Post

Security Affairs newsletter Round 551 by Pierluigi Paganini – INTERNATIONAL EDITION

Posted
By ictsec.pl
1 min read

The Security Affairs newsletter highlights a surge in cybercrime activity, including a confirmed data breach impacting the Pennsylvania Attorney General following an INC Ransom attack. DoorDash also confirmed a breach exposing users’ phone numbers and physical addresses. Eurofiber experienced a breach exposing critical infrastructure data across Europe. Law enforcement seized thousands of servers in a major cybercrime investigation, while the US, Australia, and UK sanctioned Russian cybercrime infrastructure supporting ransomware operations. Teenagers have pleaded not guilty to a cyber attack on London’s transport system.

Malware threats are on the rise, with an npm campaign using Adspect cloaking to deliver malicious redirects. A fake Google Play Store is dropping BTMob spyware and UASecurity miner on Android devices. A new malware named TamperedChef uses signed apps to deliver stealthy payloads. Sturnus mobile banking malware is bypassing WhatsApp, Telegram, and Signal encryption. A new AI based botnet called ShadowRay 2.0 is being used in a global campaign that hijacks AI for malicious purposes.

Several vulnerabilities and exploits are actively being targeted. Fortinet warned of a new FortiWeb zero-day being exploited in attacks. Hackers are actively exploiting a 7-Zip symbolic link-based RCE vulnerability (CVE-2025-11001) and Oracle Identity Manager exploit (CVE-2025-61757). Google issued a security fix for an actively exploited Chrome V8 zero-day vulnerability. W3 Total Cache versions prior to 2.8.13 are vulnerable to unauthenticated command injection.

Amazon Threat Intelligence has discovered nation-state actors bridging cyber and kinetic warfare. APT24 is pivoting to multi-vector attacks and APT31, known as the Striking Panda, remains active. Cloudflare reported resolving an outage impacting sites like X and ChatGPT, potentially serving as a security roadmap. Azure neutralized a record-breaking 15 Tbps DDoS attack. Security researchers are actively studying methods to enumerate WhatsApp accounts for security and privacy research.

To read the complete article see: Security Affairs newsletter Round 551

SECURITY
CYBERCRIME DATA BREACH MALWARE VULNERABILITIES
This post is licensed under CC BY 4.0 by the author.