svoboda.center Logo svoboda.center

Svoboda Cybersecurity Brief December 13, 2025

Private VPN — just $1.2/mo

Apple Patches Two Zero-Day Exploits in Active Attacks

Apple released emergency updates for CVE-2025-43529 (WebKit use-after-free RCE) and CVE-2025-14174 (WebKit memory corruption), both exploited in targeted attacks. The flaws affect iPhones, iPads, and Macs, with patches in iOS/iPadOS 26.2+. Google’s Threat Analysis Group discovered the vulnerabilities.
Impact: Remote code execution via malicious web content.
Mitigation: Update to latest OS versions.
Source: BleepingComputer

Coupang Data Breach: 33.7M Records Leaked via Ex-Employee

A former Coupang employee retained system access after leaving, exfiltrating names, emails, addresses, and order data of 33.7M customers in June 2025. The breach triggered phishing surges in South Korea, leading to the CEO’s resignation.
Source: BleepingComputer

GeoServer XXE Flaw (CVE-2025-58360) Actively Exploited

CISA mandates patching by Jan 1, 2026, for unauthenticated XXE in GeoServer ≤2.26.1, allowing file theft, SSRF, or DoS via /geoserver/wms XML input. Shadowserver identifies 14,000+ exposed instances.
Impact: Arbitrary data access and system compromise.
Mitigation: Upgrade to v2.25.6/2.26.2/2.27.0+.
Source: SecurityWeek

Virginia Urology Patient Data Leaked by MS13-089 Hackers

927GB of sensitive patient records (including PHI, medical histories, and insurance details) was exfiltrated in November 2025. The ransomware group claimed Virginia Urology ignored their demands, but the clinic has not acknowledged the breach.
Source: DataBreaches

Fake “One Battle After Another” Torrent Delivers Agent Tesla RAT

Malicious subtitles in a fake movie torrent execute PowerShell loaders to deploy Agent Tesla, stealing credentials via scheduled tasks and evading detection by checking for Falcon/Cybereason AV.
Impact: Credential theft and system compromise.
Mitigation: Avoid pirated content; inspect suspicious .lnk files.
Source: BleepingComputer

MITRE Releases 2025 Top 25 Most Dangerous Software Weaknesses

XSS remains #1, followed by SQLi and CSRF. New entries include buffer overflows (CWE-120/121/122) and improper access control (CWE-284). Based on 39,080 CVEs from 2024–2025.
Source: SecurityWeek

PyStoreRAT Spreads via Fake GitHub OSINT Repositories

Attackers upload malicious Python/JS loaders posing as developer tools, delivering a modular RAT via HTA files. The malware steals crypto wallet data and evades analysis with Falcon AV checks.
Impact: Remote code execution and data theft.
Mitigation: Audit GitHub repo commits; block mshta.exe execution.
Source: TheHackerNews

New Phishing Kits (BlackForce, GhostFrame) Bypass MFA

BlackForce ($234–$351 on Telegram) steals OTPs via MitB attacks, while GhostFrame uses iframes to evade detection. Both target Microsoft 365/Google accounts.
Impact: Credential theft despite MFA.
Mitigation: Educate users; monitor for suspicious iframe loads.
Source: TheHackerNews

Notepad++ Updater Hijacked in Supply-Chain Attacks

A flaw in WinGUp allowed attackers to push malicious binaries by intercepting traffic. Patched in v8.8.9 with signature verification for updates.
Impact: System compromise via trojanized updates.
Mitigation: Upgrade to v8.8.9+.
Source: SecurityWeek

Doxers Impersonate Police to Steal Data from Big Tech

Hackers sent fake emergency data requests to companies like Charter Communications, obtaining personal data within 20 minutes.
Source: DataBreaches

Share this brief: https://svo.bz/a48F

If you want to support us, you can donate here: Donate