Security Affairs newsletter Round 534 by Pierluigi Paganini – INTERNATIONAL EDITION
A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box.
Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.
| Law enforcement operations seized BlackSuit ransomware gang’s darknet sites |
| Arizona woman sentenced for aiding North Korea in U.S. IT job fraud scheme |
| Operation CargoTalon targets Russia’s aerospace with EAGLET malware, |
| Unpatched flaw in EoL LG LNV5110R cameras lets hackers gain Admin access |
| Koske, a new AI-Generated Linux malware appears in the threat landscape |
| Mitel patches critical MiVoice MX-ONE Auth bypass flaw |
| Coyote malware is first-ever malware abusing Windows UI Automation |
| SonicWall fixed critical flaw in SMA 100 devices exploited in Overstep malware attacks |
| DSPM & AI Are Booming: $17.87B and $4.8T Markets by 2033 |
| Stealth backdoor found in WordPress mu-Plugins folder |
| U.S. CISA adds CrushFTP, Google Chromium, and SysAid flaws to its Known Exploited Vulnerabilities catalog |
| U.S. CISA urges FCEB agencies to fix two Microsoft SharePoint flaws immediately and added them to its Known Exploited Vulnerabilities catalog |
| Sophos fixed two critical Sophos Firewall vulnerabilities |
| French Authorities confirm XSS.is admin arrested in Ukraine |
| Microsoft linked attacks on SharePoint flaws to China-nexus actors |
| Cisco confirms active exploitation of ISE and ISE-PIC flaws |
| SharePoint under fire: new ToolShell attacks target enterprises |
| CrushFTP zero-day actively exploited at least since July 18 |
| Hardcoded credentials found in HPE Aruba Instant On Wi-Fi devices |
| MuddyWater deploys new DCHSpy variants amid Iran-Israel conflict |
| U.S. CISA urges to immediately patch Microsoft SharePoint flaw adding it to its Known Exploited Vulnerabilities catalog |
| Microsoft issues emergency patches for SharePoint zero-days exploited in “ToolShell” attacks |
| SharePoint zero-day CVE-2025-53770 actively exploited in the wild |
| Singapore warns China-linked group UNC3886 targets its critical infrastructure |
| U.S. CISA adds Fortinet FortiWeb flaw to its Known Exploited Vulnerabilities catalog |
| Radiology Associates of Richmond data breach impacts 1.4 million people |
International Press – Newsletter
At Least 750 US Hospitals Faced Disruptions During Last Year’s CrowdStrike Outage, Study Finds
Key figure behind major Russian-speaking cybercrime forum targeted in Ukraine
UK student jailed for selling phishing kits linked to £100m of fraud
A Spike in the Desert: How GreyNoise Uncovered a Global Pattern of VOIP-Based Telnet Attacks
Arizona Woman Sentenced in $17M IT Worker Fraud Scheme That Illegally Generated Revenue for North Korea
BlackSuit ransomware gang’s darknet websites seized by police
Hackers are trying to steal passwords and sensitive data from users of Signal clone
Aptly Named: How the Leakzone Exposed Access Logs
Phishers Target Aviation Execs to Scam Customers
Malware
Uncovering a Stealthy WordPress Backdoor in mu-plugins
NPM package ‘is’ with 2.8M weekly downloads infected devs with malware
Coyote in the Wild: First-Ever Malware That Abuses UI Automation
AI-Generated Malware in Panda Image Hides Persistent Linux Threat
Toptal’s GitHub Organization Hijacked: 10 Malicious Packages Published
Hacking
SharePoint Under Siege: from SOC triage to new 0-day
CVE-2025-54309: CrushFTP Zero-Day Exploited in the Wild
Cisco Confirms Active Exploits Targeting ISE Flaws Enabling Unauthenticated Root Access
Fire Ant Exploits VMware Flaws to Compromise ESXi Hosts and vCenter Environments
Intelligence and Information Warfare
What is UNC3886, the group that attacked Singapore’s critical information infrastructure?
Lookout Discovers Iranian APT MuddyWater Leveraging DCHSpy During Israel-Iran Conflict
The SOC files: Rumble in the jungle or APT41’s new target in Africa
SharePoint ToolShell | Zero-Day Exploited in-the-Wild Targets Enterprise Servers
Disrupting active exploitation of on-premises SharePoint vulnerabilities
Profile: GRU cyber and hybrid threat operations
Operation CargoTalon : UNG0901 Targets Russian Aerospace & Defense Sector using EAGLET implant
Apple alerted Iranians to iPhone spyware attacks, say researchers
Cybersecurity
Most cybersecurity risk comes from just 10% of employees
HPE warns of hardcoded passwords in Aruba access points
Should We Trust AI? Three Approaches to AI Fallibility
No Patch for Flaw Exposing Hundreds of LG Cameras to Remote Hacking
UK’s Ransomware Payment Ban: Bold Strategy or Dangerous Gamble?
Allianz Life says ‘majority’ of customers’ personal data stolen in cyberattack
Google took a month to shut down Catwatchful, a phone spyware operation hosted on its servers
Clorox accuses IT provider in lawsuit of giving hackers employee passwords
Follow me on Twitter: @securityaffairs and Facebook and MastodonPierluigi Paganini
(SecurityAffairs – hacking, newsletter)
