Security Affairs Newsletter Round 542 by Pierluigi Paganini – INTERNATIONAL EDITION
A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.
Gucci, Balenciaga and Alexander McQueen private data ransomed by hackers
Recent ransom demands have been made against several high-profile fashion brands, including Gucci, Balenciaga, and Alexander McQueen. The hackers claim to have gained access to sensitive information, which they are demanding to be released in exchange for not releasing it online.
However, the authenticity of these claims is yet to be verified, leaving many to question whether the hackers truly have access to the data or if this is just another phishing attempt.
Founder of One of World’s Largest Hacker Forums Resentenced to Three Years in Prison
The founder of a notorious hacker forum has been sentenced to three years in prison for his role in promoting cybercrime. The forum, which was known for hosting malicious actors and facilitating illegal activities, was shut down by law enforcement agencies earlier this year.
This sentence serves as a reminder of the consequences faced by those involved in cybercrime, and highlights the ongoing efforts of law enforcement to combat online illicit activities.
RaccoonO365: An Active Campaign and New Features
A new campaign, known as RaccoonO365, has been identified by security researchers. This campaign is notable for its use of advanced tactics, including steganography, to evade detection and deliver malware.
Security experts are urging users to remain vigilant and take steps to protect themselves against this threat, such as keeping their software up-to-date and using reputable antivirus software.
FileFix in the wild!
A new FileFix campaign has been spotted in the wild. This campaign is notable for its use of POOd (Proof-Of-Work On Demand) to deliver malware, making it more difficult to detect and remove.
Security researchers are working to understand the scope of this campaign and provide guidance on how to mitigate the risks associated with it.
New FileFix campaign goes beyond POC and leverages steganography
The new FileFix campaign is not only using POOd, but also leveraging steganography to evade detection. This makes it even more challenging for security researchers to track and remove the malware.
Security experts are urging users to be cautious when opening files from unknown sources, as this could potentially expose them to this threat.
Microsoft seizes 338 websites to disrupt rapidly growing ‘RaccoonO365’ phishing service
MICROSOFT has taken a significant step in disrupting the RaccoonO365 phishing campaign by seizing 338 websites associated with the malicious actor.
This action is seen as a major blow to the campaign, and highlights Microsoft's commitment to protecting users from online threats.
United Kingdom National Charged in Connection with Multiple Cyber Attacks, Including on Critical Infrastructure
A UK national has been charged in connection with multiple cyber attacks, including those targeting critical infrastructure. The charges include unauthorized access to computer systems and data breaches.
This case highlights the need for organizations to prioritize cybersecurity and take steps to prevent such attacks from occurring.
Two charged for TfL cyber attack
TWO individuals have been charged in connection with a cyber attack on Transport for London (TfL). The attack aimed to disrupt the transportation system, causing significant disruptions to services.
This case serves as a reminder of the importance of cybersecurity and the need for organizations to prioritize their digital security.
Inside the Lighthouse and Lucid PhaaS Campaigns Targeting 316 Global Brands
Security researchers have uncovered two new campaigns, known as Lighthouse and Lucid PhaaS. These campaigns are targeting 316 global brands, aiming to deliver malicious payloads.
The campaigns utilize advanced tactics, including phishing and fileless malware, to evade detection and deliver their payload.
Evolution Cybercrime—Key Trends, Cybersecurity Threats, and Mitigation Strategies from Historical Data
A new report has been released on the evolution of cybercrime. The report highlights key trends, cybersecurity threats, and mitigation strategies based on historical data.
The report provides valuable insights into the current state of cybercrime and offers guidance on how to mitigate the risks associated with it.
Popular Tinycolor npm Package Compromised in Supply Chain Attack Affecting 40+ Packages
A popular npm package, Tinycolor, has been compromised in a supply chain attack. The attack affected over 40 packages, leaving them vulnerable to malware delivery.
This highlights the need for organizations to prioritize their software dependencies and ensure they are up-to-date with the latest security patches.
Satori Threat Intelligence Alert: SlopAds Covers Fraud with Layers of Obfuscation
A new threat intelligence alert has been issued by Satori, highlighting a campaign known as SlopAds. The campaign is designed to cover fraud with layers of obfuscation, making it difficult to detect and remove.
Security experts are urging users to remain vigilant and take steps to protect themselves against this threat.
Prompts as Code & Embedded Keys | The Hunt for LLM-Enabled Malware
A new type of malware has been identified, utilizing prompts as code and embedded keys. This type of malware is designed to evade detection and deliver malicious payloads.
Security researchers are working to understand the scope of this threat and provide guidance on how to mitigate the risks associated with it.
A large-scale attack has been identified targeting Mac users via GitHub Pages. The attackers are impersonating companies and using phishing emails to deliver stealer malware.
Security experts are urging users to be cautious when opening files from unknown sources, as this could potentially expose them to this threat.
A learning approach on exploiting CVE-2020-9273
A new research paper has been released on the exploitation of CVE-2020-9273. The paper provides a detailed guide on how to exploit this vulnerability and deliver malicious payloads.
Security researchers are warning users to take steps to patch this vulnerability and prioritize their digital security.
6 Browser-Based Attacks Security Teams Need to Prepare For Right Now
Six browser-based attacks have been identified that security teams need to prepare for. These attacks utilize advanced tactics, including zero-day exploits, to evade detection and deliver malicious payloads.
Security experts are urging organizations to prioritize their digital security and take steps to protect themselves against these threats.
Google Patches Chrome Zero-Day CVE-2025-10585 as Active V8 Exploit Threatens Millions
Google has patched a zero-day exploit in Chrome, known as CVE-2025-10585. The exploit is an active V8 exploit that threatens millions of users.
Security experts are urging users to update their browser and prioritize their digital security.
SonicWall Prompts Password Resets After Hackers Obtain Firewall Configurations
SonicWall has prompted users to reset their passwords after hackers gained access to firewall configurations. The attackers took advantage of a vulnerability in SonicWall's firewalls.
Security experts are urging organizations to prioritize their digital security and take steps to protect themselves against this threat.
ShadowLeak: A Zero-Click, Service-Side Attack Exfiltrating Sensitive Data Using ChatGPT’s Deep Research Agent
A new zero-click attack has been identified, utilizing a service-side attack to exfiltrate sensitive data. The attackers are using a deep research agent from ChatGPT.
Security experts are urging users to be cautious when using AI-powered tools and prioritize their digital security.
CISA Releases Malware Analysis Report on Malicious Listener Targeting Ivanti Endpoint Manager
The US Cybersecurity and Infrastructure Security Agency (CISA) has released a malware analysis report on a malicious listener targeting Ivanti endpoint manager. The attack is designed to steal sensitive data.
Security experts are urging organizations to prioritize their digital security and take steps to protect themselves against this threat.
APT Down – The North Korea Files
A new APT campaign has been identified, attributed to North Korea. The campaign is targeting critical infrastructure and aiming to deliver malicious payloads.
Security experts are urging organizations to prioritize their digital security and take steps to protect themselves against this threat.
Hive0154, aka Mustang Panda, drops updated Toneshell backdoor and novel SnakeDisk USB worm
A new threat actor, known as Hive0154 or Mustang Panda, has been identified. The actor is dropping an updated Toneshell backdoor and a novel SnakeDisk USB worm.
Security experts are urging users to remain vigilant and take steps to protect themselves against this threat.
Israel announces seizure of $1.5M from crypto wallets tied to Iran
Israel has announced the seizure of $1.5 million from cryptocurrency wallets linked to Iranian cyber threats. The move aims to disrupt the financial flow of malicious actors.
This highlights Israel's commitment to disrupting global cybercrime and protecting its citizens.
Ukraine claims cyberattacks on Russian election systems; Moscow confirms disruptions
Ukraine has claimed responsibility for a series of cyberattacks targeting Russian election systems. Moscow has confirmed that the attacks disrupted electoral processes.
This highlights the ongoing tensions between Ukraine and Russia in the digital realm.
SEC targets US firms tied to suspected Chinese ‘pump and dump’ scams
The Securities and Exchange Commission (SEC) is targeting US firms accused of being involved in suspected Chinese 'pump and dump' scams. The move aims to disrupt financial crimes linked to China.
This highlights the SEC's ongoing efforts to combat global financial crimes.
Minding the drone gap: Drone warfare and the EU
The use of drones is becoming increasingly common in conflict zones around the world. However, there is a growing concern about the lack of regulation and oversight in this area.
European Union officials are urging member states to take steps to regulate drone usage and protect citizens from the risks associated with it.
Ai Agents are Eroding the Foundations of Cybersecurity
The increasing use of artificial intelligence (AI) is raising concerns about its impact on cybersecurity. AI agents are being used to launch sophisticated attacks, making them increasingly difficult to detect and remove.
Security experts are urging organizations to prioritize their digital security and take steps to protect themselves against AI-powered threats.
Kids in the UK are hacking their own schools for dares and notoriety
A disturbing trend has been identified in the UK, where children are hacking into their own schools' systems for dares and notoriety. The actions are often carried out without malicious intent but still raise concerns about digital security.
Parents and educators are being urged to prioritize digital literacy and cybersecurity education among children.
Cloudflare participates in global operation to disrupt RaccoonO365
Cloudflare has participated in a global operation aimed at disrupting the RaccoonO365 phishing campaign. The operation targeted malicious domains associated with this threat.
The effort highlights Cloudflare's commitment to protecting users from online threats and disrupting malicious actors.
JLR could face disruption until November after hack
A UK-based company, JLR, is facing the risk of disruption due to a recent cyberattack. The attack may impact operations until November.
The incident highlights the importance of prioritizing digital security and having robust cybersecurity measures in place.
Fortra Sheds Light on GoAnywhere MFT Zero-Day Exploit Used in Ransomware Attacks
Fortra has shed light on a zero-day exploit used in ransomware attacks. The exploit targets the GoAnywhere MFT product, leaving it vulnerable to attack.
Security experts are urging users to update their software and prioritize their digital security.
Palo Alto Networks Unit 42 Recognised by UK’s NCSC as an Enhanced Level Cyber Incident Response Assured Service Provider
Palo Alto Networks Unit 42 has been recognized by the UK's National Cyber Security Centre (NCSC) as an enhanced level cyber incident response assured service provider. The recognition highlights Palo Alto Networks' commitment to providing top-notch cybersecurity services.
The award underscores the importance of prioritizing digital security and having a robust incident response plan in place.
Germany approves new rules to protect critical infrastructure
Germany has approved new rules aimed at protecting critical infrastructure from cyber threats. The move aims to reduce the risk of disruptions to essential services.
This highlights Germany's commitment to prioritizing digital security and protecting its citizens from online threats.
Passengers stranded at Heathrow, other European airports after cyberattack
A recent cyberattack has left passengers stranded at several European airports, including Heathrow. The incident highlights the potential risks associated with cybersecurity failures in critical infrastructure.
This serves as a reminder of the importance of prioritizing digital security and having robust measures in place to protect against such incidents.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
Stay up-to-date with the latest cybersecurity news by following me on Twitter (@securityaffairs) and my social media channels (Facebook and Mastodon).
I'll be sharing the latest security research, threat intelligence, and insights from the world of cybersecurity. Stay safe online!