svoboda.center Logo svoboda.center

Svoboda Cybersecurity Brief January 09, 2026

Private VPN — just $1.2/mo

HPE OneView RCE Exploited in Attacks

A critical HPE OneView flaw (CVE-2025-37164) allows unauthenticated RCE via code injection. CISA added it to its KEV catalog, confirming active exploitation.
Impact: Remote attackers can execute arbitrary code on unpatched systems.
Mitigation: Upgrade to OneView v11.00+.
Source: TheHackerNews

China-Linked UAT-7290 Targets Telecoms with Linux Malware

UAT-7290, a China-linked APT, uses Linux malware (RushDrop, SilentRaid) and exploits edge devices for espionage. Targets include telecoms in South Asia and Europe.
Impact: Data theft, ORB infrastructure creation for other threat actors.
Mitigation: Patch edge devices, monitor SSH brute-force attempts.
Source: BleepingComputer

Kimwolf Botnet Infects 2M Android TV Devices

The Kimwolf botnet enslaves Android TV boxes for DDoS and proxy traffic. Linked to Aisuru botnet and proxy services like Maskify.
Impact: Devices used in ad fraud, credential stuffing, and DDoS attacks.
Mitigation: Replace compromised TV boxes with secure alternatives.
Source: KrebsOnSecurity

WhatsApp Worm Spreads Astaroth Banking Trojan in Brazil

A WhatsApp worm (Boto Cor-de-Rosa) auto-messages contacts with malicious ZIP files, delivering the Astaroth banking trojan.
Impact: Credential theft, financial fraud.
Mitigation: Avoid downloading attachments from unsolicited messages.
Source: TheHackerNews

Coolify Vulnerabilities Allow Full Server Compromise

11 critical flaws in Coolify (e.g., CVE-2025-66209) enable RCE, authentication bypass, and root access via command injection.
Impact: Full server takeover.
Mitigation: Update to patched versions (e.g., >=4.0.0-beta.451).
Source: TheHackerNews

FBI Warns of North Korean Kimsuky QR Code Phishing

Kimsuky (APT43) uses QR codes in spear-phishing to bypass MFA and hijack cloud identities. Targets US policy organizations.
Impact: Credential theft, session token hijacking.
Mitigation: Train staff to verify QR code sources, enforce MDM.
Source: BleepingComputer

NodeCordRAT Hidden in npm Bitcoin Packages

Malicious npm packages (bitcoin-main-lib, bip40) deliver NodeCordRAT, stealing Chrome credentials and crypto wallet data via Discord C2.
Impact: Data theft, unauthorized access.
Mitigation: Audit npm dependencies, remove suspicious packages.
Source: TheHackerNews

EEOC Contractor Breach Exposes Employee PII

An EEOC contractor (Opexus) mishandled sensitive data in early 2025, exposing employee PII via unauthorized access to the Public Portal system.
Source: DataBreaches

Methodist Homes Suffers Second Breach in 7 Months

A compromised employee email at Methodist Homes exposed patient SSNs, Medicare data, and medical records. This follows an October 2024 breach.
Source: DataBreaches

Cisco ISE XML Parsing Flaw Exposes Sensitive Data

CVE-2026-20029 in Cisco ISE lets admins read arbitrary files via malicious XML uploads. A public PoC exists.
Impact: Sensitive data exposure.
Mitigation: Apply patches (e.g., 3.4 Patch 4).
Source: TheHackerNews

Share this brief: https://svo.bz/BrcK

If you want to support us, you can donate here: Donate