"U.S. CISA adds Citrix NetScaler flaw to its 'Known Exploited Vulterabilities Catalog.'"

Views expressed in this cybersecurity, cyber crime update are those of the reporters and correspondents.  Accessed on 30 June 2025, 2025 UTC.

Content and Source:  "Security Affairs."

Email subscription via https://feedly.com.

 https://feedly.com/i/subscription/feed%2Fhttp%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2Ffeed

Please check email link or scroll down to read your selections.  Thanks for joining us today.

Russ Roberts (https://www.hawaiicybersecurityjournal.net).

Security Affairs

73K followers23 articles per week

#security#tech

28

Today

U.S. CISA adds Citrix NetScaler flaw to its Known Exploited Vulnerabilities catalog

5 TTPs

•

by Pierluigi Paganini / 1h

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Citrix NetScaler vulnerability to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Citrix NetScaler vulnerability, tracked as CVE-2025-6543 , to its Known Exploited Vulnerabilities (KEV) catalog . CVE-2025-6543 (CVSS score of 9.2) is a memory overflow vulnerability

Canada bans Hikvision over national security concerns

by Pierluigi Paganini / 7h

, ordering the company to stop operations and barring its tech from government use. Canada ordered Chinese surveillance firm Hikvision to cease all operations in the country, citing national security concerns. Minister Mélanie Joly announced the decision after a security review found vendor’s activities could pose a threat. Canada bans Hikvision products for government use, reviewing existing pro

Denmark moves to protect personal identity from deepfakes with new copyright law

Denmark grants rights over digital features

•

by Pierluigi Paganini / 8h

Denmark plans to let citizens copyright their face, body, and voice to combat deepfakes under a new law strengthening personal digital rights. Denmark plans to amend its copyright law to give individuals rights over their body, face, and voice, to combat AI-generated deepfakes. Believed to be the first law of its kind in Europe, the proposal has broad political support and will be submitted for c

Yesterday

Ahold Delhaize data breach affected over 2.2 Million individuals

3 TTPs

•

by Pierluigi Paganini / 11h

•

Ahold Delhaize USA names Jason Wilson CFO

A ransomware attack on grocery giant Ahold Delhaize led to a data breach that affected more than 2.2 million people. A ransomware attack on Dutch grocery giant Ahold Delhaize has led to a data breach affecting over 2.2 million people. Ahold Delhaize is a Dutch-Belgian multinational retail and wholesale holding company. Its name comes from the 2016 merger of two companies: Ahold (Dutch) and Delhai

Facebook wants access to your camera roll for AI photo edits

Facebook seeks camera roll AI access

•

by Pierluigi Paganini / 20h

Facebook asks users to allow “cloud processing” to access phone photos for AI-generated collages and recaps, even if not uploaded. Meta-owned Facebook is prompting users to enable “cloud processing” to access photos from their phones, even those not uploaded. If users opt into “cloud processing,” Facebook will continuously upload media to its servers and use details like time, location, and theme

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 51

by Pierluigi Paganini / 1d

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Ransomware Gangs Collapse as Qilin Seizes Control Dissecting a Python Ransomware distributed through GitHub repositories SparkKitty, SparkCat’s little brother: A new Trojan spy found in the App Store and Google Play Uncovering a Tor-Enabled Docker Exploit Threat Ac

Security Affairs newsletter Round 530 by Pierluigi Paganini – INTERNATIONAL EDITION

by Pierluigi Paganini / 1d

A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. The FBI warns that Scattered Spider is now targeting the airline sector LapDogs: China-nexus hackers Hijack 1,000+ SOHO devices for espionage Taking

Jun 28, 2025

The FBI warns that Scattered Spider is now targeting the airline sector

6 TTPs

•

by Pierluigi Paganini / 2d

•

FBI warns of airline cyberattacks

. Feds are working with aviation partners to combat the threat and assist affected victims. The FBI reports that the cybercrime group Scattered Spider is now targeting the airline sector. The cybercriminals are using social engineering techniques to gain access to target organizations by impersonating employees or contractors. In many cases, threat actors employed methods to bypass multi-factor a

LapDogs: China-nexus hackers Hijack 1,000+ SOHO devices for espionage

5 TTPs

•

by Pierluigi Paganini / 2d

Over 1,000 SOHO devices were hacked in a China-linked spying campaign called LapDogs, forming a covert network to support cyber espionage. Security researchers at SecurityScorecard’s STRIKE team have uncovered a cyber espionage campaign, dubbed LapDogs, involving over 1,000 hacked SOHO (small office/home office) devices. These compromised devices formed a hidden network, called an Operational Rel

Jun 27, 2025

Taking over millions of developers exploiting an Open VSX Registry flaw

8 TTPs

•

by Pierluigi Paganini / 3d

•

Open VSX vulnerability risks millions

A critical flaw in Open VSX Registry could let attackers hijack the VS Code extension hub, exposing millions of developers to supply chain attacks. Cybersecurity researchers at Koi Security discovered a critical vulnerability in the Open VSX Registry (open-vsx.org) that could have let attackers take over the Visual Studio Code extensions marketplace, endangering millions of developers through pot

OneClik APT campaign targets energy sector with stealthy backdoors

21 TTPs

•

by Pierluigi Paganini / 3d

•

OneClik APT campaign targets energy sector

A OneClik campaign, likely carried out by China-linked actor, targets energy sectors using stealthy ClickOnce and Golang backdoors. Trellix cybersecurity researchers uncovered a new APT malware campaign, OneClik, targeting the energy, oil, and gas sectors. It abuses Microsoft’s ClickOnce deployment tech and custom Golang backdoors. While links to China-affiliated actors are suspected, attribution

Jun 26, 2025

APT42 impersonates cyber professionals to phish Israeli academics and journalists

9 TTPs

•

by Pierluigi Paganini / 3d

•

Iranian hackers target Israeli experts

Iran-linked APT42 targets Israeli experts with phishing attacks, posing as security professionals to steal email credentials and 2FA codes. Iran-linked group APT42 (aka Educated Manticore, Charming Kitten , and Mint Sandstorm ) is targeting Israeli journalists, cybersecurity experts, and academics with phishing attacks, posing as security professionals to steal email credentials and 2FA codes, ac

Kai West, aka IntelBroker, indicted for cyberattacks causing $25M in damages

British hacker charged with data theft

•

by Pierluigi Paganini / 4d

British national Kai West, aka IntelBroker, was charged in U.S. for a global hacking scheme that stole and sold data, causing millions in damages. Kai West (25), a British national, has been charged in the U.S. for operating as ‘IntelBroker ,’ running a global hacking scheme that stole and sold data, causing millions in damages. The US DoJ unsealed charges against Kai West, who was arrested in Fr

Cisco fixed critical ISE flaws allowing Root-level remote code execution

6 TTPs

•

by Pierluigi Paganini / 4d

Cisco released patches to address two critical vulnerabilities in ISE and ISE-PIC that could let remote attackers execute to code as root. Cisco addressed two critical vulnerabilities, tracked as CVE-2025-20281 and CVE-2025-20282, in Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) that could allow remote, unauthenticated attackers to execute arbitrary code with root pr

Jun 25, 2025

U.S. CISA adds AMI MegaRAC SPx, D-Link DIR-859 routers, and Fortinet FortiOS flaws to its Known Exploited Vulnerabilities catalog

4 TTPs

•

by Pierluigi Paganini / 4d

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds AMI MegaRAC SPx, D-Link DIR-859 routers, and Fortinet FortiOS flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added AMI MegaRAC SPx, D-Link DIR-859 routers, and Fortinet FortiOS flaws to its Known Exploited Vulnerabilities (KEV) catalog . Below are the descripti

CitrixBleed 2: The nightmare that echoes the ‘CitrixBleed’ flaw in Citrix NetScaler devices

5 TTPs

•

by Pierluigi Paganini / 4d

New Citrix flaw ‘CitrixBleed 2’ lets attackers steal session cookies without logging in, echoing a previously exploited vulnerability. A new flaw in Citrix NetScaler ADC and Gateway, dubbed ‘ CitrixBleed 2 ‘ (CVE-2025-5777, CVSS v4.0 Base Score of 9.3), can allow unauthenticated attackers to steal session cookies, similar to a past critical exploit. The vulnerability is an insufficient input vali

Hackers deploy fake SonicWall VPN App to steal corporate credentials

IoC > 1 IP

•

by Pierluigi Paganini / 5d

•

3 TTPs

•

Fake SonicWall app steals credentials

Hackers spread a trojanized version of SonicWall VPN app to steal login credentials from users accessing corporate networks. Unknown threat actors are distributing a trojanized version of SonicWall NetExtender SSL VPN app to steal user credentials. The legitimate NetExtender app lets remote users securely access and use company network resources as if they were on-site. The malware-laced version,

Mainline Health Systems data breach impacted over 100,000 individuals

2 TTPs

•

by Pierluigi Paganini / 5d

•

Mainline Health Systems data breach

Mainline Health Systems disclosed a data breach that impacted over 100,000 individuals. Mainline Health Systems is a nonprofit Federally Qualified Health Center founded in 1978 in Portland, Arkansas, serving Southeast Arkansas . With over 30 locations across multiple counties—including in-school clinics and community centers—it provides comprehensive primary medical, dental, and behavioral health

Disrupting the operations of cryptocurrency mining botnets

by Pierluigi Paganini / 5d

Cybersecurity researchers devised two attack techniques to disrupt the operations of cryptocurrency mining botnets. Akamai Researchers uncovered two novel techniques to disrupt cryptocurrency mining botnets by exploiting flaws in common mining topologies. Current methods to stop cryptocurrecy mining botnets are pool bans or infrastructure takedowns, however, both are slow and complex. Researchers

Jun 24, 2025

Prometei botnet activity has surged since March 2025

16 TTPs

•

by Pierluigi Paganini / 5d

•

Prometei botnet resurfaces with enhancements

, with a new malware variant spreading rapidly, Palo Alto Networks reports. Palo Alto Networks warns of a spike in Prometei botnet activity since March 2025, the researchers observed a new variant spreading rapidly. Since March 2025, Prometei botnet is targeting Linux systems for Monero mining and credential theft. The bot is under active development and uses a modular architecture, domain genera

The U.S. House banned WhatsApp on government devices due to security concerns

4 TTPs

•

by Pierluigi Paganini / 6d

•

WhatsApp banned on Congress devices

The U.S. House banned WhatsApp on official devices over security concerns, citing risks flagged by the Chief Administrative Officer. The U.S. House has banned WhatsApp on government devices due to data security concerns. Similar restrictions apply to AI tools like ChatGPT , ByteDance apps, and Microsoft Copilot. “nuto has deemed WhatsApp a high-risk to users due to the lack of transparency in how

Russia-linked APT28 use Signal chats to target Ukraine official with malware

13 TTPs

•

by Pierluigi Paganini / 6d

•

APT28 uses Signal for malware attacks

Russia-linked group APT28 uses Signal chats as an attack vector to phish Ukrainian officials with new malware strains. Russia-linked cyberespionage group APT28 is targeting Ukrainian government officials using Signal chats to deliver two new types of malware, tracked as BeardShell and SlimAgent. While Signal itself remains secure, attackers are exploiting its growing popularity in official commun

Jun 23, 2025

China-linked APT Salt Typhoon targets Canadian Telecom companies

by Pierluigi Paganini / 6d

Canada and FBI warn of China-linked APT Salt Typhoon targeting Canadian telecom firms in ongoing cyber espionage operations. The Canadian Centre for Cyber Security and the FBI warn that China-linked APT cyber espionage group Salt Typhoon , is targeting Canadian telecom firms in espionage attacks. The Salt Typhoon hacking campaign, active for 1–2 years, has targeted telecommunications providers in

U.S. warns of incoming cyber threats following Iran airstrikes

by Pierluigi Paganini / 6d

U.S. warns of cyberattacks by pro-Iranian groups after launching airstrikes on Iran’s nuclear sites amid the Iran –Israel war starting June 13, 2025. The Iran conflict raises cyber threat levels in the U.S., with likely low-level attacks by pro-Iranian hacktivists and possible state-linked cyber activity . Following U.S. strikes on Iranian nuclear sites, President Trump called the attacks a succe

McLaren Health Care data breach impacted over 743,000 people

2 TTPs

•

by Pierluigi Paganini / 7d

•

McLaren Health Care data breach 743K

The ransomware attack that hit McLaren Health Care in 2024 exposed the personal data of 743,000 individuals. McLaren Health Care is notifying over 743,000 people of a data breach discovered on August 5, 2024. McLaren discovered suspicious activity on its and Karmanos Cancer Institute’s systems on August 5, 2024, revealing a data breach incident. McLaren Health Care is a nonprofit health care orga

American steel giant Nucor confirms data breach in May attack

3 TTPs

•

by Pierluigi Paganini / 7d

•

Nucor confirms data theft attack

American steel giant Nucor confirms hackers stole data in a May cyberattack, following its earlier disclosure of the incident. Nucor, North America’s largest steel maker, confirmed hackers stole some data in a May cyberattack, following its earlier disclosure of the incident. Nucor Corporation (NYSE: NUE) is a major American steel company headquartered in Charlotte, North Carolina. It’s the large

Jun 22, 2025

The financial impact of Marks & Spencer and Co-op cyberattacks could reach £440M

3 TTPs

•

by Pierluigi Paganini / 7d

•

M&S Co-op face severe cyber threat

UK’s Cyber Monitoring Centre (CMC) labels Marks & Spencer and Co-op cyberattacks a Category 2 event, estimating financial impact at £270M–£440M. The Cyber Monitoring Centre (CMC) has labeled the recent cyberattacks on Marks & Spencer and Co-op as a Category 2 systemic event, estimating losses between £270M and £440M. In early May, the attackers behind the Co-op cyberattack, who go online with the

Iran-Linked Threat Actors Cyber Fattah Leak Visitors and Athletes’ Data from Saudi Games

Exfiltration (Enterprise TA0010)

•

by Pierluigi Paganini / 7d

Cyber Fattah leaked thousands of records on athletes and visitors from past Saudi Games, per U.S.-based cybersecurity firm Resecurity. Resecurity (USA) identified the threat actors associated with the “ Cyber Fattah ” movement leaked thousands of records containing information about visitors and athletes from past Saudi Games, one of the major sports events in the Kingdom. The stolen data has bee

End of feed