A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box.
Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.
| A flaw in Verizon’s iOS Call Filter app exposed call records of millions |
| Port of Seattle ‘s August data breach impacted 90,000 people |
| President Trump fired the head of U.S. Cyber Command and NSA |
| CERT-UA reports attacks in March 2025 targeting Ukrainian agencies with WRECKSTEEL Malware |
| 39M secrets exposed: GitHub rolls out new security tools |
| China-linked group UNC5221 exploited Ivanti Connect Secure zero-day since mid-March |
| Europol-led operation shuts down CSAM platform Kidflix, leading to 79 arrests |
| New Triada Trojan comes preinstalled on Android devices |
| New advanced FIN7’s Anubis backdoor allows to gain full system control on Windows |
| U.S. CISA adds Apache Tomcat flaw to its Known Exploited Vulnerabilities catalog |
| Apple backported fixes for three actively exploited flaws to older devices |
| Spike in Palo Alto Networks scanner activity suggests imminent cyber threats |
| Microsoft warns of critical flaw in Canon printer drivers |
| CrushFTP CVE-2025-2825 flaw actively exploited in the wild |
| France’s antitrust authority fines Apple €150M for issues related to its App Tracking Transparency |
| Hiding WordPress malware in the mu-plugins directory to avoid detection |
| U.S. CISA adds Cisco Smart Licensing Utility flaw to its Known Exploited Vulnerabilities catalog |
| Russia-linked Gamaredon targets Ukraine with Remcos RAT |
| CoffeeLoader uses a GPU-based packer to evade detection |
| Morphing Meerkat phishing kits exploit DNS MX records |
| CISA warns of RESURGE malware exploiting Ivanti flaw |
| Sam’s Club Investigates Alleged Cl0p Ransomware Breach |
International Press – Newsletter
Cybercrime
Walmart’s Sam’s Club claimed by Cl0p ransomware gang
Anubis Backdoor
New version of Triada steals cryptocurrency, messenger accounts and replaces phone numbers during calls
The beginning of the end: the story of Hunters International
Global crackdown on Kidflix, a major child sexual exploitation platform with almost two million users
Native tribe in Minnesota says cyber incident knocked out healthcare, casino systems
Cyber Forensic Expert in 2,000+ Cases Faces FBI Probe
Malware
CISA Releases Malware Analysis Report on RESURGE Malware Associated with Ivanti Connect Secure
Unboxing Anubis: Exploring the Stealthy Tactics of FIN7’s Latest Backdoor
Advancements in delivery: Scripting with Nietzsche
Analyzing New HijackLoader Evasion Tactics
Malicious Python packages target popular Bitcoin library
Hacking
A Phishing Tale of DoH and DNS MX Abuse
Hackers are now using AI to break AI – and it’s working
Surge in Palo Alto Networks Scanner Activity Indicates Possible Upcoming Threats
Someone is trying to recruit security researchers in bizarre hacking campaign
Critical RCE Vulnerability in Apache Parquet (CVE-2025-30065) – Advisory and Analysis
Compromised SpotBugs Token Led to GitHub Actions Supply Chain Hack
Hacking the Call Records of Millions of Americans
SpotBugs Access Token Theft Identified as Root Cause of GitHub Supply Chain Attack
Intelligence and Information Warfare
Gamaredon campaign abuses LNK files to distribute Remcos backdoor
Russian spies as disinformation actors
The Espionage Toolkit of Earth Alux: A Closer Look at its Advanced Techniques
Suspected China-Nexus Threat Actor Actively Exploiting Critical Ivanti Connect Secure Vulnerability (CVE-2025-22457)
Operation HollowQuill: Malware delivered into Russian R&D Networks via Research Decoy PDFs.
UAC-0219: Cyber espionage using PowerShell stealer WRECKSTEEL
White House fires National Security Agency chief
Israel Enters ‘Stage 3’ of Cyber Wars With Iran Proxies
Poland’s prime minister says cyberattack targeted his party as election nears
Cybersecurity
Fake Passport Generated by ChatGPT Bypasses Security
Apple hit with $162 million French antitrust fine over privacy tool
GitHub found 39M secret leaks in 2024. Here’s what we’re doing to help
TikTok faces €500 million fine for illegally shipping European user data to China – report
Google announces Sec-Gemini v1, a new experimental cybersecurity model
Texas city warns thousands of utility payment site breach
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
Pierluigi Paganini
(SecurityAffairs – hacking, newsletter)