More

    Security Affairs newsletter Round 546 by Pierluigi Paganini – INTERNATIONAL EDITION

    Exploits

    Pierluigi Paganini
     October 19, 2025

    Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

    Winos 4.0 hackers expand to Japan and Malaysia with new malware
    From Airport chaos to cyber intrigue: Everest Gang takes credit for Collins Aerospace breach
    SIMCARTEL operation: Europol takes down SIM-Box ring linked to 3,200 scams
    A critical WatchGuard Fireware flaw could allow unauthenticated code execution
    Prosper disclosed a data breach impacting 17.6 million accounts
    Microsoft revokes 200+ certificates abused by Vanilla Tempest in fake Teams campaign
    PowerSchool hacker got four years in prison
    Auction house Sotheby’s disclosed a July data breach
    Operation Zero Disco: Threat actors targets Cisco SNMP flaw to drop Linux rootkits
    U.S. CISA adds Adobe Experience Manager Forms flaw to its Known Exploited Vulnerabilities catalog
    China-linked APT Jewelbug targets Russian IT provider in rare cross-nation cyberattack
    U.S. CISA adds SKYSEA Client View, Rapid7 Velociraptor, Microsoft Windows, and IGEL OS flaws to its Known Exploited Vulnerabilities catalog
    Spanish fashion retailer MANGO disclosed a data breach
    Qilin Ransomware announced new victims
    A sophisticated nation-state actor breached F5 systems, stealing BIG-IP source code and data on undisclosed flaw
    200,000 Linux systems from Framework are shipped with signed UEFI components vulnerable to Secure Boot bypass
    SAP fixed maximum-severity bug in NetWeaver
    Unencrypted satellites expose global communications
    Flax Typhoon APT exploited ArcGIS server for over a year as a backdoor
    Researchers warn of widespread RDP attacks by 100K-node botnet
    Harvard University hit in Oracle EBS cyberattack, 1.3 TB of data leaked by Cl0p group
    UK NCSC Reports 429 cyberattacks in a year, with nationally significant cases more than doubling
    Unverified COTS hardware enables persistent attacks in small satellites via SpyChain
    Oracle issued an emergency security update to fix new E-Business Suite flaw CVE-2025-61884
    Customer payment data stolen in Unity Technologies’s SpeedTree website compromise
    SimonMed Imaging discloses a data breach impacting over 1.2 million people
    Microsoft revamps Internet Explorer Mode in Edge after August attacks
    Astaroth Trojan abuses GitHub to host configs and evade takedowns
    Google, Mandiant expose malware and zero-day behind Oracle EBS extortion
    Stealit Malware spreads via fake game & VPN installers on Mediafire and Discord
    Clop Ransomware group claims the hack of Harvard University

    International Press – Newsletter

    Cybercrime

    Investigating targeted “payroll pirate” attacks affecting US universities  

    Oracle E-Business Suite Zero-Day Exploited in Widespread Extortion Campaign  

    Police are asking kids to stop pulling AI homeless man prank 

    SimonMed Imaging Data Breach Impacts 1.2 Million 

    When the monster bytes: tracking TA585 and its arsenal  

    Harvard Is First Confirmed Victim of Oracle EBS Zero-Day Hack  

    Qantas confirms cybercriminals released stolen customer data

    Qilin Ransomware and the Ghost Bulletproof Hosting Conglomerate  

    PowerSchool hacker sentenced to 4 years in prison 

    Extortion and ransomware drive over half of cyberattacks 

    Microsoft Revokes 200 Fraudulent Certificates Used in Rhysida Ransomware Campaign

    Cybercrime-as-a-service takedown: 7 arrested  

    Bitcoin worth $14bn seized in US-UK crackdown on alleged scammers  

    Malware

    Astaroth: Banking Trojan Abusing GitHub for Resilience 

    New Rust Malware “ChaosBot” Uses Discord for Command and Control 

    New Group on the Block: UNC5142 Leverages EtherHiding to Distribute Malware      

    Operation Zero Disco: Attackers Exploit Cisco SNMP Vulnerability to Deploy Rootkits 

    Hacking

    Pro-Russian hackers caught bragging about attack on fake water utility 

    One Token to rule them all – obtaining Global Admin in every Entra ID tenant via Actor tokens  

    100,000+ IP Botnet Launches Coordinated RDP Attack Wave Against US Infrastructure  

    Eavesdropping on Internal Networks via Unencrypted Satellites  

    RMPocalypse  

    BombShell: The Signed Backdoor Hiding in Plain Sight on Framework Devices

    Data Exfiltration via ChatGPT Agent Mode  

    Pixnapping Attack  

    yIKEs (WatchGuard Fireware OS IKEv2 Out-of-Bounds Write CVE-2025-9242)  

    Intelligence and Information Warfare

    SOE-phisticated Persistence: Inside Flax Typhoon’s ArcGIS Compromise 

    Taiwan reports surge in Chinese cyber activity and disinformation efforts

    Ukraine takes steps to launch dedicated cyber force for offensive strikes     

    K000154696: F5 Security Incident 

    Weaponizing Perception: China and Russia’s Cognitive Warfare Against Democracies

    Jewelbug: Chinese APT Group Widens Reach to Russia

    Taiwan flags rise in Chinese cyberattacks, warns of ‘online troll army’   

    ‘Categorically untrue’ that China hacked UK intelligence systems, say officials  

    Italian businessman’s phone reportedly targeted with Paragon spyware 

    DPRK Adopts EtherHiding: Nation-State Malware Hiding on Blockchains

    Operation MotorBeacon : Threat Actor targets Russian Automotive Sector using .NET Implant  

    BeaverTail and OtterCookie evolve with a new Javascript module

    Operation Silk Lure: Scheduled Tasks Weaponized for DLL Side-Loading (drops ValleyRAT)  

    Tracking Malware and Attack Expansion: A Hacker Group’s Journey across Asia

    Cybersecurity

    Homeland Security reassigns ‘hundreds’ of CISA cyber staffers to support Trump’s deportation crackdown 

    Employees are unknowingly leaking company secrets through ChatGPT, new report warns  

    Space Force Building Tools to Detect Cyberattacks on Satellites  

    Securing the Future: Changes to Internet Explorer Mode in Microsoft Edge 

    Oracle releases emergency patch for new E-Business Suite flaw

    RediShell: Critical Remote Code Execution Vulnerability (CVE-2025-49844) in Redis, 10 CVSS score  

    Elevating Cybersecurity: Ensuring Strategic and Sustainable Impact for CISOs 

    UK experiencing four ‘nationally significant’ cyber attacks every week  

    New SAP NetWeaver Bug Lets Attackers Take Over Servers Without Login

    Jeep software update bricks vehicles, leaves owners stranded  

    ChatGPT safety systems can be bypassed to get weapons instructions  

    Evaluation of DeepSeek AI Models 

    404 Accountability not found: Spyware accountability through software liability   

    Follow me on Twitter: @securityaffairs and Facebook and Mastodon

    Pierluigi Paganini

    (SecurityAffairs – hacking, newsletter)

    facebook
    linkedin
    twitter

    Cybercrime
    data breach
    Hacking
    hacking news
    information security news
    IT Information Security
    malware
    Newsletter
    Pierluigi Paganini
    Security Affairs
    Security News

     

    BladeOne
    BladeOne

    Latest articles

    Previous article
    DPRK and EtherHiding: UNC5342 hides malware in smart contracts on Ethereum and BNB Smart Chain
    Next article
    Cyber fraudsters threaten elderly man with digital arrest, rob ₹17.9 lakh

    Related articles

    Popular articles

    Featured

    Newsletter

    Subscribe to get the latest news, offers and special announcements.

    By subscribing, you're accepting to receive promotions.

    Copyright © 2025 BladeOne. All Rights Reserved.