A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Qantas cuts executive bonuses by 15% after a July data breach MeetC2 – A serverless C2 […

A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box.

Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Qantas cuts executive bonuses by 15% after a July data breach

MeetC2 – A serverless C2 framework that leverages Google Calendar APIs as a communication channel

Critical SAP S/4HANA flaw CVE-2025-42957 under active exploitation

U.S. CISA adds Sitecore, Android, and Linux flaws to its Known Exploited Vulnerabilities catalog

SVG files used in hidden malware campaign impersonating Colombian authorities

France’s CNIL fined Google $379M and Shein $175M for breaching cookie rules

$10M reward for Russia’s FSB officers accused of hacking US Critical infrastructure

Severe Hikvision HikCentral product flaws: What You Need to Know

U.S. CISA adds TP-Link Archer C7(EU) and TL-WR841N flaws to its Known Exploited Vulnerabilities catalog

Crooks turn HexStrike AI into a weapon for fresh vulnerabilities

Google addressed two Android flaws actively exploited in targeted attacks

U.S. CISA adds WhatsApp, and TP-link flaws to its Known Exploited Vulnerabilities catalog

Android droppers evolved into versatile tools to spread malware

Jaguar Land Rover shuts down systems after cyberattack, no evidence of customer data theft

Cloudflare blocked a record 11.5 Tbps DDoS attack

Palo Alto Networks disclosed a data breach linked to Salesloft Drift incident

Von der Leyen’s plane hit by suspected Russian GPS Jamming in Bulgaria, landed Safely

Supply-chain attack hits Zscaler via Salesloft Drift, leaking customer info

Crooks exploit Meta malvertising to target Android users with Brokewell

North Korea’s APT37 deploys RokRAT in new phishing campaign against academics

Fraudster stole over $1.5 million from city of Baltimore

Amazon blocks APT29 campaign targeting Microsoft device code authentication

International Press – Newsletter

Cybercrime

Scammer steals $1.5 million from Baltimore by spoofing city vendor 

Malvertising Campaign on Meta Expands to Android, Pushing Advanced Crypto-Stealing Malware to Users Worldwide 

Help Desk at Risk: Scattered Spider Shines Light on Overlook Threat Vector

The Ongoing Fallout from a Breach at AI Chatbot Maker Salesloft 

Hackers Issue Ultimatum to Google After Data Breach Warning 

Cybercriminals Exploit X’s Grok AI to Bypass Ad Protections and Spread Malware to Millions

Malware

MystRodX: The Covert Dual-Mode Backdoor Threat 

Ethereum smart contracts used to push malicious code on npm  

Uncovering a Colombian Malware Campaign with AI Code Analysis

An MDR Analysis of the AMOS Stealer Campaign Targeting macOS via ‘Cracked’ Apps 

Hacking

Threat Brief: Salesloft Drift Integration Used To Compromise Salesforce Instances 

Cloudflare Blocks Record-Breaking 11.5 Tbps DDoS Attack 

Introduction to OPSEC (Part 2) 

Hexstrike-AI: When LLMs Meet Zero-Day Exploitation

Heap-based buffer overflow in Kernel Streaming WOW Thunk Service Driver – CVE-2025-53149  

Critical SAP S/4HANA code injection vulnerability (CVE-2025-42957) exploited in the wild – patch immediately  

Intelligence and Information Warfare

The Trap of Troubleshooting: Analysis of Lazarus (APT-Q-1)’s Recent Attacks Using ClickFix

Operation HanKook Phantom: North Korean APT37 targeting South Korea 

Ursula von der Leyen’s plane hit by suspected Russian GPS interference 

Inside Palantir: The Secretive Tech Company Helping the US Government Build a Massive Web of Surveillance  

Three Lazarus RATs coming for your cheese  

CTI Analysis: Malicious Email Campaign 

US Offers $10 Million for Three Russian Energy Firm Hackers  

Analyzing NotDoor: Inside APT28’s Expanding Arsenal

Analysis of APT-C-53 (Gamaredon) attacks against Ukrainian government departments  

Contagious Interview | North Korean Threat Actors Reveal Plans and Ops by Abusing Cyber Intel Platforms

A Playbook for Winning the Cyber War Part 2: Evaluating Russia’s Cyber Strategy  

Cybersecurity

Elon Musk Sues Ex-xAI Techie For Uploading Grok’s Codebase To OpenAI; Internet Erupts In Hilarious Memes  

Scientists Created an Entire Social Network Where Every User Is a Bot, and Something Wild Happened 

Salesloft Drift Supply Chain Incident: Key Details and Zscaler’s Response

Securing EU (Cyber)Space: New Cyber Requirements in the EU Space Act 

Salesforce-Connected Third-Party Drift Application Incident Response 

Jaguar Land Rover says cyberattack ‘severely disrupted’ production 

Cookie regulation: the CNIL is continuing the action plan initiated in 2019 and has imposed two fines on SHEIN and GOOGLE     

Qantas penalizes executives for July cyberattack  

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, newsletter)

Source: SecurityAffairs
Source Link: https://securityaffairs.com/181963/breaking-news/security-affairs-newsletter-round-540-by-pierluigi-paganini-international-edition.html