svoboda.center

Svoboda Cybersecurity Brief June 14, 2025

bulletproof VPN - stay anonymous

Qilin Ransomware Targets Philippine Hospital, Patient Data Leaked

The Palawan Medical Mission Group Multipurpose Cooperative (PMMGPMC), operating Coop Hospital in Puerto Princesa City, confirmed a ransomware attack by the Qilin group. The attackers allegedly leaked sensitive patient data online after compromising systems. The hospital is conducting a forensic investigation.
Source: DataBreaches.net

Discord Invite Hijacking Campaign Delivers AsyncRAT and Info-Stealers

A flaw in Discord’s invite system allows attackers to reuse expired or deleted invites to redirect users to malicious servers. Victims are tricked into running PowerShell commands, leading to infections with AsyncRAT, Skuld Stealer, and ChromeKatz. Over 1,300 users across the US, UK, France, and Germany were impacted.
Impact: Malware delivery, credential theft, and persistent access.
Mitigation: Avoid outdated invites, distrust “verification” prompts, and never execute unfamiliar PowerShell commands.
Source: BleepingComputer

JSFireTruck Malware Infects 269,000+ Sites in Mass Redirection Campaign

A widespread campaign uses JSFuck-obfuscated JavaScript (dubbed JSFireTruck) to redirect visitors from compromised sites to malicious payloads. Targets include search engine referrals (Google, Bing, etc.), with malware, exploits, or malvertising delivered. Over 269,552 pages were infected between March 26 and April 25, 2025.
Impact: Drive-by downloads, credential theft, and malware infections.
Mitigation: Monitor for unauthorized scripts, block obfuscated JS, and enforce referrer policies.
Source: The Hacker News

Victoria’s Secret Recovers from Cyberattack, Delays Earnings Release

Victoria’s Secret restored critical systems after a May 24 cyberattack forced shutdowns of e-commerce and corporate networks. The incident delayed its Q1 earnings release, but the company claims no material financial impact. No ransomware group has claimed responsibility.
Source: BleepingComputer

Ransomware Groups Exploit Unpatched SimpleHelp Flaws for Double Extortion

CISA warns that ransomware gangs (e.g., DragonForce) are exploiting CVE-2024-57727 in SimpleHelp RMM to compromise downstream customers of a utility billing software provider. The path traversal flaw enables data theft and encryption.
Impact: Unauthorized access, data exfiltration, and ransomware deployment.
Mitigation: Isolate and patch SimpleHelp instances (v5.5.7 or later), monitor for unusual traffic.
Source: The Hacker News

Apple Zero-Click iMessage Flaw (CVE-2025-43200) Exploited with Paragon Spyware

A zero-click vulnerability in Apple’s Messages app (patched in February 2025) was exploited to deliver Paragon’s Graphite spyware to journalists. The flaw allowed attackers to execute malicious code via iCloud-linked media. Citizen Lab linked the attacks to an Apple account (“ATTACKER1”).
Mitigation: Update to iOS 18.3.1+, iPadOS 17.7.5+, or macOS 15.3.1+.
Source: The Hacker News

TeamFiltration Framework Abused in Entra ID Account Takeover Campaign

Attackers used the TeamFiltration pentesting tool to target ~100 Entra ID tenants, leveraging Microsoft Teams API and AWS infrastructure for password spraying. Compromised accounts were exploited for data exfiltration and persistence via OneDrive.
Impact: Credential theft, data breaches, and lateral movement.
Mitigation: Audit OAuth app permissions, monitor for unusual Teams API activity.
Source: SecurityWeek

Critical Mitel MiCollab Flaw Exposes 20,000+ Instances to Remote Hacks

A path traversal flaw in Mitel MiCollab’s NuPoint Messaging (NPM) allows unauthenticated attackers to access provisioning data and perform admin actions. Over 20,000 instances are exposed online.
Impact: Unauthorized access, data exposure, and network compromise.
Mitigation: Upgrade to MiCollab 9.8 SP3 (9.8.3.1+) or 10.0.0.26+.
Source: SecurityWeek

Trend Micro Patches Critical RCE Flaws in Apex Central and Endpoint Encryption

Trend Micro fixed 10 vulnerabilities, including critical insecure deserialization bugs (CVE-2025-49219, CVE-2025-49220) in Apex Central and authentication bypass (CVE-2025-49216) in TMEE PolicyServer. Exploits enable remote code execution.
Mitigation: Apply patches immediately; no exploits observed in the wild.
Source: SecurityWeek

Share this brief: https://svo.bz/Tjdp

If you want to support us, you can donate here: Donate