"Over 950,000 weekly downloads at risk in ongoing supply chain attack on Gluestick packages."

Views expressed in this cybersecurity, cyber crime update are those of the reporters and correspondents.  Accessed on 08 June 2025, 2245 UTC.

Content and Source:  Email subscription via https://feedly.com.

 https://feedly.com/i/subscription/feed%2Fhttp%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2Ffeed

Please check email link or scroll down to read your selections.  Thanks for joining us today.

Russ Roberts (https://www.hawaiicybersecurityjournal.net).

Security Affairs

73K followers24 articles per week

#security#tech

52

Today

Over 950K weekly downloads at risk in ongoing supply chain attack on Gluestack packages

3 TTPs

•

by Pierluigi Paganini / 8h

•

Gluestack NPM packages compromised

A supply chain attack hit NPM, threat actors compromised 16 popular Gluestack packages, affecting 950K+ weekly downloads. Researchers from Aikido Security discovered a new supply chain attack targeted NPM, compromising 16 popular Gluestack ‘react-native-aria’ packages with over 950K weekly downloads. Our Malware Intelligence team has detected an active and on-going attack against packages on npm

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 48

by Pierluigi Paganini / 10h

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Pure Crypter Malware Analysis: 99 Problems but Detection Ain’t One Attacker exploits misconfigured AI tool to run AI-generated payload Crocodilus Mobile Malware: Evolving Fast, Going Global How Threat Actors Exploit Human Trust: A Breakdown of the ‘Prove You Are Hu

Security Affairs newsletter Round 527 by Pierluigi Paganini – INTERNATIONAL EDITION

by Pierluigi Paganini / 10h

A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Experts found 4 billion user records online, the largest known leak of Chinese personal data from a single source Attackers exploit Fortinet flaws t

Yesterday

Experts found 4 billion user records online, the largest known leak of Chinese personal data from a single source

3 TTPs

•

by Pierluigi Paganini / 1d

•

Massive data leak exposes 4 billion records

Over 4 billion user records were found exposed online in a massive breach, possibly linked to the surveillance of Chinese citizens. Cybersecurity researcher Bob Dyachenko and the Cybernews team discovered a massive data leak in China that exposed billions of documents, including financial, WeChat, and Alipay data, likely affecting hundreds of millions. Researchers speculate data was collected to

Jun 6, 2025

Attackers exploit Fortinet flaws to deploy Qilin ransomware

6 TTPs

•

by Pierluigi Paganini / 1d

Qilin ransomware now exploits Fortinet vulnerabilities to achieve remote code execution on impacted devices. Threat intelligence firm PRODAFT warned that Qilin ransomware (aka Phantom Mantis) group targeted multiple organizations between May and June 2025 by exploiting multiple FortiGate vulnerabilities, including CVE-2024-21762 , and CVE-2024-55591 . “Phantom Mantis recently launched a coordinat

Russia-linked threat actors targets Ukraine with PathWiper wiper

IoC > 1 domain

•

by Pierluigi Paganini / 2d

A Russia-linked threat actor targeted a critical infrastructure organization in Ukraine with a new destructive malware dubbed PathWiper. Russia-linked threat actor targeted Ukraine’s critical infrastructure with a new wiper named PathWiper. Cisco Talos researchers reported that attackers utilized a legitimate endpoint administration tool, indicating they had access to the administrative console,

U.S. Offers $10M bounty for info on RedLine malware creator and state hackers

3 TTPs

•

by Pierluigi Paganini / 2d

•

US offers 10M$ for RedLine tips

The U.S. offers up to $10M for info on state hackers linked to RedLine malware and its creator, Maxim Rudometov, tied to attacks on U.S. infrastructure. The U.S. Department of State offers a reward of up to $10 million for information nation-state actors linked to the RedLine infostealer and its alleged author, Russian national Maxim Alexandrovich Rudometov. US authorities specifically target the

Jun 5, 2025

Play ransomware group hit 900 organizations since 2022

22 TTPs

•

by Pierluigi Paganini / 2d

A joint advisory from the US and Australian authorities states that Play ransomware has hit approximately 900 organizations over the past three years. A joint advisory from the Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) states that Play ransomware has hit approxi

U.S. CISA adds Google Chromium V8 flaw to its Known Exploited Vulnerabilities catalog

by Pierluigi Paganini / 3d

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a Google Chromium V8 vulnerability to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Google Chromium V8 Out-of-Bounds Read and Write Vulnerability, tracked as CVE-2025-5419 , to its Known Exploited Vulnerabilities (KEV) catalog . This week, Google released out-of-

New versions of Chaos RAT target Windows and Linux systems

19 TTPs

•

by Pierluigi Paganini / 3d

•

Chaos RAT malware targets Linux Windows

Acronis researchers reported that new Chaos RAT variants were employed in 2025 attacks against Linux and Windows systems. Acronis TRU researchers discovered new Chaos RAT variants targeting Linux and Windows in recent attacks. Originally seen in 2022, Chaos RAT evolved in 2024, with fresh samples emerging in 2025. TRU also discovered a critical flaw in the RAT’s web panel that enables remote code

Jun 4, 2025

Critical flaw in Cisco ISE impacts cloud deployments on AWS, Microsoft Azure, and Oracle Cloud Infrastructure

CVE-2025-20286

•

by Pierluigi Paganini / 3d

Cisco fixed a critical flaw in the Identity Services Engine (ISE) that could allow unauthenticated attackers to conduct malicious actions. A vulnerability tracked as CVE-2025-20286 (CVSS score 9.9) in cloud deployments of Cisco ISE on AWS, Microsoft Azure, and Oracle Cloud Infrastructure allows unauthenticated remote attackers to access sensitive data, perform limited administrative actions, modi

Law enforcement seized the carding marketplace BidenCash

2 TTPs

•

by Pierluigi Paganini / 3d

•

BidenCash dark web marketplace seized

U.S. and Dutch authorities took down 145 domains tied to the BidenCash cybercrime marketplace in a coordinated law enforcement operation. The US DoJ announced the seizure of approximately 145 darknet and clear web domains, and cryptocurrency funds associated with the BidenCash marketplace. “The U.S. Attorney’s Office for the Eastern District of Virginia announced today the seizure of approximatel

Ukraine’s military intelligence agency stole 4.4GB of highly classified internal data from Tupolev

Ukrainian intelligence hacks Russian Tupolev

•

by Pierluigi Paganini / 4d

Ukraine’s GUR hacked the Russian aerospace and defense company Tupolev, stealing 4.4GB of highly classified internal data. Ukraine’s military intelligence agency GUR (aka HUR) claims the hack of the Russian aerospace and defense company Tupolev. According to Kyiv Post, Ukraine’s Military Intelligence compromised the United Aircraft Company (UAC) Tupolev division, which is a key developer of strat

HPE fixed multiple flaws in its StoreOnce software

2 TTPs

•

by Pierluigi Paganini / 4d

Hewlett Packard Enterprise (HPE) addressed multiple flaws in its StoreOnce data backup and deduplication solution. HPE has released security patches for eight vulnerabilities in its StoreOnce backup solution. These issues could allow remote code execution, authentication bypass, data leaks, and more. “Potential security vulnerabilities have been identified in HPE StoreOnce Software.” reads the ad

Roundcube Webmail under fire: critical exploit found after a decade

4 TTPs

•

by Pierluigi Paganini / 4d

•

CVE-2025-49113

A critical flaw in Roundcube webmail, undetected for 10 years, allows attackers to take over systems and execute arbitrary code. A critical flaw, tracked as CVE-2025-49113 (CVSS score of 9.9) has been discovered in the Roundcube webmail software. The vulnerability went unnoticed for over a decade, an attacker can exploit the flaw to take control of affected systems and run malicious code, putting

Jun 3, 2025

U.S. CISA adds Multiple Qualcomm chipsets flaws to its Known Exploited Vulnerabilities catalog

Qualcomm patches three Adreno zero-days

•

by Pierluigi Paganini / 4d

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Multiple Qualcomm chipsets flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added multiple Qualcomm chipsets flaws to its Known Exploited Vulnerabilities (KEV) catalog . CVE-2025-21479 Qualcomm Multiple Chipsets Incorrect Authorization Vulnerability CVE-2025-2148

Cartier disclosed a data breach following a cyber attack

Impact (Enterprise TA0040)

•

by Pierluigi Paganini / 4d

•

Cartier data breach exposes client information

Luxury-goods conglomerate Cartier disclosed a data breach that exposed customer information after a cyberattack. Cartier has disclosed a data breach following a cyberattack that compromised its systems, exposing customers’ personal information. The incident comes amid a wave of cyberattacks targeting luxury fashion brands. The luxury firm states that the threat actors gained access to “limited cl

U.S. CISA adds ASUS RT-AX55 devices, Craft CMS, and ConnectWise ScreenConnect flaws to its Known Exploited Vulnerabilities catalog

10 TTPs

•

by Pierluigi Paganini / 5d

•

CISA warns of exploited vulnerabilities

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds ASUS RT-AX55 devices, Craft CMS, and ConnectWise ScreenConnect flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added ASUS RT-AX55 devices, Craft CMS, and ConnectWise ScreenConnect flaws to its Known Exploited Vulnerabilities (KEV) catalog . Below are the descrip

Android banking trojan Crocodilus rapidly evolves and goes global

IoC > 1 domain

•

by Pierluigi Paganini / 5d

A new Android banking trojan called Crocodilus is being used in a growing number of campaigns targeting users in Europe and South America. Crocodilus is a recently discovered Android banking trojan that is quickly gaining ground. What began as small test campaigns has now grown into full-blown attacks targeting users across Europe and South America. It spreads through malicious ads on social medi

Jun 2, 2025

Google fixed the second actively exploited Chrome zero-day since the start of the year

Privilege Escalation (Enterprise TA0004)

•

by Pierluigi Paganini / 5d

•

CVE-2025-5419

Google addressed three vulnerabilities in its Chrome browser, including one that it actively exploited in attacks in the wild. Google released out-of-band updates to address three vulnerabilities in its Chrome browser, including one, tracked as CVE-2025-5419, that is actively exploited in the wild. The vulnerability is an out-of-bounds read and write in the V8 JavaScript engine in Google Chrome p

Cryptojacking campaign relies on DevOps tools

11 TTPs

•

by Pierluigi Paganini / 5d

A cryptojacking campaign is targeting exposed DevOps servers like Docker and Gitea to secretly mine cryptocurrency. Wiz researchers uncovered a cryptojacking campaign, tracked as JINX-0132, targeting exposed DevOps applications like Nomad, Consul, Docker, Gitea to secretly mine cryptocurrency. Threat actors behind the campaign are exploiting a wide range of known misconfigurations and vulnerabili

Qualcomm fixed three zero-days exploited in limited, targeted attacks

CVE-2025-26443

•

by Pierluigi Paganini / 6d

Qualcomm addressed three zero-day vulnerabilities that, according to the company, have been exploited in limited, targeted attacks in the wild. Google Android Security team reported the three issues, tracked as CVE-2025-21479, CVE-2025-21480, CVE-2025-27038, to the company. “There are indications from Google Threat Analysis Group that CVE-2025-21479, CVE-2025-21480, CVE-2025-27038 may be under li

Police took down several popular counter-antivirus (CAV) services, including AvCheck

IoC > 3 domains

•

by Pierluigi Paganini / 6d

•

Police dismantles AVCheck malware service

On May 27, 2025, authorities seized crypting service sites (including AvCheck, Cryptor, and Crypt.guru) used by vxers to test malware evasion capabilities. An international law enforcement operation led by the U.S. Department of Justice has dismantled an