Critical Cybersecurity Updates: Security Affairs Newsletter Round 534 International Edition

TL;DR

This week’s Security Affairs newsletter highlights significant cybersecurity incidents, including law enforcement actions against cybercrime groups, new malware threats, and critical vulnerability patches. Key topics include the takedown of the BlackSuit ransomware gang, AI-generated Linux malware, and urgent security patches for SharePoint vulnerabilities.

Main Content

Weekly Security Affairs Newsletter: Stay Informed with the Latest Cybersecurity News

Welcome to the latest edition of the Security Affairs newsletter, bringing you the best security articles from around the world, delivered straight to your inbox every week.

Top Security Articles of the Week

Law enforcement operations seized BlackSuit ransomware gang’s darknet sites

Arizona woman sentenced for aiding North Korea in U.S. IT job fraud scheme

Operation CargoTalon targets Russia’s aerospace with EAGLET malware

Unpatched flaw in EoL LG LNV5110R cameras lets hackers gain Admin access

Koske, a new AI-Generated Linux malware appears in the threat landscape

Mitel patches critical MiVoice MX-ONE Auth bypass flaw

Coyote malware is first-ever malware abusing Windows UI Automation

SonicWall fixed critical flaw in SMA 100 devices exploited in Overstep malware attacks

DSPM & AI Are Booming: $17.87B and $4.8T Markets by 2033

Stealth backdoor found in WordPress mu-Plugins folder

U.S. CISA adds CrushFTP, Google Chromium, and SysAid flaws to its Known Exploited Vulnerabilities catalog

U.S. CISA urges FCEB agencies to fix two Microsoft SharePoint flaws immediately and added them to its Known Exploited Vulnerabilities catalog

Sophos fixed two critical Sophos Firewall vulnerabilities

French Authorities confirm XSS.is admin arrested in Ukraine

Microsoft linked attacks on SharePoint flaws to China-nexus actors

Cisco confirms active exploitation of ISE and ISE-PIC flaws

SharePoint under fire: new ToolShell attacks target enterprises

CrushFTP zero-day actively exploited at least since July 18

Hardcoded credentials found in HPE Aruba Instant On Wi-Fi devices

MuddyWater deploys new DCHSpy variants amid Iran-Israel conflict

U.S. CISA urges to immediately patch Microsoft SharePoint flaw adding it to its Known Exploited Vulnerabilities catalog

Microsoft issues emergency patches for SharePoint zero-days exploited in “ToolShell” attacks

SharePoint zero-day CVE-2025-53770 actively exploited in the wild

Singapore warns China-linked group UNC3886 targets its critical infrastructure

U.S. CISA adds Fortinet FortiWeb flaw to its Known Exploited Vulnerabilities catalog

Radiology Associates of Richmond data breach impacts 1.4 million people

International Press – Newsletter

Cybercrime

• At Least 750 US Hospitals Faced Disruptions During Last Year’s CrowdStrike Outage, Study Finds
• Key figure behind major Russian-speaking cybercrime forum targeted in Ukraine
• UK student jailed for selling phishing kits linked to £100m of fraud
• A Spike in the Desert: How GreyNoise Uncovered a Global Pattern of VOIP-Based Telnet Attacks
• Arizona Woman Sentenced in $17M IT Worker Fraud Scheme That Illegally Generated Revenue for North Korea
• BlackSuit ransomware gang’s darknet websites seized by police
• Hackers are trying to steal passwords and sensitive data from users of Signal clone
• Aptly Named: How the Leakzone Exposed Access Logs
• Phishers Target Aviation Execs to Scam Customers

Malware

• Uncovering a Stealthy WordPress Backdoor in mu-plugins
• NPM package ‘is’ with 2.8M weekly downloads infected devs with malware
• Coyote in the Wild: First-Ever Malware That Abuses UI Automation
• AI-Generated Malware in Panda Image Hides Persistent Linux Threat
• Toptal’s GitHub Organization Hijacked: 10 Malicious Packages Published

Hacking

• SharePoint Under Siege: from SOC triage to new 0-day
• CVE-2025-54309: CrushFTP Zero-Day Exploited in the Wild
• Cisco Confirms Active Exploits Targeting ISE Flaws Enabling Unauthenticated Root Access
• Fire Ant Exploits VMware Flaws to Compromise ESXi Hosts and vCenter Environments

Intelligence and Information Warfare

• What is UNC3886, the group that attacked Singapore’s critical information infrastructure?
• Lookout Discovers Iranian APT MuddyWater Leveraging DCHSpy During Israel-Iran Conflict
• The SOC files: Rumble in the jungle or APT41’s new target in Africa

• [SharePoint ToolShell

  Zero-Day Exploited in-the-Wild Targets Enterprise Servers](https://www.sentinelone.com/blog/sharepoint-toolshell-zero-day-exploited-in-the-wild-targets-enterprise-servers/)

• Disrupting active exploitation of on-premises SharePoint vulnerabilities
• Profile: GRU cyber and hybrid threat operations
• Operation CargoTalon : UNG0901 Targets Russian Aerospace & Defense Sector using EAGLET implant
• Apple alerted Iranians to iPhone spyware attacks, say researchers

Cybersecurity

• Most cybersecurity risk comes from just 10% of employees
• HPE warns of hardcoded passwords in Aruba access points
• Should We Trust AI? Three Approaches to AI Fallibility
• No Patch for Flaw Exposing Hundreds of LG Cameras to Remote Hacking
• UK’s Ransomware Payment Ban: Bold Strategy or Dangerous Gamble?
• Allianz Life says ‘majority’ of customers’ personal data stolen in cyberattack
• Google took a month to shut down Catwatchful, a phone spyware operation hosted on its servers
• Clorox accuses IT provider in lawsuit of giving hackers employee passwords

Follow Security Affairs

• Twitter
• Facebook
• Mastodon
• LinkedIn

For more details, visit the full article: Security Affairs Newsletter Round 534

Conclusion

This week’s newsletter highlights the ongoing battle against cybercrime, with law enforcement making significant strides in dismantling cybercriminal operations. The emergence of new malware threats, particularly those leveraging AI and automation, underscores the need for vigilant cybersecurity measures. Critical vulnerabilities in widely-used software, such as SharePoint and LG cameras, emphasize the importance of timely patching and proactive security management. Stay informed and stay secure.

Additional Resources

For further insights, check:

• Cybersecurity & Infrastructure Security Agency (CISA)
• European Union Agency for Cybersecurity (ENISA)
• National Cyber Security Centre (NCSC)

References

[^21]: SentinelOne (2025). “[SharePoint ToolShell

Zero-Day Exploited in-the-Wild Targets Enterprise Servers](https://www.sentinelone.com/blog/sharepoint-toolshell-zero-day-exploited-in-the-wild-targets-enterprise-servers/)”. SentinelOne. Retrieved 2025-07-27.