"U.S. CISA adds Apple products, and TP-Linked router flaws to its Known Exploited Vulnerabilities Catelog."

Views expressed in this cybersecurity, cyber crime update are those of the reporters and correspondents.  Accessed on 17 June 2025, 1507 UTC.

Content and Source:  Email subscription via https://feedly.com.

 https://feedly.com/i/subscription/feed%2Fhttp%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2Ffeed

Please check email link or scroll down to read your selections.   Thanks for joining us today.

Russ Roberts (https://www.hawaiicybersecurityjournal.net).

Security Affairs

73K followers23 articles per week

#security#tech

23

Today

U.S. CISA adds Apple products, and TP-Link routers flaws to its Known Exploited Vulnerabilities catalog

by Pierluigi Paganini / 1h

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Apple products, and TP-Link routers flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Apple products, and TP-Link routers flaws to its Known Exploited Vulnerabilities (KEV) catalog . Below are the descriptions for these flaws: CVE-2025-43200 Apple Multiple P

Attackers target Zyxel RCE vulnerability CVE-2023-28771

by Pierluigi Paganini / 4h

GreyNoise researchers have observed exploit attempts targeting the remote code execution vulnerability CVE-2023-28771 in Zyxel devices. On June 16, GreyNoise researchers detected exploit attempts targeting CVE-2023-28771 (CVSS score 9.8), a remote code execution flaw impacting Zyxel IKE decoders over UDP port 500. “Exploitation attempts against CVE-2023-28771 were minimal throughout recent weeks.

Yesterday

India-based car-sharing company Zoomcar suffered a data breach impacting 8.4M users

by Pierluigi Paganini / 7h

Zoomcar disclosed a data breach impacting 8.4M users after attackers compromised its systems and contacted the company staff. Zoomcar is an India-based car-sharing and self-drive car rental company. Zoomcar discovered a data breach impacting 8.4M users after threat actors contacted the internal personnel claiming the compromise of internal systems. The company is investigating the security breach

State-sponsored hackers compromised the email accounts of several Washington Post journalists

by Pierluigi Paganini / 7h

State-sponsored hackers compromised the email accounts of several journalists working at the Washington Post. A cyberattack, likely carried out by state-sponsored hackers, compromised the Microsoft email accounts of Washington Post journalists, including reporters covering China and national security. “A cyberattack on the Washington Post compromised email accounts of several journalists and was

Law enforcement operation shut down dark web drug marketplace Archetyp Market

Archetyp Market dismantled by police

•

by Pierluigi Paganini / 20h

Europol shut down Archetyp Market, a major dark web drug marketplace, in a global operation with arrests and takedowns. An international law enforcement operation led by Europol dismantled Archetyp Market, the most enduring dark web marketplace. The marketplace enabled the anonymous trade of illicit drugs, including cocaine, MDMA, amphetamines, and synthetic opioids. Between June 11 and 13, 300 o

New Anubis RaaS includes a wiper module

9 TTPs

•

by Pierluigi Paganini / 1d

•

Anubis ransomware adds wiper feature

Anubis RaaS now includes a wiper module, permanently deleting files. Active since Dec 2024, it launched an affiliate program in Feb 2025. Anubis is a new RaaS that combines file encryption capability with a rare “wipe mode,” permanently deleting files and preventing recovery even after ransom payment. Anubis operates a flexible affiliate program that has been active since December 2024. Anubis br

New Predator spyware infrastructure revealed activity in Mozambique for the first time

by Pierluigi Paganini / 1d

Insik Group analyzed the new Predator spyware infrastructure and discovered it’s still gaining users despite U.S. sanctions since July 2023. Despite earlier declines in activity due to U.S. sanctions and public exposure, Predator spyware has resurged. Insikt Group analyzed a renewed infrastructure linked to the commercial spyware company and identified a new customer in Mozambique, highlighting c

Jun 15, 2025

Canada’s second-largest airline WestJet is containing a cyberattack

WestJet faces cybersecurity incident

•

by Pierluigi Paganini / 2d

Canada’s airline WestJet has suffered a cyberattack that impactd access to some internal systems and the company app. WestJet is a Canadian airline that operates both domestic and international flights. Founded in 1996, it started as a low-cost carrier and has grown to become Canada’s second-largest airline, after Air Canada. WestJet is investigating a cybersecurity incident impacting some of its

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 49

by Pierluigi Paganini / 2d

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Supply chain attack hits Gluestack NPM packages with 960K weekly downloads Analysis of the latest Mirai wave exploiting TBK DVR devices with CVE-2024-3721 Destructive npm Packages Disguised as Utilities Enable Remote System Wipe AMOS Variant Distributed Via Clickfi

Security Affairs newsletter Round 528 by Pierluigi Paganini – INTERNATIONAL EDITION

by Pierluigi Paganini / 2d

A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Palo Alto Networks fixed multiple privilege escalation flaws Unusual toolset used in recent Fog Ransomware attack A cyberattack on United Natural Fo

Jun 13, 2025

Palo Alto Networks fixed multiple privilege escalation flaws

4 TTPs

•

by Pierluigi Paganini / 3d

Palo Alto Networks addressed multiple vulnerabilities and included the latest Chrome patches in its solutions. Palo Alto Networks fixed seven privilege escalation vulnerabilities and integrated the latest Chrome security patches into its products. Palo Alto applied 11 Chrome fixes and patched CVE-2025-4233, a cache vulnerability impacting the Prisma Access Browser. The most severe vulnerability,

Unusual toolset used in recent Fog Ransomware attack

by Pierluigi Paganini / 3d

Fog ransomware operators used in a May 2025 attack unusual pentesting and monitoring tools, Symantec researchers warn. In May 2025, attackers hit an Asian financial firm with Fog ransomware , using rare tools like Syteca monitoring software and pentesting tools GC2, Adaptix, and Stowaway. Symantec researchers pointed out that the use of these tools is unusual for ransomware campaigns. Notably, at

A cyberattack on United Natural Foods caused bread shortages and bare shelves

United Natural Foods cyberattack disrupts

•

by Pierluigi Paganini / 3d

Cyberattack on United Natural Foods Inc. (UNFI) disrupts deliveries, causing Whole Foods shortages nationwide after systems were taken offline on June 5. United Natural Foods, Inc. ( UNFI ) is a Providence, Rhode Island–based natural and organic food company. The largest publicly traded wholesale distributor of health and specialty food in the United States and Canada, it is Whole Foods Market ‘s

Paraguay Suffered Data Breach: 7.4 Million Citizen Records Leaked on Dark Web

3 TTPs

•

by Pierluigi Paganini / 3d

•

Paraguay data breach affects millions

Resecurity researchers found 7.4 million records containing personally identifiable information (PII) of Paraguay citizens on the dark web. Resecurity has identified 7.4 million records containing personally identifiable information (PII) of Paraguayan citizens leaked on the dark web today. Last week, cybercriminals have offered information about all citizens of Paraguay for sale, demanding $7.4

Apple confirmed that Messages app flaw was actively exploited in the wild

CVE-2025-43200

•

by Pierluigi Paganini / 4d

Apple confirmed that a security flaw in its Messages app was actively exploited in the wild to target journalists with Paragon’s Graphite spyware. Apple confirmed that a now-patched vulnerability, tracked as CVE-2025-43200, in its Messages app was actively exploited in the wild to target journalists with Paragon’s Graphite spyware . The IT giant addressed the flaw CVE-2025-43200 on February 10, 2

Jun 12, 2025

Trend Micro fixes critical bugs in Apex Central and TMEE PolicyServer

by Pierluigi Paganini / 4d

Trend Micro fixed multiple vulnerabilities that impact its Apex Central and Endpoint Encryption (TMEE) PolicyServer products. Trend Micro address remote code execution and authentication bypass vulnerabilities impacting its Endpoint Encryption (TMEE) PolicyServer and Apex Central solutions. Trend Micro Endpoint Encryption PolicyServer is a centralized management server used in Trend Micro’s Endpo

Paragon Graphite Spyware used a zero-day exploit to hack at least two journalists’ iPhones

CVE-2025-43200

•

by Pierluigi Paganini / 4d

Security researchers at Citizen Lab revealed that Paragon’s Graphite spyware can hack fully updated iPhones via zero-click attacks. Citizen Lab has confirmed that Paragon’s Graphite spyware was used to hack fully updated iPhones, targeting at least two journalists in Europe. The group found forensic evidence showing the phones had communicated with the same spyware server. Apple quietly alerted t

SinoTrack GPS device flaws allow remote vehicle control and location tracking

3 TTPs

•

by Pierluigi Paganini / 5d

Two vulnerabilities in SinoTrack GPS devices can allow remote vehicle control and location tracking by attackers, US CISA warns. U.S. CISA warns of two vulnerabilities in SinoTrack GPS devices that remote attackers can exploit to access a vehicle’s device profile without permission. The researchers warn that potential exploitation could allow attackers to track its location or even cut power to t

U.S. CISA adds Wazuh, and WebDAV flaws to its Known Exploited Vulnerabilities catalog

IoC > 1 IP and 2 domains

•

by Pierluigi Paganini / 5d

•

3 TTPs

•

CVE-2025-24016

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Wazuh, and WebDAV flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added ASUS RT-AX55 devices, Craft CMS, and ConnectWise ScreenConnect flaws to its Known Exploited Vulnerabilities (KEV) catalog . Below are the descriptions for these flaws: CVE-2025-24016 (CVSS s

Jun 11, 2025

Exposed eyes: 40,000 security cameras vulnerable to remote hacking

4 TTPs

•

by Pierluigi Paganini / 5d

•

Over 40000 security cameras exposed

Over 40,000 internet-exposed security cameras worldwide are vulnerable to remote hacking, posing serious privacy and security risks. Bitsight warns that over 40,000 security cameras worldwide are exposed to remote hacking due to unsecured HTTP or RTSP (Real-Time Streaming Protocol) access. These cameras stream live feeds openly via IP addresses, making them easy targets for spying, cyberattacks,

Operation Secure: INTERPOL dismantles 20,000+ malicious IPs in major cybercrime crackdown

4 TTPs

•

by Pierluigi Paganini / 5d

•

INTERPOL dismantles 20000 malicious IPs

INTERPOL announced that a joint operation code-named Operation Secure took down 20,000+ malicious IPs/domains tied to 69 info-stealers. Between January and April 2025, INTERPOL led Operation Secure, a global effort that took down over 20,000 malicious IPs and domains linked to information-stealing malware. With support from 26 countries and partners like Group-IB, Kaspersky, and Trend Micro, inve

Over 80,000 servers hit as Roundcube RCE bug gets rapidly exploited

IoC > 1 domain

•

by Pierluigi Paganini / 6d

•

2 TTPs

A critical remote code execution (RCE) vulnerability in Roundcube was exploited days after patch, impacting over 80,000 servers. Threat actors exploited a critical remote code execution (RCE) flaw in Roundcube, tracked as CVE-2025-49113 , just days after the patch was released, targeting over 80,000 servers. Roundcube is a popular webmail platform and has been repeatedly targeted by advanced thre

Jun 10, 2025

A flaw could allow recovery of the phone number associated with any Google account

2 TTPs

•

by Pierluigi Paganini / 6d

•

Google fixes phone number vulnerability

A vulnerability could allow recovery of the phone number associated with a Google account by carrying out a brute force attack. The security researcher who goes online with the moniker “brutecat” discovered that it is possible to brute force the phone number of any Google abusing an issue in the company’s account recovery feature. A now-deprecated, JavaScript-disabled version of Google’s username

End of feed