Security Affairs newsletter Round 523 by Pierluigi Paganini – INTERNATIONAL EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box.

Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

International Press – Newsletter

Cybercrime

Yemeni Man Charged in Federal Indictment Alleging He Sent ‘Black Kingdom’ Malware to Extort Businesses, Schools, and Medical Clinics

Big Game Ransomware: the myths experts tell board members

DragonForce Ransomware Cartel attacks on UK high street retailers: walking in the front door 

From Callback Phishing to Extortion: Luna Moth Abuse Reamaze Helpdesk and RMM Tools Against U.S. Legal and Financial Sectors  

Uncovering Actor TTP Patterns and the Role of DNS in Investment Scams  

Ransomware Attackers Leveraged Privilege Escalation Zero-day 

DDoS-for-hire empire brought down: Poland arrests 4 administrators, US seizes 9 domains  

LockBit ransomware gang hacked, victim negotiations exposed

Pakistani Firm Shipped Fentanyl Analogs, Scams to US  

PowerSchool hacker now extorting individual school districts

Cyber criminal services target EoL Routers to Launch attack and hide their activities

Botnet Dismantled in International Operation, Russian and Kazakhstani Administrators Indicted 

LOCKBIT RANSOMWARE LEAKED

One Small Click for an Admin, One Giant Breach for the Organization 

Malware

iClicker site hack targeted students with malware via fake CAPTCHA

Backdoor found in popular ecommerce components  

Stealthy Linux backdoor leveraging residential proxies and NHAS reverse SSH  

Malicious PyPI Package Targets Discord Developers with Remote Access Trojan  

Backdooring the IDE: Malicious npm Packages Hijack Cursor Editor on macOS 

Hacking

The Signal Clone the Trump Admin Uses Was Hacked  

Unsafe at Any Speed: Abusing Python Exec for Unauth RCE in Langflow AI  

Bring Your Own Installer: Bypassing SentinelOne Through Agent Version Change Interruption

When Space Goes Dark: Inside the Cyberattack on Poland’s Space Agency

My Zero Day Quest & BlueHat Podcast        

SAP NetWeaver Flaw Lets Hackers Take Full Control: CVE-2025-31324 Explained 

Arctic Wolf Observes Exploitation of Path Traversal Vulnerability in Samsung MagicINFO 9 Server (CVE-2024-7399)  

Canary Exploit tool for CVE-2025-30065 Apache Parquet Avro Vulnerability  

Multiple vulnerabilities in SonicWall SMA 100 series (FIXED)  

Tesla Model 3 VCSEC Vulnerability Lets Hackers Run Arbitrary Code  

CVE-2024-11477- 7-Zip ZSTD Buffer Overflow Vulnerability 

Recently Disclosed SureTriggers Critical Privilege Escalation Vulnerability Under Active Exploitation  

Intelligence and Information Warfare

Russian hackers target Romanian state websites on election day 

COLDRIVER Using New Malware To Steal Documents From Western Targets and NGOs  

Tulsi Gabbard Reused the Same Weak Password on Multiple Accounts for Years 

“US on High Alert”: Pentagon Confirms Mysterious Signal Traced to Russian Space Anomaly Now Feared as Major Threat  

MirrorFace Targets Japan and Taiwan with ROAMINGMOUSE and Upgraded ANEL Malware

Cybersecurity

Trump Crypto Corruption Intensifies as Abu Dhabi Firm Invests $2 Billion

Update ASAP: Google Fixes Android Flaw (CVE-2025-27363) Exploited by Attackers

NSO Group must pay more than $167 million in damages to WhatsApp for spyware campaign  

Unsophisticated Cyber Actor(s) Targeting Operational Technology  

Winning the Fight Against Spyware Merchant NSO 

Cisco Patches CVE-2025-20188 (10.0 CVSS) in IOS XE That Enables Root Exploits via JWT

Internet tracking: How and why we’re followed online 

Google to pay Texas $1.4 billion in data privacy settlement

Negotiations with the Akira ransomware group: an ill-advised approach 

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, newsletter)