svoboda.center Logo svoboda.center

Svoboda Cybersecurity Brief July 04, 2025

Jul 04, 2025

bulletproof VPN - stay anonymous

Hunters International Ransomware Group Shuts Down, Releases Free Decryptors

The Hunters International ransomware group announced its shutdown and is offering free decryptors to all victims. Previously rebranding as World Leaks, internal disagreements led to their closure amidst law enforcement scrutiny. Impact: Over 300 global victims can now recover data without ransom payments.
Mitigation: Victims should verify decryptor authenticity before use.
Source: DataBreaches

IdeaLab Confirms Data Stolen in 2024 Ransomware Attack

IdeaLab disclosed a 2024 breach by Hunters International, exposing names and sensitive data of employees and contractors. The leaked 137,000 files (262.8 GB) included financial and personal records.
Source: BleepingComputer

Chinese Hackers Exploit Ivanti Zero-Days Against French Entities

ANSSI attributed attacks on French government, telecoms, and media to Chinese group Houken (linked to UNC5174), exploiting CVE-2024-8963, CVE-2024-9380, and CVE-2024-8190 in Ivanti CSA devices. Attackers deployed kernel rootkits and tunneling tools like GOREVERSE.
Impact: Data exfiltration and persistent access across critical sectors.
Mitigation: Patch Ivanti CSA devices and monitor for anomalous root-level activity.
Source: The Hacker News

Critical Cisco Unified CM Flaw Allows Root Access via Hardcoded Credentials

CVE-2025-20309 (CVSS 10.0) exposes static root credentials in Cisco Unified CM/SME versions 15.0.1.13010-1 through 15.0.1.13017-1. Attackers can execute arbitrary commands as root.
Impact: Full device compromise and lateral movement risk.
Mitigation: Apply Cisco’s patch or upgrade to 15SU3.
Source: The Hacker News

SolarWinds and SEC Near Settlement in Cybersecurity Fraud Case

SolarWinds and former CISO Timothy Brown seek settlement with the SEC over alleged misleading statements about the 2020 Sunburst attack. A single fraud claim remains regarding incomplete cybersecurity disclosures.
Source: DataBreaches

Iran’s Bread Distribution Disrupted by Cyberattacks on Banking Systems

Cyberattacks on Iran’s Sepah Bank froze payments via the Nanino system, crippling subsidized bread sales for two weeks. Bakers cannot access funds, worsening economic strain.
Source: DataBreaches

Columbia University Breached by Politically Motivated Hackers

A “highly sophisticated” hacker stole targeted student data, prompting IT system outages. Columbia confirmed no malicious activity since June 24 but provided no technical details.
Source: DataBreaches

Catwatchful Spyware Exposes 62,000 User Credentials via SQLi Flaw

A vulnerability in the Android stalkerware Catwatchful leaked plaintext credentials of 62,050 accounts, including admin details. The app stealthily monitors victims’ devices via Firebase.
Impact: Account takeovers and continuous surveillance.
Mitigation: Google Play Protect now detects Catwatchful; dial 543210 to uninstall.
Source: SecurityWeek

Keymous+ Claims 700 Global DDoS Attacks

The North African group targeted telecoms, governments, and education sectors across Europe, MENA, and Asia. Motives remain unclear, but tactics suggest hacktivism or financial gain.
Source: DataBreaches

Grafana Patches Critical Chromium Flaws in Image Renderer Plugin

CVE-2025-5959, CVE-2025-6554, CVE-2025-6191, and CVE-2025-6192 (all CVSS ≥8.1) allow RCE in Grafana Image Renderer (<3.12.9) and Synthetic Monitoring Agent (<0.38.3).
Impact: Sandbox escape and arbitrary code execution.
Mitigation: Update to plugin v3.12.9 or agent v0.38.3.
Source: BleepingComputer

North Korean Hackers Target Crypto Firms with Nim-Based macOS Malware

BlueNoroff used fake Zoom updates to deploy NimDoor, a persistence-focused binary leveraging AppleScript and signal handlers. Targets included web3/crypto employees via Telegram and Calendly lures.
Impact: Data theft and backdoor access.
Mitigation: Verify meeting links and monitor for suspicious Nim processes.
Source: SecurityWeek

352 Malicious Android Apps in IconAds Fraud Scheme Removed

HUMAN found apps hiding icons and serving intrusive ads, generating 1.2 billion daily bid requests. Brazil, Mexico, and the U.S. were primary targets.
Impact: Ad fraud and degraded device performance.
Mitigation: Avoid third-party app stores and monitor app permissions.
Source: The Hacker News

40+ Malicious Firefox Extensions Steal Crypto Wallet Secrets

Extensions impersonating Coinbase, MetaMask, etc., used fake reviews and injected code to exfiltrate keys. Russian-language code hints at actor origin.
Impact: Cryptocurrency theft.
Mitigation: Install extensions only from verified publishers.
Source: The Hacker News

Share this brief: https://svo.bz/1I2T

If you want to support us, you can donate here: Donate