svoboda.center Logo svoboda.center

Svoboda Cybersecurity Brief June 01, 2025

Jun 01, 2025

bulletproof VPN - stay anonymous

Critical Cisco IOS XE Flaw Exposes WLC Devices to RCE

A maximum-severity vulnerability (CVE-2025-20188) in Cisco IOS XE Wireless LAN Controllers allows unauthenticated attackers to upload arbitrary files and execute commands as root. The flaw stems from a hardcoded JWT fallback secret (“notfound”) in OpenResty scripts, enabling path traversal and RCE via monitored services like pvp.sh.
Impact: Full device compromise when “Out-of-Band AP Image Download” is enabled.
Mitigation: Upgrade to IOS XE 17.12.04+ or disable the feature.
Source: BleepingComputer

Linux Core Dump Flaws Leak Password Hashes in Ubuntu, RHEL

Two race condition vulnerabilities (CVE-2025-5054 in Apport, CVE-2025-4598 in systemd-coredump) allow local attackers to steal sensitive data like /etc/shadow hashes via SUID process crashes. Exploits abuse PID reuse and namespace tricks to capture privileged core dumps.
Impact: Confidentiality breach of system credentials.
Mitigation: Patch Apport/systemd-coredump or disable SUID core dumps via echo 0 > /proc/sys/fs/suid_dumpable.
Source: The Hacker News

Conti Ransomware Leaders Exposed in Massive Data Leak

Whistleblower “GangExposed” released internal chats, videos, and ransom negotiations identifying key Conti and Trickbot operators. The leak aims to disrupt the gangs, which have extorted billions globally.
Source: DataBreaches.net

Global Operation Takedowns Crypting Services Used by Malware

The US DoJ seized AvCheck[.]net, Cryptor[.]biz, and Crypt[.]guru domains offering “crypting” services to bypass antivirus detection. The operation involved 8 countries and targeted tools used by ransomware groups.
Source: The Hacker News

Fred Hutchinson Cancer Center Pays $52M Over Ransomware Breach

A class-action settlement requires $11.5M in patient payouts and $13.5M in security upgrades after Hunters International gang attacked the center in 2023, exposing medical data.
Source: DataBreaches.net

APAC Data Privacy Guide Highlights Regulatory Shifts

Hogan Lovells’ 2025 guide outlines evolving data protection laws in China, India, Singapore, and other APAC markets, with a webinar scheduled for June 12.
Source: DataBreaches.net

Share this brief: https://svo.bz/Vflt

If you want to support us, you can donate here: Donate