Cybersecurity Affairs Roundup: Critical Updates and Global Threats

TL;DR

This week’s Security Affairs newsletter covers critical cybersecurity updates, including new vulnerabilities, malware threats, and global cybercrime incidents. Key highlights include the exploitation of the Fortinet FortiWeb flaw, the release of a free decryptor for Phobos and 8base ransomware, and significant data breaches impacting millions.

Main Content

Stay Informed with the Weekly Security Affairs Newsletter

Welcome to the latest edition of the weekly Security Affairs newsletter, delivering top security articles straight to your inbox. This week, we cover essential updates and international press on cybersecurity.

Security Bulletin

Fortinet FortiWeb flaw CVE-2025-25257 exploited shortly after PoC release

Authorities release free decryptor for Phobos and 8base ransomware

Anne Arundel Dermatology data breach affects 1.9 million individuals

LameHug: First AI-powered malware linked to Russia’s APT28

5 Essential Features for AI-Powered SOC Platforms in 2025

Broadcom addresses critical VMware vulnerabilities exploited at Pwn2Own Berlin 2025

Stormous ransomware group targets North Country HealthCare, claims 600K patient records stolen

United Natural Foods anticipates $400M revenue impact from June cyber attack

Cisco resolves critical CVE-2025-20337 flaw in Identity Services Engine with CVSS 10 severity

UNC6148 deploys Overstep malware on SonicWall devices, potentially for ransomware

Operation Eastwood disrupts pro-Russian hacker group NoName057(16)

Salt Typhoon breach: Chinese APT infiltrates U.S. Army National Guard network

Former U.S. Army member admits to telecom hack and extortion scheme

CVE-2025-6554: Fifth actively exploited Chrome Zero-Day patched by Google in 2025

DDoS attacks reach new peaks: Cloudflare mitigates massive 7.3 Tbps assault

U.S. CISA includes Wing FTP Server flaw in Known Exploited Vulnerabilities catalog

Android malware Konfety advances with ZIP manipulation and dynamic loading

Belk hit by May cyberattack: DragonForce exfiltrates 150GB of data

North Korea-linked actors distribute XORIndex malware through 67 malicious npm packages

FBI seizes multiple piracy sites distributing pirated video games

Attacker with $500 radio setup could potentially trigger train brake failures or derailments remotely

Interlock ransomware group deploys new PHP-based RAT via FileFix

Global Louis Vuitton data breach affects UK, South Korea, and Turkey

Experts discover critical vulnerabilities in Kigen eSIM technology impacting billions

Spain grants €12.3 million in contracts to Huawei

Urgent: Patch CVE-2025-25257 PoC enabling remote code execution on Fortinet FortiWeb

Wing FTP Server flaw actively exploited following public disclosure

International Press – Newsletter

Cybercrime

[Cybercrime](#cybercrime)

Hacker returns stolen cryptocurrency to GMX exchange following $5 million bounty payment

Louis Vuitton Data Breach Impacts Customers in Multiple Countries

Romania arrests 13 individuals in phishing scam targeting British tax office

CBI dismantles £390K U.K. tech support scam, arrests key operatives in Noida call center

BaitTrap: The rise of baiting news sites behind online investment fraud

FBI Atlanta seizes major video game piracy websites

GLOBAL GROUP: Emerging Ransomware-as-a-Service with AI-Driven Negotiation and Mobile Control Panel

Former U.S. soldier pleads guilty to hacking and extortion scheme targeting telecommunications companies

Global operation targets NoName057(16) pro-Russian cybercrime network

Ransomware group claims theft of 600,000 North Country HealthCare patient records

Hackers target users of Signal clone to steal passwords and sensitive data

Google sues 25 alleged BadBox 2.0 botnet operators based in China

Malware

[Malware](#malware)

KongTuke FileFix leads to new Interlock RAT variant

Code highlighting with Cursor AI results in $500,000 crypto heist

The Linuxsys Cryptominer

From a Teams Call to a Ransomware Threat: Matanbuchus 3.0 MaaS Levels Up

Unmasking AsyncRAT: Navigating the labyrinth of forks

New Phobos and 8base ransomware decryptor allows victims to recover files for free

Hacking

[Hacking](#hacking)

eSIM Security Concerns

Wing FTP Server Remote Code Execution (CVE-2025-47812) actively exploited

Pre-Auth SQL Injection to RCE – Fortinet FortiWeb Fabric Connector (CVE-2025-25257)

FileFix (Part 2)

End-of-Train and Head-of-Train Remote Linking Protocol vulnerabilities

CVE-2025-47943: Stored XSS in Gogs via PDF

Ongoing SonicWall Secure Mobile Access (SMA) exploitation using OVERSTEP backdoor

VMware addresses four ESXi zero-day vulnerabilities exploited at Pwn2Own Berlin

Chinese authorities employ new tool to hack seized phones and extract data

Zero-Day Threat Mitigation via Deep Learning in Cloud Environments

July 16 Advisory: Pre-Auth SQL Injection Leads to RCE in Fortinet FortiWeb [CVE-2025-25257]

Flaw in Signal App Clone Could Leak Passwords — GreyNoise Identifies Active Reconnaissance and Exploit Attempts

CitrixBleed 2 Situation Update — Widespread Compromise Detected

Intelligence and Information Warfare

[Intelligence and Information Warfare](#intelligence-and-information-warfare)

Terrorist groups leverage AI for recruitment and financing operations

Spanish government allocates €12.3 million to Huawei for protecting police wiretaps

Attackers target Southeast Asian governments with novel covert C2 communication

China’s Salt Typhoon hacks U.S. National Guard

MaaS operation using Emmenhtal and Amadey linked to threats against Ukrainian entities

UAC-0001 cyberattacks target defense sector using LAMEHUG software with LLM

Trump administration allocates $1 billion for ‘offensive’ hacking operations

Addressing state-linked cyber threats to critical maritime port infrastructure

UK identifies novel Microsoft snooping malware, attributes it to GRU cyberspies

Cybersecurity

[Cybersecurity](#cybersecurity)

CVE-2025-47812: Wing FTP Server Remote Code Execution Vulnerability Exploited

Engaging the Vulnerability Research Community through the Vulnerability Research Initiative

Hyper-volumetric DDoS attacks on the rise: Cloudflare’s 2025 Q2 DDoS Threat Report

Tracking Ransomware: June 2025

Cisco warns of critical ISE flaw allowing unauthenticated attackers to execute root code

United Natural Foods anticipates up to $400M sales impact from June cyberattack

DOGE Denizen Marko Elez leaks API key for xAI

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, newsletter)

For more details, visit the full article: source

Conclusion

This week’s Security Affairs newsletter highlights the evolving landscape of cybersecurity threats and measures. From the exploitation of critical vulnerabilities to the rise of AI-powered malware, staying informed is crucial for defending against these emerging challenges. Organizations and individuals must remain vigilant and proactive in their cybersecurity strategies to mitigate risks effectively.

Additional Resources

For further insights, check:

• Cybersecurity & Infrastructure Security Agency (CISA)
• National Cyber Security Centre (NCSC)
• European Union Agency for Cybersecurity (ENISA)

References