Security Affairs Newsletter Round 535: International Edition by Pierluigi Paganini
TL;DR
This edition of the Security Affairs newsletter covers critical updates on cybersecurity, including new malware threats, data breaches, and international cyber incidents. Key highlights include a new Linux backdoor, China’s concerns over Nvidia chips, and significant data breaches affecting major organizations.
Introduction
Welcome to the latest edition of the Security Affairs newsletter! Each week, we bring you the most critical and insightful security articles straight to your inbox. This roundup includes essential updates from the international press, ensuring you stay informed on the latest cybersecurity developments.
Cybersecurity Highlights
New Malware and Vulnerabilities
- New Linux Backdoor: A newly discovered Linux backdoor, dubbed “Plague,” bypasses authentication via a malicious PAM module1.
- Nvidia Chip Controversy: China presses Nvidia over alleged backdoors in H20 chips amid rising tech tensions2.
- Malicious AI-Generated npm Package: Solana users are targeted by a malicious AI-generated npm package3.
International Cyber Incidents
- Meta’s Bounty Offer: Meta offers a $1M bounty at Pwn2Own Ireland 2025 for WhatsApp exploits4.
- Chinese APT Analysis: Check Point analyzes the Chinese APT group Storm-2603, which has been targeting various sectors5.
- CISA’s Thorium Platform: CISA releases the Thorium platform to support malware and forensic analysis6.
Data Breaches and Cyber Attacks
- Russian APT Targets Embassies: A Russia-linked APT group, Secret Blizzard, targets foreign embassies in Moscow with ApolloShadow malware7.
- WordPress Theme Exploit: Attackers actively exploit a critical zero-day vulnerability in the Alone WordPress Theme8.
- Dahua Camera Flaws: Dahua camera vulnerabilities allow remote hacking, prompting urgent firmware updates9.
International Press Coverage
Cybercrime
- Seychelles Banking Attack: Cybercriminals target Seychelles’ offshore banking sector10.
- Allianz Life Data Breach: Allianz Life reports a significant data breach affecting the majority of its customers11.
- Cryptocurrency Seizure: The FBI seizes 20 BTC from a Chaos Ransomware affiliate targeting Texas firms12.
Malware
- Endgame Gear Malware: Endgame Gear’s mouse configuration tool is found to infect users with malware13.
- Auto-Color Backdoor: Darktrace thwarts a stealthy Linux intrusion using the Auto-Color backdoor14.
- FunkSec Ransomware: Researchers release a decryptor for the FunkSec ransomware15.
Hacking
- VMware vSphere Defense: Google Cloud provides insights on defending VMware vSphere from UNC3944 attacks16.
- Post SMTP Plugin Vulnerability: A critical vulnerability in the Post SMTP plugin is patched, affecting over 400K installations17.
- macOS TCC Vulnerability: Microsoft analyzes a Spotlight-based macOS TCC vulnerability18.
Intelligence and Information Warfare
- Fire Ant Espionage: A deep dive into the hypervisor-level espionage activities of the Fire Ant group19.
- Aeroflot Cyberattack: Pro-Ukraine hacktivists claim responsibility for a cyberattack on Russian airline Aeroflot, causing significant flight cancellations20.
- Nvidia Chip Controversy: Beijing summons Nvidia over alleged backdoors in China-bound AI chips21.
Cybersecurity
- Tea App Data Leak: Hackers leak images and comments from the women’s dating safety app Tea22.
- Orange Telecom Cyberattack: France’s largest telecoms company, Orange, suffers a major cyberattack23.
- AI and Quantum Impact: Exploring the growing impact of AI and quantum technologies on cybersecurity24.
Conclusion
This week’s Security Affairs newsletter highlights the ongoing challenges and advancements in the cybersecurity landscape. From new malware threats to significant data breaches, staying informed is crucial for protecting against emerging cyber threats. Follow us on Twitter, Facebook, and Mastodon for more updates.
References
-
(2025). “New Linux backdoor Plague bypasses auth via malicious PAM module”. Security Affairs. Retrieved 2025-08-03. ↩︎
-
(2025). “China Presses Nvidia Over Alleged Backdoors in H20 Chips Amid Tech Tensions”. Security Affairs. Retrieved 2025-08-03. ↩︎
-
(2025). “Malicious AI-generated npm package hits Solana users”. Security Affairs. Retrieved 2025-08-03. ↩︎
-
(2025). “Meta Offers $1M bounty at Pwn2Own Ireland 2025 for WhatsApp exploits”. Security Affairs. Retrieved 2025-08-03. ↩︎
-
(2025). “ToolShell under siege: Check Point analyzes Chinese APT Storm-2603”. Security Affairs. Retrieved 2025-08-03. ↩︎
-
(2025). “CISA released Thorium platform to support malware and forensic analysis”. Security Affairs. Retrieved 2025-08-03. ↩︎
-
(2025). “Russia-linked APT Secret Blizzard targets foreign embassies in Moscow with ApolloShadow malware”. Security Affairs. Retrieved 2025-08-03. ↩︎
-
(2025). “Attackers actively exploit critical zero-day in Alone WordPress Theme”. Security Affairs. Retrieved 2025-08-03. ↩︎
-
(2025). “Dahua Camera flaws allow remote hacking. Update firmware now”. Security Affairs. Retrieved 2025-08-03. ↩︎
-
(2025). “Cybercriminals Attack Seychelles – Offshore Banking as a Target”. Resecurity. Retrieved 2025-08-03. ↩︎
-
(2025). “Allianz Life says ‘majority’ of customers’ personal data stolen in cyberattack”. TechCrunch. Retrieved 2025-08-03. ↩︎
-
(2025). “United States files a civil complaint in the Northern District of Texas seeking the forfeiture of over $1.7 million worth of cryptocurrency seized by Dallas FBI”. U.S. Department of Justice. Retrieved 2025-08-03. ↩︎
-
(2025). “Endgame Gear mouse config tool infected users with malware”. BleepingComputer. Retrieved 2025-08-03. ↩︎
-
(2025). “Auto-Color Backdoor: How Darktrace Thwarted a Stealthy Linux Intrusion”. Darktrace. Retrieved 2025-08-03. ↩︎
-
(2025). “Researchers released a decryptor for the FunkSec ransomware”. Security Affairs. Retrieved 2025-08-03. ↩︎
-
(2025). “From Help Desk to Hypervisor: Defending Your VMware vSphere Estate from UNC3944”. Google Cloud. Retrieved 2025-08-03. ↩︎
-
(2025). “Account Takeover Vulnerability Affecting Over 400K Installations Patched in Post SMTP Plugin”. Patchstack. Retrieved 2025-08-03. ↩︎
-
(2025). “Sploitlight: Analyzing a Spotlight-based macOS TCC vulnerability”. Microsoft Security Blog. Retrieved 2025-08-03. ↩︎
-
(2025). “Fire Ant: A Deep-Dive into Hypervisor-Level Espionage”. Sygnia. Retrieved 2025-08-03. ↩︎
-
(2025). “Cyberattack on Russian airline Aeroflot causes the cancellation of more than 100 flights”. Associated Press. Retrieved 2025-08-03. ↩︎
-
(2025). “Beijing summons Nvidia over alleged backdoors in China-bound AI chips”. The Register. Retrieved 2025-08-03. ↩︎
-
(2025). “Hackers leak images and comments from women dating safety app Tea”. Security Affairs. Retrieved 2025-08-03. ↩︎
-
(2025). “Orange, France’s largest telecoms company, hit by cyberattack”. The Record. Retrieved 2025-08-03. ↩︎
-
(2025). “The Growing Impact Of AI And Quantum On Cybersecurity”. Forbes. Retrieved 2025-08-03. ↩︎