Security Affairs newsletter Round 542 by Pierluigi Paganini – INTERNATIONAL EDITION
September 21, 2025
A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box.
Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.
International Press – Newsletter
Gucci, Balenciaga and Alexander McQueen private data ransomed by hackers
Hackers claim access to law enforcement portals, but do they really have access?
Founder of One of World’s Largest Hacker Forums Resentenced to Three Years in Prison
RaccoonO365: An Active Campaign and New Features
FileFix in the wild! New FileFix campaign goes beyond POC and leverages steganography
Microsoft seizes 338 websites to disrupt rapidly growing ‘RaccoonO365’ phishing service
United Kingdom National Charged in Connection with Multiple Cyber Attacks, Including on Critical Infrastructure
Two charged for TfL cyber attack
Inside the Lighthouse and Lucid PhaaS Campaigns Targeting 316 Global Brands
SystemBC – Bringing the Noise
Evolution Cybercrime—Key Trends, Cybersecurity Threats, and Mitigation Strategies from Historical Data
Malware
SmokeLoader Rises From the Ashes
Popular Tinycolor npm Package Compromised in Supply Chain Attack Affecting 40+ Packages
Satori Threat Intelligence Alert: SlopAds Covers Fraud with Layers of Obfuscation
Prompts as Code & Embedded Keys | The Hunt for LLM-Enabled Malware
Large-Scale Attack Targeting Macs via GitHub Pages Impersonating Companies to Attempt to Deliver Stealer Malware
Hacking
A learning approach on exploiting CVE-2020-9273
Rowhammer Attack Demonstrated Against DDR5
6 Browser-Based Attacks Security Teams Need to Prepare For Right Now
Google Patches Chrome Zero-Day CVE-2025-10585 as Active V8 Exploit Threatens Millions
SonicWall Prompts Password Resets After Hackers Obtain Firewall Configurations
ShadowLeak: A Zero-Click, Service-Side Attack Exfiltrating Sensitive Data Using ChatGPT’s Deep Research Agent
CISA Releases Malware Analysis Report on Malicious Listener Targeting Ivanti Endpoint Manager Mobile Systems
Intelligence and Information Warfare
APT Down – The North Korea Files
Hive0154, aka Mustang Panda, drops updated Toneshell backdoor and novel SnakeDisk USB worm
Israel announces seizure of $1.5M from crypto wallets tied to Iran
Ukraine claims cyberattacks on Russian election systems; Moscow confirms disruptions
THREE IRANIAN CYBER ACTORS
SEC targets US firms tied to suspected Chinese ‘pump and dump’ scams
Minding the drone gap: Drone warfare and the EU
Gamaredon X Turla collab
Modus Operandi of Subtle Snail
Cybersecurity
AI Agents are Eroding the Foundations of Cybersecurity
Kids in the UK are hacking their own schools for dares and notoriety
Cloudflare participates in global operation to disrupt RaccoonO365
JLR could face disruption until November after hack
Fortra Sheds Light on GoAnywhere MFT Zero-Day Exploit Used in Ransomware Attacks
Palo Alto Networks Unit 42 Recognised by UK’s NCSC as an Enhanced Level Cyber Incident Response Assured Service Provider
Germany approves new rules to protect critical infrastructure
Passengers stranded at Heathrow, other European airports after cyberattack
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
Pierluigi Paganini
(SecurityAffairs – hacking, newsletter)
