Post

Security Affairs Newsletter Round 530: International Edition by Pierluigi Paganini

Posted
By Vitus White
5 min read
Security Affairs Newsletter Round 530: International Edition by Pierluigi Paganini

TL;DR

  • The Security Affairs newsletter offers a weekly roundup of top cybersecurity articles.
  • This edition covers critical topics including cybercrime, hacking, and malware.
  • Highlights include FBI warnings, major data breaches, and new hacking techniques.

Security Affairs Newsletter Round 530: International Edition

Welcome to the latest edition of the Security Affairs newsletter, your weekly dose of the best cybersecurity articles delivered straight to your inbox. This round includes critical updates from the international press, covering a range of topics from cybercrime to advanced hacking techniques.

Cybercrime

FBI Warnings and Major Breaches

  • FBI Alert on Scattered Spider: The FBI has issued a warning about the cybercriminal group Scattered Spider targeting the airline sector1.
  • LapDogs Espionage Campaign: China-nexus hackers have hijacked over 1,000 SOHO devices for espionage purposes2.
  • Cyberattacks by IntelBroker: Kai West, also known as IntelBroker, has been indicted for cyberattacks causing $25 million in damages3.
  • Cisco Fixes Critical Flaws: Cisco has addressed critical vulnerabilities in its ISE (Identity Services Engine) that could allow root-level remote code execution4.

International Cybercrime News

  • Qilin Ransomware Innovations: The Qilin ransomware gang has introduced a “Call Lawyer” feature to pressure victims5.
  • Prometei Botnet Resurgence: The Prometei botnet has seen a surge in activity since March 20256.
  • WhatsApp Ban: The U.S. House has banned WhatsApp on government devices due to security concerns7.
  • APT28 Targets Ukraine: Russia-linked APT28 is using Signal chats to target Ukrainian officials with malware8.

Malware

New Threats and Analysis

  • Ransomware Evolution: Ransomware gangs are collapsing as Qilin seizes control, showcasing the evolving threat landscape9.
  • Python Ransomware: A detailed dissection of a Python ransomware distributed through GitHub repositories10.
  • ConnectUnwise Abuse: Threat actors are abusing ConnectWise as a builder for signed malware11.
  • GIFTEDCROOK’s Pivot: A strategic shift from browser stealer to data exfiltration platform12.

Hacking

Emerging Tactics and Exploits

  • FreeType Zero-Day: Meta has discovered a FreeType zero-day vulnerability exploited in Paragon spyware attacks13.
  • CoinMarketCap Hack: CoinMarketCap was briefly compromised to drain crypto wallets via a fake Web3 popup14.
  • CitrixBleed 2: A critical vulnerability in Citrix NetScaler devices, dubbed CitrixBleed 2, has been identified15.
  • Marketplace Takeover: Researchers demonstrate how a VSCode fork could be exploited to take over millions of developers16.

Intelligence and Information Warfare

Geopolitical Cyber Threats

  • Iran-Linked Data Leaks: Iranian threat actors have leaked data from visitors and athletes at the Saudi Games17.
  • Chinese Cyber Espionage: PRC cyber actors are targeting telecommunications companies in a global cyberespionage campaign18.
  • North Korean Malicious Packages: North Korea’s Contagious Interview campaign has dropped 35 new malicious npm packages19.
  • Cyber Warfare Impact: Analyzing how cyber warfare is changing the face of geopolitical conflict20.

Cybersecurity

Data Breaches and Security Measures

  • McLaren Health Care Breach: A data breach at McLaren Health Care has impacted over 743,000 individuals21.
  • Retail Sector Ransomware: The Cyber Monitoring Centre has issued a statement on ransomware incidents in the retail sector22.
  • AI Secrets Leak: Addressing the challenges of leaking secrets in the age of AI23.
  • Bipartisan Bill on Chinese AI: A new bipartisan bill aims to block Chinese AI from federal agencies24.

Conclusion

The cybersecurity landscape continues to evolve rapidly, with new threats and innovations emerging constantly. Staying informed through resources like the Security Affairs newsletter is crucial for individuals and organizations to protect themselves against these ever-changing challenges.

Additional Resources

For further insights, check out these authoritative sources:

References

  1. (June 2025). “The FBI warns that Scattered Spider is now targeting the airline sector”. Security Affairs. Retrieved 2025-06-29. ↩︎

  2. (June 2025). “LapDogs: China-nexus hackers Hijack 1,000+ SOHO devices for espionage”. Security Affairs. Retrieved 2025-06-29. ↩︎

  3. (June 2025). “Kai West, aka IntelBroker, indicted for cyberattacks causing $25M in damages”. Security Affairs. Retrieved 2025-06-29. ↩︎

  4. (June 2025). “Cisco fixed critical ISE flaws allowing Root-level remote code execution”. Security Affairs. Retrieved 2025-06-29. ↩︎

  5. (June 2025). “Qilin ransomware gang now offers a “Call Lawyer” feature to pressure victims”. Security Affairs. Retrieved 2025-06-29. ↩︎

  6. (June 2025). “Prometei botnet activity has surged since March 2025”. Security Affairs. Retrieved 2025-06-29. ↩︎

  7. (June 2025). “The U.S. House banned WhatsApp on government devices due to security concerns”. Security Affairs. Retrieved 2025-06-29. ↩︎

  8. (June 2025). “Russia-linked APT28 use Signal chats to target Ukraine official with malware”. Security Affairs. Retrieved 2025-06-29. ↩︎

  9. (June 2025). “Ransomware Gangs Collapse as Qilin Seizes Control”. Cybereason. Retrieved 2025-06-29. ↩︎

  10. (June 2025). “Dissecting a Python Ransomware distributed through GitHub repositories”. Tinexta Cyber. Retrieved 2025-06-29. ↩︎

  11. (June 2025). “ConnectUnwise: Threat actors abuse ConnectWise as builder for signed malware”. G Data Software. Retrieved 2025-06-29. ↩︎

  12. (June 2025). “GIFTEDCROOK’s Strategic Pivot: From Browser Stealer to Data Exfiltration Platform”. Arctic Wolf. Retrieved 2025-06-29. ↩︎

  13. (June 2025). “FreeType Zero-Day Found by Meta Exploited in Paragon Spyware Attacks”. SecurityWeek. Retrieved 2025-06-29. ↩︎

  14. (June 2025). “CoinMarketCap briefly hacked to drain crypto wallets via fake Web3 popup”. BleepingComputer. Retrieved 2025-06-29. ↩︎

  15. (June 2025). “CitrixBleed 2: Electric Boogaloo — CVE-2025–5777”. DoublePulsar. Retrieved 2025-06-29. ↩︎

  16. (June 2025). “Marketplace Takeover: How We Could’ve Taken Over Every Developer Using a VSCode Fork”. Koi Security. Retrieved 2025-06-29. ↩︎

  17. (June 2025). “Iran-Linked Threat Actors Leak Visitors and Athletes’ Data from Saudi Games”. Resecurity. Retrieved 2025-06-29. ↩︎

  18. (June 2025). “PRC cyber actors target telecommunications companies as part of a global cyberespionage campaign”. Cyber.gc.ca. Retrieved 2025-06-29. ↩︎

  19. (June 2025). “Another Wave: North Korean Contagious Interview Campaign Drops 35 New Malicious npm Packages”. Socket. Retrieved 2025-06-29. ↩︎

  20. (June 2025). “How Cyber Warfare Changes the Face of Geopolitical Conflict”. Dark Reading. Retrieved 2025-06-29. ↩︎

  21. (June 2025). “743,000 Impacted by McLaren Health Care Data Breach”. SecurityWeek. Retrieved 2025-06-29. ↩︎

  22. (June 2025). “Cyber Monitoring Centre Statement on Ransomware Incidents in the Retail Sector – June 2025”. Cyber Monitoring Centre. Retrieved 2025-06-29. ↩︎

  23. (June 2025). “Leaking Secrets in the Age of AI”. Wiz.io. Retrieved 2025-06-29. ↩︎

  24. (June 2025). “Bipartisan Bill Aims to Block Chinese AI From Federal Agencies”. SecurityWeek. Retrieved 2025-06-29. ↩︎

Cybersecurity & Data Protection, Cybersecurity
cybersecurity threat-intelligence data breach
This post is licensed under CC BY 4.0 by the author.