A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Experts found 4 billion user records online, the largest known leak of Chinese personal data from […

A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box.

Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Experts found 4 billion user records online, the largest known leak of Chinese personal data from a single source

Attackers exploit Fortinet flaws to deploy Qilin ransomware

Russia-linked threat actors targets Ukraine with PathWiper wiper

U.S. Offers $10M bounty for info on RedLine malware creator and state hackers

Play ransomware group hit 900 organizations since 2022

U.S. CISA adds Google Chromium V8 flaw to its Known Exploited Vulnerabilities catalog

New versions of Chaos RAT target Windows and Linux systems

Critical flaw in Cisco ISE impacts cloud deployments on AWS, Microsoft Azure, and Oracle Cloud Infrastructure

Law enforcement seized the carding marketplace BidenCash

Ukraine’s military intelligence agency stole 4.4GB of highly classified internal data from Tupolev

HPE fixed multiple flaws in its StoreOnce software

Roundcube Webmail under fire: critical exploit found after a decade

U.S. CISA adds Multiple Qualcomm chipsets flaws to its Known Exploited Vulnerabilities catalog

Cartier disclosed a data breach following a cyber attack

U.S. CISA adds ASUS RT-AX55 devices, Craft CMS, and ConnectWise ScreenConnect flaws to its Known Exploited Vulnerabilities catalog

Android banking trojan Crocodilus rapidly evolves and goes global

Google fixed the second actively exploited Chrome zero-day since the start of the year

Cryptojacking campaign relies on DevOps tools

Hacking

Qualcomm fixed three zero-days exploited in limited, targeted attacks

Police took down several popular counter-antivirus (CAV) services, including AvCheck

A cyberattack hit hospitals operated by Covenant Health

Experts published a detailed analysis of Cisco IOS XE WLC flaw CVE-2025-20188

Two flaws in vBulletin forum software are under attack

International Press – Newsletter

Cybercrime

Websites selling hacking tools to cybercriminals seized 

Alleged Conti, TrickBot Gang Leader Unmasked  

Key service for malware developers taken offline

Hospitals in Maine, New Hampshire limit services after cyberattack on Catholic health org 

U.S. Government seizes approximately 145 criminal marketplace domains 

Interlock ransomware claims Kettering Health breach, leaks stolen data

Cyber Criminals Defraud Hedera Hashgraph Network Non-Custodial Wallet Users Through Nonfungible Token Airdrops Disguised as Free Rewards  

#StopRansomware: Play Ransomware 

Maxim Alexandrovich Rudometov & RedLine

The SEC Pinned Its Hack on a Few Hapless Day Traders. The Full Story Is Far More Troubling 

Ross Ulbricht Got a $31 Million Donation From a Dark Web Dealer, Crypto Tracers Suspect

Ransomware gang claims responsibility for Kettering Health hack       

Malware

Pure Crypter Malware Analysis: 99 Problems but Detection Ain’t One

Attacker exploits misconfigured AI tool to run AI-generated payload  

Malicious Ruby Gems Exfiltrate Telegram Tokens and Messages Following Vietnam Ban

From open-source to open threat: Tracking Chaos RAT’s evolution        

Home Internet Connected Devices Facilitate Criminal Activity  

Hacking

vBulletin replaceAdTemplate Exploited in the Wild

Don’t Call That “Protected” Method: Dissecting an N-Day vBulletin RCE  

Cisco IOS XE WLC Arbitrary File Upload Vulnerability (CVE-2025-20188) Analysis  

Qualcomm Fixes 3 Zero-Days Used in Targeted Android Attacks via Adreno GPU

Preinstalled Apps on Ulefone, Krüger&Matz Phones Let Any App Reset Device, Steal PIN

DevOps Tools Targeted for Cryptojacking 

Critical 10-Year-Old Roundcube Webmail Bug Allows Authenticated Users Run Malicious Code

Critical Fortinet flaws now exploited in Qilin ransomware attacks

Riding The Time Machine: Journey Through An Old vBulletin PHP Object Injection 

Intelligence and Information Warfare

A Flyby on the CFO’s Inbox: Spear-Phishing Campaign Targeting Financial Executives with NetBird Deployment  

Eight things we learned from WhatsApp vs. NSO Group spyware lawsuit  

Ukraine Hacks Tupolev, Exposes Russia’s Strategic Bomber Secrets  

Newly identified wiper malware “PathWiper” targets critical infrastructure in Ukraine

Justice Department accuses two Chinese researchers of smuggling ‘potential agroterrorism weapon’ into US   

Uncle Sam moves to seize $7.7M laundered by North Korean IT worker ring

The Bitter End: Unraveling Eight Years of Espionage Antics – Part Two 

Cybersecurity

Sustaining Digital Certificate Security – Upcoming Changes to the Chrome Root Store

Announcing a new strategic collaboration to bring clarity to threat actor naming  

NSO Group asks judge for new trial, calling $167 million in damages ‘outrageous’  

Victoria’s Secret says it will postpone earnings report after recent security breach  

Largest ever data leak exposes over 4 billion user records 

Australian ransomware victims now must tell the government if they pay up

Pivot to AI

EU takes a step further in cybersecurity crisis management   

Cyber Attacks Are Up 47% in 2025 – AI is One Key Factor    

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, newsletter)

Source: SecurityAffairs
Source Link: https://securityaffairs.com/178759/uncategorized/security-affairs-newsletter-round-527-by-pierluigi-paganini-international-edition.html