A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box.
Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.
| BadCandy Webshell threatens unpatched Cisco IOS XE devices, warns Australian government |
| China-linked UNC6384 exploits Windows zero-day to spy on European diplomats |
| Old Linux Kernel flaw CVE-2024-1086 resurfaces in ransomware attacks |
| EY Exposes 4TB SQL Server Backup Publicly on Microsoft Azure |
| Suspected Chinese actors compromise U.S. Telecom firm Ribbon Communications |
| U.S. CISA adds XWiki Platform, and Broadcom VMware Aria Operations and VMware Tools flaws to its Known Exploited Vulnerabilities catalog |
| Brush exploit can cause any Chromium browser to collapse in 15-60 seconds |
| Ex-Defense contractor exec pleads guilty to selling cyber exploits to Russia |
| Dentsu’s US subsidiary Merkle hit by cyberattack, staff and client data exposed |
| Hacktivists breach Canada’s critical infrastructure, cyber Agency warns |
| Russian hackers, likely linked to Sandworm, exploit legitimate tools against Ukrainian targets |
| U.S. CISA adds Dassault Systèmes DELMIA Apriso flaws to its Known Exploited Vulnerabilities catalog |
| Herodotus Android malware mimics human typing to evade detection |
| Aisuru botnet is behind record 20Tb/sec DDoS attacks |
| Everest group claimed the hack of Sweden’s power grid operator Svenska kraftnät |
| Critical ASP.NET flaw hits QNAP NetBak PC Agent |
| Ransomware payments hit record low: only 23% Pay in Q3 2025 |
| X warns users to re-enroll passkeys and YubiKeys for 2FA by Nov 10 |
| Memento Labs, the ghost of Hacking Team, has returned — or maybe it was never gone at all. |
| Crafted URLs can trick OpenAI Atlas into running dangerous commands |
| Linux variant of Qilin Ransomware targets Windows via remote management tools and BYOVD |
| Wordfence blocks 8.7M attacks exploiting old GutenKit and Hunk Companion flaws |
| Safepay ransomware group claims the hack of professional video surveillance provider Xortec |
International Press – Newsletter
Insider Threats Loom while Ransom Payment Rates Plummet
FBI says card shuffling machines were hacked as part of major illegal gambling schemes
Sweden’s power grid operator confirms data breach claimed by ransomware gang
ASERT Threat Summary: Aisuru and Related TurboMirai Botnet DDoS Attack Mitigation and Suppression—October 2025—v1.0
Former General Manager for U.S. Defense Contractor Pleads Guilty to Selling Stolen Trade Secrets to Russian Broker
NCSC Annual Review 2025
CISA: High-severity Linux flaw now exploited by ransomware gangs
Ukrainian National Extradited from Ireland in Connection with Conti Ransomware
Silent Push Unearths AdaptixC2’s Ties to Russian Criminal Underworld, Tracks Threat Actors Harnessing Open-Source Tool for Malicious Payloads
Hackers threaten to leak data after breaching University of Pennsylvania to send mass emails
Malware
Agenda Ransomware Deploys Linux Variant on Windows Systems Through Remote Management Tools and BYOVD Techniques
Meet Atroposia: The Stealthy Feature-Packed RAT
New Android Malware Herodotus Mimics Human Behaviour to Evade Detection
10 npm Typosquatted Packages Deploy Multi-Stage Credential Harvester
PhantomRaven: NPM Malware Hidden in Invisible Dependencies
Hacking
Mass Exploit Campaign Targeting Arbitrary Plugin Installation Vulnerabilities
CoPhish: Using Microsoft Copilot Studio as a wrapper for OAuth phishing
OpenAI Atlas Omnibox Prompt Injection: URLs That Become Jailbreaks
AI Sidebar Spoofing: Malicious Extensions Impersonates AI Browser Interface
Unseeable prompt injections in screenshots: more vulnerabilities in Comet and other AI browsers
“ChatGPT Tainted Memories:” LayerX Discovers The First Vulnerability in OpenAI Atlas Browser, Allowing Injection of Malicious Instructions into ChatGPT
Internet-accessible industrial control systems (ICS) abused by hacktivists
TEE.fail: Breaking Trusted Execution Environments via DDR5 Memory Bus Interposition
Don’t take BADCANDY from strangers – How your devices could be implanted and what to do about it
Intelligence and Information Warfare
Mem3nt0 mori – The Hacking Team is back!
Ukrainian organizations still heavily targeted by Russian attacks
Crypto wasted: BlueNoroff’s ghost mirage of funding and jobs
US accuses former L3Harris cyber boss of stealing and selling secrets to Russian buyer
Major US Telecom Backbone Firm Hacked by Nation-State Actors
UNC6384 Weaponizes ZDI-CAN-25373 Vulnerability to Deploy PlugX Against Hungarian and Belgian Diplomatic Entities
CN APT targets Serbian Government
Suspected Nation-State Threat Actor Uses New Airstalk Malware in a Supply Chain Attack
Is Space the Final Frontier of Espionage?
China-Linked Tick Group Exploits Lanscope Zero-Day to Hijack Corporate Systems
Cybersecurity
X Warns Users With Security Keys to Re-Enroll Before November 10 to Avoid Lockouts
iOS 26 update erases critical trace files used to identify Pegasus intrusions
Merkle data hit as Dentsu is rocked by ‘security incident’
EY Data Leak – Massive 4TB SQL Server Backup Exposed Publicly on Microsoft Azure
Security Community Slams MIT-linked Report Claiming AI Powers 80% of Ransomware
How Android provides the most effective protection to keep you safe from mobile scams
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
Pierluigi Paganini
(SecurityAffairs – hacking, newsletter)
