Svoboda Cybersecurity Brief July 17, 2025

Jul 17, 2025

Armenian National Extradited for Ryuk Ransomware Attacks

Karen Serobovich Vardanyan, an Armenian national, faces federal charges for his role in Ryuk ransomware attacks between 2019-2020, extorting over $15M in bitcoin from US companies. His co-conspirators remain at large.
Source: DataBreaches.net

Co-op Confirms 6.5M Members’ Data Stolen in Cyberattack

UK retailer Co-op confirmed a breach exposing 6.5M members’ contact data after a Scattered Spider-linked attack using DragonForce ransomware. The attackers accessed systems via social engineering and stole Active Directory credentials.
Source: BleepingComputer

SonicWall SMA Devices Compromised by OVERSTEP Rootkit

UNC6148 hackers deployed the OVERSTEP rootkit on fully patched SonicWall SMA 100 devices, stealing credentials and maintaining persistence. The malware hides artifacts and modifies boot processes.
Impact: Enables credential theft, ransomware deployment, and long-term access.
Mitigation: Capture disk images for forensic analysis; migrate to newer SonicWall models.
Source: BleepingComputer

Fortinet FortiWeb Exploited via Public RCE (CVE-2025-25257)

Attackers compromised 85+ FortiWeb instances using a public exploit for CVE-2025-25257, a critical SQLi flaw in versions 7.6.0-7.6.3. The exploit deploys web shells via crafted HTTP requests.
Impact: Remote code execution on unpatched devices.
Mitigation: Update to FortiWeb 7.6.4+ or disable HTTP/HTTPS admin interfaces.
Source: BleepingComputer

Golden dMSA Attack Bypasses Windows Server 2025 Authentication

A design flaw in Windows Server 2025’s delegated Managed Service Accounts (dMSA) lets attackers with KDS root keys generate passwords for all gMSAs/dMSAs, enabling cross-domain persistence.
Impact: Forest-wide credential compromise and lateral movement.
Mitigation: Restrict KDS root key access; monitor for unusual account activity.
Source: The Hacker News

Google Chrome Zero-Day (CVE-2025-6558) Exploited In Wild

Google patched CVE-2025-6558, a high-severity sandbox escape in Chrome’s ANGLE/GPU components, actively exploited via crafted HTML pages.
Impact: Arbitrary code execution via browser compromise.
Mitigation: Update to Chrome 138.0.7204.157+.
Source: The Hacker News

Europol Disrupts Pro-Russian NoName057(16) DDoS Group

Operation Eastwood took down 100+ servers tied to NoName057(16), which launched DDoS attacks on NATO and EU targets. Two arrests were made, but core members remain in Russia.
Source: BleepingComputer

Matanbuchus 3.0 Loader Spreads via Microsoft Teams Phishing

A new Matanbuchus variant (priced at $10K/month) uses fake IT helpdesk Teams calls to deploy malware via PowerShell, stealing system data and enabling ransomware deployment.
Source: The Hacker News

Louis Vuitton, Tiffany Breaches Linked to ShinyHunters

Luxury brands Louis Vuitton, Tiffany, and Adidas suffered breaches tied to ShinyHunters, which stole customer data from a third-party vendor. No payment info was exposed.
Source: BleepingComputer

Google’s AI “Big Sleep” Discovers SQLite Zero-Day (CVE-2025-6965)

Google’s LLM-powered tool found CVE-2025-6965, a memory corruption flaw in SQLite, before threat actors could exploit it. Patched in version 3.50.2.
Source: The Hacker News

US Soldier Pleads Guilty to Telecom Hacks and Extortion

Cameron Wagenius, a former Army soldier, admitted to hacking AT&T, Verizon, and others, stealing data, and demanding $1M+ in ransoms via SIM swapping and BreachForums posts.
Source: BleepingComputer

Compumedics Ransomware Attack Exposes 318K Patient Records

Compumedics disclosed a VanHelsing ransomware attack (Feb-Mar 2025) that stole patient data, including SSNs and medical records, from US healthcare providers.
Source: SecurityWeek

Konfety Malware Evades Detection via Malformed APKs

A new Android Konfety variant uses tampered APKs with fake encryption flags and BZIP declarations to bypass analysis tools, delivering ad fraud payloads.
Source: The Hacker News

Share this brief: https://svo.bz/cZKy

If you want to support us, you can donate here: Donate