svoboda.center Logo svoboda.center

Svoboda Cybersecurity Brief May 27, 2025

May 27, 2025

bulletproof VPN - stay anonymous

Nova Scotia Power Ransomware Attack Exposes 280k Users

Nova Scotia Power confirmed a ransomware attack that compromised personal data of approximately 280,000 customers. The breach included names, addresses, and financial information, with attackers demanding payment.
Source: SecurityWeek

Over 70 Malicious npm and VS Code Packages Steal Data and Crypto

Researchers identified 70+ malicious packages in npm and VS Code ecosystems, designed to exfiltrate sensitive data and cryptocurrency wallets. The packages used typosquatting and fake dependency chains to evade detection.
Impact: Compromised developer environments and stolen credentials/crypto.
Mitigation: Verify package sources, use dependency scanning tools, and monitor for suspicious activity.
Source: The Hacker News

Tiffany & Co. Latest LVMH Brand Hit by Cyberattack

Luxury brand Tiffany & Co. suffered a cyberattack, joining other LVMH-owned brands targeted by hackers. Attackers accessed customer databases, though the full scope of the breach remains under investigation.
Source: DataBreaches.net

Estonia Seeks Moroccan National in International Data Theft Case

Estonian authorities launched an Interpol Red Notice for a Moroccan citizen accused of stealing sensitive government data. The suspect allegedly exploited unpatched vulnerabilities in public sector systems.
Source: DataBreaches.net

Weekly Recap: APT Campaigns, Browser Hijacks, and Critical CVEs

This week’s threats included state-sponsored APT campaigns, browser hijacking malware, and critical vulnerabilities in cloud infrastructure (CVE-2025-XXXX). AI-powered malware also saw increased deployment.
Impact: Enterprise systems at risk of data exfiltration and service disruption.
Mitigation: Patch critical CVEs, enforce MFA, and monitor for anomalous traffic.
Source: The Hacker News

CISOs Guide to Web Privacy Validation

A new guide highlights the importance of privacy validation frameworks for compliance with GDPR and CCPA. It emphasizes real-time monitoring of data collection practices to prevent regulatory penalties.
Source: The Hacker News

Share this brief: https://svo.bz/aR99

If you want to support us, you can donate here: Donate