Svoboda Cybersecurity Brief June 30, 2025
Jun 30, 2025bulletproof VPN - stay anonymous
Horizon Healthcare RCM ransomware attack exposes patient data
Horizon Healthcare RCM disclosed a December ransomware attack involving data exfiltration, affecting multiple healthcare clients. The breach included sensitive patient information such as Social Security numbers, financial data, and health insurance details. Horizon hinted at paying the ransom to prevent data exposure, but the total number of affected individuals remains undisclosed.
Source: DataBreaches.net
Bluetooth flaws in Airoha chipsets enable eavesdropping and data theft
Researchers disclosed vulnerabilities (CVE-2025-20700 to CVE-2025-20702) affecting Airoha Bluetooth chipsets in 29 audio devices from brands like Bose and Sony. Exploits could enable call interception, contacts theft, and firmware hijacking, though attacks require close proximity and technical expertise.
Impact: Attackers could spy via microphone, steal call history, or deploy wormable exploits.
Mitigation: Apply firmware updates from vendors; Airoha has released a patched SDK.
Source: BleepingComputer
Disgruntled IT worker jailed for sabotaging employer’s systems
Mohammed Umar Taj, a suspended IT employee, altered login credentials and MFA settings to disrupt his UK-based employer, causing £200K+ in losses. The attack affected clients globally before forensic evidence led to his 7-month jail sentence.
Source: DataBreaches.net
Cloudflare open-sources E2EE video conferencing tool Orange Meets
Cloudflare added Messaging Layer Security (MLS)-based end-to-end encryption to Orange Meets, open-sourcing the code for transparency. The prototype features client-side encryption and a “safety number” for MitM attack prevention but lacks consumer-grade polish.
Source: BleepingComputer
Share this brief: https://svo.bz/2YdP