svoboda.center Logo svoboda.center

Svoboda Cybersecurity Brief December 18, 2025

Private VPN — just $1.2/mo

Zeroday Cloud hacking event uncovers 11 zero-days in cloud infrastructure

Researchers at Zeroday Cloud hacking event found 11 zero-day vulnerabilities in Redis, PostgreSQL, MariaDB, and Grafana, earning $320K in bounties. The Linux kernel was exploited via a container escape flaw, undermining cloud isolation guarantees.
Impact: Compromised cloud databases and kernel isolation pose severe risks to multi-tenant environments.
Mitigation: Patch affected components and enforce strict container security policies.
Source: BleepingComputer

France arrests suspect tied to Interior Ministry cyberattack

A 22-year-old suspect linked to the BreachForums hacking group was arrested for breaching France’s Ministry of Interior, allegedly stealing 16M police records. Attackers demanded ransom negotiations or public data release.
Source: BleepingComputer

AWS cryptomining campaign abuses compromised IAM credentials

A cryptojacking operation targeted AWS EC2 and ECS using stolen IAM credentials, deploying miners via a Docker Hub image (yenik65958/secret). Attackers disabled API termination to prolong mining.
Impact: Unauthorized compute costs and resource exhaustion.
Mitigation: Rotate IAM credentials, monitor auto-scaling groups, and restrict Docker Hub usage.
Source: BleepingComputer

Cisco warns of AsyncOS zero-day exploited by Chinese APT

Cisco’s unpatched AsyncOS flaw (CVE-2025-20393) is being exploited by Chinese group UAT-9686 to deploy AquaShell backdoors and log-clearing tools. Attacks target exposed Spam Quarantine features in email gateways.
Impact: Full appliance compromise and data exfiltration.
Mitigation: Restrict internet access to management interfaces, disable Spam Quarantine if unused.
Source: BleepingComputer

SonicWall SMA1000 zero-day chained for RCE

SonicWall patched CVE-2025-40602, a privilege escalation flaw used with CVE-2025-23006 (pre-auth deserialization) for root-level RCE. Over 950 SMA1000 appliances remain exposed online.
Impact: Full device takeover via unauthenticated attacks.
Mitigation: Upgrade to fixed versions (e.g., 12.4.3-03245).
Source: The Hacker News

Kimwolf botnet hijacks 1.8M Android devices for DDoS

The Kimwolf botnet infected Android TVs and tablets, launching 1.7B DDoS commands in 3 days. Linked to AISURU botnet, it uses Ethereum ENS for resilient C2 infrastructure.
Source: The Hacker News

APT28 targets Ukrainian UKR.net users in phishing campaign

Russian APT28 phished UKR.net credentials via spoofed login pages hosted on Mocky. Attacks abused tiny.cc/tinyurl links and Blogger subdomains for redirection.
Source: The Hacker News

GhostPoster malware hides in Firefox extensions via steganography

17 malicious Firefox extensions (50K+ downloads) concealed malware in icon files using steganography. Payloads hijacked affiliate links, injected trackers, and disabled security headers.
Source: The Hacker News

Ink Dragon APT deploys FINALDRAFT malware against governments

China-linked Ink Dragon (Jewelbug) targeted European governments with FINALDRAFT and ShadowPad malware, exploiting ASP.NET machine keys for IIS server takeovers.
Source: The Hacker News

NMFTA warns of cyber-enabled cargo theft surge

Cybercriminals combine social engineering, AI voice cloning, and GPS spoofing to hijack shipments. Attacks cost the US $35B annually, with 700+ thefts in Q3 2025.
Source: SecurityWeek

Cellik RAT trojanizes Google Play apps for Android control

The $150/month Cellik RAT offers real-time screen control, hidden browsing, and APK repackaging to inject malware into legitimate apps via Google Play integration.
Source: SecurityWeek

If you want to support us, you can donate here: Donate