Svoboda Cybersecurity Brief July 02, 2025
Jul 02, 2025bulletproof VPN - stay anonymous
CMS Notifies 103,000 Medicare Beneficiaries of Data Breach
The Centers for Medicare & Medicaid Services (CMS) is notifying 103,000 beneficiaries after threat actors fraudulently created Medicare.gov accounts using stolen personal data (e.g., Medicare Beneficiary Identifiers, dates of birth). The breach occurred between 2023-2025, and CMS has deactivated affected accounts and disabled foreign IP access for new account creation.
Source: DataBreaches.net
Esse Health Discloses Cyberattack Impacting 263,000 Patients
Esse Health confirmed a April 2025 cyberattack exposed patient data, including names, addresses, health insurance details, and medical record numbers. The attack disrupted systems for weeks, but no ransomware group has claimed responsibility.
Source: DataBreaches.net
International Criminal Court Hit by Sophisticated Cyberattack
The ICC reported a “sophisticated” cyberattack during the NATO summit, potentially compromising sensitive data. This is the second major breach since 2023, with WiFi still partially disabled from the prior incident.
Source: DataBreaches.net
AT&T Launches “Wireless Lock” to Block SIM Swap Attacks
AT&T introduced Wireless Lock, a feature preventing SIM swaps by locking account changes. The move follows years of SIM-swap-related breaches, including $794,000 in crypto thefts linked to such attacks.
Impact: Prevents unauthorized porting of phone numbers, reducing account takeover risks.
Mitigation: Users should enable Wireless Lock via AT&T’s app or website.
Source: BleepingComputer
US Sanctions Russian Hosting Firm Aeza for Ransomware Support
Aeza Group and four operators were sanctioned for hosting BianLian ransomware, RedLine infostealer panels, and darknet markets. The firm ignored abuse reports, enabling cybercriminal operations.
Source: BleepingComputer
New FileFix Attack Bypasses Windows MoTW Warnings
A HTA file-based exploit tricks users into saving malicious HTML as .HTA, bypassing Mark of the Web warnings. Attackers use social engineering (e.g., fake MFA backup pages) to execute code via mshta.exe.
Impact: Enables arbitrary code execution without user warnings.
Mitigation: Disable mshta.exe or block HTML attachments in email.
Source: BleepingComputer
Google Patches Fourth Chrome Zero-Day of 2025 (CVE-2025-6554)
Google fixed a type confusion flaw in Chrome’s V8 JavaScript engine (CVE-2025-6554), actively exploited in attacks. Updates (v138.0.7204.96/.97 for Windows) were rolled out within a day of detection.
Impact: Arbitrary code execution via crafted HTML pages.
Mitigation: Update Chrome immediately or enable auto-updates.
Source: The Hacker News
Critical Flaw in Anthropic MCP Inspector Allows Remote Code Execution
CVE-2025-49596 (CVSS 9.4) in Anthropic’s MCP Inspector lets attackers execute code via browser flaws (e.g., DNS rebinding). Fixed in v0.14.1, but unpatched instances risk compromise.
Impact: Full host takeover via malicious websites.
Mitigation: Update to MCP Inspector 0.14.1 and restrict network exposure.
Source: The Hacker News
North Korean IT Worker Scheme Disrupted by US DoJ
The DoJ seized 29 financial accounts, 21 domains, and 200 computers linked to North Korean IT workers who stole $5 million+ via fake identities and laptop farms. Four North Koreans were charged with crypto thefts totaling $900,000.
Source: The Hacker News
Iranian Hackers Target Exposed ICS Devices Amid US Warning
CISA warned of Iranian threats to ICS/OT, particularly Unitronics PLCs and Tridium Niagara systems. Censys found thousands of exposed devices, with Australia and the US most affected.
Impact: Unprotected devices risk remote takeover via default credentials.
Mitigation: Change defaults, segment networks, and monitor for anomalies.
Source: SecurityWeek
Unpatched Citrix NetScaler Instances Vulnerable to Exploited Flaws
Over 2,100 Citrix NetScaler instances remain unpatched for CVE-2025-6543 (zero-day) and CVE-2025-5777, risking authentication bypass and DoS. Shadowserver detected exposed systems globally.
Impact: Session hijacking and service disruption.
Mitigation: Apply Citrix’s patches immediately.
Source: SecurityWeek
Share this brief: https://svo.bz/7XVY
If you want to support us, you can donate here: Donate