svoboda.center Logo svoboda.center

Svoboda Cybersecurity Brief December 20, 2025

Private VPN — just $1.2/mo

Russia-Linked Cyberattacks Target Denmark’s Critical Infrastructure

Denmark’s Defense Intelligence Service attributed destructive cyberattacks on a water utility (2024) and election-related DDoS attacks (2025) to Russian state-linked groups Z-Pentest and NoName057(16). The water utility attack caused physical damage, bursting pipes and disrupting supply.
Source: BleepingComputer

Microsoft 365 OAuth Device Code Phishing Campaigns Surge

Multiple threat actors, including Russia-aligned UNK_AcademicFlare and TA2723, exploit OAuth device code flows to bypass MFA and hijack accounts. Attacks use phishing kits (SquarePhish, Graphish) and lure victims via fake OneDrive links.
Impact: Unauthorized access to Microsoft 365 accounts.
Mitigation: Block device code flow via Conditional Access or restrict to approved users/IPs.
Source: TheHackerNews

UEFI Flaw Exposes ASUS, Gigabyte, MSI Motherboards to DMA Attacks

CVE-2025-11901/CVE-2025-14304 lets attackers with physical PCIe device access bypass IOMMU protections during early boot. Vulnerable chipsets include Intel 500-800 series and AMD X870E/TRX50.
Impact: Pre-OS memory manipulation, potential rootkit deployment.
Mitigation: Apply vendor firmware updates (ASUS, Gigabyte, MSI).
Source: TheHackerNews

WatchGuard Firebox Firewalls Exploited via Critical VPN Flaw

CVE-2025-14733 allows unauthenticated RCE on devices with IKEv2 VPN enabled. Attackers use IPs 45.95.19[.]50, 51.15.17[.]89 for exploitation.
Impact: Full device compromise, credential theft.
Mitigation: Update to Fireware OS 12.11.6/2025.1.4 or disable dynamic peer BOVPNs.
Source: SecurityWeek

FortiCloud SSO Vulnerability Actively Exploited (CVE-2025-59718)

Over 25,000 Fortinet devices exposed with FortiCloud SSO enabled. Attackers steal SAML tokens to bypass authentication.
Impact: Admin account takeover, configuration file exfiltration.
Mitigation: Patch FortiOS/FortiProxy or disable FortiCloud SSO.
Source: BleepingComputer

Nigerian Police Arrest RaccoonO365 Phishing Kit Developer

Okitipi Samuel (“RaccoonO365”) allegedly developed the toolkit behind 5,000+ Microsoft 365 credential thefts across 94 countries. The service sold phishing pages for $355-$999/month via Telegram.
Source: TheHackerNews

Kimwolf Android Botnet Hits 1.8M Devices for DDoS Attacks

The botnet targets Android TV set-top boxes, using DoT for evasion and ENS domains for resilience. Linked to a 29.7 Tbps DDoS attack in November 2025.
Source: SecurityWeek

CountLoader Malware Spreads via Cracked Software Sites

Version 3.2 adds USB propagation and in-memory execution via mshta.exe. Delivers ACR Stealer after profiling hosts and evading CrowdStrike Falcon.
Source: TheHackerNews

University of Sydney Breach Exposes 27,500 Individuals

Hackers accessed a code library containing 2010-2019 staff/alumni data (names, DOBs, addresses). No evidence of data misuse yet.
Source: SecurityWeek

Chinese APT LongNosedGoblin Targets Asian Governments

Uses Group Policy to deploy NosyHistorian (browser data collector) and NosyDoor backdoor (OneDrive C2). Overlaps with ToddyCat TTPs.
Source: SecurityWeek

Docker Releases 1,000+ Hardened Open-Source Images

Non-root by default, minimal attack surface, with SBOMs and SLSA Build Level 3 provenance. Commercial versions remain for regulated environments.
Source: SecurityWeek

Share this brief: https://svo.bz/dfmC

If you want to support us, you can donate here: Donate