A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Law enforcement operations seized BlackSuit ransomware gang’s darknet sites Arizona woman sentenced for aiding North Korea […

A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box.

Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Law enforcement operations seized BlackSuit ransomware gang’s darknet sites

Arizona woman sentenced for aiding North Korea in U.S. IT job fraud scheme

Operation CargoTalon targets Russia’s aerospace with EAGLET malware,

Unpatched flaw in EoL LG LNV5110R cameras lets hackers gain Admin access

Koske, a new AI-Generated Linux malware appears in the threat landscape

Mitel patches critical MiVoice MX-ONE Auth bypass flaw

Coyote malware is first-ever malware abusing Windows UI Automation

SonicWall fixed critical flaw in SMA 100 devices exploited in Overstep malware attacks

DSPM & AI Are Booming: $17.87B and $4.8T Markets by 2033

Stealth backdoor found in WordPress mu-Plugins folder

U.S. CISA adds CrushFTP, Google Chromium, and SysAid flaws to its Known Exploited Vulnerabilities catalog

U.S. CISA urges FCEB agencies to fix two Microsoft SharePoint flaws immediately and added them to its Known Exploited Vulnerabilities catalog

Sophos fixed two critical Sophos Firewall vulnerabilities

French Authorities confirm XSS.is admin arrested in Ukraine

Microsoft linked attacks on SharePoint flaws to China-nexus actors

Cisco confirms active exploitation of ISE and ISE-PIC flaws

SharePoint under fire: new ToolShell attacks target enterprises

CrushFTP zero-day actively exploited at least since July 18

Hardcoded credentials found in HPE Aruba Instant On Wi-Fi devices

MuddyWater deploys new DCHSpy variants amid Iran-Israel conflict

U.S. CISA urges to immediately patch Microsoft SharePoint flaw adding it to its Known Exploited Vulnerabilities catalog

Microsoft issues emergency patches for SharePoint zero-days exploited in “ToolShell” attacks

SharePoint zero-day CVE-2025-53770 actively exploited in the wild

Singapore warns China-linked group UNC3886 targets its critical infrastructure

U.S. CISA adds Fortinet FortiWeb flaw to its Known Exploited Vulnerabilities catalog

Radiology Associates of Richmond data breach impacts 1.4 million people

International Press – Newsletter

Cybercrime

At Least 750 US Hospitals Faced Disruptions During Last Year’s CrowdStrike Outage, Study Finds 

Key figure behind major Russian-speaking cybercrime forum targeted in Ukraine  

UK student jailed for selling phishing kits linked to £100m of fraud 

A Spike in the Desert: How GreyNoise Uncovered a Global Pattern of VOIP-Based Telnet Attacks

Arizona Woman Sentenced in $17M IT Worker Fraud Scheme That Illegally Generated Revenue for North Korea    

BlackSuit ransomware gang’s darknet websites seized by police 

Hackers are trying to steal passwords and sensitive data from users of Signal clone

Aptly Named: How the Leakzone Exposed Access Logs     

Phishers Target Aviation Execs to Scam Customers

Malware

Uncovering a Stealthy WordPress Backdoor in mu-plugins     

NPM package ‘is’ with 2.8M weekly downloads infected devs with malware

Coyote in the Wild: First-Ever Malware That Abuses UI Automation  

AI-Generated Malware in Panda Image Hides Persistent Linux Threat

Toptal’s GitHub Organization Hijacked: 10 Malicious Packages Published

Hacking

SharePoint Under Siege: from SOC triage to new 0-day

CVE-2025-54309: CrushFTP Zero-Day Exploited in the Wild 

Cisco Confirms Active Exploits Targeting ISE Flaws Enabling Unauthenticated Root Access

Fire Ant Exploits VMware Flaws to Compromise ESXi Hosts and vCenter Environments

Intelligence and Information Warfare

What is UNC3886, the group that attacked Singapore’s critical information infrastructure? 

Lookout Discovers Iranian APT MuddyWater Leveraging DCHSpy During Israel-Iran Conflict

The SOC files: Rumble in the jungle or APT41’s new target in Africa

SharePoint ToolShell | Zero-Day Exploited in-the-Wild Targets Enterprise Servers 

Disrupting active exploitation of on-premises SharePoint vulnerabilities

Profile: GRU cyber and hybrid threat operations     

Operation CargoTalon : UNG0901 Targets Russian Aerospace & Defense Sector using EAGLET implant  

Apple alerted Iranians to iPhone spyware attacks, say researchers 

Cybersecurity

Most cybersecurity risk comes from just 10% of employees  

HPE warns of hardcoded passwords in Aruba access points

Should We Trust AI? Three Approaches to AI Fallibility

No Patch for Flaw Exposing Hundreds of LG Cameras to Remote Hacking 

UK’s Ransomware Payment Ban: Bold Strategy or Dangerous Gamble?

Allianz Life says ‘majority’ of customers’ personal data stolen in cyberattack 

Google took a month to shut down Catwatchful, a phone spyware operation hosted on its servers 

Clorox accuses IT provider in lawsuit of giving hackers employee passwords

Follow me on Twitter: @securityaffairs and Facebook and MastodonPierluigi Paganini

(SecurityAffairs – hacking, newsletter)

Source: SecurityAffairs
Source Link: https://securityaffairs.com/180423/breaking-news/security-affairs-newsletter-round-534-by-pierluigi-paganini-international-edition.html