A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Embargo Ransomware nets $34.2M in crypto since April 2024 Germany limits police spyware use to serious […

A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box.

Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Embargo Ransomware nets $34.2M in crypto since April 2024

Germany limits police spyware use to serious crimes

Phishing attacks exploit WinRAR flaw CVE-2025-8088 to install RomCom

French firm Bouygues Telecom suffered a data breach impacting 6.4M customers

Columbia University data breach impacted 868,969 people

SonicWall dismisses zero-day fears after Ransomware probe

Air France and KLM disclosed data breaches following the hack of a third-party platform

CISA, Microsoft warn of critical Exchange hybrid flaw CVE-2025-53786

Microsoft unveils Project Ire: AI that autonomously detects malware

CERT-UA warns of UAC-0099 phishing attacks targeting Ukraine’s defense sector

Over 100 Dell models exposed to critical ControlVault3 firmware bugs

How CTEM Boosts Visibility and Shrinks Attack Surfaces in Hybrid and Cloud Environments

WhatsApp cracks down on 6.8M scam accounts in global takedown

Trend Micro fixes two actively exploited Apex One RCE flaws

U.S. CISA adds D-Link cameras and Network Video Recorder flaws to its Known Exploited Vulnerabilities catalog

Google fixed two Qualcomm bugs that were actively exploited in the wild

Zero Day Quest returns: Microsoft ups the stakes with $5M bug bounty

Cisco disclosed a CRM data breach via vishing attack

Exposed Without a Breach: The Cost of Data Blindness

SonicWall investigates possible zero-day amid Akira ransomware surge

Chaining NVIDIA’s Triton Server flaws exposes AI systems to remote takeover

Hacking group D4rk4rmy claimed the hack of Monte-Carlo Société des Bains de Mer

Northwest Radiologists data breach hits 350,000 in Washington

PlayPraetor Android RAT expands rapidly across Spanish and French-speaking regions

Lovense flaws expose emails and allow account takeover

Nation-state group CL-STA-0969 targeted Southeast Asian telecoms in 2024

Akira Ransomware targets SonicWall VPNs in likely zero-day attacks

International Press – Newsletter

Cybercrime

Warning: Phishing campaign detected  

New WhatsApp Tools and Tips to Beat Messaging Scams 

GenAI Used For Phishing Websites Impersonating Brazil’s Government 

FraudOnTok 

FinCEN Issues Notice on the Use of Convertible Virtual Currency Kiosks for Scam Payments and Other Illicit Activity  

Nigerian Man Extradited To Face Hacking, Fraud, And Identity Theft Charges 

Update: Akira ransomware group targets SonicWall VPN appliances 

Columbia University data breach impacts nearly 870,000 individuals

Who Got Arrested in the Raid on the XSS Crime Forum?  

Unmasking Embargo Ransomware: A Deep Dive Into the Group’s TTPs and BlackCat Links 

Malware

Arctic Wolf Observes July 2025 Uptick in Akira Ransomware Activity Targeting SonicWall SSL VPN 

ToxicPanda: The Android Banking Trojan Targeting Europe   

“CAPTCHAgeddon” Unmasking the Viral Evolution of the ClickFix Browser-Based Threat 

11 Malicious Go Packages Distribute Obfuscated Remote Payloads 

New Infection Chain and ConfuserEx-Based Obfuscation for DarkCloud Stealer

Hacking

Lovense: The Company That Lies to Security Researchers  

Breaking NVIDIA Triton: CVE-2025-23319 – A Vulnerability Chain Leading to AI Server Takeover 

Huntress Threat Advisory: Active Exploitation of SonicWall VPNs  

Google’s August Patch Fixes Two Qualcomm Vulnerabilities Exploited in the Wild

Trend Micro Confirms Active Exploitation of Critical Apex One Flaws in On-Premise Systems

ReVault! When your SoC turns against you…   

Red Teams Jailbreak GPT-5 With Ease, Warn It’s ‘Nearly Unusable’ for Enterprise  

Intelligence and Information Warfare

The Covert Operator’s Playbook: Infiltration of Global Telecom Networks 

Hacked Crimean servers reveal information about abducted children, Ukraine says

Updated UAC-0099 toolkit: MATCHBOIL, MATCHWOK, DRAGSTARE  

WinRAR zero-day exploited to plant malware on archive extraction

Germany’s top court holds that police can only use spyware to investigate serious crimes 

‘A million calls an hour’: Israel relying on Microsoft cloud for expansive surveillance of Palestinians 

Cybersecurity

Chinese Researchers Suggest Lasers and Sabotage to Counter Musk’s Starlink Satellites 

SonicWall Investigating Potential SSL VPN Zero-Day After 20+ Targeted Attacks Reported

AI Rewrote Its Code When I Asked About Human Nature 

Cisco Says User Data Stolen in CRM Hack  

Most cybersecurity risk comes from just 10% of employees  

Organizations Warned of Vulnerability in Microsoft Exchange Hybrid Deployment 

Air France and KLM disclose data breaches impacting customers

Google Discloses Data Breach via Salesforce Hack 

Preventing ZIP parser confusion attacks on Python package installers 

Europe prioritising spend properly as H1 cybersecurity market hits double-digit growth

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, newsletter)

Source: SecurityAffairs
Source Link: https://securityaffairs.com/180993/breaking-news/security-affairs-newsletter-round-536-by-pierluigi-paganini-international-edition.html