Security Affairs newsletter Round 539 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs newsletter Round 539 by Pierluigi Paganini – INTERNATIONAL EDITION

Pierluigi Paganini Pierluigi Paganini

Pierluigi Paganini

CEO CYBHORUS - Direttore OSSERVATORIO SULLA CYBERSECURITY UNIPEGASO

Published Aug 31, 2025
+ Follow

Security Affairs newsletter Round 539 by Pierluigi Paganini – INTERNATIONAL EDITION

Lab Dookhtegan hacking group disrupts communications on dozens of Iranian ships

New zero-click exploit allegedly used to hack WhatsApp users

US and Dutch Police dismantle VerifTools fake ID marketplace

Experts warn of actively exploited FreePBX zero-day

Google: Salesloft Drift breach hits all integrations

Dutch intelligence warn that China-linked APT Salt Typhoon targeted local critical infrastructure

200 Swedish municipalities impacted by a major cyberattack on IT provider

TransUnion discloses a data breach impacting over 4.4 million customers

NSA, NCSC, and allies detailed TTPs associated with Chinese APT actors targeting critical infrastructure Orgs

UNC6395 targets Salesloft in Drift OAuth token theft campaign

Over 28,000 Citrix instances remain exposed to critical RCE flaw CVE-2025-7775

U.S. CISA adds Citrix NetScaler flaw to its Known Exploited Vulnerabilities catalog

Healthcare Services Group discloses 2024 data breach that impacted 624,496 people

ESET warns of PromptLock, the first AI-driven ransomware

China linked UNC6384 targeted diplomats by hijacking web traffic

Farmers Insurance discloses a data breach impacting 1.1M customers

Citrix fixed three NetScaler flaws, one of them actively exploited in the wild

Auchan discloses data breach: data of hundreds of thousands of customers exposed

U.S. CISA adds Citrix Session Recording, and Git flaws to its Known Exploited Vulnerabilities catalog

Docker fixes critical Desktop flaw allowing container escapes

Malicious apps with +19M installs removed from Google Play because spreading Anatsa banking trojan and other malware

Pakistan-linked APT36 abuses Linux .desktop files to drop custom malware in new campaign

Android.Backdoor.916.origin malware targets Russian business executives

Electronics manufacturer Data I/O took offline operational systems following a ransomware attack

IoT under siege: The return of the Mirai-based Gayfemboy Botnet

International Press – Newsletter

Cybercrime

U.S. Government Seizes Online Marketplaces Selling Fraudulent Identity Documents Used in Cybercrime Schemes  

Auchan announces that it has been the victim of "an act of cybercrime", with "hundreds of thousands" of its customers' data hacked  

Widespread Data Theft Targets Salesforce Instances via Salesloft Drift  

Storm-0501’s evolving techniques lead to cloud-based ransomware

Hacker used a voice phishing attack to steal Cisco customers’ personal information  

DSLRoot, Proxies, and the Threat of ‘Legal Botnets’  

Cyberattack against several municipal and regional systems

Infostealers: The Silent Smash-and-Grab Driving Modern Cybercrime   

Colt Technology Services gets ransomware’d via SharePoint initial access— some learning points    

Germany charges man over cyberattack on Rosneft subsidiary  

Ransomware gang takedowns causing explosion of new, smaller groups 

Citrix forgot to tell you CVE-2025–6543 has been used as a zero day since May 2025 

Malware

The Resurgence of IoT Malware: Inside the Mirai-Based “Gayfemboy” Botnet Campaign

Your Connection, Their Cash: Threat Actors Misuse SDKs to Sell Your Bandwidth 

The Silent, Fileless Threat of VShell      

Android backdoor spies on employees of Russian business 

Malicious Go Module Disguised as SSH Brute Forcer Exfiltrates Credentials via Telegram  

Android Document Readers and Deception: Tracking the Latest Updates to Anatsa  

DragonForce

Hook Version 3: The Banking Trojan with The Most Advanced Capabilities 

SpyNote Malware Part 2      

Tamperedchef – The Bad PDF Editor

AppSuite PDF Editor Backdoor: A Detailed Technical Analysis    

Malware devs abuse Anthropic’s Claude AI to build ransomware 

*****APT36: Targets Indian BOSS Linux Systems with Weaponized AutoStart Files

*** Deception in Depth: PRC-Nexus Espionage Campaign Hijacks Web Traffic to Target Diplomats  

***** Infostealers: The Silent Smash-and-Grab Driving Modern Cybercrime

Ransomware 3.0: Self-Composing and LLM-Orchestrated

DRMD: Deep Reinforcement Learning for Malware Detection under Concept Drift

Real-Time Detection and Recovery Method Against Ransomware Based on Simple Format Analysis

Automated Malware Source Code Generation via Uncensored LLMs and Adversarial Evasion of Censored Model

 

 

Hacking

Breaking Docker’s Isolation Using... Docker? (CVE-2025-9074)  

Vtenext 25.02: A three-way path to RCE 

Citrix Patches Three NetScaler Flaws, Confirms Active Exploitation of CVE-2025-7775

Widespread Data Theft Targets Salesforce Instances via Salesloft Drift  

Cache Me If You Can (Sitecore Experience Platform Cache Poisoning to RCE) 

Inside the Lab-Dookhtegan Hack: How Iranian Ships Lost Their Voice at Sea  

WhatsApp Issues Emergency Update for Zero-Click Exploit Targeting iOS and macOS Devices

Intelligence and Information Warfare

APT36: Targets Indian BOSS Linux Systems with Weaponized AutoStart Files  

Deception in Depth: PRC-Nexus Espionage Campaign Hijacks Web Traffic to Target Diplomats  

ZipLine Campaign: A Sophisticated Phishing Attack Targeting US Companies 

Citizen Lab director warns cyber industry about US authoritarian descent

Dutch providers targeted by Salt Typhoon  

TAOTH Campaign Exploits End-of-Support Software to Target Traditional Chinese Users and Dissidents  

Biased AI chatbots can sway people’s political views in minutes  

Amazon disrupts watering hole campaign by Russia’s APT29 

Cybersecurity

2025 State of the Internet: Digging into Residential Proxy Infrastructure

Electronics manufacturer Data I/O reports ransomware attack to SEC    

FTC Calls on Tech Firms to Resist Foreign Anti-Encryption Demands  

ENISA to operate the EU Cyber Reserve 

Over 28,000 Citrix devices vulnerable to new exploited RCE flaw

Microsoft Releases Guidance on High-Severity Vulnerability (CVE-2025-53786) in Hybrid Exchange Deployments      

TransUnion says hackers stole 4.4 million customers’ personal information  

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, newsletter)

To view or add a comment, sign in

More articles by Pierluigi Paganini

See all articles

Others also viewed

Explore content categories