A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Attackers launch dual campaign on GlobalProtect portals and SonicWall APIs Maximum-severity XXE vulnerability discovered in Apache […

A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box.

Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Attackers launch dual campaign on GlobalProtect portals and SonicWall APIs

Maximum-severity XXE vulnerability discovered in Apache Tika

JPCERT/CC Reports Widespread Exploitation of Array Networks AG Gateway Vulnerability

BRICKSTORM backdoor exposed: CISA warns of advanced China-backed intrusions

U.S. CISA adds a new an OpenPLC ScadaBR flaw to its Known Exploited Vulnerabilities catalog

Marquis data breach impacted more than 780,000 individuals

ASUS confirms vendor breach as Everest gang leaks data, claims ArcSoft and Qualcomm

Cloudflare mitigates record 29.7 Tbps DDoS attack by the AISURU botnet

King Addons flaw lets anyone become WordPress admin

University of Pennsylvania and University of Phoenix disclose data breaches

Researchers spotted Lazarus’s remote IT workers in action

India mandates SIM-linked messaging apps to fight rising fraud

U.S. CISA adds Android Framework flaws to its Known Exploited Vulnerabilities catalog

MuddyWater strikes Israel with advanced MuddyViper malware

‘Korea’s Amazon’ Coupang discloses a data breach impacting 34M customers

Google’s latest Android security update fixes two actively exploited flaws

Law enforcement shuts down Cryptomixer in major crypto crime takedown

Australian man jailed for 7+ years over airport and in-flight Wi-Fi attacks

Malware

Emerging Android threat ‘Albiriox’ enables full On‑Device Fraud

U.S. CISA adds an OpenPLC ScadaBR flaw to its Known Exploited Vulnerabilities catalog

Contagious Interview campaign expands with 197 npm Ppackages spreading new OtterCookie malware

International Press – Newsletter

Cybercrime

Perth hacker Michael Clapsis jailed after setting up fake Qantas Wi-Fi, stealing sex videos

Europol and partners shut down ‘Cryptomixer’    

Penn and Phoenix Universities Disclose Data Breach After Oracle Hack 

ASUS confirms third-party breach as hackers release sample files 

Twin Brothers Sentenced for Wire Fraud, Conspiring to Hack into U.S. Department of State and Private Company  

Russia blocks FaceTime and Snapchat for alleged use by terrorists 

Malware

RadzaRat: New Android Trojan Disguised as File Manager Emerges with Zero Detection Rate

Chinese APT targets Uzbekistan     

Glassworm’s resurgence  

Malicious Rust Crate evm-units Serves Cross-Platform Payloads for Silent Execution  

Hacking

Anatomy of a Hacktivist Attack: Russian-Aligned Group Targets OT/ICS     

The Mystery OAST Host Behind a Regionally Focused Exploit Operation     

Google Patches 107 Android Flaws, Including Two Framework Bugs Exploited in the Wild

Uncovering a Calendly-themed phishing campaign targeting business ad manager accounts  

Attackers Actively Exploiting Critical Vulnerability in King Addons for Elementor Plugin 

Array Networks Array AG Series vulnerable to command injection  

A Hidden Pattern Within Months of Credential-Based Attacks Against Palo Alto GlobalProtect

Intelligence and Information Warfare

MuddyWater: Snakes by the riverbank

Researchers Capture Lazarus APT’s Remote-Worker Scheme Live on Camera

PRC State-Sponsored Actors Use BRICKSTORM Malware Across Public Sector and Information Technology Systems  

Intellexa Leaks: New Predator victims despite US sanctions 

China-nexus cyber threat groups rapidly exploit React2Shell vulnerability (CVE-2025-55182) 

Cybersecurity

Korean e-commerce behemoth Coupang confirms leak of 33.7 million users’ data

Facial Recognition’s Trust Problem

India Orders Messaging Apps to Work Only With Active SIM Cards to Prevent Fraud and Misuse

Cloudflare’s 2025 Q3 DDoS threat report — including Aisuru, the apex of botnets  

A New Anonymous Phone Carrier Lets You Sign Up With Nothing but a Zip Code 

Critical XXE Bug CVE-2025-66516 (CVSS 10.0) Hits Apache Tika, Requires Urgent Patch

Hundreds of Porsche Owners in Russia Unable to Start Cars After System Failure 

NCSC Proactive Notifications Service  

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, newsletter)

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, CISA)

Source: SecurityAffairs
Source Link: https://securityaffairs.com/185415/uncategorized/security-affairs-newsletter-round-553-by-pierluigi-paganini-international-edition.html