A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box.
Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.
| Qantas cuts executive bonuses by 15% after a July data breach |
| MeetC2 – A serverless C2 framework that leverages Google Calendar APIs as a communication channel |
| Critical SAP S/4HANA flaw CVE-2025-42957 under active exploitation |
| U.S. CISA adds Sitecore, Android, and Linux flaws to its Known Exploited Vulnerabilities catalog |
| SVG files used in hidden malware campaign impersonating Colombian authorities |
| France’s CNIL fined Google $379M and Shein $175M for breaching cookie rules |
| $10M reward for Russia’s FSB officers accused of hacking US Critical infrastructure |
| Severe Hikvision HikCentral product flaws: What You Need to Know |
| U.S. CISA adds TP-Link Archer C7(EU) and TL-WR841N flaws to its Known Exploited Vulnerabilities catalog |
| Crooks turn HexStrike AI into a weapon for fresh vulnerabilities |
| Google addressed two Android flaws actively exploited in targeted attacks |
| U.S. CISA adds WhatsApp, and TP-link flaws to its Known Exploited Vulnerabilities catalog |
| Android droppers evolved into versatile tools to spread malware |
| Jaguar Land Rover shuts down systems after cyberattack, no evidence of customer data theft |
| Cloudflare blocked a record 11.5 Tbps DDoS attack |
| Palo Alto Networks disclosed a data breach linked to Salesloft Drift incident |
| Von der Leyen’s plane hit by suspected Russian GPS Jamming in Bulgaria, landed Safely |
| Supply-chain attack hits Zscaler via Salesloft Drift, leaking customer info |
| Crooks exploit Meta malvertising to target Android users with Brokewell |
| North Korea’s APT37 deploys RokRAT in new phishing campaign against academics |
| Fraudster stole over $1.5 million from city of Baltimore |
| Amazon blocks APT29 campaign targeting Microsoft device code authentication |
International Press – Newsletter
Cybercrime
Scammer steals $1.5 million from Baltimore by spoofing city vendor
Malvertising Campaign on Meta Expands to Android, Pushing Advanced Crypto-Stealing Malware to Users Worldwide
Help Desk at Risk: Scattered Spider Shines Light on Overlook Threat Vector
The Ongoing Fallout from a Breach at AI Chatbot Maker Salesloft
Hackers Issue Ultimatum to Google After Data Breach Warning
Cybercriminals Exploit X’s Grok AI to Bypass Ad Protections and Spread Malware to Millions
Malware
MystRodX: The Covert Dual-Mode Backdoor Threat
Ethereum smart contracts used to push malicious code on npm
Uncovering a Colombian Malware Campaign with AI Code Analysis
An MDR Analysis of the AMOS Stealer Campaign Targeting macOS via ‘Cracked’ Apps
Hacking
Threat Brief: Salesloft Drift Integration Used To Compromise Salesforce Instances
Cloudflare Blocks Record-Breaking 11.5 Tbps DDoS Attack
Introduction to OPSEC (Part 2)
Hexstrike-AI: When LLMs Meet Zero-Day Exploitation
Heap-based buffer overflow in Kernel Streaming WOW Thunk Service Driver – CVE-2025-53149
Critical SAP S/4HANA code injection vulnerability (CVE-2025-42957) exploited in the wild – patch immediately
Intelligence and Information Warfare
The Trap of Troubleshooting: Analysis of Lazarus (APT-Q-1)’s Recent Attacks Using ClickFix
Operation HanKook Phantom: North Korean APT37 targeting South Korea
Ursula von der Leyen’s plane hit by suspected Russian GPS interference
Inside Palantir: The Secretive Tech Company Helping the US Government Build a Massive Web of Surveillance
Three Lazarus RATs coming for your cheese
CTI Analysis: Malicious Email Campaign
US Offers $10 Million for Three Russian Energy Firm Hackers
Analyzing NotDoor: Inside APT28’s Expanding Arsenal
Analysis of APT-C-53 (Gamaredon) attacks against Ukrainian government departments
Contagious Interview | North Korean Threat Actors Reveal Plans and Ops by Abusing Cyber Intel Platforms
A Playbook for Winning the Cyber War Part 2: Evaluating Russia’s Cyber Strategy
Cybersecurity
Elon Musk Sues Ex-xAI Techie For Uploading Grok’s Codebase To OpenAI; Internet Erupts In Hilarious Memes
Scientists Created an Entire Social Network Where Every User Is a Bot, and Something Wild Happened
Salesloft Drift Supply Chain Incident: Key Details and Zscaler’s Response
Securing EU (Cyber)Space: New Cyber Requirements in the EU Space Act
Salesforce-Connected Third-Party Drift Application Incident Response
Jaguar Land Rover says cyberattack ‘severely disrupted’ production
Cookie regulation: the CNIL is continuing the action plan initiated in 2019 and has imposed two fines on SHEIN and GOOGLE
Qantas penalizes executives for July cyberattack
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
Pierluigi Paganini
(SecurityAffairs – hacking, newsletter)