Svoboda Cybersecurity Brief June 19, 2025
Jun 19, 2025bulletproof VPN - stay anonymous
Healthcare SaaS Firm Episource Breach Impacts 5.4M Patients
Episource disclosed a data breach where hackers accessed sensitive health data of 5.4 million individuals between January 27 and February 6, 2025. Exposed data includes SSNs, medical records, and insurance details.
Source: BleepingComputer
Predatory Sparrow Hacktivists Burn $90M in Iranian Crypto Exchange Attack
Pro-Israel group Predatory Sparrow breached Iran’s Nobitex exchange, stealing and intentionally burning $90M in crypto via vanity addresses. The group claims Nobitex facilitated Iranian sanctions evasion.
Source: BleepingComputer
Critical RCE Vulnerability Patched in Veeam Backup & Replication
Veeam fixed CVE-2025-23121 (CVSS 9.9), allowing authenticated domain users to execute remote code on Backup Servers. Another flaw (CVE-2025-24286) enables Backup Operators to tamper with jobs.
Impact: Remote code execution via authenticated access.
Mitigation: Update to Veeam Backup & Replication 12.3.2.
Source: SecurityWeek
North Korean Hackers Use Deepfaked Execs in Zoom Calls to Spread Mac Malware
BlueNoroff APT impersonated executives via deepfaked Zoom calls, tricking employees into downloading malware. The attack chain involved a fake Zoom SDK update delivering Nim/Go-based backdoors (e.g., Root Troy V4, XScreen keylogger).
Source: BleepingComputer
U.S. Seizes $225M in Crypto Linked to Investment Scams
The DOJ seized funds tied to crypto confidence scams targeting 400+ victims. Blockchain analysis revealed a laundering network dispersing stolen assets across thousands of addresses.
Source: DataBreaches.net
CISA Warns of Actively Exploited Linux Kernel Flaw (CVE-2023-0386)
The flaw in OverlayFS allows local privilege escalation to root. CISA mandates patching by July 8, 2025, for federal agencies.
Impact: Local root access on unpatched Linux systems.
Mitigation: Update to kernel versions >=6.2.
Source: TheHackerNews
Russian Hackers Bypass Gmail MFA via App-Specific Passwords
APT29-linked actors exploited Google’s app-specific passwords to bypass MFA, impersonating U.S. State Department officials. Targets received polished phishing PDFs instructing them to generate and share passwords.
Source: SecurityWeek
Minecraft Mod Malware Campaign Infects 1,500 Users
The Stargazers Ghost Network distributed malicious Java mods (e.g., Oringo, Taunahi) via GitHub, deploying a .NET stealer (44 CALIBER) to harvest credentials, wallets, and system data.
Source: TheHackerNews
NHS Vendor Synnovis Ransomware Attack Harms 170 Patients
Qilin’s ransomware attack on Synnovis disrupted 10,000+ appointments at London NHS trusts, causing severe and moderate harm to patients due to canceled services.
Source: DataBreaches.net
BeyondTrust Fixes Pre-Auth RCE in Remote Support Software (CVE-2025-5309)
The Server-Side Template Injection flaw allows unauthenticated attackers to execute code in RS/PRA deployments.
Impact: Remote code execution via chat feature.
Mitigation: Apply patches or enable SAML authentication.
Source: BleepingComputer
Gerrit Misconfiguration Exposed Google Projects to Code Injection
A race condition in Gerrit’s patch approval process could have allowed malicious code injection into projects like ChromiumOS. Google fixed the issue after disclosure by Tenable.
Source: SecurityWeek
Share this brief: https://svo.bz/6HDb
If you want to support us, you can donate here: Donate