A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box.
Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.
| Kidney dialysis firm DaVita confirms ransomware attack compromised data of 2.7M people |
| China-linked Silk Typhoon APT targets North America |
| Over 300 entities hit by a variant of Atomic macOS Stealer in recent campaign |
| Operation Serengeti 2.0: INTERPOL nabs 1,209 cybercriminals in Africa, seizes $97M |
| After SharePoint attacks, Microsoft stops sharing PoC exploit code with China |
| Former developer jailed after deploying kill-switch malware at Ohio firm |
| Colt Discloses Breach After Warlock Ransomware Group Puts Files Up for Sale |
| U.S. CISA adds Apple iOS, iPadOS, and macOS flaw to its Known Exploited Vulnerabilities catalog |
| Orange Belgium July data breach impacted 850,000 customers |
| Apple addressed the seventh actively exploited zero-day |
| Hackers deploy DripDropper via Apache ActiveMQ flaw, patch systems to evade detection |
| A Scattered Spider member gets 10 years in prison |
| FBI: Russia-linked group Static Tundra exploit old Cisco flaw for espionage |
| US CERT/CC warns of flaws in Workhorse Software accounting software used by hundreds of municipalities in Wisconsin |
| Britain targets Kyrgyz financial institutions, crypto networks aiding Kremlin |
| DOJ takes action against 22-year-old running RapperBot Botnet |
| Google fixed Chrome flaw found by Big Sleep AI |
| Pharmaceutical firm Inotiv discloses ransomware attack. Qilin group claims responsibility for the hack |
| A hacker tied to Yemen Cyber Army gets 20 months in prison |
| Exploit weaponizes SAP NetWeaver bugs for full system compromise |
| Noodlophile Stealer evolution |
| Allianz Life security breach impacted 1.1 million customers |
| Analyzing evolution of the PipeMagic malware |
| U.S. CISA adds Trend Micro Apex One flaw to its Known Exploited Vulnerabilities catalog |
| AI for Cybersecurity: Building Trust in Your Workflows |
| Human resources firm Workday disclosed a data breach |
| DoJ seizes $2.8M linked to Zeppelin Ransomware |
| Xerox fixed path traversal and XXE bugs in FreeFlow Core |
| Colt Technology faces multi-day outage after WarLock ransomware attack |
International Press – Newsletter
Cybercrime
Justice Department Announces Seizure of Over $2.8 Million in Cryptocurrency, Cash, and other Assets
Colt Telecom attack claimed by WarLock ransomware, data up for sale
Serial hacker who defaced official websites is sentenced
Oregon man charged with administering “Rapper Bot” DDoS-for-hire Botnet
Fraud-as-a-Service: The Rising Threat to Africa’s Digital Future
SIM-Swapper, Scattered Spider Hacker Gets 10 Years
Colt confirms customer data stolen as Warlock ransomware auctions files
Chinese National Who Deployed “Kill Switch” Code on Employer’s Network Sentenced to Four Years in Prison
African authorities dismantle massive cybercrime and fraud networks, recover millions
Europol confirms $50,000 Qilin ransomware reward is fake
Malware
Hunt.io Exposes and Analyzes ERMAC V3.0 Banking Trojan Full Source Code Leak
Evolution of the PipeMagic backdoor: from the RansomExx incident to CVE-2025-29824
Noodlophile Stealer Evolves: Targeted Copyright Phishing Hits Enterprises with Social Media Footprints
GodRAT – New RAT targeting financial institutions
Preventing Domain Resurrection Attacks
Hacking
From Support Ticket to Zero Day
New Exploit for Critical SAP Vulnerability CVE-2025-31324 Released in the Wild
Hijacked Satellites and Orbiting Space Weapons: In the 21st Century, Space Is the New Battlefield
Google says its AI-based bug hunter found 20 security vulnerabilities
“Scamlexity” We Put Agentic AI Browsers to the Test – They Clicked, They Paid, They Failed
Brazil: 121,981 files were exposed without security on a server containing health documents
DOM-based Extension Clickjacking: Your Password Manager Data at Risk
Scattered Spider: A Threat Profile
Apple Patches CVE-2025-43300 Zero-Day in iOS, iPadOS, and macOS Exploited in Targeted Attacks
Intelligence and Information Warfare
Russian state-sponsored espionage group Static Tundra compromises unpatched end-of-life network devices
Russian Government Cyber Actors Targeting Networking Devices, Critical Infrastructure
Microsoft reportedly cuts China’s early access to bug disclosures, PoC exploit code
MURKY PANDA: A Trusted-Relationship Threat in the Cloud
APT36: Targets Indian BOSS Linux Systems with Weaponized AutoStart Files
Cybersecurity
HR giant Workday discloses data breach amid Salesforce attacks
Allianz Life data breach affects 1.1 million customers
U.K. Government Drops Apple Encryption Backdoor Order After U.S. Civil Liberties Pushback
Flaws in Software Used by Hundreds of Cities and Towns Exposed Sensitive Data
Orange Belgium informs its customers about a cyberattack
Hackers who exposed North Korean government hacker explain why they did it
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
Pierluigi Paganini
(SecurityAffairs – hacking, newsletter)
