Security Affairs newsletter Round 535 by Pierluigi Paganini – INTERNATIONAL EDITION
A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box.
Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.
| New Linux backdoor Plague bypasses auth via malicious PAM module |
| China Presses Nvidia Over Alleged Backdoors in H20 Chips Amid Tech Tensions |
| Malicious AI-generated npm package hits Solana users |
| Meta Offers $1M bounty at Pwn2Own Ireland 2025 for WhatsApp exploits |
| ToolShell under siege: Check Point analyzes Chinese APT Storm-2603 |
| CISA released Thorium platform to support malware and forensic analysis |
| Russia-linked APT Secret Blizzard targets foreign embassies in Moscow with ApolloShadow malware |
| Attackers actively exploit critical zero-day in Alone WordPress Theme |
| Dahua Camera flaws allow remote hacking. Update firmware now |
| Researchers released a decryptor for the FunkSec ransomware |
| Apple fixed a zero-day exploited in attacks against Google Chrome users |
| PyPI maintainers alert users to email verification phishing attack |
| FBI seizes 20 BTC from Chaos Ransomware affiliate targeting Texas firms |
| Critical SAP flaw exploited to launch Auto-Color Malware attack on U.S. company |
| Orange reports major cyberattack, warns of service disruptions |
| Hackers leak images and comments from women dating safety app Tea |
| Pro-Ukraine hacktivists claim cyberattack on Russian Airline Aeroflot that caused the cancellation of +100 flights |
| Seychelles Commercial Bank Reported Cybersecurity Incident |
| Microsoft uncovers macOS flaw allowing bypass TCC protections and exposing sensitive data |
| U.S. CISA adds Cisco ISE and PaperCut NG/MF flaws to its Known Exploited Vulnerabilities catalog |
| Critical WordPress Post SMTP plugin flaw exposes 200K+ sites to full takeover |
| Scattered Spider targets VMware ESXi in using social engineering |
| China-linked group Fire Ant exploits VMware and F5 flaws since early 2025 |
| Allianz Life data breach exposed the data of most of its 1.4M customers |
International Press – Newsletter
Cybercriminals Attack Seychelles – Offshore Banking as a Target
Allianz Life says ‘majority’ of customers’ personal data stolen in cyberattack
United States files a civil complaint in the Northern District of Texas seeking the forfeiture of over $1.7 million worth of cryptocurrency seized by Dallas FBI
Minnesota Activates National Guard in Response to Cyberattack
Scammers Unleash Flood of Slick Online Gaming Sites
PyPI Users Email Phishing Attack
Malware
Endgame Gear mouse config tool infected users with malware
Auto-Color Backdoor: How Darktrace Thwarted a Stealthy Linux Intrusion
Sealed Chain of Deception: Actors leveraging Node.JS to Launch JSCeal
Decrypted: FunkSec Ransomware
Threat actor uses AI to create a better crypto wallet drainer
Hacking
From Help Desk to Hypervisor: Defending Your VMware vSphere Estate from UNC3944
Account Takeover Vulnerability Affecting Over 400K Installations Patched in Post SMTP Plugin
Sploitlight: Analyzing a Spotlight-based macOS TCC vulnerability
How attackers are still phishing “phishing-resistant” authentication
Vulnerabilities Identified in Dahua Hero C1 Smart Cameras
Attackers Actively Exploiting Critical Vulnerability in Alone Theme
UNC2891 Bank Heist: Physical ATM Backdoor & Linux Forensic Evasion Evasion
How AI red teams find hidden flaws before attackers do
MaterialX and OpenEXR Security Audit
Before ToolShell: Exploring Storm-2603’s Previous Ransomware Operations
Pwn2Own Returns to Ireland with a One Million Dollar WhatsApp Target
Intelligence and Information Warfare
Fire Ant: A Deep-Dive into Hypervisor-Level Espionage
Cyberattack on Russian airline Aeroflot causes the cancellation of more than 100 flights
Beijing summons Nvidia over alleged backdoors in China-bound AI chips
Google says UK government has not demanded an encryption backdoor for its users’ data
The Covert Operator’s Playbook: Infiltration of Global Telecom Networks
N. Korean Hackers Used Job Lures, Cloud Account Access, and Malware to Steal Millions in Crypto
Cybersecurity
A Second Tea Breach Reveals Users’ DMs About Abortions and Cheating
Orange, France’s largest telecoms company, hit by cyberattack
Wyden asks White House to scrutinize UK surveillance laws
Apple patches security flaw exploited in Chrome zero-day attacks
Cost of a Data Breach Report 2025 The AI Oversight Gap
Frozen in transit: Secret Blizzard’s AiTM campaign against diplomats
Thorium Platform Public Availability
The Growing Impact Of AI And Quantum On Cybersecurity
From Payrolls to Patents: The Spectrum of Data Leaked into GenAI Copy
Minnesota activates National Guard as cyberattack on Saint Paul disrupts public services
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
Pierluigi Paganini
(SecurityAffairs – hacking, newsletter)
