Svoboda Cybersecurity Brief June 04, 2025
Jun 04, 2025bulletproof VPN - stay anonymous
Texas Gastroenterology Practice Hit by Ransomware, Patient Data Leaked
Texas Digestive Specialists suffered a ransomware attack by the InterLock group, with 263 GB of patient data (16,920 folders, 215,245 files) exfiltrated and leaked. The breach included lab reports with PHI (patient names, DOB, test results) from 2023–2025. The practice has not yet disclosed the breach officially.
Source: DataBreaches.net
Romanian Hacker Pleads Guilty to Swatting Campaign Targeting US Officials
Thomasz Szabo, leader of a swatting ring, pleaded guilty to orchestrating bomb threats and swatting attacks against 75+ officials, including Congress members, religious institutions, and a former US president. Szabo faces up to 15 years in prison.
Source: DataBreaches.net
Pro-Ukraine Hacker Group Black Owl Disrupts Russian Critical Infrastructure
Black Owl (BO Team) wiped out 30% of Russia’s national court filing system and targets state institutions using polymorphic code to evade detection. Kaspersky warns the group poses a major threat to Russian infrastructure.
Source: DataBreaches.net
Critical HPE StoreOnce Auth Bypass Vulnerability Exposes Backup Systems
HPE patched CVE-2025-37093 (CVSS 9.8), an authentication bypass flaw in StoreOnce backup solutions, alongside 7 other vulnerabilities (including RCE and SSRF). Attackers can exploit this to gain full access to backup systems.
Impact: Unauthenticated access to sensitive backup data.
Mitigation: Upgrade to StoreOnce v4.3.11.
Source: BleepingComputer
Lyrix Ransomware Targets Windows with Polymorphic Evasion Techniques
Lyrix ransomware uses polymorphic code to bypass AV detection and prioritizes encrypting databases, documents, and system files. The malware exfiltrates high-value data before deploying encryption.
Impact: Data theft and encryption.
Mitigation: Deploy behavior-based detection and ensure backups.
Source: GBHackers
Fake DocuSign/GitCode Sites Spread NetSupport RAT via Multi-Stage Attack
Threat actors spoof DocuSign and GitCode sites to trick users into running malicious PowerShell scripts, deploying NetSupport RAT. The attack uses ClickFix CAPTCHA lures and multi-stage payloads to evade detection.
Impact: Remote system takeover.
Mitigation: Block *.workers[.]dev traffic and monitor PowerShell activity.
Source: The Hacker News
Google Patches Chrome Zero-Day Exploited In the Wild (CVE-2025-5419)
Google fixed CVE-2025-5419, an out-of-bounds read/write flaw in V8 JavaScript engine, actively exploited. The patch is rolling out in Chrome 137.0.7151.68/.69. TAG researchers discovered the exploit.
Impact: Arbitrary code execution via crafted HTML.
Mitigation: Update Chrome immediately.
Source: BleepingComputer
Crocodilus Android Trojan Expands to 8 Countries, Adds Fake Contacts
Crocodilus now targets banks and crypto wallets in Europe/South America, using fake contacts (e.g., “Bank Support”) to bypass fraud alerts. The malware also steals seed phrases via accessibility abuse.
Impact: Credential theft, cryptocurrency draining.
Mitigation: Avoid sideloading apps and enable Play Protect.
Source: The Hacker News
Victoria’s Secret Delays Earnings After Corporate Security Incident
Victoria’s Secret took corporate systems offline after a May 24 security incident, disrupting e-commerce and in-store operations. The attack resembles recent ransomware incidents targeting retailers.
Source: BleepingComputer
North Dakota Enacts Financial Data Security and Breach Notification Law
North Dakota’s HB 1127 mandates financial firms to implement encryption, MFA, and risk assessments. Breaches affecting 500+ customers must be reported within 45 days. Effective August 1, 2025.
Source: DataBreaches.net
Share this brief: https://svo.bz/Jrca
If you want to support us, you can donate here: Donate