Svoboda Cybersecurity Brief January 13, 2026

Dutch Hacker Sentenced for Smuggling Cocaine via Port System Breach

A Dutch court sentenced a hacker to 7 years for breaching port systems in Rotterdam and Antwerp to facilitate cocaine smuggling. The attacker used malware-laden USB sticks to gain remote access, enabling the undetected import of 210kg of cocaine.
Source: DataBreaches.net

CrazyHunter Ransomware Targets Taiwanese Healthcare with Advanced Tactics

CrazyHunter ransomware, a fork of Prince ransomware, has evaded anti-malware defenses and hit six Taiwanese healthcare organizations. It uses Go-based encryption and a data leak site to pressure victims.
Source: DataBreaches.net

University of Hawaii Cancer Center Hit by Ransomware, Exposing Decades-Old Data

A ransomware attack compromised patient data from the 1990s, including Social Security numbers, at the University of Hawaii Cancer Center. The university paid for a decryptor and claims stolen data was destroyed.
Source: BleepingComputer

Plastic Surgery Practices Targeted by Hackers Leaking Nude Patient Photos

A threat actor leaked nude patient photos and medical records from at least four plastic surgery practices, extorting victims directly. The host refuses takedowns, and leaks persist on Russian-hosted sites.
Source: DataBreaches.net

CISA Orders Patch for Gogs RCE Flaw Exploited in Zero-Day Attacks

CISA mandated patching CVE-2025-8110, a path traversal flaw in Gogs, after attackers overwrote Git configs to execute commands. Over 700 instances showed signs of compromise.
Impact: Remote code execution via symbolic link abuse.
Mitigation: Disable open registration, restrict server access, and upgrade to patched versions.
Source: BleepingComputer

Facebook Phishing Campaigns Now Use Browser-in-Browser (BitB) Trick

Attackers deploy fake login pop-ups via iframes to steal credentials, mimicking Meta CAPTCHA pages. The campaign abuses legitimate cloud platforms (Netlify, Vercel) for hosting.
Impact: Credential theft bypassing visual detection.
Mitigation: Verify pop-ups by dragging them outside the browser window and enable 2FA.
Source: BleepingComputer

Ni8mare Vulnerability Exposes 60,000 n8n Workflow Automation Instances

CVE-2026-21858, a max-severity flaw in n8n, allows unauthenticated RCE via malicious file uploads in form workflows. Shadowserver detected 59,558 exposed instances.
Impact: Full system compromise via file injection.
Mitigation: Upgrade to n8n 1.121.0+ or disable public webhooks.
Source: BleepingComputer

Telegram Proxy Links Can Leak IP Addresses in One Click

Hidden t.me/proxy links trigger automatic connections to attacker-controlled servers, exposing real IPs. Telegram plans to add warnings but downplays the risk.
Impact: Deanonymization and potential DoS attacks.
Mitigation: Avoid clicking disguised links and use VPNs for anonymity.
Source: BleepingComputer

Spanish Energy Giant Endesa Breached, Customer Data Leaked

Hackers accessed contract details, IBANs, and national IDs of Endesa customers. A separate threat actor claims to sell 1TB of SQL data allegedly from the breach.
Source: BleepingComputer

APT28 Phishes Energy, Defense Entities with Free Hosting Services

The Russian group targeted Turkish energy researchers and EU think tanks using spoofed OWA, Google, and Sophos VPN pages hosted on free services like Ngrok and InfinityFree.
Source: SecurityWeek

LLM APIs Targeted in Mass Scanning Campaign

Attackers probed 70+ LLM endpoints (OpenAI, Google, Meta) for misconfigured proxies, with 80,469 sessions logged. GreyNoise links the activity to React2Shell exploiters.
Source: SecurityWeek

Instagram Password Reset Flaw Fixed Amid Data Leak Claims

Meta resolved a bug allowing third parties to trigger password reset emails, denying a breach. Meanwhile, a 17.5M-record leak resurfaced, allegedly from a 2022 API scrape.
Source: SecurityWeek

Share this brief: https://svo.bz/GVkG