Svoboda Cybersecurity Brief December 30, 2025

Coupang to Pay $1.17B Compensation for 33.7M Data Breach Victims

South Korean e-commerce giant Coupang announced a $1.17 billion compensation plan for 33.7 million customers affected by a June 2025 data breach involving a former IT employee. The breach exposed names, emails, addresses, and order histories, with 3,000 records retained before deletion. The suspect’s devices, including a MacBook Air dumped in a river, were recovered.
Source: BleepingComputer

Romanian Energy Provider Hit by Gentlemen Ransomware

Oltenia Energy Complex, Romania’s largest coal-based energy producer, suffered a ransomware attack on December 26, 2025, disrupting IT systems including ERP and email. The Gentlemen ransomware gang encrypted files with the .7mtzhh extension but hasn’t listed the victim on its leak site yet. The attack follows recent ransomware incidents in Romania, including one on the national water authority.
Source: BleepingComputer

MongoDB CVE-2025-14847 Actively Exploited to Leak Sensitive Data

A critical MongoDB vulnerability (CVE-2025-14847, CVSS 8.7), dubbed MongoBleed, allows unauthenticated attackers to leak heap memory data via zlib compression flaws. Over 87,000 exposed instances are at risk, with patches available in versions 8.2.3, 7.0.28, and 6.0.27.
Impact: Sensitive data (e.g., passwords, API keys) leakage.
Mitigation: Disable zlib compression or upgrade immediately.
Source: The Hacker News

Lithuanian Hacker Arrested for KMSAuto Malware Distributing Clipper Malware

A 29-year-old Lithuanian national was extradited to South Korea for infecting 2.8 million systems with KMSAuto malware, which swapped cryptocurrency wallet addresses. The attack, active from April 2020 to January 2023, stole $1.2 million via 8,400 transactions.
Source: BleepingComputer

FortiOS CVE-2020-12812 2FA Bypass Still Exploited

Fortinet warned of renewed attacks exploiting CVE-2020-12812, a 5-year-old flaw allowing 2FA bypass via LDAP misconfigurations. The vulnerability affects FortiGate firewalls with specific LDAP group settings.
Impact: Unauthorized VPN or admin access.
Mitigation: Update to FortiOS 6.4.1+ or disable secondary LDAP groups.
Source: SecurityWeek

EmEditor Supply Chain Attack Delivers Infostealer Malware

EmEditor’s Windows text editor was compromised between December 19–22, 2025, distributing a malicious installer with infostealer malware. The payload harvested browser data, VPN configs, and installed a malicious Chrome extension (Google Drive Caching) for clipboard hijacking.
Source: SecurityWeek

Korean Air Employee Data Exposed via Catering Subsidiary Breach

Korean Air disclosed a breach involving KC&D, its former catering subsidiary, leaking employee names and bank details via the Clop ransomware gang. The attackers exfiltrated 30,000 records, with Clop publishing data stolen from Oracle EBS instances.
Source: BleepingComputer

22M Aflac Customers Impacted by June 2025 Cyberattack

Insurance giant Aflac notified 22.65 million individuals of a June 2025 breach exposing SSNs, health data, and driver’s licenses. The attack, attributed to a sophisticated cybercrime group (likely Scattered Spider), did not involve ransomware.
Source: SecurityWeek

27 Malicious npm Packages Host Phishing Lures

Socket discovered 27 malicious npm packages (e.g., onedrive-verification, sync365) hosting phishing pages mimicking Microsoft sign-ins. The campaign targeted sales personnel in critical infrastructure sectors, using Evilginx-like AitM techniques.
Source: The Hacker News

Condé Nast Hacker Leaks 2.3M Wired Records, Threatens More

A hacker named Lovely leaked 2.3M Wired subscriber records and claims access to 40M Condé Nast records. The breach leveraged IDOR flaws to access data including emails, birthdates, and addresses.
Source: SecurityWeek

Share this brief: https://svo.bz/nb4M