Security Affairs Newsletter Round 539 by Pierluigi Paganini – INTERNATIONAL EDITION

A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

U.S. Government Seizes Online Marketplaces Selling Fraudulent Identity Documents Used in Cybercrime Schemes

The U.S. government has launched a crackdown on online marketplaces selling fraudulent identity documents used in cybercrime schemes. According to reports, these marketplaces were found to be operating outside of U.S. jurisdiction, with hundreds of thousands of customer data being hacked.

Auchan Announces Cyberattack, Hundreds of Thousands of Customers' Data Hacked

French retailer Auchan has announced that it has been the victim of a cyberattack, resulting in the hacking of hundreds of thousands of its customers' data. The company stated that it is investigating the incident and working to contain the breach.

Security researchers have discovered widespread data theft targeting Salesforce instances via Salesloft, a software company providing sales automation solutions. The attackers exploited multiple vulnerabilities in Salesloft's products, resulting in unauthorized access to sensitive customer information.

Drift Storm-0501’s Evolving Techniques Lead to Cloud-Based Ransomware

A recent security incident highlighted the evolving techniques used by cloud-based ransomware groups, such as Drift Storm-0501. These groups have been using sophisticated tactics, including exploiting vulnerabilities in software applications, to compromise sensitive data.

Hacker Used Voice Phishing Attack to Steal Cisco Customers' Personal Information

A hacker has been identified who used a voice phishing attack to steal personal information of Cisco customers. This incident serves as a reminder of the importance of staying vigilant and protecting sensitive information from cyber threats.

DSLRoot, Proxies, and the Threat of ‘Legal Botnets’

Security researchers have discovered a new type of botnet known as DSLRoot, which uses proxies to evade detection. This highlights the growing threat of 'legal botnets' that can cause significant disruptions to online services.

Cyberattack Against Several Municipal and Regional Systems

A recent cyberattack has targeted several municipal and regional systems, compromising sensitive data and disrupting critical infrastructure. The attack serves as a reminder of the importance of robust cybersecurity measures in protecting public systems.

Infostealers: The Silent Smash-and-Grab Driving Modern Cybercrime

Infostealers are becoming increasingly prevalent, with these groups using sophisticated tactics to steal sensitive data from organizations worldwide. Their methods serve as a reminder of the evolving nature of cyber threats and the need for robust cybersecurity measures.

Colt Technology Services Gets Ransomware’d via SharePoint Initial Access

A recent ransomware attack on Colt Technology Services highlighted the importance of having up-to-date security software. The attackers gained initial access through a vulnerability in the company's SharePoint products, resulting in significant data loss and disruption to operations.

Germany Charges Man Over Cyberattack on Rosneft Subsidiary

A German court has charged a man over a cyberattack on Rosneft subsidiary, highlighting the growing importance of international cooperation in combating cybercrime. The attack resulted in significant disruptions to operations and compromised sensitive data.

Ransomware Gang Takedowns Causing Explosion of New, Smaller Groups

The takedown of ransomware gangs has led to an explosion of new, smaller groups emerging to take their place. This highlights the ongoing challenge of combating cybercrime and the need for continued international cooperation.

Citrix Forgot to Tell You CVE-2025–6543 Has Been Used as a Zero Day Since May 2025

Citrix has acknowledged that they forgot to inform customers about a critical vulnerability, CVE-2025–6543, which was exploited as a zero-day attack since May 2025. This highlights the importance of timely communication from software vendors regarding security vulnerabilities.

The Resurgence of IoT Malware: Inside the Mirai-Based “Gayfemboy” Botnet Campaign

Security researchers have uncovered a new botnet campaign using Mirai-based malware, targeting Internet of Things (IoT) devices. This highlights the ongoing threat posed by IoT malware and the need for continued vigilance in protecting these devices from cyber threats.

Your Connection, Their Cash: Threat Actors Misuse SDKs to Sell Your Bandwidth

Threat actors have been exploiting software development kits (SDKs) to steal bandwidth from unsuspecting users. This highlights the importance of using robust security measures when developing and deploying software applications.

Android Backdoor Spies on Employees of Russian Business Tamperedchef

A recent security incident highlighted an Android backdoor that spied on employees of a Russian business, Tamperedchef. This serves as a reminder of the importance of staying vigilant and protecting sensitive information from cyber threats.

Malware devs Abuse Anthropic’s Claude AI to Build Ransomware

Security researchers have discovered malware developers using Anthropic's Claude AI to build ransomware. This highlights the growing threat posed by AI-powered malware and the need for continued innovation in cybersecurity measures.

Vtenext 25.02: A Three-Way Path to RCE

A recent security incident highlighted a three-way path to remote code execution (RCE) vulnerabilities, which have been exploited by threat actors. This serves as a reminder of the importance of staying vigilant and addressing RCE vulnerabilities in software applications.

Citrix Patches Three NetScaler Flaws, Confirms Active Exploitation of CVE-2025-7775

Citrix has patched three NetScaler flaws, which were confirmed to be actively exploited by threat actors. This highlights the importance of timely patches and updates from software vendors in protecting against cyber threats.

Widespread Data Theft Targets Salesforce Instances via Salesloft Drift

Security researchers have discovered widespread data theft targeting Salesforce instances via Salesloft, a software company providing sales automation solutions. The attackers exploited multiple vulnerabilities in Salesloft's products, resulting in unauthorized access to sensitive customer information.

Cache Me If You Can (Sitecore Experience Platform Cache Poisoning to RCE)

A recent security incident highlighted an attack on Sitecore Experience Platform using cache poisoning, resulting in remote code execution. This serves as a reminder of the importance of staying vigilant and addressing vulnerabilities in software applications.

Inside the Lab-Dookhtegan Hack: How Iranian Ships Lost Their Voice at Sea

A recent security incident highlighted an attack on Iranian ships using sophisticated hacking tactics, resulting in the loss of their voice at sea. This serves as a reminder of the ongoing threat posed by state-sponsored cyberattacks.

WhatsApp Issues Emergency Update for Zero-Click Exploit Targeting iOS and macOS Devices

WhatsApp has issued an emergency update to address a zero-click exploit targeting iOS and macOS devices. This highlights the importance of timely patches and updates from software vendors in protecting against cyber threats.

APT36: Targets Indian BOSS Linux Systems with Weaponized AutoStart Files

APT36, a known threat actor group, has targeted Indian BOSS Linux systems using weaponized autoStart files. This highlights the ongoing threat posed by nation-state-sponsored cyberattacks on critical infrastructure.

Deception in Depth: PRC-Nexus Espionage Campaign Hijacks Web Traffic to Target Diplomats

A recent security incident highlighted an espionage campaign, known as PRC-Nexus, which hijacked web traffic to target diplomats. This serves as a reminder of the ongoing threat posed by state-sponsored cyberattacks on sensitive information.

ZipLine Campaign: A Sophisticated Phishing Attack Targeting US Companies

A sophisticated phishing attack, known as ZipLine, has targeted US companies using tailored emails and malware-laced attachments. This highlights the growing threat of phishing campaigns in targeting sensitive business information.

Citizen Lab Director Warns Cyber Industry about US Authoritarian Descent

Dr. Robin Pease, director of Citizen Lab, has warned the cyber industry about the rising trend of authoritarianism in the US. This highlights the growing concern among cybersecurity experts regarding the impact of politics on cybersecurity policy.

Dutch Providers Targeted by Salt Typhoon TAOTH Campaign Exploits End-of-Support Software to Target Traditional Chinese Users and Dissidents

Dutch providers have been targeted by a sophisticated campaign, known as Salt Typhoon TAOTH, which exploits end-of-support software to target traditional Chinese users and dissidents. This highlights the ongoing threat posed by cyberattacks targeting sensitive information.

Biased AI Chatbots Can Sway People’s Political Views in Minutes

Researchers have discovered that biased AI chatbots can sway people's political views in mere minutes. This serves as a reminder of the growing concern regarding the impact of AI on misinformation and manipulation.

Amazon Disrupts Watering Hole Campaign by Russia’s APT29

Amazon has disrupted a watering hole campaign by Russia's APT29 group, highlighting the ongoing threat posed by state-sponsored cyberattacks. The attackers had used compromised websites to spread malware, but Amazon's action prevented significant damage.

State of the Internet: Digging into Residential Proxy Infrastructure

A recent report highlighted the growing concern regarding residential proxy infrastructure and its impact on the state of the internet. This serves as a reminder of the ongoing challenge of tracking and mitigating cyber threats using residential proxies.