Security Affairs newsletter Round 548 by Pierluigi Paganini – INTERNATIONAL EDITION

A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box.

Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

BadCandy Webshell threatens unpatched Cisco IOS XE devices, warns Australian government

China-linked UNC6384 exploits Windows zero-day to spy on European diplomats

Old Linux Kernel flaw CVE-2024-1086 resurfaces in ransomware attacks

EY Exposes 4TB SQL Server Backup Publicly on Microsoft Azure

Suspected Chinese actors compromise U.S. Telecom firm Ribbon Communications

U.S. CISA adds XWiki Platform, and Broadcom VMware Aria Operations and VMware Tools flaws to its Known Exploited Vulnerabilities catalog

Brush exploit can cause any Chromium browser to collapse in 15-60 seconds

Ex-Defense contractor exec pleads guilty to selling cyber exploits to Russia

Dentsu’s US subsidiary Merkle hit by cyberattack, staff and client data exposed

Hacktivists breach Canada’s critical infrastructure, cyber Agency warns

Russian hackers, likely linked to Sandworm, exploit legitimate tools against Ukrainian targets

U.S. CISA adds Dassault Systèmes DELMIA Apriso flaws to its Known Exploited Vulnerabilities catalog

Herodotus Android malware mimics human typing to evade detection

Aisuru botnet is behind record 20Tb/sec DDoS attacks

Everest group claimed the hack of Sweden’s power grid operator Svenska kraftnät

Critical ASP.NET flaw hits QNAP NetBak PC Agent

Ransomware payments hit record low: only 23% Pay in Q3 2025

X warns users to re-enroll passkeys and YubiKeys for 2FA by Nov 10

Memento Labs, the ghost of Hacking Team, has returned — or maybe it was never gone at all.

Crafted URLs can trick OpenAI Atlas into running dangerous commands

Linux variant of Qilin Ransomware targets Windows via remote management tools and BYOVD

Wordfence blocks 8.7M attacks exploiting old GutenKit and Hunk Companion flaws

Safepay ransomware group claims the hack of professional video surveillance provider Xortec

International Press – Newsletter

Cybercrime

Insider Threats Loom while Ransom Payment Rates Plummet 

FBI says card shuffling machines were hacked as part of major illegal gambling schemes 

Sweden’s power grid operator confirms data breach claimed by ransomware gang 

ASERT Threat Summary: Aisuru and Related TurboMirai Botnet DDoS Attack Mitigation and Suppression—October 2025—v1.0

Former General Manager for U.S. Defense Contractor Pleads Guilty to Selling Stolen Trade Secrets to Russian Broker

NCSC Annual Review 2025  

CISA: High-severity Linux flaw now exploited by ransomware gangs 

Ukrainian National Extradited from Ireland in Connection with Conti Ransomware  

Silent Push Unearths AdaptixC2’s Ties to Russian Criminal Underworld, Tracks Threat Actors Harnessing Open-Source Tool for Malicious Payloads
Hackers threaten to leak data after breaching University of Pennsylvania to send mass emails  

Malware

Agenda Ransomware Deploys Linux Variant on Windows Systems Through Remote Management Tools and BYOVD Techniques

Meet Atroposia: The Stealthy Feature-Packed RAT 

New Android Malware Herodotus Mimics Human Behaviour to Evade Detection  

10 npm Typosquatted Packages Deploy Multi-Stage Credential Harvester 

PhantomRaven: NPM Malware Hidden in Invisible Dependencies 

Hacking

Mass Exploit Campaign Targeting Arbitrary Plugin Installation Vulnerabilities 

CoPhish: Using Microsoft Copilot Studio as a wrapper for OAuth phishing 

OpenAI Atlas Omnibox Prompt Injection: URLs That Become Jailbreaks

AI Sidebar Spoofing: Malicious Extensions Impersonates AI Browser Interface

Unseeable prompt injections in screenshots: more vulnerabilities in Comet and other AI browsers      

“ChatGPT Tainted Memories:” LayerX Discovers The First Vulnerability in OpenAI Atlas Browser, Allowing Injection of Malicious Instructions into ChatGPT  

Internet-accessible industrial control systems (ICS) abused by hacktivists 

TEE.fail: Breaking Trusted Execution Environments via DDR5 Memory Bus Interposition 

Don’t take BADCANDY from strangers – How your devices could be implanted and what to do about it 

Intelligence and Information Warfare

Mem3nt0 mori – The Hacking Team is back!

Ukrainian organizations still heavily targeted by Russian attacks 

Crypto wasted: BlueNoroff’s ghost mirage of funding and jobs

US accuses former L3Harris cyber boss of stealing and selling secrets to Russian buyer 

Major US Telecom Backbone Firm Hacked by Nation-State Actors

UNC6384 Weaponizes ZDI-CAN-25373 Vulnerability to Deploy PlugX Against Hungarian and Belgian Diplomatic Entities 

CN APT targets Serbian Government

Suspected Nation-State Threat Actor Uses New Airstalk Malware in a Supply Chain Attack 

Is Space the Final Frontier of Espionage? 

China-Linked Tick Group Exploits Lanscope Zero-Day to Hijack Corporate Systems

Cybersecurity

X Warns Users With Security Keys to Re-Enroll Before November 10 to Avoid Lockouts

iOS 26 update erases critical trace files used to identify Pegasus intrusions 

Merkle data hit as Dentsu is rocked by ‘security incident’ 

EY Data Leak – Massive 4TB SQL Server Backup Exposed Publicly on Microsoft Azure  

Security Community Slams MIT-linked Report Claiming AI Powers 80% of Ransomware  

How Android provides the most effective protection to keep you safe from mobile scams

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, newsletter)