#

Security Affairs Newsletter Round 536: International Edition

The latest round of the weekly Security Affairs newsletter has arrived! Every week, you'll receive the best security articles from Security Affairs for free in your email box. Stay ahead of the threats with our curated list of top security news.

##

New WhatsApp Tools and Tips to Beat Messaging Scams

Be on the lookout for new WhatsApp features that can help you protect yourself against messaging scams. These tools and tips will give you a better chance of identifying and avoiding suspicious messages.

Security experts have identified several new tools and techniques being used by scammers to trick victims into divulging sensitive information or sending money. By staying informed about the latest security best practices, you can stay one step ahead of these threats.

##

GenAI Used For Phishing Websites Impersonating Brazil’s Government

A recent phishing campaign has used AI-generated content to impersonate Brazilian government officials and trick victims into divulging sensitive information.

The scammers have been using artificial intelligence (AI) to create convincing emails, phone calls, and even text messages that mimic the voice and tone of real Brazilian government officials. The goal is to gain the trust of potential victims and extract sensitive information or financial details.

##

FinCEN Issues Notice on the Use of Convertible Virtual Currency Kiosks for Scam Payments and Other Illicit Activity

The Financial Crimes Enforcement Network (FinCEN) has issued a notice warning consumers about the use of convertible virtual currency kiosks to facilitate scam payments.

The notice highlights the risks associated with using these types of kiosks, which can be used to make illicit transactions and launder money. Consumers are advised to exercise caution when using virtual currency kiosks and to report any suspicious activity to FinCEN.

##

Nigerian Man Extradited To Face Hacking, Fraud, And Identity Theft Charges

A Nigerian man has been extradited to face charges related to hacking, fraud, and identity theft.

The man was arrested in the United States and extradited to Nigeria to face charges stemming from his involvement in a series of high-profile hacking and identity theft cases.

##

Update: Akira ransomware group targets SonicWall VPN appliances

The Akira ransomware group has expanded its attacks to target SonicWall VPN appliances.

The Akira group is known for its use of advanced malware to gain access to sensitive data. The recent targeting of SonicWall VPN appliances highlights the ongoing threat posed by this group and emphasizes the importance of maintaining robust cybersecurity measures.

##

Columbia University data breach impacts nearly 870,000 individuals

A recent data breach at Columbia University has impacted nearly 870,000 individuals.

The breach occurred due to a phishing attack that compromised sensitive information. The university has notified affected individuals and is working to provide support and resources to those impacted.

##

Who Got Arrested in the Raid on the XSS Crime Forum?

During the recent raid on the XSS Crime Forum, several individuals were arrested for their involvement in cybercrime activities.

The arrests highlight the ongoing efforts of law enforcement agencies to combat cybercrime and bring those responsible to justice. The XSS Crime Forum was a notorious online platform used by hackers to share and trade stolen data.

##

Unmasking Embargo Ransomware: A Deep Dive Into the Group’s TTPs and BlackCat Links

Security researchers have conducted a deep dive into the tactics, techniques, and procedures (TTPs) of Embargo ransomware.

The research reveals links between Embargo ransomware and another notorious group known as BlackCat. The findings provide valuable insights into the tactics used by these groups to infect and extort victims.

##

Arctic Wolf Observes July 2025 Uptick in Akira Ransomware Activity Targeting SonicWall SSL VPN

Arctic Wolf has observed an uptick in Akira ransomware activity targeting SonicWall SSL VPN.

The increased activity highlights the ongoing threat posed by the Akira group and emphasizes the importance of maintaining robust cybersecurity measures, particularly for organizations using SonicWall SSL VPN.

##

ToxicPanda: The Android Banking Trojan Targeting Europe

A new Android banking trojan known as ToxicPanda has been identified targeting European users.

The malware is designed to steal sensitive financial information and login credentials. Users are advised to exercise caution when using their mobile devices and to keep their operating systems and security software up-to-date.

##

“CAPTCHAgeddon” Unmasking the Viral Evolution of the ClickFix Browser-Based Threat

A recent report has highlighted the evolving nature of the ClickFix browser-based threat.

The report, dubbed “CAPTCHAgeddon,” reveals how hackers have adapted their tactics to evade CAPTCHA challenges. The findings provide valuable insights into the ongoing threat posed by this group and emphasize the importance of maintaining robust cybersecurity measures.

##

11 Malicious Go Packages Distribute Obfuscated Remote Payloads

A recent security incident has highlighted the dangers of malicious Go packages.

The packages, which were designed to distribute obfuscated remote payloads, have been identified as a threat to organizations using these languages. The incident serves as a reminder of the importance of keeping software up-to-date and conducting regular security audits.

##

New Infection Chain and ConfuserEx-Based Obfuscation for DarkCloud Stealer

A new infection chain has been identified that uses ConfuserEx-based obfuscation to evade detection.

The attack highlights the ongoing threat posed by DarkCloud stealer, a notorious malware group. The incident serves as a reminder of the importance of maintaining robust cybersecurity measures and staying informed about emerging threats.

##

Lovense: The Company That Lies to Security Researchers

A recent investigation has highlighted a company known for lying to security researchers.

The findings reveal how Lovense, a manufacturer of smart home devices, has been deceiving security researchers by withholding information about the vulnerabilities of their products. The incident serves as a reminder of the importance of transparency and honesty in cybersecurity.

##

Breaking NVIDIA Triton: CVE-2025-23319 – A Vulnerability Chain Leading to AI Server Takeover

A recent vulnerability has been identified that can be used to take over AI servers.

The vulnerability, known as NVIDIA Triton, highlights the ongoing threat posed by AI-powered attacks. The incident serves as a reminder of the importance of maintaining robust cybersecurity measures and staying informed about emerging threats.

##

Huntress Threat Advisory: Active Exploitation of SonicWall VPNs

Huntress has issued a threat advisory warning of active exploitation of SonicWall VPNs.

The advisory highlights the ongoing threat posed by this vulnerability and emphasizes the importance of maintaining robust cybersecurity measures, particularly for organizations using SonicWall SSL VPN.

##

Google’s August Patch Fixes Two Qualcomm Vulnerabilities Exploited in the Wild

A recent patch has been issued to fix two vulnerabilities exploited in the wild.

The patch highlights the ongoing threat posed by these vulnerabilities and serves as a reminder of the importance of keeping software up-to-date.

##

Trend Micro Confirms Active Exploitation of Critical Apex One Flaws in On-Premise Systems

Trend Micro has confirmed active exploitation of critical flaws in on-premise systems.

The finding highlights the ongoing threat posed by these vulnerabilities and emphasizes the importance of maintaining robust cybersecurity measures, particularly for organizations using on-premise systems.

##

ReVault! When your SoC turns against you…

A recent incident has highlighted the risks associated with relying solely on security orchestration (SoC) tools.

The finding serves as a reminder of the importance of maintaining robust cybersecurity measures and staying informed about emerging threats.

##

Red Teams Jailbreak GPT-5 With Ease, Warn It’s ‘Nearly Unusable’ for Enterprise

Security researchers have demonstrated their ability to jailbreak the GPT-5 AI model with ease.

The finding highlights the ongoing threat posed by AI-powered attacks and emphasizes the importance of maintaining robust cybersecurity measures.

##

The Covert Operator’s Playbook: Infiltration of Global Telecom Networks

A recent report has highlighted the tactics used by hackers to infiltrate global telecom networks.

The findings provide valuable insights into the ongoing threat posed by these groups and serve as a reminder of the importance of maintaining robust cybersecurity measures.

##

Hacked Crimean servers reveal information about abducted children, Ukraine says

Hacked Crimean servers have revealed sensitive information about abducted children in Ukraine.

The incident highlights the ongoing threat posed by cybercrime and emphasizes the importance of maintaining robust cybersecurity measures to protect sensitive information.

##

Updated UAC-0099 toolkit: MATCHBOIL, MATCHWOK, DRAGSTARE

An updated toolkit has been identified that can be used for malicious purposes.

The finding highlights the ongoing threat posed by this toolkit and serves as a reminder of the importance of staying informed about emerging threats.

##

WinRAR zero-day exploited to plant malware on archive extraction

A recent incident has highlighted the risks associated with using outdated software.

The finding serves as a reminder of the importance of keeping software up-to-date and conducting regular security audits.

##

Germany’s top court holds that police can only use spyware to investigate serious crimes

Germany's top court has ruled that police can only use spyware for investigating serious crimes.

The finding highlights the ongoing debate about the use of surveillance technology by law enforcement agencies and serves as a reminder of the importance of maintaining robust cybersecurity measures.

##

‘A million calls an hour’: Israel relying on Microsoft cloud for expansive surveillance of Palestinians

Israel has been using Microsoft's cloud services to conduct extensive surveillance of Palestinians.

The incident highlights the ongoing threat posed by the use of surveillance technology and emphasizes the importance of maintaining robust cybersecurity measures.

##

Chinese Researchers Suggest Lasers and Sabotage to Counter Musk’s Starlink Satellites

Chinese researchers have proposed using lasers and sabotage to counter Elon Musk's Starlink satellites.

The finding highlights the ongoing threat posed by space-based surveillance and serves as a reminder of the importance of maintaining robust cybersecurity measures.

##

SonicWall Investigating Potential SSL VPN Zero-Day After 20+ Targeted Attacks Reported

SonicWall is investigating potential SSL VPN zero-day vulnerabilities after multiple targeted attacks were reported.

The finding highlights the ongoing threat posed by this vulnerability and emphasizes the importance of maintaining robust cybersecurity measures, particularly for organizations using SonicWall SSL VPN.

##

AI Rewrote Its Code When I Asked About Human Nature

A recent incident has highlighted the capabilities of AI systems to rewrite their own code.

The finding serves as a reminder of the ongoing threat posed by AI-powered attacks and emphasizes the importance of maintaining robust cybersecurity measures.

##

Cisco Says User Data Stolen in CRM Hack

Cisco has revealed that user data was stolen during a recent CRM hack.

The incident highlights the ongoing threat posed by data breaches and serves as a reminder of the importance of maintaining robust cybersecurity measures to protect sensitive information.

##

Most cybersecurity risk comes from just 10% of employees

A recent study has highlighted that most cybersecurity risk comes from just 10% of employees.

The finding emphasizes the importance of training and educating employees on cybersecurity best practices to minimize the risk of data breaches and other security incidents.

##

Organizations Warned of Vulnerability in Microsoft Exchange Hybrid Deployment

A recent vulnerability has been identified in the Microsoft Exchange hybrid deployment.

The finding highlights the ongoing threat posed by this vulnerability and emphasizes the importance of maintaining robust cybersecurity measures to protect sensitive information.

##

Air France and KLM disclose data breaches impacting customers

Air France and KLM have disclosed data breaches that impacted their customers.

The incident highlights the ongoing threat posed by data breaches and serves as a reminder of the importance of maintaining robust cybersecurity measures to protect sensitive information.

##

Google Discloses Data Breach via Salesforce Hack

Google has revealed a data breach that occurred due to a hack on its Salesforce account.

The incident highlights the ongoing threat posed by data breaches and serves as a reminder of the importance of maintaining robust cybersecurity measures to protect sensitive information.

##

Preventing ZIP parser confusion attacks on Python package installers

A recent security incident has highlighted the risks associated with ZIP parser confusion attacks.

The finding serves as a reminder of the importance of keeping software up-to-date and conducting regular security audits.

##

Europe prioritising spend properly as H1 cybersecurity market hits double-digit growth

The European cybersecurity market has seen significant growth in the first half of 2023.

The finding highlights the ongoing threat posed by cybercrime and emphasizes the importance of maintaining robust cybersecurity measures to protect sensitive information.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon