Svoboda Cybersecurity Brief January 14, 2026

University of Hawaii Cancer Center Hackers Stole Research Files, Encrypted Data

Hackers stole sensitive research data from the University of Hawaii Cancer Center in August 2025, including patient information from 1990s studies. The center paid a ransom for a decryptor key and claims the attackers promised to destroy the stolen data.
Source: GovInfoSecurity

Antwerp’s AZ Monica Hospital Hit by Cyberattack, Cancels 70 Surgeries

AZ Monica Hospital in Antwerp shut down all servers after a cyberattack disrupted IT systems, forcing the cancellation of 70 surgeries and transferring critical patients. Emergency care remains operational but at reduced capacity.
Source: Belgian News Agency

Tennessee Man Pleads Guilty to Hacking US Supreme Court Filing System

Nicholas Moore, 24, hacked the US Supreme Court’s electronic document system 25 times between August and October 2023, accessing protected computer information. No details on the accessed data were disclosed.
Source: TechCrunch

Ukraine’s Army Targeted by Charity-Themed Malware Campaign (PluggyApe)

Russian-linked threat group “Void Blizzard” targeted Ukrainian defense officials with fake charity websites delivering PluggyApe malware via Signal/WhatsApp. The backdoor uses MQTT for C2, evasion techniques, and exfiltrates data via pastebin.com.
Impact: Unauthorized access, data exfiltration, and persistence via registry modification.
Mitigation: Monitor suspicious messages, block known IoCs, and enforce endpoint detection.
Source: BleepingComputer

New VoidLink Malware Framework Targets Linux Cloud Servers

VoidLink is a modular, cloud-native Linux malware written in Zig/Go/C, targeting Kubernetes/Docker environments with reconnaissance, credential harvesting, and rootkit capabilities. It evades detection via eBPF-based stealth and self-destructs if tampered with.
Impact: Full system compromise, lateral movement, and data theft.
Mitigation: Update cloud configurations, monitor for unusual API calls, and restrict permissions.
Source: Check Point Research

Central Maine Healthcare Breach Exposes Data of 145,000 Patients

Hackers infiltrated Central Maine Healthcare’s systems from March–June 2025, accessing names, SSNs, and health insurance data. The breach was disclosed in November after investigation.
Source: BleepingComputer

Betterment Confirms Data Breach After Crypto Scam Emails

Hackers breached Betterment’s third-party marketing platform, sending fraudulent crypto scam emails to customers. Exposed data includes names, emails, and phone numbers.
Source: BleepingComputer

Target Source Code Leak Confirmed Authentic by Employees

A threat actor leaked Target’s internal source code (860GB claimed), including CI/CD pipelines and proprietary tools. Employees verified the authenticity, and Target restricted Git server access post-disclosure.
Source: BleepingComputer

ServiceNow Patches Critical AI Platform Flaw (CVE-2025-12420)

ServiceNow fixed a 9.3-CVSS flaw in its AI Platform allowing unauthenticated user impersonation. The bug, dubbed “BodySnatcher,” bypasses MFA/SSO and was patched in October 2025.
Impact: Privilege escalation and unauthorized AI agent execution.
Mitigation: Update to sn_aia 5.1.18+/5.2.19+ or sn_va_as_service 3.15.2+/4.0.4+.
Source: The Hacker News

CISA Warns of Active Exploitation of Gogs Vulnerability (CVE-2025-8110)

CISA added CVE-2025-8110 (CVSS 8.7) to its KEV catalog—a path traversal flaw in Gogs enabling code execution via symlink abuse. No patch exists; workarounds include disabling open registration.
Impact: Remote code execution via git repository manipulation.
Mitigation: Restrict server access via VPN/allow-lists.
Source: The Hacker News

SAP Patches Critical SQL Injection (CVE-2026-0501) and RCE Flaws

SAP’s January 2026 patches address 17 vulnerabilities, including a 9.9-CVSS SQL injection in S/4HANA and a 9.6-CVSS RCE in Wily Introscope.
Impact: Full system compromise via arbitrary SQL/command execution.
Mitigation: Apply patches for S/4HANA, Wily Introscope, and Landscape Transformation.
Source: SecurityWeek

GoBruteforcer Botnet Targets Crypto/Blockchain Projects

The evolved GoBruteforcer brute-forces FTP/MySQL services using default credentials, deploying web shells and IRC bots. It now scans for TRON/BSC wallet balances.
Impact: Credential theft and cryptocurrency theft.
Mitigation: Enforce strong passwords, monitor for unusual SSH activity.
Source: SecurityWeek

Adobe Patches Critical Apache Tika XXE Flaw in ColdFusion

Adobe fixed CVE-2025-66516 (CVSS 10), an XXE flaw in Apache Tika modules used by ColdFusion, exploitable via malicious PDFs.
Impact: RCE, SSRF, or data leaks.
Mitigation: Update to ColdFusion 2025 Update 6 or 2023 Update 18.
Source: SecurityWeek

Spanish Energy Company Endesa Hacked, 20M Records Allegedly Stolen

A threat actor claims to have stolen 1.05TB of Endesa customer data, including DNIs and IBANs. The company confirmed a breach but disputes the scale.
Source: SecurityWeek

Broadcom Wi-Fi Chipset Flaw Disrupts 5GHz Networks

A vulnerability in Broadcom’s Wi-Fi chipsets allows a single crafted frame to disable 5GHz networks, bypassing WPA2/3. Patches are available via vendors like Asus.
Impact: Persistent network disruption.
Mitigation: Apply vendor firmware updates.
Source: SecurityWeek

Share this brief: https://svo.bz/0P3B