Hawaii Cybersecurity Journal

"Belk hit by cyberattack:  Dragon Force stole 150GB of data."

Views expressed in this cybersecurity, cyber crime update are those of the reporters and correspondents.  Accessed on 15 July 2025, 1429 UTC.

Content and Source:  "Security Affiars."

Email subscription via https://feedly.com.

 https://feedly.com/i/subscription/feed%2Fhttp%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2Ffeed

Please check subscription link or scroll down to read your selections.  Thanks for joining us today.

Russ Roberts (https://www.hawaiicybersecurityjournal.net).

Security Affairs

74K followers23 articles per week

#security#tech

26

Most popular

Belk hit by May cyberattack: DragonForce stole 150GB of data

5 TTPs

•

by Pierluigi Paganini / 1h

•

Belk hacked by DragonForce ransomware

Ransomware group DragonForce claims it attacked U.S. retailer Belk in May, stealing over 150GB of data in a disruptive cyberattack. The infamous Ransomware group DragonForce claimed responsibility for the May disruptive attack on US department store chain Belk. The ransomware gang claimed it had stolen 156 gigabytes of data from Belk. Belk , Inc. is a major American department store chain, founde

Patch immediately: CVE-2025-25257 PoC enables remote code execution on Fortinet FortiWeb

7 TTPs

•

by Pierluigi Paganini / 1d

PoC exploits released for critical Fortinet FortiWeb flaw allowing pre-auth RCE. Fortinet urges users to patch. Proof-of-concept (PoC) exploits for CVE-2025-25257 in Fortinet FortiWeb (CVSS 9.8) enable pre-auth RCE on vulnerable servers. The flaw is a SQL injection vulnerability in FortiWeb (CWE-89) that allows unauthenticated attackers to execute unauthorized SQL commands via crafted HTTP/HTTPS

Microsoft Patch Tuesday security updates for July 2025 fixed a zero-day

3 TTPs

•

by Pierluigi Paganini / 6d

•

CVE-2025-49719

Microsoft released Patch Tuesday security updates for July 2025, which addressed 130 flaws, including one a Microsoft SQL Server zero-day. Microsoft Patch Tuesday security updates for July 2025 addressed 130 vulnerabilities in Windows and Windows Components, Office and Office Components, .NET and Visual Studio, Azure, Teams, Hyper-V, Windows BitLocker, Microsoft Edge (Chromium-based), and the Win

Today

North Korea-linked actors spread XORIndex malware via 67 malicious npm packages

11 TTPs

•

by Pierluigi Paganini / 4h

•

North Korean hackers target npm ecosystem

North Korea-linked hackers uploaded 67 malicious npm packages with XORIndex malware, hitting 17K+ downloads in ongoing supply chain attacks. North Korea-linked threat actors behind the Contagious Interview campaign have uploaded 67 malicious npm packages with XORIndex malware loader, hitting over 17,000 downloads in ongoing supply chain attacks. XORIndex was built to evade detection and deploy Be

Yesterday

FBI seized multiple piracy sites distributing pirated video games

FBI seizes piracy websites

•

by Pierluigi Paganini / 6h

FBI seizes multiple piracy sites for Nintendo Switch and PlayStation 4 games, dismantling their infrastructure. The FBI, with the help of the Dutch FIOD, seized multiple piracy sites distributing pirated video games, including nsw2u.com, ps4pkg.com, and mgnetu.com, dismantling their infrastructure. These sites, active for over four years, offered early access to popular game titles and logged 3.2

An attacker using a $500 radio setup could potentially trigger train brake failures or derailments from a distance

Impact (Enterprise TA0040)

•

by Pierluigi Paganini / 13h

A 20-year-old flaw in End-of-Train and Head-of-Train systems could let hackers trigger emergency braking, finally getting proper attention. US CISA has warned about a critical flaw, tracked as CVE-2025-1727 , in the radio-based linking protocol between End-of-Train (EoT) and Head-of-Train (HoT) systems. An End-of-Train (EoT) device, also known as a Flashing Rear End Device (FRED), is a wireless s

Interlock ransomware group deploys new PHP-based RAT via FileFix

14 TTPs

•

by Pierluigi Paganini / 20h

(a ClickFix variant) in a widespread campaign targeting multiple industries. The Interlock ransomware group is deploying a new PHP-based variant of the Interlock RAT in a broad campaign. According to researchers from the DFIR Report, in partnership with Proofpoint, it uses a delivery method known as FileFix, a variant of ClickFix, to target multiple industries. A new PHP-based variant marks a sh

Global Louis Vuitton data breach impacts UK, South Korea, and Turkey

2 TTPs

•

by Pierluigi Paganini / 1d

•

Louis Vuitton data breach confirmed

Louis Vuitton data breach affects customers in the UK, South Korea, Turkey, and possibly more countries, with notifications underway. Customers of French luxury retailer Louis Vuitton are being notified of a data breach affecting multiple countries, including the UK, South Korea, and Turkey. The security breach was discovered on July 2nd, 2025, and exposed customer personal information, including

Experts uncover critical flaws in Kigen eSIM technology affecting billions

eSIM security vulnerabilities and risks

•

by Pierluigi Paganini / 1d

Experts devised a new hack targeting Kigen eSIM tech, used in over 2B devices, exposing smartphones and IoT users to serious security risks. Researchers at Security Explorations uncovered a new hacking method exploiting flaws in Kigen’s eSIM tech, affecting billions of IoT devices. An eSIM (embedded SIM) is a digital version of a traditional SIM card that is built directly into a device, like a s

Jul 13, 2025

Spain awarded €12.3 million in contracts to Huawei

Spain contracts Huawei for wiretaps

•

by Pierluigi Paganini / 1d

Spain gives Huawei wiretap contracts, sparking concerns over potential Chinese government access due to Huawei’s links to Beijing. The Spanish Ministry of the Interior has awarded €12.3 million ($14.3 million) contracts to manage and store judicially authorized wiretaps used by law enforcement and intelligence agencies, raising concerns about potential Chinese government access due to the company

Wing FTP Server flaw actively exploited shortly after technical details were made public

11 TTPs

•

by Pierluigi Paganini / 1d

Hackers exploit critical Wing FTP flaw (CVE-2025-47812) for remote code execution with root/system rights after details leaked on June 30. Threat actors are exploiting a critical flaw, tracked as CVE-2025-47812 (CVSS score of 10), in Wing FTP Server that allows remote code execution with root/system privileges. Wing FTP Server is a secure and flexible file transfer solution that supports multiple

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 53

by Pierluigi Paganini / 2d

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Datacarry Ransomware DRAT V2: Updated DRAT Emerges in TAG-140’s Arsenal Batavia spyware steals data from Russian organizations Taking SHELLTER: a commercial evasion framework abused in- the- wild Open Source Malware Index Q2 2025: Data exfiltration remains a leadin

Security Affairs newsletter Round 532 by Pierluigi Paganini – INTERNATIONAL EDITION

by Pierluigi Paganini / 2d

A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. McDonald’s job app exposes data of 64 Million applicants Athlete or Hacker? Russian basketball player accused in U.S. ransomware case U.S. CISA adds

Jul 12, 2025

McDonald’s job app exposes data of 64 Million applicants

McDonald's AI hiring exposed data

•

by Pierluigi Paganini / 2d

Vulnerabilities in McDonald’s McHire chatbot exposed data from 64 million job applicants due to insecure internal APIs. Security researchers Ian Carroll and Sam Curry discovered multiple vulnerabilities in the McDonald’s chatbot recruitment platform McHire that exposed the personal information of over 64 million job applicants. The security duo found that McDonald’s hiring bot, built by Paradox.a

Jul 11, 2025

Athlete or Hacker? Russian basketball player accused in U.S. ransomware case

Russian embassy handles Kasatkin detention

•

by Pierluigi Paganini / 3d

Russian basketball player arrested in France over alleged ties to a ransomware group accused of targeting U.S. firms and federal institutions. Russian basketball player Daniil Kasatkin (26) was arrested in France in June at the request of the U.S. over alleged ties to a ransomware group targeting hundreds of U.S. companies and federal entities. He was detained at Charles de Gaulle Airport and is

Jul 10, 2025

U.S. CISA adds Citrix NetScaler ADC and Gateway flaw to its Known Exploited Vulnerabilities catalog

5 TTPs

•

by Pierluigi Paganini / 4d

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds U.S. CISA adds Citrix NetScaler ADC and Gateway flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Citrix NetScaler ADC and Gateway, tracked as CVE-2025-5777 , to its Known Exploited Vulnerabilities (KEV) catalog . The CVE-2025-5777 flaw, dubbed ‘ CitrixBleed

UK NCA arrested four people over M&S, Co-op cyberattacks

Four arrested for UK retail cyberattacks

•

by Pierluigi Paganini / 4d

NCA arrested four people in UK, including three teens, over cyberattacks on M&S, Co-op, and Harrods, per its investigation. The British National Crime Agency (NCA) arrested four individuals in the country following an investigation into the recent wave of attacks targeting Co-op , M&S , and Harrods . On July 10, Law enforcement arrested 4 youths, aged 17–20, in London and West Midlands, the polic

PerfektBlue Bluetooth attack allows hacking infotainment systems of Mercedes, Volkswagen, and Skoda

6 TTPs

•

by Pierluigi Paganini / 4d

•

PerfektBlue vulnerabilities expose millions of

Researchers found critical PerfektBlue flaws in OpenSynergy BlueSDK, allowing remote code execution to hack millions of vehicles’ systems. Researchers at PCA Cyber Security identified a set of critical vulnerabilities, collectively tracked as PerfektBlue, in OpenSynergy BlueSDK Bluetooth stack. The exploitation of the flaws potentially allows remote code execution in millions of vehicles. These f

Qantas data breach impacted 5.7 million individuals

8 TTPs

•

by Pierluigi Paganini / 5d

•

Qantas faces major cyberattack extortion

Australia’s largest airline Qantas has confirmed that the recent data breach impacted 5.7 million individuals. Early this month, Australian airline Qantas disclosed a cyberattack after hackers accessed a third-party platform used by a call centre, stealing significant customer data. The breach, linked to ongoing Scattered Spider activity, was detected and contained on Monday. Qantas confirmed tha

Jul 9, 2025

DoNot APT is expanding scope targeting European foreign ministries

24 TTPs

•

by Pierluigi Paganini / 5d

•

DoNot APT targets European ministries

DoNot APT, likely an India-linked cyberespionage group, targets European foreign ministries with LoptikMod malware. The DoNot APT group, likely linked to India, has expanded its operations and is targeting European foreign ministries with a new malware, called LoptikMod. The Donot Team ( also known as APT-C-35 and Origami Elephant) has been active since 2016, focusing on government entities, fore

Nippon Steel Solutions suffered a data breach following a zero-day attack

Nippon Steel Solutions suffers zero-day breach

•

by Pierluigi Paganini / 5d

Nippon Steel Solutions reported a data breach caused by hackers exploiting a zero-day vulnerability in their network equipment. Nippon Steel Solutions, a subsidiary of Japan’s Nippon Steel, disclosed a data breach, attackers exploited a zero-day vulnerability. The company provides cloud and cybersecurity services. On March 7, 2025, Nippon Steel Solutions detected suspicious server activity and is

Iranian group Pay2Key.I2P ramps Up ransomware attacks against Israel and US with incentives for affiliates

14 TTPs

•

by Pierluigi Paganini / 6d

•

Iranian ransomware group escalates attacks

An Iranian ransomware group, Pay2Key.I2P, has intensified attacks on U.S. and Israeli targets, offering affiliates higher profits. The Iranian ransomware group Pay2Key.I2P is stepping up attacks on U.S. and Israeli targets, luring affiliates with higher profit shares. The ransomware gang is the successor to the original Pay2Key group and experts linked it to the Iran-nexus APT group Fox Kitten .

Jul 8, 2025

Hackers weaponize Shellter red teaming tool to spread infostealers

3 TTPs

•

by Pierluigi Paganini / 6d

•

Hackers exploit leaked Shellter software

Hackers are abusing the legitimate red teaming tool Shellter to spread stealer malware after a licensed copy was leaked. Elastic Security Labs has identified several malware campaigns using the commercial AV/EDR evasion tool SHELLTER . The tool was originally built for legitimate red team operations, however, threat actors have now adopted it to bypass security measures and deploy malware. Since

Italian police arrested a Chinese national suspected of cyberespionage on a U.S. warrant

Chinese hacker linked to Silk Typhoon

•

by Pierluigi Paganini / 6d

Italian police arrested a Chinese national linked to Silk Typhoon APT group at Milan’s Malpensa Airport on a U.S. warrant. Italian police arrested a Chinese national, Zewei Xu (33), at Milan’s Malpensa Airport on a U.S. warrant. Xu was arrested at Malpensa Airport on July 3rd after arriving on a flight from China. Authorities accused the man of cyberespionage, U.S. authorities linked him to the C

U.S. CISA adds MRLG, PHPMailer, Rails Ruby on Rails, and Synacor Zimbra Collaboration Suite flaws to its Known Exploited Vulnerabilities catalog

Execution (Enterprise TA0002)

•

by Pierluigi Paganini / 7d

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Multi-Router Looking Glass (MRLG), PHPMailer, Rails Ruby on Rails, and Synacor Zimbra Collaboration Suite (ZCS) flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Multi-Router Looking Glass (MRLG), PHPMailer, Rails Ruby on Rails, and Synacor Zimbra Collaborat

Jul 7, 2025

IT Worker arrested for selling access in $100M PIX cyber heist

Brazil arrests suspects in PIX cyberattacks

•

by Pierluigi Paganini / 7d

Brazil arrests IT worker João Roque for aiding $100M PIX cyber heist, one of Brazil’s biggest banking system breaches. Brazilian police arrested João Roque (48), an IT employee at C&M, for allegedly aiding a cyberattack that stole over 540 million reais (~$100 million) via the PIX banking system. The company C&M links smaller banks to Brazil’s PIX system. PIX is Brazil’s instant payment system, l

End of feed