svoboda.center Logo svoboda.center

Svoboda Cybersecurity Brief January 18, 2026

Private VPN — just $1.2/mo

Malicious Chrome Extensions Target Enterprise HR Platforms

Credential-stealing Chrome extensions disguised as productivity tools for enterprise HR platforms (Workday, NetSuite, SAP SuccessFactors) were found on the Chrome Web Store. The extensions, installed 2,300+ times, exfiltrated session cookies, blocked security admin pages, and enabled session hijacking via bidirectional cookie injection.
Impact: Enterprise credentials theft, potential ransomware/data breaches.
Mitigation: Remove suspicious extensions, rotate credentials, audit browser extensions.
Source: BleepingComputer

Black Basta Ransomware Leader Added to EU Most Wanted List

Ukrainian and German authorities identified two Ukrainian suspects linked to the Black Basta ransomware group, while the alleged Russian leader Oleg Nefedov was added to EU Most Wanted and INTERPOL Red Notice lists. Black Basta targeted 500+ organizations, earning millions in ransom.
Source: The Hacker News

GhostPoster Malicious Extensions Reach 840,000 Installs

17 malicious browser extensions (e.g., “Google Translate in Right Click”) were discovered in Chrome, Firefox, and Edge stores, hiding backdoor code in logo images. The campaign, active since 2020, hijacks affiliate links and injects iframes for ad fraud.
Impact: Data theft, ad fraud, unauthorized tracking.
Mitigation: Uninstall affected extensions, review installed add-ons.
Source: BleepingComputer

Vastaamo Therapy Data Breach Victim Highlights Lasting Harm

A victim of Finland’s Vastaamo psychotherapy clinic breach described the enduring trauma after hacker Julius Kivimäki leaked 33,000 patients’ therapy notes. Kivimäki was released pending appeal, while victims face extortion and privacy violations.
Source: DataBreaches.net

Tennessee Man Admits Hacking Supreme Court Filing System

Nicholas Moore pleaded guilty to hacking the U.S. Supreme Court’s filing system 25 times using stolen credentials. He also accessed AmeriCorps and VA systems, posting stolen data on Instagram.
Source: SecurityWeek

OCR Emphasizes HIPAA Risk Management and Patching

HHS OCR updated guidance stressing mandatory patching, legacy system risks, and enabled security controls for HIPAA compliance. Common pitfalls include untimely breach notifications and improper PHI disposal.
Source: DataBreaches.net

Anna’s Archive Ordered to Delete Scraped WorldCat Data

A U.S. judge ruled Anna’s Archive must delete 2.2TB of data scraped from OCLC’s WorldCat library catalog. The shadow library, known for hosting pirated content, is unlikely to comply.
Source: DataBreaches.net

OpenAI to Introduce Ads in ChatGPT for Free Users

OpenAI will display ads to logged-in U.S. adult users on free/ChatGPT Go tiers, emphasizing data privacy. Ads won’t influence responses but will be contextually targeted.
Source: The Hacker News

Share this brief: https://svo.bz/seU0

If you want to support us, you can donate here: Donate