A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box.
Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.
| The FBI warns that Scattered Spider is now targeting the airline sector |
| LapDogs: China-nexus hackers Hijack 1,000+ SOHO devices for espionage |
| Taking over millions of developers exploiting an Open VSX Registry flaw |
| OneClik APT campaign targets energy sector with stealthy backdoors |
| APT42 impersonates cyber professionals to phish Israeli academics and journalists |
| Kai West, aka IntelBroker, indicted for cyberattacks causing $25M in damages |
| Cisco fixed critical ISE flaws allowing Root-level remote code execution |
| U.S. CISA adds AMI MegaRAC SPx, D-Link DIR-859 routers, and Fortinet FortiOS flaws to its Known Exploited Vulnerabilities catalog |
| CitrixBleed 2: The nightmare that echoes the ‘CitrixBleed’ flaw in Citrix NetScaler devices |
| Hackers deploy fake SonicWall VPN App to steal corporate credentials |
| Mainline Health Systems data breach impacted over 100,000 individuals |
| Disrupting the operations of cryptocurrency mining botnets |
| Prometei botnet activity has surged since March 2025 |
| The U.S. House banned WhatsApp on government devices due to security concerns |
| Russia-linked APT28 use Signal chats to target Ukraine official with malware |
| China-linked APT Salt Typhoon targets Canadian Telecom companies |
| U.S. warns of incoming cyber threats following Iran airstrikes |
| McLaren Health Care data breach impacted over 743,000 people |
| The financial impact of Marks & Spencer and Co-op cyberattacks could reach £440M |
| Iran-Linked Threat Actors Cyber Fattah Leak Visitors and Athletes’ Data from Saudi Games |
| Qilin ransomware gang now offers a “Call Lawyer” feature to pressure victims |
| Iran-Linked Threat Actors Cyber Fattah Leak Visitors and Athletes’ Data from Saudi Games |
| Qilin ransomware gang now offers a “Call Lawyer” feature to pressure victims |
International Press – Newsletter
Cybercrime
Lessons from Qilin: What the Industry’s Most Efficient Ransomware Teaches Us
A look at ‘Tinker,’ Black Basta’s phishing fixer, negotiator
Four more defendants in REvil hacker case sentenced in St. Petersburg
Anthropic study: Leading AI models show up to 96% blackmail rate against executives
Serial Hacker “IntelBroker” Charged For Causing $25 Million In Damages To Victims
Police arrest five high-profile French hackers behind a notorious data theft forum
Cybercriminals Abuse Open-Source Tools To Target Africa’s Financial Sector
FBI Warns of Scattered Spider’s Expanding Attacks on Airlines Using Social Engineering
Malware
Ransomware Gangs Collapse as Qilin Seizes Control
Dissecting a Python Ransomware distributed through GitHub repositories
Resurgence of the Prometei Botnet
ConnectUnwise: Threat actors abuse ConnectWise as builder for signed malware
GIFTEDCROOK’s Strategic Pivot: From Browser Stealer to Data Exfiltration Platform During Critical Ukraine Negotiations
Hacking
FreeType Zero-Day Found by Meta Exploited in Paragon Spyware Attacks
CoinMarketCap briefly hacked to drain crypto wallets via fake Web3 popup
Echo Chamber: A Context-Poisoning Jailbreak That Bypasses LLM Guardrails
Cryptominers’ Anatomy: Shutting Down Mining Botnets
CitrixBleed 2: Electric Boogaloo — CVE-2025–5777
4 Powerful Applications of IDALib: Headless IDA in Action
Marketplace Takeover: How We Could’ve Taken Over Every Developer Using a VSCode Fork; Putting Millions at Risk
New FileFix Method Emerges as a Threat Following 517% Rise in ClickFix Attacks
Intelligence and Information Warfare
Iran-Linked Threat Actors Leak Visitors and Athletes’ Data from Saudi Games
Iran – Summary of the Threat to the United States
PRC cyber actors target telecommunications companies as part of a global cyberespionage campaign
SadFuture: Mapping XDSpy latest evolution
Another Wave: North Korean Contagious Interview Campaign Drops 35 New Malicious npm Packages
How Cyber Warfare Changes the Face of Geopolitical Conflict
UAC-0001 (APT28) Cyber Attacks on Government Agencies Using BEARDSHELL and COVENANT
Iranian Educated Manticore Targets Leading Tech Academics
OneClik: A ClickOnce-Based APT Campaign Targeting Energy, Oil and Gas Infrastructure
Hive0154 aka Mustang Panda shifts focus on Tibetan community to deploy Pubload backdoor
DeepSeek Deception: Sainbox RAT & Hidden Rootkit Delivery
Analysis of the latest attack activities of APT-C-06 (DarkHotel) using BYOVD technology
Taiwan Strait hotspot bait! Wangci organization combines 0day and ClickOnce technology to carry out espionage activities
Unmasking A New China-Linked Covert ORB Network: Inside the LapDogs Campaign
Cybersecurity
Cyber Monitoring Centre Statement on Ransomware Incidents in the Retail Sector – June 2025
743,000 Impacted by McLaren Health Care Data Breach
Scoop: WhatsApp banned on House staffers’ devices
Leaking Secrets in the Age of AI
OpenAI May Have Screwed Up So Badly That Its Entire Future Is Under Threat
Bipartisan Bill Aims to Block Chinese AI From Federal Agencies
ESET Threat Report H1 2025
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
Pierluigi Paganini
(SecurityAffairs – hacking, newsletter)
