svoboda.center Logo svoboda.center

Svoboda Cybersecurity Brief June 13, 2025

Jun 13, 2025

bulletproof VPN - stay anonymous

BoardDocs Software Exposes Private School Files Nationally

School districts using BoardDocs software were unaware their private files, including attorney-client privileged documents, were published due to a national breach. Diligent Corporation confirmed the scope only after media inquiries.
Source: DataBreaches.net

Zero-Click iOS Spyware Targets Journalists via Graphite

Paragon’s Graphite spyware exploited CVE-2025-43200, a zero-day in iCloud Link photo/video processing, to compromise iPhones running iOS 18.2.1. Attacks used iMessage for zero-click delivery, exfiltrating data via VPS infrastructure.
Impact: Silent data theft from high-profile targets.
Mitigation: Update to iOS 18.3.1; disable iMessage for sensitive users.
Source: SecurityWeek

Microsoft 365 Copilot Zero-Click Data Theft (EchoLeak)

CVE-2025-32711 allowed attackers to exfiltrate sensitive data via malicious emails triggering Copilot’s RAG engine. Patched server-side by Microsoft; no user interaction required for exploitation.
Impact: Unauthorized access to confidential business data.
Mitigation: Ensure Copilot updates are applied; monitor for unusual data flows.
Source: The Hacker News

FIN6 Cybercriminals Pose as Job Seekers on LinkedIn

FIN6 group targeted recruiters with fake resumes delivering MoreEggs malware via phishing emails. Campaign marks a shift from their usual POS-focused attacks.
Source: DataBreaches.net

Fog Ransomware Uses Legitimate Tools for Attack Automation

Fog ransomware deployed Syteca monitoring software and open-source tools (Stowaway, GC2, Adapt2x) in a financial sector attack. Unusual toolset aimed to evade detection.
Impact: Data exfiltration and encryption via trusted processes.
Mitigation: Monitor for atypical tool usage; restrict SMBExec/Impacket.
Source: BleepingComputer

GitLab Account Takeover and CI/CD Pipeline Hijacking

CVE-2025-4278 (HTML injection) and CVE-2025-5121 (missing auth) allowed account takeover and malicious CI/CD job injection in GitLab Ultimate EE.
Impact: Unauthorized code execution and pipeline manipulation.
Mitigation: Upgrade to GitLab 18.0.2/17.11.4/17.10.8.
Source: BleepingComputer

SmartAttack Exfiltrates Air-Gapped Data via Smartwatches

Researchers demonstrated ultrasonic (18–22 kHz) data theft from air-gapped systems using smartwatch microphones. Achieved 6m range at 50 bps.
Impact: Covert data leakage from secured environments.
Mitigation: Ban audio wearables; deploy ultrasonic jammers.
Source: SecurityWeek

Infostealer Takedown: 20K IPs, 32 Arrests, 216K Victims Notified

Operation Secure dismantled infostealer ops (Lumma, Vidar, Rhadamanthys) across Asia. Seized 41 servers and $11K in cash from a Vietnamese leader.
Source: SecurityWeek

Sweden Hit by DDoS Attacks from Russia-Linked Actors

Swedish PM confirmed disruptions to SVT, banks, and BankID services via DDoS attacks. Russian, Chinese, and Iranian actors suspected.
Source: DataBreaches.net

CIA Analyst Sentenced for Leaking Top-Secret Data

Asif Rahman transmitted classified docs to unauthorized individuals, leading to public posting on social media. Arrested in Nov 2024.
Source: DataBreaches.net

Share this brief: https://svo.bz/Bc1F

If you want to support us, you can donate here: Donate