Svoboda Cybersecurity Brief January 07, 2026

Critical Dolby Vulnerability Patched in Android

A critical vulnerability (CVE-2025-54957) in Dolby Digital Plus (DD+) Unified Decoder allows zero-click remote code execution via specially crafted media files on Android devices. Google patched the flaw in December 2025 for Pixel devices and January 2026 for all Android devices.
Impact: Exploitation can lead to arbitrary code execution without user interaction.
Mitigation: Apply the latest Android security updates.
Source: SecurityWeek

New D-Link DSL Router Flaw Actively Exploited

CVE-2026-0625, a command injection vulnerability in D-Link DSL routers (DSL-526B, DSL-2640B, DSL-2740R, DSL-2780B), allows unauthenticated RCE via DNS configuration parameters. Exploits target devices no longer supported by D-Link.
Impact: Attackers can gain full device control.
Mitigation: Replace EoL routers or segment them in non-critical networks.
Source: BleepingComputer

Kimwolf Android Botnet Infects 2M Devices via Proxy Abuse

The Kimwolf botnet, an Android variant of Aisuru malware, exploits residential proxy networks to target devices with exposed Android Debug Bridge (ADB) services. Over 67% of proxy-pool devices are unauthenticated, enabling mass infections.
Impact: Devices are hijacked for DDoS attacks, proxy resale, and crypto-mining.
Mitigation: Avoid low-cost Android TV boxes; use Google Play-certified devices.
Source: BleepingComputer

Taiwan Reports 10x Surge in Chinese Cyberattacks on Energy Sector

Taiwan’s National Security Bureau (NSB) recorded a 1,000% increase in Chinese cyberattacks on its energy sector in 2025. Attacks targeted ICS systems during software upgrades, using malware implants. Groups like BlackTech and APT41 were implicated.
Source: BleepingComputer

Jaguar Land Rover Sales Drop 43% Post-Cyberattack

A September 2025 cyberattack by Scattered Lapsus$ Hunters disrupted Jaguar Land Rover’s production, causing a 43% decline in Q3 wholesale volumes. The attack cost £196M ($220M) and required a UK government loan guarantee.
Source: BleepingComputer

Sedgwick Government Solutions Breached by TridentLocker

Sedgwick confirmed a breach at its federal contractor subsidiary, Sedgwick Government Solutions, after TridentLocker ransomware leaked 3.39 GB of data. The attack targeted an isolated file transfer system.
Source: BleepingComputer

Critical n8n Workflow Automation Flaw Allows RCE

CVE-2025-68668 (CVSS 9.9) in n8n versions 1.0.0–1.111.0 enables authenticated attackers to execute arbitrary OS commands via Python Code Node sandbox bypass.
Impact: Full system compromise.
Mitigation: Upgrade to n8n 2.0.0 or disable Python support.
Source: The Hacker News

AdonisJS Bodyparser Flaw Enables Arbitrary File Writes

CVE-2026-21440 (CVSS 9.2) in @adonisjs/bodyparser allows path traversal via unsanitized filenames in MultipartFile.move(), leading to arbitrary file writes.
Impact: Potential RCE if sensitive files are overwritten.
Mitigation: Update to versions 10.1.2 or 11.0.0-next.6.
Source: The Hacker News

Malicious Chrome Extensions Steal ChatGPT Conversations

Two Chrome extensions (600K+ and 300K+ users) exfiltrated ChatGPT and DeepSeek chats to attacker-controlled servers. The extensions impersonated a legitimate AITOPIA add-on.
Impact: Theft of sensitive AI conversations and browsing data.
Mitigation: Remove the extensions and audit installed add-ons.
Source: The Hacker News

Desjardins Data Breach Suspect Arrested in Spain

Juan Pablo Serrano, linked to a multimillion-dollar fraud involving 4.2M Desjardins members’ data, was arrested in Spain. He faces charges for fraud, identity theft, and trafficking.
Source: DataBreaches.net

Scattered Lapsus$ Hunters Trapped in Resecurity Honeypot

Resecurity deceived the group with a synthetic data honeypot, exposing their TTPs and server IPs. The hackers falsely claimed a breach before retracting their statements.
Source: SecurityWeek

HIPAA Compliance Tips for SMBs

Rachel Klugman Seeger highlights common HIPAA pitfalls, including weak business associate oversight and outdated state law awareness. 66% of breached records in 2025 involved third-party vendors.
Source: DataBreaches.net

Fake Booking.com Emails Deliver DCRat via Fake BSOD

The PHALT#BLYX campaign targets European hospitality with phishing emails leading to a fake BSOD page. Victims execute PowerShell commands that deploy DCRat.
Impact: Remote access and data theft.
Mitigation: Train staff to recognize ClickFix lures.
Source: The Hacker News

Unpatched TOTOLINK EX200 Flaw Allows Full Takeover

CVE-2025-65606 in TOTOLINK EX200 routers enables authenticated attackers to start an unauthenticated root telnet service via malformed firmware uploads. No patch available.
Impact: Complete device compromise.
Mitigation: Restrict admin access to trusted networks.
Source: The Hacker News

VS Code Forks Recommend Non-Existent Extensions

AI-powered VS Code forks (Cursor, Windsurf) recommend extensions not in Open VSX, creating supply-chain risks. Attackers could register malicious packages matching the names.
Impact: Potential malware delivery.
Mitigation: Verify extension publishers before installation.
Source: The Hacker News

Zestix/Sentap Linked to Dozens of Major Breaches

The threat actor used stolen credentials from infostealers (RedLine, Lumma) to compromise 50+ organizations via file-sharing services (ShareFile, OwnCloud). Data was sold on Russian forums.
Source: SecurityWeek

NordVPN Denies Breach Despite Hacker Claims

A threat actor leaked data allegedly from NordVPN’s Salesforce/Jira servers, but the company traced it to a third-party test environment with dummy data.
Source: SecurityWeek

Cybersecurity M&A: December 2025 Roundup

Notable deals include Akamai acquiring Fermyon, ServiceNow buying Armis ($7.75B) and Veza, and Silent Push acquiring HYAS. Over 420 deals recorded in 2025.
Source: SecurityWeek

Share this brief: https://svo.bz/QnHN