"OneClik APT campaign targets enery sector with stealthy backdoors."

Views expressed in this cybersecurity, cyber crime update are those of the reporters and correspondents.  

Accessed on 27 June 2025, 1607 UTC.

Content and Source:  Email subscription from https://feedly.com.

 https://feedly.com/i/subscription/feed%2Fhttp%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2Ffeed

Please check email link or scroll down to read your selections.  Thanks for joining us today.

Russ Roberts (https://www.hawaiicybersecurityjournal.net).

Security Affairs

73K followers24 articles per week

#security#tech

18

Most popular

OneClik APT campaign targets energy sector with stealthy backdoors

21 TTPs

•

by Pierluigi Paganini / 2h

•

OneClik APT campaign targets energy sector

A OneClik campaign, likely carried out by China-linked actor, targets energy sectors using stealthy ClickOnce and Golang backdoors. Trellix cybersecurity researchers uncovered a new APT malware campaign, OneClik, targeting the energy, oil, and gas sectors. It abuses Microsoft’s ClickOnce deployment tech and custom Golang backdoors. While links to China-affiliated actors are suspected, attribution

American steel giant Nucor confirms data breach in May attack

3 TTPs

•

by Pierluigi Paganini / 4d

•

Nucor confirms data theft attack

American steel giant Nucor confirms hackers stole data in a May cyberattack, following its earlier disclosure of the incident. Nucor, North America’s largest steel maker, confirmed hackers stole some data in a May cyberattack, following its earlier disclosure of the incident. Nucor Corporation (NYSE: NUE) is a major American steel company headquartered in Charlotte, North Carolina. It’s the large

The U.S. House banned WhatsApp on government devices due to security concerns

4 TTPs

•

by Pierluigi Paganini / 2d

•

WhatsApp banned on Congress devices

The U.S. House banned WhatsApp on official devices over security concerns, citing risks flagged by the Chief Administrative Officer. The U.S. House has banned WhatsApp on government devices due to data security concerns. Similar restrictions apply to AI tools like ChatGPT , ByteDance apps, and Microsoft Copilot. “nuto has deemed WhatsApp a high-risk to users due to the lack of transparency in how

Yesterday

APT42 impersonates cyber professionals to phish Israeli academics and journalists

9 TTPs

•

by Pierluigi Paganini / 7h

•

Iranian hackers target Israeli cybersecurity

Iran-linked APT42 targets Israeli experts with phishing attacks, posing as security professionals to steal email credentials and 2FA codes. Iran-linked group APT42 (aka Educated Manticore, Charming Kitten , and Mint Sandstorm ) is targeting Israeli journalists, cybersecurity experts, and academics with phishing attacks, posing as security professionals to steal email credentials and 2FA codes, ac

Kai West, aka IntelBroker, indicted for cyberattacks causing $25M in damages

British hacker charged with data theft

•

by Pierluigi Paganini / 20h

British national Kai West, aka IntelBroker, was charged in U.S. for a global hacking scheme that stole and sold data, causing millions in damages. Kai West (25), a British national, has been charged in the U.S. for operating as ‘IntelBroker ,’ running a global hacking scheme that stole and sold data, causing millions in damages. The US DoJ unsealed charges against Kai West, who was arrested in Fr

Cisco fixed critical ISE flaws allowing Root-level remote code execution

6 TTPs

•

by Pierluigi Paganini / 1d

Cisco released patches to address two critical vulnerabilities in ISE and ISE-PIC that could let remote attackers execute to code as root. Cisco addressed two critical vulnerabilities, tracked as CVE-2025-20281 and CVE-2025-20282, in Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) that could allow remote, unauthenticated attackers to execute arbitrary code with root pr

Jun 25, 2025

U.S. CISA adds AMI MegaRAC SPx, D-Link DIR-859 routers, and Fortinet FortiOS flaws to its Known Exploited Vulnerabilities catalog

4 TTPs

•

by Pierluigi Paganini / 1d

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds AMI MegaRAC SPx, D-Link DIR-859 routers, and Fortinet FortiOS flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added AMI MegaRAC SPx, D-Link DIR-859 routers, and Fortinet FortiOS flaws to its Known Exploited Vulnerabilities (KEV) catalog . Below are the descripti

CitrixBleed 2: The nightmare that echoes the ‘CitrixBleed’ flaw in Citrix NetScaler devices

5 TTPs

•

by Pierluigi Paganini / 1d

New Citrix flaw ‘CitrixBleed 2’ lets attackers steal session cookies without logging in, echoing a previously exploited vulnerability. A new flaw in Citrix NetScaler ADC and Gateway, dubbed ‘ CitrixBleed 2 ‘ (CVE-2025-5777, CVSS v4.0 Base Score of 9.3), can allow unauthenticated attackers to steal session cookies, similar to a past critical exploit. The vulnerability is an insufficient input vali

Hackers deploy fake SonicWall VPN App to steal corporate credentials

IoC > 1 IP

•

by Pierluigi Paganini / 1d

•

3 TTPs

•

Fake SonicWall app steals credentials

Hackers spread a trojanized version of SonicWall VPN app to steal login credentials from users accessing corporate networks. Unknown threat actors are distributing a trojanized version of SonicWall NetExtender SSL VPN app to steal user credentials. The legitimate NetExtender app lets remote users securely access and use company network resources as if they were on-site. The malware-laced version,

Mainline Health Systems data breach impacted over 100,000 individuals

2 TTPs

•

by Pierluigi Paganini / 2d

•

Mainline Health Systems data breach

Mainline Health Systems disclosed a data breach that impacted over 100,000 individuals. Mainline Health Systems is a nonprofit Federally Qualified Health Center founded in 1978 in Portland, Arkansas, serving Southeast Arkansas . With over 30 locations across multiple counties—including in-school clinics and community centers—it provides comprehensive primary medical, dental, and behavioral health

Disrupting the operations of cryptocurrency mining botnets

by Pierluigi Paganini / 2d

Cybersecurity researchers devised two attack techniques to disrupt the operations of cryptocurrency mining botnets. Akamai Researchers uncovered two novel techniques to disrupt cryptocurrency mining botnets by exploiting flaws in common mining topologies. Current methods to stop cryptocurrecy mining botnets are pool bans or infrastructure takedowns, however, both are slow and complex. Researchers

Jun 24, 2025

Prometei botnet activity has surged since March 2025

16 TTPs

•

by Pierluigi Paganini / 2d

•

Prometei botnet resurfaces with enhancements

, with a new malware variant spreading rapidly, Palo Alto Networks reports. Palo Alto Networks warns of a spike in Prometei botnet activity since March 2025, the researchers observed a new variant spreading rapidly. Since March 2025, Prometei botnet is targeting Linux systems for Monero mining and credential theft. The bot is under active development and uses a modular architecture, domain genera

Russia-linked APT28 use Signal chats to target Ukraine official with malware

13 TTPs

•

by Pierluigi Paganini / 3d

•

APT28 uses Signal for malware attacks

Russia-linked group APT28 uses Signal chats as an attack vector to phish Ukrainian officials with new malware strains. Russia-linked cyberespionage group APT28 is targeting Ukrainian government officials using Signal chats to deliver two new types of malware, tracked as BeardShell and SlimAgent. While Signal itself remains secure, attackers are exploiting its growing popularity in official commun

Jun 23, 2025

China-linked APT Salt Typhoon targets Canadian Telecom companies

by Pierluigi Paganini / 3d

Canada and FBI warn of China-linked APT Salt Typhoon targeting Canadian telecom firms in ongoing cyber espionage operations. The Canadian Centre for Cyber Security and the FBI warn that China-linked APT cyber espionage group Salt Typhoon , is targeting Canadian telecom firms in espionage attacks. The Salt Typhoon hacking campaign, active for 1–2 years, has targeted telecommunications providers in

U.S. warns of incoming cyber threats following Iran airstrikes

by Pierluigi Paganini / 3d

U.S. warns of cyberattacks by pro-Iranian groups after launching airstrikes on Iran’s nuclear sites amid the Iran –Israel war starting June 13, 2025. The Iran conflict raises cyber threat levels in the U.S., with likely low-level attacks by pro-Iranian hacktivists and possible state-linked cyber activity . Following U.S. strikes on Iranian nuclear sites, President Trump called the attacks a succe

McLaren Health Care data breach impacted over 743,000 people

2 TTPs

•

by Pierluigi Paganini / 4d

•

McLaren Health Care data breach 743K

The ransomware attack that hit McLaren Health Care in 2024 exposed the personal data of 743,000 individuals. McLaren Health Care is notifying over 743,000 people of a data breach discovered on August 5, 2024. McLaren discovered suspicious activity on its and Karmanos Cancer Institute’s systems on August 5, 2024, revealing a data breach incident. McLaren Health Care is a nonprofit health care orga

Jun 22, 2025

The financial impact of Marks & Spencer and Co-op cyberattacks could reach £440M

3 TTPs

•

by Pierluigi Paganini / 4d

•

M&S Co-op face severe cyber threat

UK’s Cyber Monitoring Centre (CMC) labels Marks & Spencer and Co-op cyberattacks a Category 2 event, estimating financial impact at £270M–£440M. The Cyber Monitoring Centre (CMC) has labeled the recent cyberattacks on Marks & Spencer and Co-op as a Category 2 systemic event, estimating losses between £270M and £440M. In early May, the attackers behind the Co-op cyberattack, who go online with the

Iran-Linked Threat Actors Cyber Fattah Leak Visitors and Athletes’ Data from Saudi Games

Exfiltration (Enterprise TA0010)

•

by Pierluigi Paganini / 4d

Cyber Fattah leaked thousands of records on athletes and visitors from past Saudi Games, per U.S.-based cybersecurity firm Resecurity. Resecurity (USA) identified the threat actors associated with the “ Cyber Fattah ” movement leaked thousands of records containing information about visitors and athletes from past Saudi Games, one of the major sports events in the Kingdom. The stolen data has bee

End of feed