svoboda.center Logo svoboda.center

Svoboda Cybersecurity Brief December 19, 2025

Private VPN — just $1.2/mo

University of Sydney Data Breach Exposes Staff and Student Data

Hackers accessed an online coding repository at the University of Sydney, stealing files containing personal data of over 27,000 individuals, including names, birthdates, addresses, and job details. The breach was detected last week, and the university has notified authorities and begun notifying affected individuals.
Impact: Sensitive personal data exposed, potential identity theft risks.
Mitigation: Enable MFA, change passwords, monitor for phishing.
Source: BleepingComputer

Clop Ransomware Targets Gladinet CentreStack Servers

The Clop ransomware group is exploiting Gladinet CentreStack file servers in a new data theft campaign, leaving ransom notes on compromised systems. The exact vulnerability being exploited is unknown, but it may involve unpatched or zero-day flaws.
Impact: Data exfiltration and extortion risks for exposed servers.
Mitigation: Patch systems, restrict internet-facing services, monitor for unauthorized access.
Source: BleepingComputer

Cisco AsyncOS Zero-Day Exploited by Chinese APT Group

A critical flaw (CVE-2025-20393, CVSS 10.0) in Cisco AsyncOS allows unauthenticated remote code execution on Secure Email Gateway and Secure Email and Web Manager appliances. A China-linked APT group (UAT-9686) has been exploiting it since late November, deploying backdoors like AquaShell and Chisel.
Impact: Full system compromise, persistent access.
Mitigation: Disable Spam Quarantine if exposed to the internet, rebuild compromised appliances.
Source: The Hacker News

UEFI Vulnerability in Motherboards Enables DMA Attacks

A UEFI flaw in ASRock, Asus, Gigabyte, and MSI motherboards allows DMA attacks via malicious PCIe devices during boot, bypassing IOMMU protections. Exploitation requires physical access.
Impact: Pre-boot code execution, data theft.
Mitigation: Apply vendor firmware updates.
Source: SecurityWeek

HPE OneView Critical RCE Flaw (CVE-2025-37164)

HPE patched a maximum-severity remote code execution vulnerability in OneView infrastructure management software, affecting versions before 11.00. Exploitation allows unauthenticated attackers to execute arbitrary code.
Impact: Full system compromise.
Mitigation: Upgrade to OneView v11.00 or apply hotfixes for versions 5.20–10.20.
Source: BleepingComputer

North Korean Hackers Steal $2.02 Billion in Cryptocurrency

Lazarus Group and other DPRK-linked actors stole $2.02 billion in 2025, targeting exchanges like Bybit ($1.5B) and Upbit ($36M). Funds are laundered via Chinese services and cross-chain bridges.
Source: The Hacker News

France Arrests Latvian for Ferry Malware Attack

A Latvian crew member was arrested for installing remote-control malware on an Italian ferry docked in France, suspected of foreign interference (likely Russia-linked). The malware was neutralized before causing harm.
Source: SecurityWeek

SonicWall SMA 1000 Zero-Day Exploited (CVE-2025-40602)

A privilege escalation flaw in SonicWall SMA 1000 appliances, exploited alongside CVE-2025-23006, enables unauthenticated RCE. Patches are available in versions 12.4.3-03245 and 12.5.0-02283.
Impact: Full system takeover.
Mitigation: Apply hotfixes, restrict SSH access.
Source: SecurityWeek

Virginia Mental Health Authority Breach Impacts 113,000

RBHA suffered a ransomware attack by Qilin, exposing personal and health data of 113,232 individuals. The gang leaked 192GB of stolen data.
Source: SecurityWeek

Kimsuky Spreads DocSwap Android Malware via QR Phishing

North Korea’s Kimsuky group distributes DocSwap malware via fake CJ Logistics apps, using QR codes to bypass Android security warnings. The malware exfiltrates SMS, contacts, and audio/video recordings.
Source: The Hacker News

CISA Flags Exploited ASUS Live Update Backdoor (CVE-2025-59374)

CISA added a 2018 ASUS Live Update supply-chain flaw to its KEV catalog, linked to APT41’s Operation ShadowHammer. The tool is now end-of-life.
Mitigation: Discontinue use of ASUS Live Update.
Source: SecurityWeek

LongNosedGoblin APT Uses Windows Group Policy for Espionage

A China-aligned group deploys custom .NET malware (NosyDoor, NosyStealer) via Group Policy, targeting Southeast Asian and EU governments. Tools exfiltrate browser data and keystrokes.
Source: The Hacker News

US Seizes E-Note Crypto Exchange Laundering $70M

The DOJ seized E-Note’s domains and servers, arresting its operator for laundering ransomware payments. The service facilitated attacks since 2017.
Source: BleepingComputer

Automated Password Spraying Targets Cisco and Palo Alto VPNs

GreyNoise observed 1.7M login attempts against GlobalProtect and Cisco SSL VPNs from 10,000+ IPs, likely using scripted credential stuffing.
Mitigation: Enforce MFA, block malicious IPs.
Source: BleepingComputer

Share this brief: https://svo.bz/DY5i

If you want to support us, you can donate here: Donate