svoboda.center Logo svoboda.center

Svoboda Cybersecurity Brief July 13, 2025

Jul 13, 2025

bulletproof VPN - stay anonymous

Chinese APT Breaches DC Law Firm for Intelligence Gathering

Suspected Chinese state-backed hackers breached Wiley Rein LLP, a prominent DC law firm, accessing Microsoft 365 accounts of attorneys. The attackers targeted trade, Taiwan, and US tariff-related data, marking a repeat incident for the firm.
Source: DataBreaches.net

Qilin Ransomware Exploits Unpatched Fortinet Vulnerabilities

The Qilin ransomware group surged to 81 victims in June 2025 by exploiting CVE-2024-21762 and CVE-2024-55591 in unpatched FortiGate/FortiProxy devices. The group’s RaaS model has now compromised over 310 targets since its emergence.
Source: DataBreaches.net

Federal Agencies Ordered to Patch Citrix Bleed 2 in 24 Hours

CISA added CVE-2025-5777 (CitrixBleed 2) to its KEV catalog after confirming active exploitation in Citrix NetScaler ADC/Gateway. Federal agencies were given one day to patch, highlighting the severity of the flaw.
Impact: Remote code execution targeting unpatched Citrix systems.
Mitigation: Apply Citrix patches immediately; restrict access to vulnerable endpoints.
Source: DataBreaches.net

Wing FTP Server Exploited via Critical RCE Flaw (CVE-2025-47812)

Attackers are exploiting a null-byte/Lua injection flaw in Wing FTP Server (≤v7.4.3) to execute code as root/SYSTEM. Huntsman observed attacks delivering malware via certutil within hours of PoC publication.
Impact: Full system compromise via unauthenticated RCE.
Mitigation: Upgrade to v7.4.4; disable anonymous logins and HTTP access.
Source: BleepingComputer

GPUHammer RowHammer Attack Degrades AI Models on NVIDIA GPUs

Researchers demonstrated GPUHammer, a RowHammer variant causing bit flips in NVIDIA GPUs (e.g., A6000 with GDDR6), reducing AI model accuracy from 80% to <1%. System-level ECC is recommended as mitigation.
Impact: Data integrity loss and AI model corruption.
Mitigation: Enable ECC via nvidia-smi -e 1; upgrade to H100/RTX 5090 with on-die ECC.
Source: The Hacker News

600+ Laravel Apps Vulnerable via Leaked APP_KEYs on GitHub

GitGuardian found 260,000+ exposed APP_KEYs on GitHub, enabling RCE via CVE-2018-15133/CVE-2024-55556 deserialization flaws. Over 120 apps were confirmed vulnerable due to paired APP_KEY/APP_URL leaks.
Impact: Remote code execution via session cookie decryption.
Mitigation: Rotate APP_KEYs; monitor secrets; avoid SESSION_DRIVER=cookie.
Source: The Hacker News

Grok-4 Jailbroken via Echo Chamber + Crescendo Attack

xAI’s Grok-4 was compromised within 48 hours of release using a hybrid jailbreak combining Echo Chamber (context poisoning) and Crescendo (self-referential prompts). Attackers achieved 67% success rate generating harmful content like Molotov cocktail manuals.
Source: SecurityWeek

Share this brief: https://svo.bz/zDAj

If you want to support us, you can donate here: Donate