Security Affairs newsletter Round 549 by Pierluigi Paganini – INTERNATIONAL EDITION

A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box.

Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

China-linked hackers target U.S. non-profit in long-term espionage campaign

A new Italian citizen was targeted with Paragon’s Graphite spyware. We have a serious problem

LANDFALL spyware exploited Samsung zero-day CVE-2025-21042 in Middle East attacks

Cisco fixes critical UCCX flaw allowing Root command execution

Russia-linked APT InedibleOchotense impersonates ESET to deploy backdoor on Ukrainian systems

Clop Ransomware group claims the breach of The Washington Post

Cisco became aware of a new attack variant against Secure Firewall ASA and FTD devices

Google sounds alarm on self-modifying AI malware

Alleged Russia-linked Curly COMrades exploit Windows Hyper-V to evade EDRs

SonicWall blames state-sponsored hackers for September security breach

U.S. sanctioned North Korea bankers for laundering funds linked to cyberattacks and peapons program

Former cybersecurity employees attempted to extort five U.S. companies in 2023 using BlackCat ransomware attacks

U.S. CISA adds Gladinet CentreStack, and CWP Control Web Panel flaws to its Known Exploited Vulnerabilities catalog

Nine arrested in €600M crypto laundering bust across Europe

Google fixed a critical remote code execution in Android

SesameOp: New backdoor exploits OpenAI API for covert C2

Google Big Sleep found five vulnerabilities in Safari

Crooks exploit RMM software to hijack trucking firms and steal cargo

Jabber Zeus developer ‘MrICQ’ extradited to US from Italy

Chrome 142 Released: Two high-severity V8 flaws fixed, $100K in rewards paid

Android Apps misusing NFC and HCE to steal payment data on the rise

Conduent January 2025 breach impacts 10M+ people

International Press – Newsletter

Cybercrime

Remote access, real cargo: cybercriminals targeting trucking and logistics

Alleged Jabber Zeus Coder ‘MrICQ’ in U.S. Custody

Decisive actions against cryptocurrency scammers earning over EUR 600 million  

Lawmakers say stolen police logins are exposing Flock surveillance cameras to hackers

Scattered LAPSUS$ Hunters: Anatomy of a Federated Cybercriminal Brand      

Chicago firm that resolves ransomware attacks had rogue workers carrying out their own hacks, FBI says

INSIDE LOCKBIT 5.0: AN EXCLUSIVE INTERVIEW WITH THE NEW INSTANCE OF THE WORLD’S MOST INFAMOUS RANSOMWARE BRAND    

How a ransomware gang encrypted Nevada government’s systems  

Malware

SesameOp: Novel backdoor uses OpenAI Assistants API for command and control  

Weaponized Military Documents Deliver Advanced SSH-Tor Backdoor to Defense Sector  

Gootloader Returns: What Goodies Did They Bring? 

LANDFALL: New Commercial-Grade Android Spyware in Exploit Chain Targeting Samsung Devices

Hacking

Exploiting Trust in Collaboration: Microsoft Teams Vulnerabilities Uncovered

HackedGPT: Novel AI Vulnerabilities Open the Door for Private Data Leakage

Cisco Event Response: Continued Attacks Against Cisco Firewalls

LLM-goat  

The most advanced ClickFix yet? 

Intelligence and Information Warfare

DPRK’s Playbook: Kimsuky’s HttpTroy and Lazarus’s New BLINDINGCAN Variant  

Disrupting Illicit DPRK Bankers and Institutions Laundering Cybercrime and IT Worker Funds

Preparing for Threats to Come: Cybersecurity Forecast 2026

Sonicwall: Cloud Backup Security Incident Investigation Complete and Strengthened Cyber Resilience     

Curly COMrades: Evasion and Persistence via Hidden Hyper-V Virtual Machines  

ESET APT Activity Report Q2 2025–Q3 2025  

Italian communications executive reveals he was targeted with Paragon spyware 

China-linked Actors Maintain Focus on Organizations Influencing U.S. Policy 

Russian Cybercrime & State Militarization  

Cybersecurity

Google Pays $100,000 in Rewards for Two Chrome Vulnerabilities 

Google’s AI ‘Big Sleep’ Finds 5 New Vulnerabilities in Apple’s Safari WebKit

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, newsletter)