Security Affairs newsletter Round 531 by Pierluigi Paganini – INTERNATIONAL EDITION

A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box.

Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

North Korea-linked threat actors spread macOS NimDoor malware via fake Zoom updates

Critical Sudo bugs expose major Linux distros to local Root exploits

Google fined $314M for misusing idle Android users’ data

A flaw in Catwatchful spyware exposed logins of +62,000 users

China-linked group Houken hit French organizations using zero-days

Data Breach

Cybercriminals Target Brazil: 248,725 Exposed in CIEE One Data Breach

Europol shuts down Archetyp Market, longest-running dark web drug marketplace

Kelly Benefits data breach has impacted 550,000 people, and the situation continues to worsen as the investigation progresses

Cisco removed the backdoor account from its Unified Communications Manager

U.S. Sanctions Russia’s Aeza Group for aiding crooks with bulletproof hosting

Qantas confirms customer data breach amid Scattered Spider attacks

CVE-2025-6554 is the fourth Chrome zero-day patched by Google in 2025

U.S. CISA adds TeleMessage TM SGNL flaws to its Known Exploited Vulnerabilities catalog

A sophisticated cyberattack hit the International Criminal Court

Esse Health data breach impacted 263,000 individuals

GDPR violations prompt Germany to push Google and Apple to ban DeepSeek AI

Europol dismantles €460M crypto scam targeting 5,000 victims worldwide

CISA and U.S. Agencies warn of ongoing Iranian cyber threats to critical infrastructure

U.S. CISA adds Citrix NetScaler flaw to its Known Exploited Vulnerabilities catalog

Canada bans Hikvision over national security concerns

Denmark moves to protect personal identity from deepfakes with new copyright law

Facebook wants access to your camera roll for AI photo edits

International Press – Newsletter

Cybercrime

Crypto investment fraud ring dismantled in Spain after defrauding 5 000 victims worldwide

New INTERPOL report warns of sharp rise in cybercrime in Africa     

QANTAS CYBER INCIDENT 

Treasury Sanctions Global Bulletproof Hosting Service Enabling Cybercriminals and Technology Theft  

PDFs: Portable documents, or perfect deliveries for phish? 

Hunters International Ransomware Shuts Down, Offers Free Decryptors to Victims 

Malware

10 Things I Hate About Attribution: RomCom vs. TransferLoader 

FoxyWallet: 40+ Malicious Firefox Extensions Exposed 

Addressing malware family concept drift with triplet autoencoder

RawMal-TF: Raw Malware Dataset Labeled by Type and Family

Hacking

ICC detects and contains new sophisticated cyber security incident

CVE-2025-6543: Zero Day Exploitation of NetScaler ADC and NetScaler Gateway    

Chrome Zero-Day CVE-2025-6554 Under Active Attack — Google Issues Security Update

FileFix (Part 2)  attack

Cisco warns that Unified CM has hardcoded root SSH credentials

Taking over 60k spyware user accounts with SQL injection

China breaks RSA encryption with a quantum computer, threatening global data security

Exposed JDWP Exploited in the Wild: What Happens When Debug Ports Are Left Open 

Intelligence and Information Warfare

Iranian Cyber Actors May Target Vulnerable US Networks and Entities of Interest 

macOS NimDoor | DPRK Threat Actors Target Web3 and Crypto Platforms with Nim-Based Malware

Analysis of the threat case of kimsuky group using ‘ClickFix’ tactic 

Warning Against Distribution of Malware Disguised as Research Papers (Kimsuky Group)

Dissecting Kimsuky’s Attacks on South Korea: In-Depth Analysis of GitHub-Based Malicious Infrastructure 

Houken seeking a path by living on the edge with zero-days 

Israel strikes Iran’s nuclear sites and kills top generals. Iran retaliates with missile barrages  

How Geopolitical Tensions Are Shaping Cyber Warfare 

Cybersecurity

Facebook is asking to use Meta AI on photos in your camera roll you haven’t yet shared

Ahold Delhaize Data Breach Impacts 2.2 Million People     

Denmark to tackle deepfakes by giving people copyright to their own features 

Berlin data protection commissioner reports AI app DeepSeek in Germany to Apple and Google as illegal content

263,000 Impacted by Esse Health Data Breach 

China breaks RSA encryption with a quantum computer, threatening global data security

Data breach reveals Catwatchful ‘stalkerware’ is spying on thousands of phones 

Google Ordered to Pay $314M for Misusing Android Users’ Cellular Data Without Permission

Vulnerability Advisory: Sudo Host Option Elevation of Privilege  

Top AI models will lie, cheat and steal to reach goals, Anthropic finds

Only One in 10 Organizations Globally Are Ready to Protect Against AI-Augmented Cyber Threats    

More than 25% of UK businesses hit by cyber-attack in last year, report finds

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, newsletter)