A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. The FBI warns that Scattered Spider is now targeting the airline sector LapDogs: China-nexus hackers Hijack […

A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box.

Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

The FBI warns that Scattered Spider is now targeting the airline sector

LapDogs: China-nexus hackers Hijack 1,000+ SOHO devices for espionage

Taking over millions of developers exploiting an Open VSX Registry flaw

OneClik APT campaign targets energy sector with stealthy backdoors

APT42 impersonates cyber professionals to phish Israeli academics and journalists

Kai West, aka IntelBroker, indicted for cyberattacks causing $25M in damages

Cisco fixed critical ISE flaws allowing Root-level remote code execution

U.S. CISA adds AMI MegaRAC SPx, D-Link DIR-859 routers, and Fortinet FortiOS flaws to its Known Exploited Vulnerabilities catalog

CitrixBleed 2: The nightmare that echoes the ‘CitrixBleed’ flaw in Citrix NetScaler devices

Hackers deploy fake SonicWall VPN App to steal corporate credentials

Mainline Health Systems data breach impacted over 100,000 individuals

Disrupting the operations of cryptocurrency mining botnets

Prometei botnet activity has surged since March 2025

The U.S. House banned WhatsApp on government devices due to security concerns

Russia-linked APT28 use Signal chats to target Ukraine official with malware

China-linked APT Salt Typhoon targets Canadian Telecom companies

U.S. warns of incoming cyber threats following Iran airstrikes

McLaren Health Care data breach impacted over 743,000 people

The financial impact of Marks & Spencer and Co-op cyberattacks could reach £440M

Iran-Linked Threat Actors Cyber Fattah Leak Visitors and Athletes’ Data from Saudi Games

Qilin ransomware gang now offers a “Call Lawyer” feature to pressure victims

Iran-Linked Threat Actors Cyber Fattah Leak Visitors and Athletes’ Data from Saudi Games

Qilin ransomware gang now offers a “Call Lawyer” feature to pressure victims

International Press – Newsletter

Cybercrime

Lessons from Qilin: What the Industry’s Most Efficient Ransomware Teaches Us 

A look at ‘Tinker,’ Black Basta’s phishing fixer, negotiator 

Four more defendants in REvil hacker case sentenced in St. Petersburg 

Anthropic study: Leading AI models show up to 96% blackmail rate against executives 

Serial Hacker “IntelBroker” Charged For Causing $25 Million In Damages To Victims

Police arrest five high-profile French hackers behind a notorious data theft forum    

Cybercriminals Abuse Open-Source Tools To Target Africa’s Financial Sector 

FBI Warns of Scattered Spider’s Expanding Attacks on Airlines Using Social Engineering

Malware

Ransomware Gangs Collapse as Qilin Seizes Control 

Dissecting a Python Ransomware distributed through GitHub repositories 

Resurgence of the Prometei Botnet  

ConnectUnwise: Threat actors abuse ConnectWise as builder for signed malware 

GIFTEDCROOK’s Strategic Pivot: From Browser Stealer to Data Exfiltration Platform During Critical Ukraine Negotiations

Hacking

FreeType Zero-Day Found by Meta Exploited in Paragon Spyware Attacks 

CoinMarketCap briefly hacked to drain crypto wallets via fake Web3 popup

Echo Chamber: A Context-Poisoning Jailbreak That Bypasses LLM Guardrails

Cryptominers’ Anatomy: Shutting Down Mining Botnets

CitrixBleed 2: Electric Boogaloo — CVE-2025–5777 

4 Powerful Applications of IDALib: Headless IDA in Action 

Marketplace Takeover: How We Could’ve Taken Over Every Developer Using a VSCode Fork; Putting Millions at Risk 

New FileFix Method Emerges as a Threat Following 517% Rise in ClickFix Attacks

Intelligence and Information Warfare

Iran-Linked Threat Actors Leak Visitors and Athletes’ Data from Saudi Games         

Iran – Summary of the Threat to the United States  

PRC cyber actors target telecommunications companies as part of a global cyberespionage campaign 

SadFuture: Mapping XDSpy latest evolution

Another Wave: North Korean Contagious Interview Campaign Drops 35 New Malicious npm Packages

How Cyber Warfare Changes the Face of Geopolitical Conflict

UAC-0001 (APT28) Cyber Attacks on Government Agencies Using BEARDSHELL and COVENANT      

Iranian Educated Manticore Targets Leading Tech Academics 

OneClik: A ClickOnce-Based APT Campaign Targeting Energy, Oil and Gas Infrastructure 

Hive0154 aka Mustang Panda shifts focus on Tibetan community to deploy Pubload backdoor

DeepSeek Deception: Sainbox RAT & Hidden Rootkit Delivery 

Analysis of the latest attack activities of APT-C-06 (DarkHotel) using BYOVD technology

Taiwan Strait hotspot bait! Wangci organization combines 0day and ClickOnce technology to carry out espionage activities  

Unmasking A New China-Linked Covert ORB Network: Inside the LapDogs Campaign  

Cybersecurity

Cyber Monitoring Centre Statement on Ransomware Incidents in the Retail Sector – June 2025 

743,000 Impacted by McLaren Health Care Data Breach 

Scoop: WhatsApp banned on House staffers’ devices

Leaking Secrets in the Age of AI    

OpenAI May Have Screwed Up So Badly That Its Entire Future Is Under Threat 

Bipartisan Bill Aims to Block Chinese AI From Federal Agencies

ESET Threat Report H1 2025 

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, newsletter)

Source: SecurityAffairs
Source Link: https://securityaffairs.com/179423/breaking-news/security-affairs-newsletter-round-530-by-pierluigi-paganini-international-edition.html