Security Affairs newsletter Round 551 by Pierluigi Paganini – INTERNATIONAL EDITION

A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box.

Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

BadAudio malware: how APT24 scaled its cyberespionage through supply chain attacks

U.S. CISA adds an Oracle Fusion Middleware flaw to its Known Exploited Vulnerabilities catalog

CrowdStrike denies breach after insider sent internal screenshots to hackers

SolarWinds addressed three critical flaws in Serv-U

Massive data leak hits Italian railway operator Ferrovie dello Stato via Almaviva hack

Salesforce alerts users to potential data exposure via Gainsight OAuth apps

Researchers devised a new enumeration technique that exposed 3.5B WhatsApp profiles

Sturnus: New Android banking trojan targets WhatsApp, Telegram, and Signal

Coordinated sanctions hit Russian bulletproof hosting providers enabling top ransomware Ops

Cyber-enabled kinetic targeting: Iran-linked actor uses cyber operations to support physical attacks

U.S. CISA adds a Google Chromium V8 flaw to its Known Exploited Vulnerabilities catalog

7-Zip RCE flaw (CVE-2025-11001) actively exploited in attacks in the wild

Operation WrtHug hijacks 50,000+ ASUS routers to build a global botnet

U.S. CISA adds a new Fortinet FortiWeb flaw to its Known Exploited Vulnerabilities catalog

Eurofiber confirms November 13 hack, data theft, and extortion attempt

New FortiWeb zero-day CVE-2025-58034 under attack patched by Fortinet

Pennsylvania Office of the Attorney General (OAG) confirms data breach after August attack

DoorDash data breach exposes personal info after social engineering attack

Google fixed the seventh Chrome zero-day in 2025

Dutch police takes down bulletproof hosting hub linked to 80+ cybercrime cases

Microsoft mitigated the largest cloud DDoS ever recorded, 15.7 Tbps

Jaguar Land Rover confirms major disruption and £196M cost from September cyberattack

North Korean threat actors use JSON sites to deliver malware via trojanized code

RondoDox expands botnet by exploiting XWiki RCE bug left unpatched since February 2025

Five admit helping North Korea evade sanctions through IT worker schemes

Anthropic: China-backed hackers launch first large-scale autonomous AI cyberattack

International Press – Newsletter

Cybercrime

Pennsylvania AG confirms data breach after INC Ransom attack

Thousands of servers seized in major cybercrime investigation  

DoorDash confirms data breach impacting users’ phone numbers and physical addresses 

Eurofiber Breach Exposes Critical Infrastructure Data Across Europe – What You Need to Know

Analyzing the latest Sneaky2FA Browser-in-the-Browser phishing page      

United States, Australia, and United Kingdom Sanction Russian Cybercrime Infrastructure Supporting Ransomware  

Teenagers plead not guilty to London transport cyber attack

Malware

npm Malware Campaign Uses Adspect Cloaking to Deliver Malicious Redirects 

GPT Trade: Fake Google Play Store drops BTMob Spyware and UASecurity Miner on Android Devices  

Cooking up trouble: How TamperedChef uses signed apps to deliver stealthy payloads  

Sturnus: Mobile Banking Malware bypassing WhatsApp, Telegram and Signal Encryption 

Hacking

XWiki Under Increased Attack 

Google Issues Security Fix for Actively Exploited Chrome V8 Zero-Day Vulnerability

Fortinet warns of new FortiWeb zero-day exploited in attacks 

Celebrating 15 years of Meta’s Bug Bounty Program  

Diffing 7-Zip for CVE-2025-11001

Hackers Actively Exploiting 7-Zip Symbolic Link–Based RCE Vulnerability (CVE-2025-11001)  

Oracle Identity Manager Exploit Observation from September (CVE-2025-61757)

Hey there! You are using WhatsApp: Enumerating Three Billion Accounts for Security and Privacy  

W3 Total Cache < 2.8.13 – Unauthenticated Command Injection  

HackOnChat Unmasking the WhatsApp Hacking Scam  

ShadowRay 2.0: Attackers Turn AI Against Itself in Global Campaign that Hijacks AI Into Self-Propagating Botnet  

Intelligence and Information Warfare

Contagious Interview Actors Now Utilize JSON Storage Services for Malware Delivery  

New Amazon Threat Intelligence findings: Nation-state actors bridging cyber and kinetic warfare  

The U.S. is losing a cyberwar  

Beyond the Watering Hole: APT24’s Pivot to Multi-Vector Attacks  

Attacks of the Striking Panda: APT31 Today  

Cybersecurity

Cloudflare says outage that hit X, ChatGPT and other sites is resolved  

Europe’s evolving cybersecurity threat landscape — revealed 

Cyberattack leaves Jaguar Land Rover short of £680 million

Defending the cloud: Azure neutralized a record-breaking 15 Tbps DDoS attack  

Elevating Cybersecurity: Ensuring Strategic and Sustainable Impact for CISOs  

Pennsylvania Attorney General Confirms Data Breach After Ransomware Attack  

Cloudflare says outage that hit X, ChatGPT and other sites is resolved
The Cloudflare Outage May Be a Security Roadmap      

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, newsletter)