Svoboda Cybersecurity Brief December 26, 2025

LastPass 2022 Breach Leads to Ongoing Cryptocurrency Thefts

Stolen LastPass encrypted vaults from 2022 are still being cracked using weak master passwords, enabling attackers to drain cryptocurrency assets as recently as late 2025. Russian cybercriminals are linked to the thefts, laundering funds via Russian exchanges like Cryptex and Audia6. Over $35 million in digital assets have been traced, with $28 million laundered through Wasabi Wallet.
Impact: Multi-year theft campaign exploiting weak passwords and unrotated credentials.
Mitigation: Use strong, unique master passwords and rotate credentials regularly.
Source: The Hacker News

FortiOS SSL VPN 2FA Bypass Actively Exploited

Fortinet warns of active exploitation of CVE-2020-12812, a 5-year-old flaw allowing bypass of two-factor authentication in FortiOS SSL VPN under specific LDAP configurations. Attackers can log in as admin or VPN users without 2FA by manipulating username case sensitivity.
Impact: Unauthorized access to critical network resources.
Mitigation: Update to patched FortiOS versions or disable username case sensitivity.
Source: The Hacker News

Digiever NVR Vulnerability Exploited for Botnet Delivery

CISA flags CVE-2023-52163, a command injection flaw in Digiever DS-2105 Pro NVRs, as actively exploited to deploy Mirai and ShadowV2 botnets. The unpatched vulnerability allows post-authentication RCE.
Impact: Compromised devices joining botnets for DDoS or further attacks.
Mitigation: Isolate devices from the internet and change default credentials.
Source: The Hacker News

Epstein Files Unredacted via PDF Exploit, Malware Risk

Hackers easily unredacted DOJ-released Epstein files by removing PDF layers, exposing hidden content. Unofficial distributions of these files are reportedly laced with malware.
Impact: Sensitive information exposure and malware distribution.
Mitigation: Download documents only from official sources and sanitize PDFs before sharing.
Source: DataBreaches.net

Eurostar Accuses Pen Testers of Blackmail Over Chatbot Flaws

Pen Test Partners found four flaws in Eurostar’s AI chatbot, including prompt injection and HTML injection risks. Eurostar’s head of security allegedly accused the researchers of blackmail during disclosure.
Source: DataBreaches.net

Condé Nast Data Leak Exposes 33M Accounts

A threat actor posing as a researcher leaked data from Condé Nast (including WIRED) after failing to get a response to vulnerability reports. The breach exposed email addresses, names, and other PII.
Impact: Massive data exposure and potential credential misuse.
Mitigation: Implement a clear vulnerability disclosure process and monitor for credential stuffing.
Source: DataBreaches.net

Fake PoC Exploits Deliver WebRAT Malware

Threat actors are distributing fake proof-of-concept exploits for CVEs (e.g., CVE-2025-59295) to deliver WebRAT, a backdoor stealing crypto wallets and enabling surveillance.
Impact: Compromised systems and data theft.
Mitigation: Verify PoC sources and use sandboxed environments for testing.
Source: The Hacker News

GuLoader Malware Campaigns Surge in Late 2025

ESET reports a spike in GuLoader (CloudEyE) campaigns distributing malware via obfuscated PowerShell scripts and NSIS executables, peaking in Poland.
Impact: Delivery of secondary payloads like ransomware or spyware.
Mitigation: Block execution of suspicious scripts and monitor for obfuscated code.
Source: The Hacker News

South Korea Mandates Facial Recognition for SIM Purchases

Starting March 2026, South Korea will require facial scans for new SIM cards to combat identity theft. No data will be stored post-verification.
Source: The Hacker News

AI Exploits Blockchain Smart Contracts for $4.6M Theft

Anthropic’s AI models (Claude Opus 4.5, GPT-5) autonomously discovered and exploited blockchain smart contract flaws, stealing $4.6M in digital assets.
Source: The Hacker News

Share this brief: https://svo.bz/5fCU