A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box.
Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.
| Embargo Ransomware nets $34.2M in crypto since April 2024 |
| Germany limits police spyware use to serious crimes |
| Phishing attacks exploit WinRAR flaw CVE-2025-8088 to install RomCom |
| French firm Bouygues Telecom suffered a data breach impacting 6.4M customers |
| Columbia University data breach impacted 868,969 people |
| SonicWall dismisses zero-day fears after Ransomware probe |
| Air France and KLM disclosed data breaches following the hack of a third-party platform |
| CISA, Microsoft warn of critical Exchange hybrid flaw CVE-2025-53786 |
| Microsoft unveils Project Ire: AI that autonomously detects malware |
| CERT-UA warns of UAC-0099 phishing attacks targeting Ukraine’s defense sector |
| Over 100 Dell models exposed to critical ControlVault3 firmware bugs |
| How CTEM Boosts Visibility and Shrinks Attack Surfaces in Hybrid and Cloud Environments |
| WhatsApp cracks down on 6.8M scam accounts in global takedown |
| Trend Micro fixes two actively exploited Apex One RCE flaws |
| U.S. CISA adds D-Link cameras and Network Video Recorder flaws to its Known Exploited Vulnerabilities catalog |
| Google fixed two Qualcomm bugs that were actively exploited in the wild |
| Zero Day Quest returns: Microsoft ups the stakes with $5M bug bounty |
| Cisco disclosed a CRM data breach via vishing attack |
| Exposed Without a Breach: The Cost of Data Blindness |
| SonicWall investigates possible zero-day amid Akira ransomware surge |
| Chaining NVIDIA’s Triton Server flaws exposes AI systems to remote takeover |
| Hacking group D4rk4rmy claimed the hack of Monte-Carlo Société des Bains de Mer |
| Northwest Radiologists data breach hits 350,000 in Washington |
| PlayPraetor Android RAT expands rapidly across Spanish and French-speaking regions |
| Lovense flaws expose emails and allow account takeover |
| Nation-state group CL-STA-0969 targeted Southeast Asian telecoms in 2024 |
| Akira Ransomware targets SonicWall VPNs in likely zero-day attacks |
International Press – Newsletter
Cybercrime
Warning: Phishing campaign detected
New WhatsApp Tools and Tips to Beat Messaging Scams
GenAI Used For Phishing Websites Impersonating Brazil’s Government
FraudOnTok
FinCEN Issues Notice on the Use of Convertible Virtual Currency Kiosks for Scam Payments and Other Illicit Activity
Nigerian Man Extradited To Face Hacking, Fraud, And Identity Theft Charges
Update: Akira ransomware group targets SonicWall VPN appliances
Columbia University data breach impacts nearly 870,000 individuals
Who Got Arrested in the Raid on the XSS Crime Forum?
Unmasking Embargo Ransomware: A Deep Dive Into the Group’s TTPs and BlackCat Links
Malware
Arctic Wolf Observes July 2025 Uptick in Akira Ransomware Activity Targeting SonicWall SSL VPN
ToxicPanda: The Android Banking Trojan Targeting Europe
“CAPTCHAgeddon” Unmasking the Viral Evolution of the ClickFix Browser-Based Threat
11 Malicious Go Packages Distribute Obfuscated Remote Payloads
New Infection Chain and ConfuserEx-Based Obfuscation for DarkCloud Stealer
Hacking
Lovense: The Company That Lies to Security Researchers
Breaking NVIDIA Triton: CVE-2025-23319 – A Vulnerability Chain Leading to AI Server Takeover
Huntress Threat Advisory: Active Exploitation of SonicWall VPNs
Google’s August Patch Fixes Two Qualcomm Vulnerabilities Exploited in the Wild
Trend Micro Confirms Active Exploitation of Critical Apex One Flaws in On-Premise Systems
ReVault! When your SoC turns against you…
Red Teams Jailbreak GPT-5 With Ease, Warn It’s ‘Nearly Unusable’ for Enterprise
Intelligence and Information Warfare
The Covert Operator’s Playbook: Infiltration of Global Telecom Networks
Hacked Crimean servers reveal information about abducted children, Ukraine says
Updated UAC-0099 toolkit: MATCHBOIL, MATCHWOK, DRAGSTARE
WinRAR zero-day exploited to plant malware on archive extraction
Germany’s top court holds that police can only use spyware to investigate serious crimes
‘A million calls an hour’: Israel relying on Microsoft cloud for expansive surveillance of Palestinians
Cybersecurity
Chinese Researchers Suggest Lasers and Sabotage to Counter Musk’s Starlink Satellites
SonicWall Investigating Potential SSL VPN Zero-Day After 20+ Targeted Attacks Reported
AI Rewrote Its Code When I Asked About Human Nature
Cisco Says User Data Stolen in CRM Hack
Most cybersecurity risk comes from just 10% of employees
Organizations Warned of Vulnerability in Microsoft Exchange Hybrid Deployment
Air France and KLM disclose data breaches impacting customers
Google Discloses Data Breach via Salesforce Hack
Preventing ZIP parser confusion attacks on Python package installers
Europe prioritising spend properly as H1 cybersecurity market hits double-digit growth
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
Pierluigi Paganini
(SecurityAffairs – hacking, newsletter)
