Security Affairs newsletter Round 535 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs newsletter Round 535 by Pierluigi Paganini – INTERNATIONAL EDITION

A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box.

Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

New Linux backdoor Plague bypasses auth via malicious PAM module
China Presses Nvidia Over Alleged Backdoors in H20 Chips Amid Tech Tensions
Malicious AI-generated npm package hits Solana users
Meta Offers $1M bounty at Pwn2Own Ireland 2025 for WhatsApp exploits
ToolShell under siege: Check Point analyzes Chinese APT Storm-2603
CISA released Thorium platform to support malware and forensic analysis
Russia-linked APT Secret Blizzard targets foreign embassies in Moscow with ApolloShadow malware
Attackers actively exploit critical zero-day in Alone WordPress Theme
Dahua Camera flaws allow remote hacking. Update firmware now
Researchers released a decryptor for the FunkSec ransomware
Apple fixed a zero-day exploited in attacks against Google Chrome users
PyPI maintainers alert users to email verification phishing attack
FBI seizes 20 BTC from Chaos Ransomware affiliate targeting Texas firms
Critical SAP flaw exploited to launch Auto-Color Malware attack on U.S. company
Orange reports major cyberattack, warns of service disruptions
Hackers leak images and comments from women dating safety app Tea
Pro-Ukraine hacktivists claim cyberattack on Russian Airline Aeroflot that caused the cancellation of +100 flights
Seychelles Commercial Bank Reported Cybersecurity Incident
Microsoft uncovers macOS flaw allowing bypass TCC protections and exposing sensitive data
U.S. CISA adds Cisco ISE and PaperCut NG/MF flaws to its Known Exploited Vulnerabilities catalog
Critical WordPress Post SMTP plugin flaw exposes 200K+ sites to full takeover
Scattered Spider targets VMware ESXi in using social engineering
China-linked group Fire Ant exploits VMware and F5 flaws since early 2025
Allianz Life data breach exposed the data of most of its 1.4M customers

International Press – Newsletter

Cybercrime

Cybercriminals Attack Seychelles – Offshore Banking as a Target

Allianz Life says ‘majority’ of customers’ personal data stolen in cyberattack

United States files a civil complaint in the Northern District of Texas seeking the forfeiture of over $1.7 million worth of cryptocurrency seized by Dallas FBI

Minnesota Activates National Guard in Response to Cyberattack

Scammers Unleash Flood of Slick Online Gaming Sites

PyPI Users Email Phishing Attack

Malware

Endgame Gear mouse config tool infected users with malware

Auto-Color Backdoor: How Darktrace Thwarted a Stealthy Linux Intrusion

Sealed Chain of Deception: Actors leveraging Node.JS to Launch JSCeal

Decrypted: FunkSec Ransomware 

Threat actor uses AI to create a better crypto wallet drainer 

Hacking

From Help Desk to Hypervisor: Defending Your VMware vSphere Estate from UNC3944

Account Takeover Vulnerability Affecting Over 400K Installations Patched in Post SMTP Plugin

Sploitlight: Analyzing a Spotlight-based macOS TCC vulnerability

How attackers are still phishing “phishing-resistant” authentication

Vulnerabilities Identified in Dahua Hero C1 Smart Cameras

Attackers Actively Exploiting Critical Vulnerability in Alone Theme

UNC2891 Bank Heist: Physical ATM Backdoor & Linux Forensic Evasion Evasion

How AI red teams find hidden flaws before attackers do

MaterialX and OpenEXR Security Audit

Before ToolShell: Exploring Storm-2603’s Previous Ransomware Operations

Pwn2Own Returns to Ireland with a One Million Dollar WhatsApp Target

Intelligence and Information Warfare

Fire Ant: A Deep-Dive into Hypervisor-Level Espionage

Cyberattack on Russian airline Aeroflot causes the cancellation of more than 100 flights

Beijing summons Nvidia over alleged backdoors in China-bound AI chips

Google says UK government has not demanded an encryption backdoor for its users’ data

The Covert Operator’s Playbook: Infiltration of Global Telecom Networks

N. Korean Hackers Used Job Lures, Cloud Account Access, and Malware to Steal Millions in Crypto 

Cybersecurity

A Second Tea Breach Reveals Users’ DMs About Abortions and Cheating

Orange, France’s largest telecoms company, hit by cyberattack

Wyden asks White House to scrutinize UK surveillance laws

Apple patches security flaw exploited in Chrome zero-day attacks

Cost of a Data Breach Report 2025 The AI Oversight Gap

Frozen in transit: Secret Blizzard’s AiTM campaign against diplomats

Thorium Platform Public Availability

The Growing Impact Of AI And Quantum On Cybersecurity

From Payrolls to Patents: The Spectrum of Data Leaked into GenAI Copy

Minnesota activates National Guard as cyberattack on Saint Paul disrupts public services

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, newsletter)




Source link