Svoboda Cybersecurity Brief December 01, 2025

Nova RaaS Gang Exposed by Dos-Op and CBSecurity

A collaborative report by CBSecurity and Dos-Op.io reveals identities and infrastructure of the Nova ransomware-as-a-service (RaaS) gang, formerly known as RALord. The group, which exploits Babuk-derived ransomware, targets medical and education sectors, and was exposed due to misconfigured network settings. Upcoming reports may disclose details on 12 affiliates, with data already shared with law enforcement.
Source: DataBreaches

CISA Adds Actively Exploited XSS Bug in OpenPLC ScadaBR to KEV Catalog

CISA added CVE-2021-26829 (CVSS 5.4), an XSS flaw in OpenPLC ScadaBR (v1.12.4 on Windows, v0.9.1 on Linux), to its KEV catalog after pro-Russian group TwoNet exploited it to deface HMIs. The attackers used default credentials and modified system settings to disable logs.
Impact: Allows defacement and disruption of industrial control systems.
Mitigation: Patch affected versions or restrict access to vulnerable endpoints.
Source: The Hacker News

Google Cloud Hosts Long-Running OAST Exploit Campaign Targeting Brazil

VulnCheck identified a year-long exploit operation using Google Cloud to deliver OAST callbacks (*.i-sh.detectors-testing[.]com), targeting Brazilian systems via 200+ CVEs. Attackers leveraged a modified Java class (TouchFile.class) to execute arbitrary commands.
Impact: Sustained regional exploitation with potential remote code execution.
Mitigation: Monitor for suspicious OAST traffic and apply patches for known CVEs.
Source: The Hacker News

Share this brief: https://svo.bz/QoNX