Round 531 of Security Affairs Newsletter: Critical Cybersecurity Updates and Global Threats

TL;DR

This week’s Security Affairs newsletter features crucial updates on cybersecurity threats, data breaches, and global cyber incidents. Key highlights include North Korea-linked malware attacks, significant data breaches in Brazil and the US, and critical vulnerabilities in popular software. The newsletter also covers international cybercrime reports and advancements in cyber warfare.

Main Content

Weekly Security Affairs Newsletter: Stay Informed with the Latest Cybersecurity News

Get Your Weekly Dose of Cybersecurity News with Security Affairs

Welcome to the latest edition of the weekly Security Affairs newsletter, bringing you the top cybersecurity articles and updates from around the world.

North Korea-linked threat actors spread macOS NimDoor malware via fake Zoom updates

Critical Sudo bugs expose major Linux distros to local Root exploits

Google fined $314M for misusing idle Android users’ data

A flaw in Catwatchful spyware exposed logins of +62,000 users

China-linked group Houken hit French organizations using zero-days

Cybercriminals Target Brazil: 248,725 Exposed in CIEE One Data Breach

Europol shuts down Archetyp Market, longest-running dark web drug marketplace

Kelly Benefits data breach has impacted 550,000 people, and the situation continues to worsen as the investigation progresses

Cisco removed the backdoor account from its Unified Communications Manager

U.S. Sanctions Russia’s Aeza Group for aiding crooks with bulletproof hosting

Qantas confirms customer data breach amid Scattered Spider attacks

CVE-2025-6554 is the fourth Chrome zero-day patched by Google in 2025

U.S. CISA adds TeleMessage TM SGNL flaws to its Known Exploited Vulnerabilities catalog

A sophisticated cyberattack hit the International Criminal Court

Esse Health data breach impacted 263,000 individuals

GDPR violations prompt Germany to push Google and Apple to ban DeepSeek AI

Europol dismantles €460M crypto scam targeting 5,000 victims worldwide

CISA and U.S. Agencies warn of ongoing Iranian cyber threats to critical infrastructure

U.S. CISA adds Citrix NetScaler flaw to its Known Exploited Vulnerabilities catalog

Canada bans Hikvision over national security concerns

Denmark moves to protect personal identity from deepfakes with new copyright law

Facebook wants access to your camera roll for AI photo edits

International Press – Newsletter

Cybercrime

• Crypto investment fraud ring dismantled in Spain after defrauding 5,000 victims worldwide
• New INTERPOL report warns of sharp rise in cybercrime in Africa
• QANTAS CYBER INCIDENT
• Treasury Sanctions Global Bulletproof Hosting Service Enabling Cybercriminals and Technology Theft
• PDFs: Portable documents, or perfect deliveries for phish?
• Hunters International Ransomware Shuts Down, Offers Free Decryptors to Victims

Malware

• 10 Things I Hate About Attribution: RomCom vs. TransferLoader
• FoxyWallet: 40+ Malicious Firefox Extensions Exposed
• Addressing malware family concept drift with triplet autoencoder
• RawMal-TF: Raw Malware Dataset Labeled by Type and Family

Hacking

• ICC detects and contains new sophisticated cyber security incident
• CVE-2025-6543: Zero Day Exploitation of NetScaler ADC and NetScaler Gateway
• Chrome Zero-Day CVE-2025-6554 Under Active Attack — Google Issues Security Update
• FileFix (Part 2) attack
• Cisco warns that Unified CM has hardcoded root SSH credentials
• Taking over 60k spyware user accounts with SQL injection
• China breaks RSA encryption with a quantum computer, threatening global data security
• Exposed JDWP Exploited in the Wild: What Happens When Debug Ports Are Left Open

Intelligence and Information Warfare

• Iranian Cyber Actors May Target Vulnerable US Networks and Entities of Interest

• [macOS NimDoor

  DPRK Threat Actors Target Web3 and Crypto Platforms with Nim-Based Malware](https://www.sentinelone.com/labs/macos-nimdoor-dprk-threat-actors-target-web3-and-crypto-platforms-with-nim-based-malware/)

• Analysis of the threat case of kimsuky group using ‘ClickFix’ tactic
• Warning Against Distribution of Malware Disguised as Research Papers (Kimsuky Group)
• Dissecting Kimsuky’s Attacks on South Korea: In-Depth Analysis of GitHub-Based Malicious Infrastructure
• Houken seeking a path by living on the edge with zero-days
• Israel strikes Iran’s nuclear sites and kills top generals. Iran retaliates with missile barrages
• How Geopolitical Tensions Are Shaping Cyber Warfare

Cybersecurity

• Facebook is asking to use Meta AI on photos in your camera roll you haven’t yet shared
• Ahold Delhaize Data Breach Impacts 2.2 Million People
• Denmark to tackle deepfakes by giving people copyright to their own features
• Berlin data protection commissioner reports AI app DeepSeek in Germany to Apple and Google as illegal content
• 263,000 Impacted by Esse Health Data Breach
• China breaks RSA encryption with a quantum computer, threatening global data security
• Google Ordered to Pay $314M for Misusing Android Users’ Cellular Data Without Permission
• Vulnerability Advisory: Sudo Host Option Elevation of Privilege
• Top AI models will lie, cheat and steal to reach goals, Anthropic finds
• Only One in 10 Organizations Globally Are Ready to Protect Against AI-Augmented Cyber Threats
• More than 25% of UK businesses hit by cyber-attack in last year, report finds

Follow Us

Follow me on:

• Twitter
• Facebook
• Mastodon

About the Author

• Pierluigi Paganini
• Security Affairs

For more details, visit the full article: source

Conclusion

The latest Security Affairs newsletter highlights the increasing complexity and sophistication of cyber threats globally. From malware attacks to data breaches and geopolitical cyber warfare, staying informed is crucial for both individuals and organizations to protect against these evolving threats. As cybersecurity challenges continue to rise, it is essential to remain vigilant and proactive in defending against potential cyber incidents.

Additional Resources

For further insights, check:

• Cybersecurity & Infrastructure Security Agency (CISA)
• Europol
• INTERPOL

References

[^20]: “macOS NimDoor

DPRK Threat Actors Target Web3 and Crypto Platforms with Nim-Based Malware” (2025). “[macOS NimDoor

DPRK Threat Actors Target Web3 and Crypto Platforms with Nim-Based Malware](https://www.sentinelone.com/labs/macos-nimdoor-dprk-threat-actors-target-web3-and-crypto-platforms-with-nim-based-malware/)”. SentinelOne. Retrieved 2025-07-06.