"U.S. offers $10M for info on RedLine malware creator and state hackers."

Views expressed in this cybersecuritiy, cyber crime update are those of the reporters and correspondents.   Accessed on 07 June 2025, 0103 UTC.

Content and Source provided by email subscription from https://feedly.com.

 https://feedly.com/i/subscription/feed%2Fhttp%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2Ffeed

Please check email link or scroll down to read your selections.  Thanks for joining us today.

Russ Roberts (https://www.hawaiicybersecurityjournal.net).

Security Affairs

73K followers25 articles per week

#security#tech

48

Most popular

U.S. Offers $10M bounty for info on RedLine malware creator and state hackers

3 TTPs

•

by Pierluigi Paganini / 13h

•

US offers 10M$ for RedLine tips

The U.S. offers up to $10M for info on state hackers linked to RedLine malware and its creator, Maxim Rudometov, tied to attacks on U.S. infrastructure. The U.S. Department of State offers a reward of up to $10 million for information nation-state actors linked to the RedLine infostealer and its alleged author, Russian national Maxim Alexandrovich Rudometov. US authorities specifically target the

Attackers exploit Fortinet flaws to deploy Qilin ransomware

6 TTPs

•

by Pierluigi Paganini / 2h

Qilin ransomware now exploits Fortinet vulnerabilities to achieve remote code execution on impacted devices. Threat intelligence firm PRODAFT warned that Qilin ransomware (aka Phantom Mantis) group targeted multiple organizations between May and June 2025 by exploiting multiple FortiGate vulnerabilities, including CVE-2024-21762 , and CVE-2024-55591 . “Phantom Mantis recently launched a coordinat

Russia-linked threat actors targets Ukraine with PathWiper wiper

IoC > 1 domain

•

by Pierluigi Paganini / 6h

A Russia-linked threat actor targeted a critical infrastructure organization in Ukraine with a new destructive malware dubbed PathWiper. Russia-linked threat actor targeted Ukraine’s critical infrastructure with a new wiper named PathWiper. Cisco Talos researchers reported that attackers utilized a legitimate endpoint administration tool, indicating they had access to the administrative console,

Yesterday

Play ransomware group hit 900 organizations since 2022

22 TTPs

•

by Pierluigi Paganini / 17h

A joint advisory from the US and Australian authorities states that Play ransomware has hit approximately 900 organizations over the past three years. A joint advisory from the Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) states that Play ransomware has hit approxi

U.S. CISA adds Google Chromium V8 flaw to its Known Exploited Vulnerabilities catalog

by Pierluigi Paganini / 1d

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a Google Chromium V8 vulnerability to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Google Chromium V8 Out-of-Bounds Read and Write Vulnerability, tracked as CVE-2025-5419 , to its Known Exploited Vulnerabilities (KEV) catalog . This week, Google released out-of-

New versions of Chaos RAT target Windows and Linux systems

19 TTPs

•

by Pierluigi Paganini / 1d

•

Chaos RAT malware targets Linux Windows

Acronis researchers reported that new Chaos RAT variants were employed in 2025 attacks against Linux and Windows systems. Acronis TRU researchers discovered new Chaos RAT variants targeting Linux and Windows in recent attacks. Originally seen in 2022, Chaos RAT evolved in 2024, with fresh samples emerging in 2025. TRU also discovered a critical flaw in the RAT’s web panel that enables remote code

Jun 4, 2025

Critical flaw in Cisco ISE impacts cloud deployments on AWS, Microsoft Azure, and Oracle Cloud Infrastructure

CVE-2025-20286

•

by Pierluigi Paganini / 1d

Cisco fixed a critical flaw in the Identity Services Engine (ISE) that could allow unauthenticated attackers to conduct malicious actions. A vulnerability tracked as CVE-2025-20286 (CVSS score 9.9) in cloud deployments of Cisco ISE on AWS, Microsoft Azure, and Oracle Cloud Infrastructure allows unauthenticated remote attackers to access sensitive data, perform limited administrative actions, modi

Law enforcement seized the carding marketplace BidenCash

2 TTPs

•

by Pierluigi Paganini / 1d

•

BidenCash dark web marketplace seized

U.S. and Dutch authorities took down 145 domains tied to the BidenCash cybercrime marketplace in a coordinated law enforcement operation. The US DoJ announced the seizure of approximately 145 darknet and clear web domains, and cryptocurrency funds associated with the BidenCash marketplace. “The U.S. Attorney’s Office for the Eastern District of Virginia announced today the seizure of approximatel

Ukraine’s military intelligence agency stole 4.4GB of highly classified internal data from Tupolev

Ukrainian intelligence hacks Russian Tupolev

•

by Pierluigi Paganini / 2d

Ukraine’s GUR hacked the Russian aerospace and defense company Tupolev, stealing 4.4GB of highly classified internal data. Ukraine’s military intelligence agency GUR (aka HUR) claims the hack of the Russian aerospace and defense company Tupolev. According to Kyiv Post, Ukraine’s Military Intelligence compromised the United Aircraft Company (UAC) Tupolev division, which is a key developer of strat

HPE fixed multiple flaws in its StoreOnce software

2 TTPs

•

by Pierluigi Paganini / 2d

Hewlett Packard Enterprise (HPE) addressed multiple flaws in its StoreOnce data backup and deduplication solution. HPE has released security patches for eight vulnerabilities in its StoreOnce backup solution. These issues could allow remote code execution, authentication bypass, data leaks, and more. “Potential security vulnerabilities have been identified in HPE StoreOnce Software.” reads the ad

Roundcube Webmail under fire: critical exploit found after a decade

4 TTPs

•

by Pierluigi Paganini / 2d

•

CVE-2025-49113

A critical flaw in Roundcube webmail, undetected for 10 years, allows attackers to take over systems and execute arbitrary code. A critical flaw, tracked as CVE-2025-49113 (CVSS score of 9.9) has been discovered in the Roundcube webmail software. The vulnerability went unnoticed for over a decade, an attacker can exploit the flaw to take control of affected systems and run malicious code, putting

Jun 3, 2025

U.S. CISA adds Multiple Qualcomm chipsets flaws to its Known Exploited Vulnerabilities catalog

Qualcomm patches three Adreno zero-days

•

by Pierluigi Paganini / 2d

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Multiple Qualcomm chipsets flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added multiple Qualcomm chipsets flaws to its Known Exploited Vulnerabilities (KEV) catalog . CVE-2025-21479 Qualcomm Multiple Chipsets Incorrect Authorization Vulnerability CVE-2025-2148

Cartier disclosed a data breach following a cyber attack

Impact (Enterprise TA0040)

•

by Pierluigi Paganini / 2d

•

Cartier data breach exposes client information

Luxury-goods conglomerate Cartier disclosed a data breach that exposed customer information after a cyberattack. Cartier has disclosed a data breach following a cyberattack that compromised its systems, exposing customers’ personal information. The incident comes amid a wave of cyberattacks targeting luxury fashion brands. The luxury firm states that the threat actors gained access to “limited cl

U.S. CISA adds ASUS RT-AX55 devices, Craft CMS, and ConnectWise ScreenConnect flaws to its Known Exploited Vulnerabilities catalog

10 TTPs

•

by Pierluigi Paganini / 3d

•

CISA warns of exploited vulnerabilities

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds ASUS RT-AX55 devices, Craft CMS, and ConnectWise ScreenConnect flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added ASUS RT-AX55 devices, Craft CMS, and ConnectWise ScreenConnect flaws to its Known Exploited Vulnerabilities (KEV) catalog . Below are the descrip

Android banking trojan Crocodilus rapidly evolves and goes global

IoC > 1 domain

•

by Pierluigi Paganini / 3d

A new Android banking trojan called Crocodilus is being used in a growing number of campaigns targeting users in Europe and South America. Crocodilus is a recently discovered Android banking trojan that is quickly gaining ground. What began as small test campaigns has now grown into full-blown attacks targeting users across Europe and South America. It spreads through malicious ads on social medi

Jun 2, 2025

Google fixed the second actively exploited Chrome zero-day since the start of the year

Privilege Escalation (Enterprise TA0004)

•

by Pierluigi Paganini / 3d

•

CVE-2025-5419

Google addressed three vulnerabilities in its Chrome browser, including one that it actively exploited in attacks in the wild. Google released out-of-band updates to address three vulnerabilities in its Chrome browser, including one, tracked as CVE-2025-5419, that is actively exploited in the wild. The vulnerability is an out-of-bounds read and write in the V8 JavaScript engine in Google Chrome p

Cryptojacking campaign relies on DevOps tools

11 TTPs

•

by Pierluigi Paganini / 3d

A cryptojacking campaign is targeting exposed DevOps servers like Docker and Gitea to secretly mine cryptocurrency. Wiz researchers uncovered a cryptojacking campaign, tracked as JINX-0132, targeting exposed DevOps applications like Nomad, Consul, Docker, Gitea to secretly mine cryptocurrency. Threat actors behind the campaign are exploiting a wide range of known misconfigurations and vulnerabili

Qualcomm fixed three zero-days exploited in limited, targeted attacks

CVE-2025-26443

•

by Pierluigi Paganini / 4d

Qualcomm addressed three zero-day vulnerabilities that, according to the company, have been exploited in limited, targeted attacks in the wild. Google Android Security team reported the three issues, tracked as CVE-2025-21479, CVE-2025-21480, CVE-2025-27038, to the company. “There are indications from Google Threat Analysis Group that CVE-2025-21479, CVE-2025-21480, CVE-2025-27038 may be under li

Police took down several popular counter-antivirus (CAV) services, including AvCheck

IoC > 3 domains

•

by Pierluigi Paganini / 4d

•

Police dismantles AVCheck malware service

On May 27, 2025, authorities seized crypting service sites (including AvCheck, Cryptor, and Crypt.guru) used by vxers to test malware evasion capabilities. An international law enforcement operation led by the U.S. Department of Justice has dismantled an online cybercrime syndicate that provided encryption services to help malware evade detection. On May 27, 2025, authorities seized four domains,

Jun 1, 2025

A cyberattack hit hospitals operated by Covenant Health

Covenant Health hospitals face cyber incident

•

by Pierluigi Paganini / 4d

A cyberattack hit three hospitals operated by Covenant Health, forcing them to shut down all systems to contain the incident. Three hospitals run by Covenant Health were hit by a cyberattack, prompting them to shut down all their systems to contain the security incident. “St. Mary’s is currently experiencing a temporary system issue that is affecting some phones and documentation systems.” reads

Experts published a detailed analysis of Cisco IOS XE WLC flaw CVE-2025-20188

by Pierluigi Paganini / 4d

Technical details about a critical Cisco IOS XE WLC flaw (CVE-2025-20188) are now public, raising the risk of a working exploit emerging soon. Details of a critical vulnerability, tracked as CVE-2025-20188 , impacting Cisco IOS XE WLC are now public, raising the risk of exploitation. In early May, Cisco released software updates to address the vulnerability CVE-2025-20188 (CVSS score 10). An unau

Two flaws in vBulletin forum software are under attack

IoC > 1 IP

•

by Pierluigi Paganini / 5d

•

2 TTPs

Experts found two vulnerabilities in the vBulletin forum software, one of which is already being exploited in real-world attacks. Two critical vBulletin flaws, tracked as CVE-2025-48827 and CVE-2025-48828, enable API abuse and remote code execution. The experts warn that one of these flaws is actively exploited in the wild. An unauthenticated user could exploit CVE-2025-48827 (CVSS score of 10) t

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 47

by Pierluigi Paganini / 5d

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape 60 Malicious npm Packages Leak Network and Host