svoboda.center Logo svoboda.center

Svoboda Cybersecurity Brief December 12, 2025

Private VPN — just $1.2/mo

Village of Golf Manor Considers Paying Ransom After Cyberattack

The Village of Golf Manor is considering paying a $2,000 ransom after a ransomware attack encrypted its systems. The attackers also threatened to leak stolen data if the payment isn’t made. Ohio law requires legislative approval for such payments, which the village council has granted.
Source: DataBreaches.net

Hackers Exploit Gladinet CentreStack Cryptographic Flaw for RCE

Attackers are exploiting a cryptographic flaw in Gladinet’s CentreStack and Triofox, using hardcoded AES keys to decrypt access tickets and achieve remote code execution. Nine organizations, including healthcare and tech firms, have been targeted.
Impact: Unauthorized access to sensitive files and systems.
Mitigation: Update to version 16.12.10420.56791 and rotate machine keys.
Source: BleepingComputer

Notepad++ Fixes Flaw Allowing Malicious Update Hijacking

Notepad++ patched a vulnerability in its WinGUp updater that allowed attackers to push malicious updates. The flaw was exploited in targeted attacks, likely by Chinese threat actors, to deliver malware via hijacked update traffic.
Impact: Compromised systems via malicious updates.
Mitigation: Upgrade to version 8.8.9 and verify update signatures.
Source: BleepingComputer

Malicious VSCode Extensions Hide Trojan in Fake PNG Files

19 malicious VSCode Marketplace extensions delivered a Rust-based trojan hidden in a fake PNG file. The campaign, active since February, used modified npm dependencies to execute malware upon IDE launch.
Impact: Compromised developer environments and data theft.
Mitigation: Remove suspicious extensions and scan for IoCs.
Source: BleepingComputer

UK Fines LastPass £1.2M Over 2022 Data Breach

The UK ICO fined LastPass £1.2M for failing to protect 1.6M UK users’ data in a 2022 breach. Attackers stole encrypted vaults, though master passwords remain secure if strong.
Impact: Exposure of sensitive user data.
Mitigation: Use strong master passwords (16+ characters).
Source: BleepingComputer

ConsentFix Attack Hijacks Microsoft Accounts via Azure CLI

A new ConsentFix attack abuses Azure CLI’s OAuth flow to steal authorization codes, granting attackers full account access without passwords or MFA. Targets are tricked via fake CAPTCHA pages.
Impact: Account takeover without credentials.
Mitigation: Monitor for unusual Azure CLI logins and legacy Graph scopes.
Source: BleepingComputer

Unpatched Gogs Zero-Day Exploited to Breach 700 Servers

Attackers exploited CVE-2025-8110, a symlink flaw in Gogs, to overwrite files and achieve RCE. Over 700 instances were compromised, deploying a Supershell-based C2 framework.
Impact: Full server compromise and data theft.
Mitigation: Disable open registration and limit internet exposure.
Source: BleepingComputer

Google Patches 8th Chrome Zero-Day Exploited in 2025

Google fixed a high-severity zero-day (bug 466192044) in Chrome’s ANGLE library, marking the eighth such flaw this year. The vulnerability, likely a buffer overflow, was actively exploited.
Impact: Memory corruption and potential RCE.
Mitigation: Update to Chrome 143.0.7499.109/.110.
Source: BleepingComputer

NANOREMOTE Malware Uses Google Drive for C2

A new backdoor, NANOREMOTE, leverages Google Drive API for stealthy C2 communications. It shares code with FINALDRAFT, attributed to Chinese-linked REF7707, targeting governments in Southeast Asia.
Impact: Data exfiltration and persistent access.
Source: The Hacker News

WIRTE APT Deploys AshTag Backdoor via AshenLoader

The WIRTE APT group used AshenLoader sideloading to deploy the AshTag backdoor, targeting Middle Eastern governments. The malware steals diplomatic documents and evades detection via legitimate binaries.
Impact: Espionage and sensitive data theft.
Source: The Hacker News

Pierce County Library Breach Impacts 340,000

A cyberattack on Pierce County Library exposed names, SSNs, and financial data of 340,000 individuals. The breach occurred in April 2025, with no ransomware group claiming responsibility.
Impact: Identity theft and financial fraud.
Mitigation: Enroll in free credit monitoring.
Source: SecurityWeek

React2Shell Exploits Deliver Diverse Malware Payloads

Exploits for CVE-2025-55182 (React2Shell) deliver malware like EtherRAT, BPFDoor, and cryptominers. Over 165,000 IPs host vulnerable React instances, prompting CISA to expedite patching.
Impact: System compromise and credential theft.
Mitigation: Patch React/Next.js and monitor for suspicious activity.
Source: SecurityWeek

IBM Patches 100+ Vulnerabilities Across Products

IBM fixed over 100 flaws, including critical bugs in Storage Defender and Guardium Data Protection. Most vulnerabilities were in third-party components like Tomcat and Django.
Impact: DoS, RCE, and data corruption.
Mitigation: Apply latest IBM security updates.
Source: SecurityWeek

Share this brief: https://svo.bz/7sjc

If you want to support us, you can donate here: Donate