xterm2. Another set of 8 typosquatted packages corrupted data or deleted files based on hardcoded dates.
Impact: Data exfiltration and system sabotage.
Mitigation: Remove affected packages and scan systems.
Source: BleepingComputer
TikTok Videos Push Infostealers via ClickFix
Threat actors use AI-generated TikTok videos (500K+ views) to trick users into running PowerShell commands that deploy Vidar/StealC malware. The attack mimics software activation steps, stealing credentials, wallets, and Authy 2FA data.
Impact: Credential theft and system compromise.
Mitigation: Disable Windows Run via GPOs or Registry edits.
Source: Trend Micro
Chinese APT Exploits Cityworks Zero-Day
Chinese group UAT-6382 exploited CVE-2025-0994 (CVSS 8.6), a deserialization flaw in Trimble Cityworks, to target U.S. local governments. Attacks involved webshells (AntSword), TetraLoader, and VShell for persistence and data exfiltration.
Impact: RCE and network pivoting.
Mitigation: Patch Cityworks and monitor IIS logs.
Source: Cisco Talos
Ivanti EPMM Zero-Days Exploited by Chinese Hackers
China-linked UNC5221 exploited CVE-2025-4427/4428 in Ivanti EPMM to attack aviation, defense, and telecom sectors. Attacks deployed FRP proxy and Sliver C2, exfiltrating PII and device configurations.
Impact: Unauthenticated RCE and data theft.
Mitigation: Patch EPMM and restrict internet-facing access.
Source: EclecticIQ
Signal Blocks Windows Recall Screenshots
Signal introduced a screenshot-blocker to prevent Microsoft’s Recall feature from capturing chat content. The feature, enabled by default, displays blank frames if Recall attempts to log Signal windows.
Source: SecurityWeek
Share this brief: https://svo.bz/2mrV
If you want to support us, you can donate here: Donate