Security Affairs newsletter Round 533 by Pierluigi Paganini – INTERNATIONAL EDITION

A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box.

Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Fortinet FortiWeb flaw CVE-2025-25257 exploited hours after PoC release

Authorities released free decryptor for Phobos and 8base ransomware

Anne Arundel Dermatology data breach impacts 1.9 million people

LameHug: first AI-Powered malware linked to Russia’s APT28

5 Features Every AI-Powered SOC Platform Needs in 2025

Broadcom patches critical VMware flaws exploited at Pwn2Own Berlin 2025

Stormous Ransomware gang targets North Country HealthCare, claims 600K patient data stolen

United Natural Foods Expects $400M revenue impact from June cyber attack

Cisco patches critical CVE-2025-20337 bug in Identity Services Engine with CVSS 10 Severity

UNC6148 deploys Overstep malware on SonicWall devices, possibly for ransomware operations

Operation Eastwood disrupted operations of pro-Russian hacker group NoName057(16)

Salt Typhoon breach: Chinese APT compromises U.S. Army National Guard network

Former US Army member confesses to Telecom hack and extortion conspiracy

CVE-2025-6554 marks the fifth actively exploited Chrome Zero-Day patched by Google in 2025

DDoS peaks hit new highs: Cloudflare mitigated massive 7.3 Tbps assault

U.S. CISA adds Wing FTP Server flaw to its Known Exploited Vulnerabilities catalog

Android Malware Konfety evolves with ZIP manipulation and dynamic loading

Belk hit by May cyberattack: DragonForce stole 150GB of data

North Korea-linked actors spread XORIndex malware via 67 malicious npm packages

FBI seized multiple piracy sites distributing pirated video games

An attacker using a $500 radio setup could potentially trigger train brake failures or derailments from a distance

Interlock ransomware group deploys new PHP-based RAT via FileFix

Global Louis Vuitton data breach impacts UK, South Korea, and Turkey

Experts uncover critical flaws in Kigen eSIM technology affecting billions

Spain awarded €12.3 million in contracts to Huawei

Patch immediately: CVE-2025-25257 PoC enables remote code execution on Fortinet FortiWeb

Wing FTP Server flaw actively exploited shortly after technical details were made public

International Press – Newsletter

Cybercrime

Hacker returns cryptocurrency stolen from GMX exchange after $5 million bounty payment 

Louis Vuitton Data Breach Hits Customers in Several Countries

Romania arrests 13 in phishing scam targeting British tax office  

CBI Shuts Down £390K U.K. Tech Support Scam, Arrests Key Operatives in Noida Call Center

BaitTrap – The rise of baiting news sites behind online investment fraud

FBI Atlanta Seizes Major Video Game Piracy Websites

GLOBAL GROUP: Emerging Ransomware-as-a-Service, Supporting AI Driven Negotiation and Mobile Control Panel for Their Affiliates

Former U.S. Soldier Pleads Guilty to Hacking and Extortion Scheme Involving Telecommunications Companies 

Global operation targets NoName057(16) pro-Russian cybercrime network 

Ransomware Group Claims to Have Stolen Data of 600,000 North Country HealthCare Patients  

Hackers are trying to steal passwords and sensitive data from users of Signal clone

Google sues 25 alleged BadBox 2.0 botnet operators, all of whom are in China

Malware

KongTuke FileFix Leads to New Interlock RAT Variant  

Code highlighting with Cursor AI for $500,000

The Linuxsys Cryptominer 

From a Teams Call to a  Ransomware Threat:  Matanbuchus 3.0 MaaS Levels Up

Unmasking AsyncRAT: Navigating the labyrinth of forks

New Phobos and 8base ransomware decryptor recover files for free

Hacking

eSIM security 

Wing FTP Server Remote Code Execution (CVE-2025-47812) Exploited in the Wild 

Pre-Auth SQL Injection to RCE – Fortinet FortiWeb Fabric Connector (CVE-2025-25257) 

FileFix (Part 2)

End-of-Train and Head-of-Train Remote Linking Protocol 

CVE-2025-47943: Stored XSS in Gogs via PDF

Ongoing SonicWall Secure Mobile Access (SMA) Exploitation Campaign using the OVERSTEP Backdoor 

VMware fixes four ESXi zero-day bugs exploited at Pwn2Own Berlin

Chinese authorities are using a new tool to hack seized phones and extract data  

Zero-Day Threat Mitigation via Deep Learning in Cloud Environments

July 16 Advisory: Pre-Auth SQL Injection Leads to RCE in Fortinet FortiWeb [CVE-2025-25257]

Flaw in Signal App Clone Could Leak Passwords — GreyNoise Identifies Active Reconnaissance and Exploit Attempts     

CitrixBleed 2 situation update — everybody already got owned 

Intelligence and Information Warfare

How terrorist groups are leveraging AI to recruit and finance their operations

The government pays 12 million to China’s Huawei to protect police wiretaps 

Behind the Clouds: Attackers Targeting Governments in Southeast Asia Implement Novel Covert C2 Communication

China’s Salt Typhoon Hacked US National Guard 

MaaS operation using Emmenhtal and Amadey linked to threats against Ukrainian entities

UAC-0001 cyberattacks on the security and defense sector using the LAMEHUG software tool, which uses LLM (large language model) (CERT-UA#16039)

Trump administration to spend $1 billion on ‘offensive’ hacking operations 

Addressing State-Linked Cyber Threats to Critical Maritime Port Infrastructure 

UK uncovers novel Microsoft snooping malware, blames and sanctions GRU cyberspies

Cybersecurity

CVE-2025-47812: Wing FTP Server Remote Code Execution Vulnerability Exploited in the Wild

Engaging the Vulnerability Research community through the Vulnerability Research Initiative  

Hyper-volumetric DDoS attacks skyrocket: Cloudflare’s 2025 Q2 DDoS threat report 

TRACKING RANSOMWARE : JUNE 2025    

Cisco Warns of Critical ISE Flaw Allowing Unauthenticated Attackers to Execute Root Code

United Natural Foods Projects Up to $400M Sales Hit From June Cyberattack 

DOGE Denizen Marko Elez Leaked API Key for xAI 

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, newsletter)