Security Affairs newsletter Round 558 by Pierluigi Paganini – INTERNATIONAL EDITION

A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box.

Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

A massive breach exposed data of 17.5M Instagram users

North Korea–linked APT Kimsuky behind quishing attacks, FBI warns

Illinois Department of Human Services (IDHS) suffered a data breach that impacted 700K individuals

Trend Micro fixed a remote code execution in Apex Central

Iran cuts Internet nationwide amid deadly protest crackdown

China-linked UAT-7290 spies on telco in South Asia and Europe using modular malware

Chinese-speaking hackers exploited ESXi zero-days long before disclosure

Astaroth banking Trojan spreads in Brazil via WhatsApp worm

Public PoC prompts Cisco patch for ISE, ISE-PIC vulnerability

U.S. CISA adds HPE OneView and Microsoft Office PowerPoint flaws to its Known Exploited Vulnerabilities catalog

China-linked groups intensify attacks on Taiwan’s critical infrastructure, NSB warns

Ni8mare flaw gives unauthenticated control of n8n instances

Misconfigured email routing enables internal-spoofed phishing

Veeam resolves CVSS 9.0 RCE flaw and other security issues

Hackers actively exploit critical RCE flaw in legacy D-Link DSL routers

Fake Booking.com lures and BSoD scams spread DCRat in European hospitality sector

CERT/CC warns of critical, unfixed vulnerability in TOTOLINK EX200

Google fixes critical Dolby Decoder bug in Android January update

Resecurity Went on the Cyber Offensive – When ‘Shiny Objects’ trick ‘Shiny Hunters’

Russia-linked APT UAC-0184 uses Viber to spy on Ukrainian military in 2025

Kimwolf botnet leverages residential proxies to hijack 2M+ Android devices

The cybercriminal behind the 2016 Bitfinex hack has been released from prison early thanks to Trump’s 2018 First Step Act

VVS Stealer, a new python malware steals Discord credentials

Sedgwick discloses data breach after TridentLocker ransomware attack

Resecurity Caught ShinyHunters in Honeypot

What is happening to the Internet in Venezuela? Did the U.S. use cyber capabilities?

President Trump blocks $2.9M Emcore chip sale over security concerns

International Press – Newsletter

Cybercrime

Synthetic Data: A New Frontier for Cyber Deception and Honeypots  

Ilya Lichtenstein, Bitcoin hacker behind massive crypto theft, credits Trump for early prison release  

Analyzing PHALT#BLYX: How Fake BSODs and Trusted Build Tools Are Used to Construct a Malware Infection  

Founder of spyware maker pcTattletale pleads guilty to hacking and advertising surveillance software  

CNCERT: Risk Warning Regarding the “Black Cat” Gang’s Use of Search Engines to Spread Counterfeit Notepad++ Download Remote Control Backdoors   

Who Benefited from the Aisuru and Kimwolf Botnets? 

17.5 Million Instagram Accounts Exposed in Massive Data Breach 

Malware

VVS Discord Stealer Using Pyarmor for Obfuscation and Detection Evasion  

Malicious NPM Packages Deliver NodeCordRAT    

Boto-Cor-de-Rosa campaign reveals Astaroth WhatsApp-based worm activity in Brazil

The Mac Malware of 2025  

Hacking

AI in Cybersecurity: How Xfenser Enables Offensive and Defensive Intelligence in the Era of Autonomous Agents  

HandPwning: security pitfalls of hand-geometry recognition-based access control systems  

PlayStation 5 ROM keys leaked — jailbreaking could be made easier with BootROM codes  

Hacktivist deletes white supremacist websites live onstage during hacker conference  

TOTOLINK EX200 firmware-upload error handling can activate an unauthenticated root telnet service

Hacker Conversations: Katie Paxton-Fear Talks Autism, Morality and Hacking

Safetensors Forensics: It’s “Safe”… Right?  

Ongoing Attacks Exploiting Critical RCE Vulnerability in Legacy D-Link DSL Routers

The Great VM Escape: ESXi Exploitation in the Wild 

Trend Micro Apex Central Multiple Vulnerabilities

Phishing actors exploit complex routing and misconfigurations to spoof domains 

Cisco Patches ISE Security Vulnerability After Public PoC Exploit Release

Intelligence and Information Warfare

Trump suggests US used cyberattacks to turn off lights in Venezuela during strikes  

Artificial Intelligence in the Military Domain and Its Implications for International Peace and Security: An Evidence-Based Road Map for Future Policy Action  

UAC-0184 | “The Dark Side of the Fallen Files” Pitching Operation  

Analysis on China’s Cyber Threats to Taiwan’s Critical Infrastructure in 2025  

UAT-7290 targets high value telecommunications infrastructure in South Asia  

Iran shuts down internet as regime struggles to contain escalating unrest  

North Korean Kimsuky Actors Leverage Malicious QR Codes in Spearphishing Campaigns Targeting U.S. Entities  

Cybersecurity

California residents can use new tool to demand brokers delete their personal data 

Ten found guilty of cyber-bullying Brigitte Macron  

New cyber action plan to tackle threats and strengthen public services  

OpenAI Launches ChatGPT Health with Isolated, Encrypted Health Data Controls

Tim Kosiba Named NSA Deputy Director

AI-Driven Cybersecurity Threats: A Survey of Emerging Risks and Defensive Strategies

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, newsletter)