Security Affairs newsletter Round 544 by Pierluigi Paganini – INTERNATIONAL EDITION
October 05, 2025
A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box.
Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.
| GreyNoise detects 500% surge in scans targeting Palo Alto Networks portals |
| U.S. CISA adds Smartbedded Meteobridge, Samsung, Juniper ScreenOS, Jenkins, and GNU Bash flaws to its Known Exploited Vulnerabilities catalog |
| ShinyHunters Launches Data Leak Site: Trinity of Chaos Announces New Ransomware Victims |
| ProSpy, ToSpy malware pose as Signal and ToTok to steal data in UAE |
| Google warns of Cl0p extortion campaign against Oracle E-Business users |
| CERT-UA warns UAC-0245 targets Ukraine with CABINETRAT backdoor |
| Allianz Life data breach impacted 1.5 Million people |
| Cybercrime group claims to have breached Red Hat ‘s private GitHub repositories |
| China-linked APT Phantom Taurus uses Net-Star malware in espionage campaigns against key sectors |
| OpenSSL patches 3 vulnerabilities, urging immediate updates |
| Apple urges users to update iPhone and Mac to patch font bug |
| WestJet confirms cyberattack exposed IDs, passports in June incident |
| Broadcom patches VMware Zero-Day actively exploited by UNC5174 |
| UK convicts Chinese national in £5.5B crypto fraud, marks world’s largest Bitcoin seizure |
| U.S. CISA adds Adminer, Cisco IOS, Fortra GoAnywhere MFT, Libraesva ESG, and Sudo flaws to its Known Exploited Vulnerabilities catalog |
| Asahi halts ordering, shipping, and customer service after cyberattack |
| Scattered Spider, ShinyHunters Restructure – New Attacks Underway |
| UK grants £1.5B loan to Jaguar Land Rover after cyberattack |
| Harrods alerts customers to new data breach linked to third-party provider |
| Akira Ransomware bypasses MFA on SonicWall VPNs |
| Despite Russian influence, Moldova votes Pro-EU, highlighting future election risks |
| Dutch teens arrested for spying on behalf of pro-Russian hackers |
| Cyberattack on Co-op leaves shelves empty, data stolen, and $275M in lost revenue |
International Press – Newsletter
Smash and Grab: Aggressive Akira Campaign Targets SonicWall VPNs, Deploys Ransomware in an Hour or Less
Woman convicted following world’s largest crypto seizure
The Kids Aren’t Alright
Trinity of Chaos: The LAPSUS$, ShinyHunters, and Scattered Spider Alliance Embarks on Global Cybercrime Spree
‘You’ll never need to work again’: Criminals offer reporter money to hack BBC
Red Hat confirms security incident after hackers claim GitHub breach
Researchers Say They Flagged Cyber Flaws at Jaguar Ahead of Crippling Breach
Oracle Apps Exploited by Hackers in New Extortion Campaign
Silent Smishing : The Hidden Abuse of Cellular Router APIs
Malware
First Malicious MCP in the Wild: The Postmark Backdoor That’s Stealing Your Emails
Klopatra: exposing a new Android banking trojan operation with roots in Turkey
Check Your Socks – A Deep Dive into soopsocks PyPI Package
New spyware campaigns target privacy-conscious Android users in the UAE
Rhadamanthys 0.9.x – walk through the updates
Hacking
AppSuite, OneStart & ManualFinder: The Nexus of Deception
Apple fixes critical font processing bug. Update now!
Why hackers are targeting the world’s shipping
HackerOne Report Finds 210% Spike in AI Vulnerability Reports Amid Rise of AI Autonomy
Palo Alto Scanning Surges ~500% in 48 Hours, Marking 90-Day High
WireTap: Breaking Server SGX via DRAM Bus Interposition
Battering RAM Low-Cost Interposer Attacks on Confidential Computing
OneLogin, Many Secrets: Clutch Uncovers Critical API Vulnerability Exposing Client Credentials
Intelligence and Information Warfare
Two Dutch teens arrested in rare Russian espionage case
Pro-EU party in Moldova set to win vote mired in claims of Russian interference
You name it, VMware elevates it (CVE-2025-41244)
Phantom Taurus: A New Chinese Nexus APT and the Discovery of the NET-STAR Malware Suite
SVG Phishing hits Ukraine with Amatera Stealer, PureMiner
CABINETRAT backdoor used by UAC-0245 for targeted cyberattacks against SOU (CERT-UA#17479)
Cavalry Werewolf raids Russia’s public sector with trusted relationship attacks
Confucius Espionage: From Stealer to Backdoor
Cybersecurity
Harrods warns customers their data may have been stolen in IT breach
Government backs Jaguar Land Rover with £1.5 billion loan guarantee
WestJet confirms recent breach exposed customers’ passports
AI Agents Are Eroding the Foundations of Cybersecurity
Feds cut funding to program that shared cyber threat info with local governments
California enacts AI safety law targeting tech giants
Package Maintainers Call for Improvements to GitHub’s New npm Security Plan
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
Pierluigi Paganini
(SecurityAffairs – hacking, newsletter)
