Svoboda Cybersecurity Brief June 30, 2025

Jun 30, 2025

bulletproof VPN - stay anonymous

Horizon Healthcare RCM ransomware attack exposes patient data

Horizon Healthcare RCM disclosed a December ransomware attack involving data exfiltration, affecting multiple healthcare clients. The breach included sensitive patient information such as Social Security numbers, financial data, and health insurance details. Horizon hinted at paying the ransom to prevent data exposure, but the total number of affected individuals remains undisclosed.
Source: DataBreaches.net

Bluetooth flaws in Airoha chipsets enable eavesdropping and data theft

Researchers disclosed vulnerabilities (CVE-2025-20700 to CVE-2025-20702) affecting Airoha Bluetooth chipsets in 29 audio devices from brands like Bose and Sony. Exploits could enable call interception, contacts theft, and firmware hijacking, though attacks require close proximity and technical expertise.
Impact: Attackers could spy via microphone, steal call history, or deploy wormable exploits.
Mitigation: Apply firmware updates from vendors; Airoha has released a patched SDK.
Source: BleepingComputer

Disgruntled IT worker jailed for sabotaging employer’s systems

Mohammed Umar Taj, a suspended IT employee, altered login credentials and MFA settings to disrupt his UK-based employer, causing £200K+ in losses. The attack affected clients globally before forensic evidence led to his 7-month jail sentence.
Source: DataBreaches.net

Cloudflare open-sources E2EE video conferencing tool Orange Meets

Cloudflare added Messaging Layer Security (MLS)-based end-to-end encryption to Orange Meets, open-sourcing the code for transparency. The prototype features client-side encryption and a “safety number” for MitM attack prevention but lacks consumer-grade polish.
Source: BleepingComputer

Share this brief: https://svo.bz/2YdP

If you want to support us, you can donate here: Donate