MUST READ

Ohio’s Union County suffers ransomware attack impacting 45,000 people

 | 

ForcedLeak flaw in Salesforce Agentforce exposes CRM data via Prompt Injection

 | 

Microsoft uncovers new variant of XCSSET macOS malware in targeted attacks

 | 

Hackers exploit Fortra GoAnywhere flaw before public alert

 | 

UK NCSC warns that attackers exploited Cisco firewall zero-days to deploy RayInitiator and LINE VIPER malware

 | 

Google warns of Brickstorm backdoor targeting U.S. legal and tech sectors

 | 

U.S. CISA adds CISCO Secure Firewall ASA and Secure FTD flaws to its Known Exploited Vulnerabilities catalog

 | 

Operation HAECHI VI seized $439M from global cybercrime rings

 | 

Volvo North America disclosed a data breach following a ransomware attack on IT provider Miljödata

 | 

Cisco fixed actively exploited zero-day in Cisco IOS and IOS XE software

 | 

Nation-State hackers exploit Libraesva Email Gateway flaw

 | 

SolarWinds fixed a critical RCE flaw in its Web Help Desk software

 | 

How threat actors breached a U.S. federal civilian agency by exploiting a GeoServer flaw

 | 

Cloudflare mitigates largest-ever DDoS attack at 22.2 Tbps

 | 

U.S. CISA adds Google Chromium flaw to its Known Exploited Vulnerabilities catalog

 | 

US Secret Service dismantled covert communications network near the U.N. in New York

 | 

A suspected Scattered Spider member suspect detained for casino network attacks

 | 

$150K awarded for L1TF Reloaded exploit that bypasses cloud mitigations

 | 

Canada's RCMP closes TradeOgre, seizes $40M in country’s largest crypto bust

 | 

Stellantis probes data breach linked to third-party provider

 | 

Security Affairs newsletter Round 540 by Pierluigi Paganini – INTERNATIONAL EDITION

Pierluigi Paganini September 07, 2025

A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box.

Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Qantas cuts executive bonuses by 15% after a July data breach
MeetC2 – A serverless C2 framework that leverages Google Calendar APIs as a communication channel
Critical SAP S/4HANA flaw CVE-2025-42957 under active exploitation
U.S. CISA adds Sitecore, Android, and Linux flaws to its Known Exploited Vulnerabilities catalog
SVG files used in hidden malware campaign impersonating Colombian authorities
France’s CNIL fined Google $379M and Shein $175M for breaching cookie rules
$10M reward for Russia’s FSB officers accused of hacking US Critical infrastructure
Severe Hikvision HikCentral product flaws: What You Need to Know
U.S. CISA adds TP-Link Archer C7(EU) and TL-WR841N flaws to its Known Exploited Vulnerabilities catalog
Crooks turn HexStrike AI into a weapon for fresh vulnerabilities
Google addressed two Android flaws actively exploited in targeted attacks
U.S. CISA adds WhatsApp, and TP-link flaws to its Known Exploited Vulnerabilities catalog
Android droppers evolved into versatile tools to spread malware
Jaguar Land Rover shuts down systems after cyberattack, no evidence of customer data theft
Cloudflare blocked a record 11.5 Tbps DDoS attack
Palo Alto Networks disclosed a data breach linked to Salesloft Drift incident
Von der Leyen’s plane hit by suspected Russian GPS Jamming in Bulgaria, landed Safely
Supply-chain attack hits Zscaler via Salesloft Drift, leaking customer info
Crooks exploit Meta malvertising to target Android users with Brokewell
North Korea’s APT37 deploys RokRAT in new phishing campaign against academics
Fraudster stole over $1.5 million from city of Baltimore
Amazon blocks APT29 campaign targeting Microsoft device code authentication

International Press – Newsletter

Cybercrime

Scammer steals $1.5 million from Baltimore by spoofing city vendor 

Malvertising Campaign on Meta Expands to Android, Pushing Advanced Crypto-Stealing Malware to Users Worldwide 

Help Desk at Risk: Scattered Spider Shines Light on Overlook Threat Vector

The Ongoing Fallout from a Breach at AI Chatbot Maker Salesloft 

Hackers Issue Ultimatum to Google After Data Breach Warning 

Cybercriminals Exploit X’s Grok AI to Bypass Ad Protections and Spread Malware to Millions

Malware

MystRodX: The Covert Dual-Mode Backdoor Threat 

Ethereum smart contracts used to push malicious code on npm  

Uncovering a Colombian Malware Campaign with AI Code Analysis

An MDR Analysis of the AMOS Stealer Campaign Targeting macOS via ‘Cracked’ Apps 

Hacking

Threat Brief: Salesloft Drift Integration Used To Compromise Salesforce Instances 

Cloudflare Blocks Record-Breaking 11.5 Tbps DDoS Attack 

Introduction to OPSEC (Part 2) 

Hexstrike-AI: When LLMs Meet Zero-Day Exploitation

Heap-based buffer overflow in Kernel Streaming WOW Thunk Service Driver – CVE-2025-53149  

Critical SAP S/4HANA code injection vulnerability (CVE-2025-42957) exploited in the wild – patch immediately  

Intelligence and Information Warfare

The Trap of Troubleshooting: Analysis of Lazarus (APT-Q-1)’s Recent Attacks Using ClickFix

Operation HanKook Phantom: North Korean APT37 targeting South Korea 

Ursula von der Leyen’s plane hit by suspected Russian GPS interference 

Inside Palantir: The Secretive Tech Company Helping the US Government Build a Massive Web of Surveillance  

Three Lazarus RATs coming for your cheese  

CTI Analysis: Malicious Email Campaign 

US Offers $10 Million for Three Russian Energy Firm Hackers  

Analyzing NotDoor: Inside APT28’s Expanding Arsenal

Analysis of APT-C-53 (Gamaredon) attacks against Ukrainian government departments  

Contagious Interview | North Korean Threat Actors Reveal Plans and Ops by Abusing Cyber Intel Platforms

A Playbook for Winning the Cyber War Part 2: Evaluating Russia’s Cyber Strategy  

Cybersecurity

Elon Musk Sues Ex-xAI Techie For Uploading Grok’s Codebase To OpenAI; Internet Erupts In Hilarious Memes  

Scientists Created an Entire Social Network Where Every User Is a Bot, and Something Wild Happened 

Salesloft Drift Supply Chain Incident: Key Details and Zscaler’s Response

Securing EU (Cyber)Space: New Cyber Requirements in the EU Space Act 

Salesforce-Connected Third-Party Drift Application Incident Response 

Jaguar Land Rover says cyberattack ‘severely disrupted’ production 

Cookie regulation: the CNIL is continuing the action plan initiated in 2019 and has imposed two fines on SHEIN and GOOGLE     

Qantas penalizes executives for July cyberattack  

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, newsletter)

Cybercrime data breach Hacking hacking news information security news IT Information Security malware Newsletter Pierluigi Paganini Security Affairs Security News

you might also like

Pierluigi Paganini September 27, 2025
ForcedLeak flaw in Salesforce Agentforce exposes CRM data via Prompt Injection
Read more
Pierluigi Paganini September 26, 2025
Microsoft uncovers new variant of XCSSET macOS malware in targeted attacks
Read more

leave a comment

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

Ohio’s Union County suffers ransomware attack impacting 45,000 people

Uncategorized / September 27, 2025

ForcedLeak flaw in Salesforce Agentforce exposes CRM data via Prompt Injection

Hacking / September 27, 2025

Microsoft uncovers new variant of XCSSET macOS malware in targeted attacks

Malware / September 26, 2025

Hackers exploit Fortra GoAnywhere flaw before public alert

Hacking / September 26, 2025

UK NCSC warns that attackers exploited Cisco firewall zero-days to deploy RayInitiator and LINE VIPER malware

Hacking / September 26, 2025