Security Affairs newsletter Round 432 by Pierluigi Paganini

Security Affairs newsletter Round 432 by Pierluigi Paganini – International edition

Pierluigi Paganini August 13, 2023

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box.

Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Police dismantled bulletproof hosting service provider Lolek Hosted

Python URL parsing function flaw can enable command execution

UK govt contractor MPD FM leaks employee passport data

Power Generator in South Africa hit with DroxiDat and Cobalt Strike

The Evolution of API: From Commerce to Cloud

Gafgyt botnet is targeting EoL Zyxel routers

Charming Kitten APT is targeting Iranian dissidents in Germany

Statc Stealer, a new sophisticated info-stealing malware

CISA discovered a new backdoor, named Whirlpool, used in Barracuda ESG attacks

CISA adds actively exploited flaw in .NET, Visual Studio to its Known Exploited Vulnerabilities catalog

US Govt launches Artificial Intelligence Cyber Challenge

Data of all serving police officers Police Service of Northern Ireland (PSNI) mistakenly published online

Balada Injector still at large – new domains discovered

EvilProxy used in massive cloud account takeover scheme

Downfall Intel CPU side-channel attack exposes sensitive data

LockBit threatens to leak medical data of cancer patients stolen from Varian Medical Systems

Microsoft Patch Tuesday for August 2023 fixed 2 actively exploited flaws

UK Electoral Commission discloses a data breach

43 Android apps in Google Play with 2.5M installs loaded ads when a phone screen was off

Zoom trains its AI model with some user data, without giving them an opt-out option

North Korea compromised Russian missile engineering firm NPO Mashinostroyeniya

A new sophisticated SkidMap variant targets unsecured Redis servers

FBI warns of crooks posing as NFT developers in fraudulent schema

The number of ransomware attacks targeting Finland increased fourfold since it started the process to join NATO

Microsoft fixed a flaw in Power Platform after being criticized

Colorado Department of Higher Education (CDHE) discloses data breach after ransomware attack

BlueCharlie changes attack infrastructure in response to reports on its activity

Cybercrime

Criminals Pose as Non-Fungible Token (NFT) Developers to Target Internet Users with an Interest in NFT Acquisition

Interpol Busts Phishing-as-a-Service Platform ’16Shop,’ Leading to 3 Arrests

5 arrested in Poland for running bulletproof hosting service for cybercrime gangs

Administrator of ‘Bulletproof’ Webhosting Domain Charged in Connection with Facilitation of NetWalker Ransomware

Hackers Rig Casino Card-Shuffling Machines for ‘Full Control’ Cheating

Malware

Honeypot Recon: New Variant of SkidMap Targeting Redis

Invisible Adware: Unveiling Ad Fraud Targeting Korean Android Users

MAR-10454006.r4.v2 SEASPY and WHIRLPOOL Backdoors

Statc Stealer: Decoding the Elusive Malware Threat

Focus on DroxiDat/SystemBC

Hacking

UK Electoral Commission – Public notification of cyber-attack on Electoral Commission systems

Downfall Attacks

Cloud Account Takeover Campaign Leveraging EvilProxy Targets Top-Level Executives at over 100 Global Organizations

Zyxel Router Command Injection Attack

Python Parsing Error Enabling Bypass CVE-2023-24329

Teens Hacked Boston Subway Cards to Get Infinite Free Rides—and This Time, Nobody Got Sued

Intelligence and Information Warfare

Comrades in Arms? | North Korea Compromises Sanctioned Russian Missile Engineering Company

Ukrainian official touts country’s wartime cyber intelligence efforts

Iranian cyber spies are targeting dissidents in Germany, warns intelligence service

MoustachedBouncer: Espionage against foreign diplomats in Belarus

Department of Homeland Security’s Cyber Safety Review Board to Conduct Review on Cloud Security

Cybersecurity

Microsoft mitigates Power Platform Custom Code information disclosure vulnerability

Chinese Lawfare in the Maritime, Aviation, and Information Technology Domains

Zoom can now train its A.I. using some customer data, according to updated terms

THE AUGUST 2023 SECURITY UPDATE REVIEW

‘Monumental’ data breach exposes names of entire Northern Ireland police force

Pentagon launches AI competition to solicit help securing computer systems

Northern Ireland police may have endangered its own officers by posting details online in error

OpenAI’s web scraping GPTBot is under attack – here’s why

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, newsletter)

Pierluigi Paganini June 27, 2025

APT42 impersonates cyber professionals to phish Israeli academics and journalists

Pierluigi Paganini June 26, 2025

Security Affairs newsletter Round 432 by Pierluigi Paganini – International edition

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box.

you might also like

APT42 impersonates cyber professionals to phish Israeli academics and journalists

Kai West, aka IntelBroker, indicted for cyberattacks causing $25M in damages

leave a comment

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

APT42 impersonates cyber professionals to phish Israeli academics and journalists

Kai West, aka IntelBroker, indicted for cyberattacks causing $25M in damages

Cisco fixed critical ISE flaws allowing Root-level remote code execution

U.S. CISA adds AMI MegaRAC SPx, D-Link DIR-859 routers, and Fortinet FortiOS flaws to its Known Exploited Vulnerabilities catalog

CitrixBleed 2: The nightmare that echoes the 'CitrixBleed' flaw in Citrix NetScaler devices

QUICK LINKS

Security Affairs newsletter Round 432 by Pierluigi Paganini – International edition

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box.

you might also like

APT42 impersonates cyber professionals to phish Israeli academics and journalists

Kai West, aka IntelBroker, indicted for cyberattacks causing $25M in damages

leave a comment

newsletter

Subscribe to my email list and stay up-to-date!

recent articles

APT42 impersonates cyber professionals to phish Israeli academics and journalists

Kai West, aka IntelBroker, indicted for cyberattacks causing $25M in damages

Cisco fixed critical ISE flaws allowing Root-level remote code execution

U.S. CISA adds AMI MegaRAC SPx, D-Link DIR-859 routers, and Fortinet FortiOS flaws to its Known Exploited Vulnerabilities catalog

CitrixBleed 2: The nightmare that echoes the 'CitrixBleed' flaw in Citrix NetScaler devices

Subscribe to my email list and stay
up-to-date!