Security Affairs newsletter Round 439 by Pierluigi Paganini

Security Affairs newsletter Round 439 by Pierluigi Paganini – International edition

Pierluigi Paganini October 01, 2023

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box.

Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

ALPHV/BlackCat ransomware gang hacked the hotel chain Motel One

FBI warns of dual ransomware attacks

Progress Software fixed two critical severity flaws in WS_FTP Server

Child abuse site taken down, organized child exploitation crime suspected – exclusive

A still unpatched zero-day RCE impacts more than 3.5M Exim servers

Chinese threat actors stole around 60,000 emails from US State Department in Microsoft breach

Misconfigured WBSC server leaks thousands of passports

CISA adds JBoss RichFaces Framework flaw to its Known Exploited Vulnerabilities catalog

Cisco urges to patch actively exploited IOS zero-day CVE-2023-20109

Dark Angels Team ransomware group hit Johnson Controls

GOOGLE FIXED THE FIFTH CHROME ZERO-DAY OF 2023

Russian zero-day broker is willing to pay $20M for zero-day exploits for iPhones and Android devices

China-linked APT BlackTech was spotted hiding in Cisco router firmware

Watch out! CVE-2023-5129 in libwebp library affects millions applications

DarkBeam leaks billions of email and password combinations

‘Ransomed.vc’ in the Spotlight – What is Known About the Ransomware Group Targeting Sony and NTT Docomo

Top 5 Problems Solved by Data Lineage

Threat actors claim the hack of Sony, and the company investigates

Canadian Flair Airlines left user data leaking for months

The Rhysida ransomware group hit the Kuwait Ministry of Finance

BORN Ontario data breach impacted 3.4 million newborns and pregnancy care patients

Xenomorph malware is back after months of hiatus and expands the list of targets

Smishing Triad Stretches Its Tentacles into the United Arab Emirates

Crooks stole $200 million worth of assets from Mixin Network

A phishing campaign targets Ukrainian military entities with drone manual lures

Alert! Patch your TeamCity instance to avoid server hack

Is Gelsemium APT behind a targeted attack in Southeast Asian Government?

Nigerian National pleads guilty to participating in a millionaire BEC scheme

New variant of BBTok Trojan targets users of +40 banks in LATAM

Deadglyph, a very sophisticated and unknown backdoor targets the Middle East

Alphv group claims the hack of Clarion, a global manufacturer of audio and video equipment for cars

National Student Clearinghouse data breach impacted approximately 900 US schools

Cybercrime

Smishing Triad Impersonates Emirates Post To Target UAE Citizens

Decade of newborn child registry data stolen in MOVEit mass-hack

Kuwait isolates some government systems following attack on its Finance Ministry

Cl0p’s MOVEit attack tally surpasses 2,000 victim organizations

Child abuse site taken down, organized child exploitation crime suspected – exclusive

Two or More Ransomware Variants Impacting the Same Victims and Data Destruction Trends

Malware

Stealth Falcon preying over Middle Eastern skies with Deadglyph

GUARDING AGAINST THE UNSEEN: INVESTIGATING A STEALTHY REMCOS MALWARE ATTACK ON COLOMBIAN FIRMS

Hong Kong crypto business Mixin says hackers stole $200 million in assets

Xenomorph Malware Strikes Again: Over 30+ US Banks Now Targeted

Hacking

CVE-2023-34040 Spring Kafka Deserialization Remote Code Execution

Source Code at Risk: Critical Code Vulnerability in CI/CD Platform TeamCity

Rezilion Researchers Uncover New Details on Severity of Google Chrome Zero-Day Vulnerability (CVE-2023-4863)

Russian zero-day seller offers $20M for hacking Android and iPhones

Using silent SMS to localize LTE users

Millions of Exim mail servers exposed to zero-day RCE attacks

Intelligence and Information Warfare

Some new snippets from the Snowden documents

Rare Backdoors Suspected to be Tied to Gelsemium APT Found in Targeted Attack in Southeast Asian Government

New STARK#VORTEX Attack Campaign: Threat Actors Use Drone Manual Lures to Deliver MerlinAgent Payloads

WELCOME TO CYBER REALISM: PARSING THE 2023 DEPARTMENT OF DEFENSE CYBER STRATEGY

How Russian government-controlled hacking groups shift their tactics, objectives and capabilities — report

People’s Republic of China-Linked Cyber Actors Hide in Router Firmware

Chinese hackers stole emails from US State Dept in Microsoft breach, Senate staffer says

National Security Agency is starting an artificial intelligence security center

Cybersecurity

The Cybersecurity Crisis of Artificial Intelligence: Unrestrained Adoption and Natural Language-Based Attacks

Reports about Cyber Actors Hiding in Router Firmware

We believe PDD is a Dying Fraudulent Company and its Shopping App TEMU is Cleverly Hidden Spyware that Poses an Urgent Security Threat to U.S. National Interests

Update Chrome Now: Google Releases Patch for Actively Exploited Zero-Day Vulnerability

Cisco Warns of IOS Software Zero-Day Exploitation Attempts

Introducing Advanced Vulnerability Insights for GKE

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, newsletter)

Pierluigi Paganini June 27, 2025

Taking over millions of developers exploiting an Open VSX Registry flaw

Pierluigi Paganini June 27, 2025

Security Affairs newsletter Round 439 by Pierluigi Paganini – International edition

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box.

you might also like

Taking over millions of developers exploiting an Open VSX Registry flaw

OneClik APT campaign targets energy sector with stealthy backdoors

leave a comment

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

Taking over millions of developers exploiting an Open VSX Registry flaw

OneClik APT campaign targets energy sector with stealthy backdoors

APT42 impersonates cyber professionals to phish Israeli academics and journalists

Kai West, aka IntelBroker, indicted for cyberattacks causing $25M in damages

Cisco fixed critical ISE flaws allowing Root-level remote code execution

QUICK LINKS

Security Affairs newsletter Round 439 by Pierluigi Paganini – International edition

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box.

you might also like

Taking over millions of developers exploiting an Open VSX Registry flaw

OneClik APT campaign targets energy sector with stealthy backdoors

leave a comment

newsletter

Subscribe to my email list and stay up-to-date!

recent articles

Taking over millions of developers exploiting an Open VSX Registry flaw

OneClik APT campaign targets energy sector with stealthy backdoors

APT42 impersonates cyber professionals to phish Israeli academics and journalists

Kai West, aka IntelBroker, indicted for cyberattacks causing $25M in damages

Cisco fixed critical ISE flaws allowing Root-level remote code execution

Subscribe to my email list and stay
up-to-date!