Security Affairs newsletter Round 545 by Pierluigi Paganini – INTERNATIONAL EDITION
October 12, 2025
A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box.
Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.
| CVE-2025-11371: Unpatched zero-day in Gladinet CentreStack, Triofox under attack |
| Cybercrime ring GXC Team dismantled in Spain, 25-year-old leader detained |
| Attackers exploit valid logins in SonicWall SSL VPN compromise |
| Apple doubles maximum bug bounty to $2M for zero-click RCEs |
| Juniper patched nine critical flaws in Junos Space |
| Ukraine sees surge in AI-Powered cyberattacks by Russia-linked Threat Actors |
| U.S. CISA adds Grafana flaw to its Known Exploited Vulnerabilities catalog |
| RondoDox Botnet targets 56 flaws across 30+ device types worldwide |
| ClayRat campaign uses Telegram and phishing sites to distribute Android spyware |
| CVE-2025-5947: WordPress Plugin flaw lets hackers access Admin accounts |
| Threat actors steal firewall configs, impacting all SonicWall Cloud Backup users |
| Discord denies massive breach, confirms limited exposure of 70K ID photos |
| Qilin ransomware claimed responsibility for the attack on the beer giant Asahi |
| DragonForce, LockBit, and Qilin, a new triad aims to dominate the ransomware landscape |
| DraftKings thwarts credential stuffing attack, but urges password reset and MFA |
| Redis patches 13-Year-Old Lua flaw enabling Remote Code Execution |
| U.S. CISA adds Synacor Zimbra Collaboration Suite (ZCS) flaw to its Known Exploited Vulnerabilities catalog |
| GoAnywhere MFT zero-day used by Storm-1175 in Medusa ransomware campaigns |
| CrowdStrike ties Oracle EBS RCE (CVE-2025-61882) to Cl0p attacks began Aug 9, 2025 |
| U.S. CISA adds Oracle, Mozilla, Microsoft Windows, Linux Kernel, and Microsoft IE flaws to its Known Exploited Vulnerabilities catalog |
| Discord discloses third-party breach affecting customer support data |
| Oracle patches critical E-Business Suite flaw exploited by Cl0p hackers |
| LinkedIn sues ProAPIs for $15K/Month LinkedIn data scraping scheme |
| Zimbra users targeted in zero-day exploit using iCalendar attachments |
| Reading the ENISA Threat Landscape 2025 report |
| Ghost in the Cloud: Weaponizing AWS X-Ray for Command & Control |
International Press – Newsletter
UAT-8099: Chinese-speaking cybercrime group targets high-value IIS for SEO fraud
CVE-2025-61882 Mass Exploitation — Oracle E-Business Suite (EBS) Under Attack by Cl0p Ransomware
Investigating active exploitation of CVE-2025-10035 GoAnywhere Managed File Transfer vulnerability
DraftKings Warns Users of Credential Stuffing Attacks
Discord says 70,000 users may have had their government IDs leaked in breach
ShinyHunters Wage Broad Corporate Extortion Spree
Inside Akira’s SonicWall Campaign: Darktrace’s Detection and Response
DDoS Botnet Aisuru Blankets US ISPs in Record DDoS
The Civil Guard dismantles a banking phishing network and arrests the main developer of credential-stealing kits in Spain
FBI takes down BreachForums portal used for Salesforce extortion
Two arrested by the Met following nursery cyber-attack
Malware
Ransomware and Cyber Extortion in Q3 2025
XWorm V6: Exploring Pivotal Plugins
ClayRat: A New Android Spyware Targeting Russia
175 Malicious npm Packages Host Phishing Infrastructure Targeting 135+ Organizations
Hacking
Ghost in the Cloud: Weaponizing AWS X-Ray for Command & Control
0day .ICS attack in the wild
CrowdStrike Identifies Campaign Targeting Oracle E-Business Suite via Zero-Day Vulnerability (now tracked as CVE-2025-61882)
It Is Bad (Exploitation of Fortra GoAnywhere MFT CVE-2025-10035) – Part 2
Active Exploitation of Gladinet CentreStack and Triofox Local File Inclusion Flaw (CVE-2025-11371)
Credential stuffing: £2.31 million fine shows passwords are still the weakest link
Introducing CodeMender: an AI agent for code security
Huntress Threat Advisory: Widespread SonicWall SSLVPN Compromise
Intelligence and Information Warfare
Disrupting malicious uses of AI: October 2025
North Korea’s crypto hackers have stolen over $2 billion in 2025
New cyber threats: who and how hostile groups attack
Hacktivists target critical infrastructure, hit decoy plant
The Crown Prince, Nezha: A New Tool Favored by China-Nexus Threat Actors
BatShadow: Vietnamese Threat Actor Expands Its Digital Operations
Cybersecurity
LinkedIn sues software company allegedly scraping data from millions of profiles
Red Hat Consulting breach puts over 5000 high profile enterprise customers at risk — in detail
RediShell: Critical Remote Code Execution Vulnerability (CVE-2025-49844) in Redis, 10 CVSS score
Germany slams brakes on EU’s Chat Control device-scanning snoopfest
A major evolution of Apple Security Bounty, with the industry’s top awards for the most advanced research
SonicWall Concludes Investigation Into Incident Affecting MySonicWall Configuration Backup Files
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
Pierluigi Paganini
(SecurityAffairs – hacking, newsletter)
