Svoboda Cybersecurity Brief July 15, 2025
Jul 15, 2025bulletproof VPN - stay anonymous
Gravity Forms WordPress Plugin Compromised in Supply Chain Attack
Two malicious versions of the Gravity Forms WordPress plugin (v2.9.11.1 and 2.9.12) were distributed via the official download page. The backdoored plugins created admin accounts, enabling remote code execution and data theft.
Impact: Attackers could gain full control over affected WordPress sites.
Mitigation: Update to v2.9.13 immediately and audit admin accounts.
Source: SecurityWeek
Interlock RAT Evolves with PHP Variant and FileFix Delivery
A new PHP-based variant of Interlock RAT is being distributed via FileFix attacks, abusing Cloudflare Tunnel for C2 communication. The malware performs system reconnaissance and enables lateral movement via RDP.
Impact: Opportunistic targeting across industries with session hijacking and persistence risks.
Mitigation: Block trycloudflare.com domains and monitor for unusual RDP activity.
Source: SecurityWeek
Gigabyte UEFI Firmware Flaws Allow Secure Boot Bypass
Four vulnerabilities (CVE-2025-7026 to 7029) in Gigabyte motherboards’ UEFI firmware enable SMM privilege escalation and arbitrary code execution. Affects over 240 models with firmware updated in 2023-2024.
Impact: Attackers could disable Secure Boot and deploy firmware implants.
Mitigation: Apply vendor firmware updates; monitor for end-of-life devices.
Source: SecurityWeek
UK Tax Service Loses £47M to Phishing Campaign
HMRC reported 100,000 victims in a phishing scam targeting PAYE and VAT repayments. 13 Romanians were arrested for computer fraud and money laundering in a joint operation.
Source: SecurityWeek
CitrixBleed 2 Vulnerability Actively Exploited
CVE-2025-5777 in Citrix NetScaler allows memory disclosure via malformed authentication requests, exposing session tokens. Similar to 2023’s CitrixBleed with a CVSS of 9.3.
Impact: Session hijacking and MFA bypass possible.
Mitigation: Patch to versions 14.1-43.56 or 13.1-58.32 immediately.
Source: SecurityWeek
eSIM Vulnerability Exposes IoT Devices to Attacks
Flaws in Kigen’s eUICC cards (GSMA TS.48 v6.0 and earlier) allow malicious applet installation, potentially compromising MNO secrets and profile tampering.
Impact: 2 billion+ IoT devices at risk of unauthorized profile access.
Mitigation: Upgrade to TS.48 v7.0; restrict physical access to eUICC.
Source: The Hacker News
Louis Vuitton Data Breach Affects Multiple Countries
Customer data (names, contact info) was stolen in a breach detected July 2. Compromise lasted nearly a month via third-party vendor account.
Source: SecurityWeek
Train Brake Systems Vulnerable to Radio Attacks
CVE-2025-1727 in End-of-Train devices allows remote brake manipulation via unauthenticated radio signals. Known issue for 20 years; fixes planned for 2026.
Impact: Sudden stoppages or brake failure possible.
Mitigation: Isolate radio communications; monitor for abnormal brake commands.
Source: SecurityWeek
Malicious VSCode Extension Steals $500K in Crypto
A fake “Solidity Language” extension in Cursor IDE delivered Quasar RAT and PureLogs stealer, hijacking a developer’s crypto wallet.
Source: BleepingComputer
PHP-Based Interlock RAT Targets Cloudflare Tunnels
New variant uses FileFix to deploy PHP scripts that exfiltrate system data as JSON and abuse trycloudflare.com for C2 obfuscation.
Source: The Hacker News
Share this brief: https://svo.bz/Zp7e
If you want to support us, you can donate here: Donate