Security Affairs newsletter Round 545 by Pierluigi Paganini – INTERNATIONAL EDITION

A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box.

Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

CVE-2025-11371: Unpatched zero-day in Gladinet CentreStack, Triofox under attack

Cybercrime ring GXC Team dismantled in Spain, 25-year-old leader detained

Attackers exploit valid logins in SonicWall SSL VPN compromise

Apple doubles maximum bug bounty to $2M for zero-click RCEs

Juniper patched nine critical flaws in Junos Space

Ukraine sees surge in AI-Powered cyberattacks by Russia-linked Threat Actors

U.S. CISA adds Grafana flaw to its Known Exploited Vulnerabilities catalog

RondoDox Botnet targets 56 flaws across 30+ device types worldwide

ClayRat campaign uses Telegram and phishing sites to distribute Android spyware

CVE-2025-5947: WordPress Plugin flaw lets hackers access Admin accounts

Threat actors steal firewall configs, impacting all SonicWall Cloud Backup users

Discord denies massive breach, confirms limited exposure of 70K ID photos

Qilin ransomware claimed responsibility for the attack on the beer giant Asahi

DragonForce, LockBit, and Qilin, a new triad aims to dominate the ransomware landscape

DraftKings thwarts credential stuffing attack, but urges password reset and MFA

Redis patches 13-Year-Old Lua flaw enabling Remote Code Execution

U.S. CISA adds Synacor Zimbra Collaboration Suite (ZCS) flaw to its Known Exploited Vulnerabilities catalog

GoAnywhere MFT zero-day used by Storm-1175 in Medusa ransomware campaigns

CrowdStrike ties Oracle EBS RCE (CVE-2025-61882) to Cl0p attacks began Aug 9, 2025

U.S. CISA adds Oracle, Mozilla, Microsoft Windows, Linux Kernel, and Microsoft IE flaws to its Known Exploited Vulnerabilities catalog

Discord discloses third-party breach affecting customer support data

Oracle patches critical E-Business Suite flaw exploited by Cl0p hackers

LinkedIn sues ProAPIs for $15K/Month LinkedIn data scraping scheme

Zimbra users targeted in zero-day exploit using iCalendar attachments

Reading the ENISA Threat Landscape 2025 report

Ghost in the Cloud: Weaponizing AWS X-Ray for Command & Control

International Press – Newsletter

Cybercrime

UAT-8099: Chinese-speaking cybercrime group targets high-value IIS for SEO fraud  

CVE-2025-61882 Mass Exploitation — Oracle E-Business Suite (EBS) Under Attack by Cl0p Ransomware  

Investigating active exploitation of CVE-2025-10035 GoAnywhere Managed File Transfer vulnerability 

DraftKings Warns Users of Credential Stuffing Attacks

Discord says 70,000 users may have had their government IDs leaked in breach 

ShinyHunters Wage Broad Corporate Extortion Spree  

Inside Akira’s SonicWall Campaign: Darktrace’s Detection and Response 

DDoS Botnet Aisuru Blankets US ISPs in Record DDoS 

The Civil Guard dismantles a banking phishing network and arrests the main developer of credential-stealing kits in Spain 

FBI takes down BreachForums portal used for Salesforce extortion

Two arrested by the Met following nursery cyber-attack 

Malware

Ransomware and Cyber Extortion in Q3 2025  

XWorm V6: Exploring Pivotal Plugins  

ClayRat: A New Android Spyware Targeting Russia  

175 Malicious npm Packages Host Phishing Infrastructure Targeting 135+ Organizations

Hacking

Ghost in the Cloud: Weaponizing AWS X-Ray for Command & Control 

0day .ICS attack in the wild 

CrowdStrike Identifies Campaign Targeting Oracle E-Business Suite via Zero-Day Vulnerability (now tracked as CVE-2025-61882)  

It Is Bad (Exploitation of Fortra GoAnywhere MFT CVE-2025-10035) – Part 2 

Active Exploitation of Gladinet CentreStack and Triofox Local File Inclusion Flaw (CVE-2025-11371) 

Credential stuffing: £2.31 million fine shows passwords are still the weakest link

Introducing CodeMender: an AI agent for code security  

Huntress Threat Advisory: Widespread SonicWall SSLVPN Compromise 

Intelligence and Information Warfare

Disrupting malicious uses of AI: October 2025  

North Korea’s crypto hackers have stolen over $2 billion in 2025  

New cyber threats: who and how hostile groups attack

Hacktivists target critical infrastructure, hit decoy plant

The Crown Prince, Nezha: A New Tool Favored by China-Nexus Threat Actors 

BatShadow: Vietnamese Threat Actor Expands Its Digital Operations 

Cybersecurity

LinkedIn sues software company allegedly scraping data from millions of profiles 

Red Hat Consulting breach puts over 5000 high profile enterprise customers at risk — in detail  

RediShell: Critical Remote Code Execution Vulnerability (CVE-2025-49844) in Redis, 10 CVSS score  

Germany slams brakes on EU’s Chat Control device-scanning snoopfest

A major evolution of Apple Security Bounty, with the industry’s top awards for the most advanced research 

SonicWall Concludes Investigation Into Incident Affecting MySonicWall Configuration Backup Files 

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, newsletter)