A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Russian Rosselkhoznadzor hit by DDoS attack, food shipments across Russia delayed CVE-2025-59287: Microsoft fixes critical WSUS […

A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box.

Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Russian Rosselkhoznadzor hit by DDoS attack, food shipments across Russia delayed

CVE-2025-59287: Microsoft fixes critical WSUS flaw under active attack

U.S. CISA adds Microsoft WSUS, and Adobe Commerce and Magento Open Source flaws to its Known Exploited Vulnerabilities catalog

Summoning Team won Master of Pwn as Pwn2Own Ireland Rewards $1,024,750

China-linked hackers exploit patched ToolShell flaw to breach Middle East telecom

Pwn2Own Day 2: Organizers paid $792K for 56 0-days

Lazarus targets European defense firms in UAV-themed Operation DreamJob

U.S. CISA adds Motex LANSCOPE flaw to its Known Exploited Vulnerabilities catalog

Over 250 attacks hit Adobe Commerce and Magento via critical CVE-2025-54236 flaw

Cyberattack on Jaguar Land Rover inflicts $2.5B loss on UK economy

PhantomCaptcha targets Ukraine relief groups with WebSocket RAT in October 2025

TP-Link urges immediate updates for Omada Gateways after critical flaws discovery

TARmageddon flaw in Async-Tar Rust library allows to smuggle extra archives when the library is processing nested TAR files

Russia-linked COLDRIVER speeds up malware evolution after LOSTKEYS exposure

Japanese retailer Muji halted online sales after a ransomware attack on logistics partner

U.S. CISA adds Oracle, Windows, Kentico, and Apple flaws to its Known Exploited Vulnerabilities catalog

China-Linked Salt Typhoon breaches European Telecom via Citrix exploit

Russian Lynk group leaks sensitive UK MoD files, including info on eight military bases

CAPI Backdoor targets Russia’s auto and e-commerce sectors

F5 breach exposes 262,000 BIG-IP systems worldwide

China finds “irrefutable evidence” of US NSA cyberattacks on time Authority

International Press – Newsletter

Cybercrime

Myanmar military shuts down a major cybercrime center and detains over 2,000 people  

Email Bombs Exploit Lax Authentication in Zendesk  

Cybercriminals Abuse AI Website Creation App For Phishing 

Jingle Thief: Inside a Cloud-Based Gift Card Fraud Campaign

Cyber incidents in Texas, Tennessee and Indiana impacting critical government services 

The Smishing Deluge: China-Based Campaign Flooding Global Text Messages 

Malware

TikTok videos continue to push infostealers in ClickFix attacks

To Be (A Robot) or Not to Be: New Malware Attributed to Russia State-Sponsored COLDRIVER 

Malicious NuGet Packages Typosquat Nethereum to Exfiltrate Wallet Keys  

GlassWorm: First Self-Propagating Worm Using Invisible Code Hits OpenVSX Marketplace 

Dissecting YouTube’s Malware Distribution Network October 23, 2025 

Hacking

Vulnerability in Dolby Decoder Can Allow Zero-Click Attacks 

TARmageddon (CVE-2025-62518): RCE Vulnerability Highlights the Challenges of Open Source Abandonware  

SessionReaper attacks have started, 3 in 5 stores still vulnerable Sansec by Sansec Forensics Team

Why nested deserialization is STILL harmful – Magento RCE (CVE-2025-54236)   

Pwn2Own Ireland 2025: Day Three and Master of Pwn  

Exploitation of Windows Server Update Services Remote Code Execution Vulnerability (CVE-2025-59287) 

Realtime AI-Supported Voice Conversion (Deepfake) and its applications on Vishing and Social Engineering exercises  

Microsoft 365 Copilot – Arbitrary Data Exfiltration Via Mermaid Diagrams 

Intelligence and Information Warfare

China Says It Found Evidence of US Cyber Attack on State Agency

‘Catastrophic’ attack as Russians hack files on EIGHT MoD bases and post them on the dark web  

Salty Much: Darktrace’s view on a recent Salt Typhoon intrusion  

Unmasking MuddyWater’s New Malware Toolkit Driving International Espionage 

PhantomCaptcha | Multi-Stage WebSocket RAT Targets Ukraine in Single-Day Spearphishing Operation

Dark Covenant 3.0: Controlled Impunity and Russia’s Cybercriminals

UK facing ‘most contested and complex’ threat in decades, warns GCHQ director 

Gotta fly: Lazarus targets the UAV sector 

ToolShell Used to Compromise Telecoms Company in Middle East

StealthServer: A Dual-Platform Backdoor from a South Asian APT Group

Cybersecurity

AI-enabled ransomware attacks: CISO’s top security concern — with good reason 

NSO Ordered to Stop Hacking WhatsApp, but Damages Cut to $4 Million  

Microsoft Digital Defense Report 2025  

Cyber Monitoring Centre Statement on the Jaguar Land Rover Cyber Incident – October 2025

Dark Covenant 3.0: Controlled Impunity and Russia’s Cybercriminals    

Microsoft Digital Defense Report 2025  

Apple alerts exploit developer that his iPhone was targeted with government spyware  

Cyberattack on Russia’s food safety agency reportedly disrupts product shipments  

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, newsletter)

Source: SecurityAffairs
Source Link: https://securityaffairs.com/183850/breaking-news/security-affairs-newsletter-round-547-by-pierluigi-paganini-international-edition.html