Skip to main content

Security Affairs.

"U.S. offers $10M for info on RedLine malware creator and state hackers."

Views expressed in this cybersecuritiy, cyber crime update are those of the reporters and correspondents.   Accessed on 07 June 2025, 0103 UTC.

Content and Source provided by email subscription from https://feedly.com.

 https://feedly.com/i/subscription/feed%2Fhttp%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2Ffeed

Please check email link or scroll down to read your selections.  Thanks for joining us today.

Russ Roberts (https://www.hawaiicybersecurityjournal.net).

Security Affairs

73K followers25 articles per week
#security#tech
48

Most popular

U.S. Offers $10M bounty for info on RedLine malware creator and state hackers

3 TTPs
by Pierluigi Paganini / 13h
US offers 10M$ for RedLine tips
The U.S. offers up to $10M for info on state hackers linked to RedLine malware and its creator, Maxim Rudometov, tied to attacks on U.S. infrastructure. The U.S. Department of State offers a reward of up to $10 million for information nation-state actors linked to the RedLine infostealer and its alleged author, Russian national Maxim Alexandrovich Rudometov. US authorities specifically target the

Attackers exploit Fortinet flaws to deploy Qilin ransomware

6 TTPs
by Pierluigi Paganini / 2h
Qilin ransomware now exploits Fortinet vulnerabilities to achieve remote code execution on impacted devices. Threat intelligence firm PRODAFT warned that Qilin ransomware (aka Phantom Mantis) group targeted multiple organizations between May and June 2025 by exploiting multiple FortiGate vulnerabilities, including CVE-2024-21762 , and CVE-2024-55591 . “Phantom Mantis recently launched a coordinat

Russia-linked threat actors targets Ukraine with PathWiper wiper

IoC > 1 domain
by Pierluigi Paganini / 6h
A Russia-linked threat actor targeted a critical infrastructure organization in Ukraine with a new destructive malware dubbed PathWiper. Russia-linked threat actor targeted Ukraine’s critical infrastructure with a new wiper named PathWiper. Cisco Talos researchers reported that attackers utilized a legitimate endpoint administration tool, indicating they had access to the administrative console,

Yesterday

Play ransomware group hit 900 organizations since 2022

22 TTPs
by Pierluigi Paganini / 17h
A joint advisory from the US and Australian authorities states that Play ransomware has hit approximately 900 organizations over the past three years. A joint advisory from the Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) states that Play ransomware has hit approxi

U.S. CISA adds Google Chromium V8 flaw to its Known Exploited Vulnerabilities catalog

by Pierluigi Paganini / 1d
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a Google Chromium V8 vulnerability to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Google Chromium V8 Out-of-Bounds Read and Write Vulnerability, tracked as CVE-2025-5419 , to its Known Exploited Vulnerabilities (KEV) catalog . This week, Google released out-of-

New versions of Chaos RAT target Windows and Linux systems

19 TTPs
by Pierluigi Paganini / 1d
Chaos RAT malware targets Linux Windows
Acronis researchers reported that new Chaos RAT variants were employed in 2025 attacks against Linux and Windows systems. Acronis TRU researchers discovered new Chaos RAT variants targeting Linux and Windows in recent attacks. Originally seen in 2022, Chaos RAT evolved in 2024, with fresh samples emerging in 2025. TRU also discovered a critical flaw in the RAT’s web panel that enables remote code

Jun 4, 2025

Critical flaw in Cisco ISE impacts cloud deployments on AWS, Microsoft Azure, and Oracle Cloud Infrastructure

CVE-2025-20286
by Pierluigi Paganini / 1d
Cisco fixed a critical flaw in the Identity Services Engine (ISE) that could allow unauthenticated attackers to conduct malicious actions. A vulnerability tracked as CVE-2025-20286 (CVSS score 9.9) in cloud deployments of Cisco ISE on AWS, Microsoft Azure, and Oracle Cloud Infrastructure allows unauthenticated remote attackers to access sensitive data, perform limited administrative actions, modi

Law enforcement seized the carding marketplace BidenCash

2 TTPs
by Pierluigi Paganini / 1d
BidenCash dark web marketplace seized
U.S. and Dutch authorities took down 145 domains tied to the BidenCash cybercrime marketplace in a coordinated law enforcement operation. The US DoJ announced the seizure of approximately 145 darknet and clear web domains, and cryptocurrency funds associated with the BidenCash marketplace. “The U.S. Attorney’s Office for the Eastern District of Virginia announced today the seizure of approximatel

Ukraine’s military intelligence agency stole 4.4GB of highly classified internal data from Tupolev

Ukrainian intelligence hacks Russian Tupolev
by Pierluigi Paganini / 2d
Ukraine’s GUR hacked the Russian aerospace and defense company Tupolev, stealing 4.4GB of highly classified internal data. Ukraine’s military intelligence agency GUR (aka HUR) claims the hack of the Russian aerospace and defense company Tupolev. According to Kyiv Post, Ukraine’s Military Intelligence compromised the United Aircraft Company (UAC) Tupolev division, which is a key developer of strat

HPE fixed multiple flaws in its StoreOnce software

2 TTPs
by Pierluigi Paganini / 2d
Hewlett Packard Enterprise (HPE) addressed multiple flaws in its StoreOnce data backup and deduplication solution. HPE has released security patches for eight vulnerabilities in its StoreOnce backup solution. These issues could allow remote code execution, authentication bypass, data leaks, and more. “Potential security vulnerabilities have been identified in HPE StoreOnce Software.” reads the ad

Roundcube Webmail under fire: critical exploit found after a decade

4 TTPs
by Pierluigi Paganini / 2d
CVE-2025-49113
A critical flaw in Roundcube webmail, undetected for 10 years, allows attackers to take over systems and execute arbitrary code. A critical flaw, tracked as CVE-2025-49113 (CVSS score of 9.9) has been discovered in the Roundcube webmail software. The vulnerability went unnoticed for over a decade, an attacker can exploit the flaw to take control of affected systems and run malicious code, putting

Jun 3, 2025

U.S. CISA adds Multiple Qualcomm chipsets flaws to its Known Exploited Vulnerabilities catalog

Qualcomm patches three Adreno zero-days
by Pierluigi Paganini / 2d
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Multiple Qualcomm chipsets flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added multiple Qualcomm chipsets flaws to its Known Exploited Vulnerabilities (KEV) catalog . CVE-2025-21479 Qualcomm Multiple Chipsets Incorrect Authorization Vulnerability CVE-2025-2148

Cartier disclosed a data breach following a cyber attack

Impact (Enterprise TA0040)
by Pierluigi Paganini / 2d
Cartier data breach exposes client information
Luxury-goods conglomerate Cartier disclosed a data breach that exposed customer information after a cyberattack. Cartier has disclosed a data breach following a cyberattack that compromised its systems, exposing customers’ personal information. The incident comes amid a wave of cyberattacks targeting luxury fashion brands. The luxury firm states that the threat actors gained access to “limited cl

U.S. CISA adds ASUS RT-AX55 devices, Craft CMS, and ConnectWise ScreenConnect flaws to its Known Exploited Vulnerabilities catalog

10 TTPs
by Pierluigi Paganini / 3d
CISA warns of exploited vulnerabilities
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds ASUS RT-AX55 devices, Craft CMS, and ConnectWise ScreenConnect flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added ASUS RT-AX55 devices, Craft CMS, and ConnectWise ScreenConnect flaws to its Known Exploited Vulnerabilities (KEV) catalog . Below are the descrip

Android banking trojan Crocodilus rapidly evolves and goes global

IoC > 1 domain
by Pierluigi Paganini / 3d
A new Android banking trojan called Crocodilus is being used in a growing number of campaigns targeting users in Europe and South America. Crocodilus is a recently discovered Android banking trojan that is quickly gaining ground. What began as small test campaigns has now grown into full-blown attacks targeting users across Europe and South America. It spreads through malicious ads on social medi

Jun 2, 2025

Google fixed the second actively exploited Chrome zero-day since the start of the year

Privilege Escalation (Enterprise TA0004)
by Pierluigi Paganini / 3d
CVE-2025-5419
Google addressed three vulnerabilities in its Chrome browser, including one that it actively exploited in attacks in the wild. Google released out-of-band updates to address three vulnerabilities in its Chrome browser, including one, tracked as CVE-2025-5419, that is actively exploited in the wild. The vulnerability is an out-of-bounds read and write in the V8 JavaScript engine in Google Chrome p

Cryptojacking campaign relies on DevOps tools

11 TTPs
by Pierluigi Paganini / 3d
A cryptojacking campaign is targeting exposed DevOps servers like Docker and Gitea to secretly mine cryptocurrency. Wiz researchers uncovered a cryptojacking campaign, tracked as JINX-0132, targeting exposed DevOps applications like Nomad, Consul, Docker, Gitea to secretly mine cryptocurrency. Threat actors behind the campaign are exploiting a wide range of known misconfigurations and vulnerabili

Qualcomm fixed three zero-days exploited in limited, targeted attacks

CVE-2025-26443
by Pierluigi Paganini / 4d
Qualcomm addressed three zero-day vulnerabilities that, according to the company, have been exploited in limited, targeted attacks in the wild. Google Android Security team reported the three issues, tracked as CVE-2025-21479, CVE-2025-21480, CVE-2025-27038, to the company. “There are indications from Google Threat Analysis Group that CVE-2025-21479, CVE-2025-21480, CVE-2025-27038 may be under li

Police took down several popular counter-antivirus (CAV) services, including AvCheck

IoC > 3 domains
by Pierluigi Paganini / 4d
Police dismantles AVCheck malware service
On May 27, 2025, authorities seized crypting service sites (including AvCheck, Cryptor, and Crypt.guru) used by vxers to test malware evasion capabilities. An international law enforcement operation led by the U.S. Department of Justice has dismantled an online cybercrime syndicate that provided encryption services to help malware evade detection. On May 27, 2025, authorities seized four domains,

Jun 1, 2025

A cyberattack hit hospitals operated by Covenant Health

Covenant Health hospitals face cyber incident
by Pierluigi Paganini / 4d
A cyberattack hit three hospitals operated by Covenant Health, forcing them to shut down all systems to contain the incident. Three hospitals run by Covenant Health were hit by a cyberattack, prompting them to shut down all their systems to contain the security incident. “St. Mary’s is currently experiencing a temporary system issue that is affecting some phones and documentation systems.” reads

Experts published a detailed analysis of Cisco IOS XE WLC flaw CVE-2025-20188

by Pierluigi Paganini / 4d
Technical details about a critical Cisco IOS XE WLC flaw (CVE-2025-20188) are now public, raising the risk of a working exploit emerging soon. Details of a critical vulnerability, tracked as CVE-2025-20188 , impacting Cisco IOS XE WLC are now public, raising the risk of exploitation. In early May, Cisco released software updates to address the vulnerability CVE-2025-20188 (CVSS score 10). An unau

Two flaws in vBulletin forum software are under attack

IoC > 1 IP
by Pierluigi Paganini / 5d
2 TTPs
Experts found two vulnerabilities in the vBulletin forum software, one of which is already being exploited in real-world attacks. Two critical vBulletin flaws, tracked as CVE-2025-48827 and CVE-2025-48828, enable API abuse and remote code execution. The experts warn that one of these flaws is actively exploited in the wild. An unauthenticated user could exploit CVE-2025-48827 (CVSS score of 10) t

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 47

by Pierluigi Paganini / 5d
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape 60 Malicious npm Packages Leak Network and Host
Labels:

Comments

Post a Comment

Please leave a comment about our recent post.

Popular posts from this blog

Cyber War News Today.

"International Defence Cooperation:  A key to regional stability." Views expressed in this cybersecurity, cyber espionage, and cyber crime update are those of the reporters and correspondents.  Accessed on 15 December 2024, 0134 UTC. Content and Source:   https://cyberwar.einnews.com/news/cyber-war-news?n=2&code=FA9GNesSTpp2rjO1&utm_source=NewsletterNews&utm_medium=email&utm_campaign=Cyber+War+News&utm_content=navig Please check link or scroll down to read your selections.  Thanks for joining us today. Russ Roberts (https://www.hawaiicybersecurityjournal.net). Cyber War News Monitoring Get by    Email    •     RSS Published on  Dec 13, 2024 The Cyber Warfare Market Size Reach USD 127.1 Billion by 2032 Exhibiting CAGR at 13.3% WILMINGTON, DE, UNITED STATES, December 13, 2024 /⁨EINPresswire.com⁩/ -- According to the report, The Cyber Warfare Market Size Reach USD 127.1 Billion by 2032 Exhibiting CAGR at 1...
Post a Comment
Read more

SecurityWeek Briefing

"New RAMBO attack allows air-gapped data theft." Views expressed in this cybersecurity, cyber crime update are those of the reporters and correspondents.  Accessed on 10 September 2024, 0035 UTC. Content and Source:  https://www.securityweek.com Please check link or scroll down to read your selections.  Thanks for joining us today. Russ Roberts (https://www.hawaiicybersecurityjournal.net).   Monday, September 9 , 2024 Are you worried about unmanaged devices and apps? LATEST CYBERSECURITY HEADLINES New RAMBO Attack Allows Air-Gapped Data Theft Predator Spyware Resurfaces With Fresh Infrastructure Google Pushes Rust in Legacy Firmware to Tackle Memory Safety Flaws 300,000 Impacted by Data Breach at Car Rental Firm Avis One Million US Kaspersky Customers Transferred to Pango’s UltraAV Two Indicted in US for Running Dark Web Marketplaces Offering Stolen Information Critical SonicWall Vulnerability Possibly Exploited in Ransomware Attacks CISA Breaks Silence on Controvers...
Post a Comment
Read more

The Cyberwire Daily Briefing

"Fortinet confirms breach of customer data." Views expressed in this cybersecurity, cyber crime update are those of the reporters and correspondents.  Accessed on 15 September 2024, 1339 UTC. Content and Source:   https://thecyberwire.com/newsletters/daily-briefing/13/176 Please check link or scroll down to read your selections.  Thanks for joining us today. Russ Roberts (https://www.hawaiicybersecurityjournal.net). V13 | Issue 176 | 9.13.24 Daily Briefing for 09.13.24 Announcement Cloud Security in the Age of Generative AI. Artificial Intelligence is revolutionizing business, but it also introduces new risks. Join us on Wednesday, September 18th at 2pm EDT for a compelling live webinar on "Good vs. Evil: Cloud Security in the Age of Generative AI" with N2K CyberWire’s Dave Bittner and Sysdig’s Loris Degioanni.  Learn more and register now . Summary By the CyberWire staff At a glance. Fortinet confirms breach of customer data. Iran's Scarred Manticore deplo...
Post a Comment
Read more