A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box.
Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.
| Palo Alto Networks fixed multiple privilege escalation flaws |
| Unusual toolset used in recent Fog Ransomware attack |
| A cyberattack on United Natural Foods caused bread shortages and bare shelves |
| Apple confirmed that Messages app flaw was actively exploited in the wild |
| Trend Micro fixes critical bugs in Apex Central and TMEE PolicyServer |
| Paragon Graphite Spyware used a zero-day exploit to hack at least two journalists’ iPhones |
| SinoTrack GPS device flaws allow remote vehicle control and location tracking |
| U.S. CISA adds Wazuh, and WebDAV flaws to its Known Exploited Vulnerabilities catalog |
| Exposed eyes: 40,000 security cameras vulnerable to remote hacking |
| Operation Secure: INTERPOL dismantles 20,000+ malicious IPs in major cybercrime crackdown |
| Over 80,000 servers hit as Roundcube RCE bug gets rapidly exploited |
| A flaw could allow recovery of the phone number associated with any Google account |
| Data Breach |
| Texas Department of Transportation (TxDOT) data breach exposes 300,000 crash reports |
| SAP June 2025 Security Patch Day fixed critical NetWeaver bug |
| U.S. CISA adds RoundCube Webmail and Erlang Erlang/OTP SSH server flaws to its Known Exploited Vulnerabilities catalog |
| Mirai botnets exploit Wazuh RCE, Akamai warned |
| China-linked threat actor targeted +70 orgs worldwide, SentinelOne warns |
| DOJ moves to seize $7.74M in crypto linked to North Korean IT worker scam |
| OpenAI bans ChatGPT accounts linked to Russian, Chinese cyber ops |
| New Mirai botnet targets TBK DVRs by exploiting CVE-2024-3721 |
| BadBox 2.0 botnet infects millions of IoT devices worldwide, FBI warns |
| Over 950K weekly downloads at risk in ongoing supply chain attack on Gluestack packages |
International Press – Newsletter
Cybercrime
20,000 malicious IPs and domains taken down in INTERPOL infostealer crackdown
Eggs in a Cloudy Basket: Skeleton Spider’s Trusted Cloud Malware Delivery
Singapore leads multinational operation to shutter scam centers tied to $225 million in thefts
Fog Ransomware: Unusual Toolset Used in Recent Attack
Cyberattack leads to Whole Foods shortages
Whole Foods supplier United Natural Foods says cyber incident disrupted operations
Inside a Dark Adtech Empire Fed by Fake CAPTCHAs
Malware
Supply chain attack hits Gluestack NPM packages with 960K weekly downloads
Destructive npm Packages Disguised as Utilities Enable Remote System Wipe
Demystifying Myth Stealer: A Rust Based InfoStealer
DanaBleed: DanaBot C2 Server Memory Leak Bug
Two Botnets, One Flaw: Mirai Spreads Through Wazuh Vulnerability
Hacking
Bruteforcing the phone number of any Google user
Hackers Stole 300,000 Crash Reports From Texas Department of Transportation
Big Brother Is Watching You
catdoc zero-day, NVIDIA, High-Logic FontCreator and Parallel vulnerabilities
SinoTrack GPS Devices Vulnerable to Remote Vehicle Control via Default Passwords
SmartAttack: Air-Gap Attack via Smartwatches
The TokenBreak Attack
Weaponizing Wholesome Yearbook Quotes to Break AI Chatbot Filters
JSFireTruck: Exploring Malicious JavaScript Using JSF*ck as an Obfuscation Technique
Intelligence and Information Warfare
Disrupting malicious uses of AI: June 2025
Operation Phantom Enigma
Proxy Services Feast on Ukraine’s IP Address Exodus
Follow the Smoke | China-nexus Threat Actors Hammer At the Doors of Top Tier Targets
Telegram, the FSB, and the Man in the Middle
Paragon says it canceled contracts with Italy over government’s refusal to investigate spyware attack on journalist
Sleep with one eye open: how Librarian Ghouls steal data by night
UNC1151 exploiting Roundcube to steal user credentials in a spearphishing campaign
Meta found a new way to violate your privacy. Here’s what you can do
Graphite Caught First Forensic Confirmation of Paragon’s iOS Mercenary Spyware Finds Journalists Targeted
Cybersecurity
Department Files Civil Forfeiture Complaint Against Over $7.74M Laundered on Behalf of the North Korean Government
Why the Revision of the Cybersecurity Act is the Most Consequential Regulatory Development of 2025 (and Beyond)
Defending Against Malware: The Invisible Enemy
AI could unleash ‘deep societal upheavals’ that many elites are ignoring, Palantir CEO Alex Karp warns
Apple fixes new iPhone zero-day bug used in Paragon spyware hacks
Global Cybersecurity Market To Reach $1 Trillion Annually By 2031
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
Pierluigi Paganini
(SecurityAffairs – hacking, newsletter)
