Svoboda Cybersecurity Brief July 14, 2025
Jul 14, 2025bulletproof VPN - stay anonymous
Google Gemini Vulnerability Enables Phishing via Email Summaries
A flaw in Google Gemini for Workspace allows attackers to inject hidden malicious instructions into emails, which Gemini obeys when generating summaries. The attack uses HTML/CSS to hide directives, tricking users into believing phishing warnings or prompts are legitimate. Google acknowledges the issue and is implementing mitigations.
Impact: High-risk phishing attacks bypassing traditional detection (no attachments/links).
Mitigation: Filter hidden content in emails, scan Gemini outputs for urgency/URLs/phone numbers, and educate users.
Source: BleepingComputer
Doyon Ltd Faces Lawsuits Over Delayed Data Breach Disclosure
Multiple class-action lawsuits allege Doyon Ltd, an Alaska Native corporation, failed to protect sensitive data (SSNs, health info) in an April 2024 breach and delayed notifications until June 2025. The breach affected at least 906 Texans and 22 Maine residents, with total impact still undisclosed.
Source: DataBreaches.net
Stormous Group’s Alleged 600K Patient Breach Likely Fabricated
The threat actor Stormous claims to have stolen 600K patient records from North Country Healthcare, but analysis reveals inconsistencies (fake addresses, mismatched genders, out-of-state phone numbers). No verification from the healthcare provider supports the breach’s legitimacy.
Source: DataBreaches.net
Court Rejects Class Certification in Chili’s Data Breach Case
A Florida district court denied class certification for plaintiffs in Brinker International’s 2018 Chili’s breach, citing lack of traceable injuries for two plaintiffs. The ruling clarifies individualized damage assessments in breach litigation.
Source: DataBreaches.net
Share this brief: https://svo.bz/0Cjm
If you want to support us, you can donate here: Donate