"Salt Typhoon breach:  Chinese APT compromises U.S. Army National Guard Network."

Views expressed in this cybersecurity, cyber crime update are those of the reporters and correspondents.  Accessed on 20 July 2025, 1348 UTC.

Content and Source:  "Security Arrairs."

Email subscription via https://feedly.com.

 https://feedly.com/i/subscription/feed%2Fhttp%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2Ffeed

Please check email link or scroll down to read your selections.  Thanks for joining us today.

Russ Roberts (https://www.hawaiicybersecurityjournal.net).

Security Affairs

74K followers24 articles per week

#security#tech

46

Most popular

Salt Typhoon breach: Chinese APT compromises U.S. Army National Guard network

3 TTPs

•

48by Pierluigi Paganini / 4d

China-linked APT Salt Typhoon breached a U.S. Army National Guard unit’s network, accessed configs, and intercepted communications with other units. A DoD report warns that China-nexus hacking group Salt Typhoon breached a U.S. state’s Army National Guard network from March to December 2024. The APT stole network configs, admin credentials, and data exchanged with units across all U.S. states and

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 54

by Pierluigi Paganini / 28min

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape KongTuke FileFix Leads to New Interlock RAT Variant Code highlighting with Cursor AI for $500,000 Contagious Interview Campaign Escalates With 67 Malicious npm Packages and New Malware Loader Threat Analysis: SquidLoader – Still Swimming Under the Radar Konfety Ret

Security Affairs newsletter Round 533 by Pierluigi Paganini – INTERNATIONAL EDITION

by Pierluigi Paganini / 1h

A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Fortinet FortiWeb flaw CVE-2025-25257 exploited hours after PoC release Authorities released free decryptor for Phobos and 8base ransomware Anne Aru

Yesterday

Radiology Associates of Richmond data breach impacts 1.4 million people

Radiology Associates data breach affects 1.4

•

by Pierluigi Paganini / 5h

A data breach at Radiology Associates of Richmond has exposed the personal and health information of over 1.4 million individuals. Radiology Associates of Richmond has disclosed a data breach that impacted personal and health information of over 1.4 million individuals. Radiology Associates of Richmond (RAR) is a private radiology practice founded in 1905 and based in central Virginia. With over

Fortinet FortiWeb flaw CVE-2025-25257 exploited hours after PoC release

6 TTPs

•

by Pierluigi Paganini / 20h

Hackers exploited a Fortinet FortiWeb flaw the same day a PoC was published, compromising dozens of systems. Hackers began exploiting a critical Fortinet FortiWeb flaw, tracked as CVE-2025-25257 (CVSS score of 9.6), on the same day a proof-of-concept (PoC) exploit was published, leading to dozens of compromised systems. Exploitation of Fortinet’s CVE-2025-25257 began on July 11 after the PoC was

Jul 18, 2025

Authorities released free decryptor for Phobos and 8base ransomware

12 TTPs

•

by Pierluigi Paganini / 1d

•

Japanese police release free ransomware decryptors

Japanese police released a free decryptor for Phobos and 8Base ransomware, letting victims recover files without paying ransom. Japanese authorities released a free decryptor for Phobos and 8Base ransomware , allowing victims to recover files without paying. Japanese police released the free decryptor for ransomware families, which was likely built using intel from a recent gang takedown. The sof

Anne Arundel Dermatology data breach impacts 1.9 million people

2 TTPs

•

by Pierluigi Paganini / 2d

•

Dermatology data breach affects thousands

Hackers breached Anne Arundel Dermatology systems for three months, potentially exposing personal and health data of 1.9 million people. Anne Arundel Dermatology is a physician-owned and managed dermatology group headquartered in Maryland, founded over 50 years ago. It’s one of the largest dermatology providers in the Mid‑Atlantic and Southeastern United States, operating more than 100 clinics ac

LameHug: first AI-Powered malware linked to Russia’s APT28

10 TTPs

•

by Pierluigi Paganini / 2d

•

LameHug malware uses AI for data theft

LameHug malware uses AI to create data-theft commands on infected Windows systems. Ukraine links it to the Russia-nexus APT28 group. Ukrainian CERT-UA warns of a new malware strain dubbed LameHug that uses a large language model (LLM) to generate commands to be executed on compromised Windows systems. Ukrainian experts attribute the malware to the Russia-linked group APT28 (aka UAC-0001, Fancy Be

Jul 17, 2025

5 Features Every AI-Powered SOC Platform Needs in 2025

by Pierluigi Paganini / 2d

A modern AI-based SOC platform must adapt in real time to handle alert overloads and fast-moving threats, surpassing traditional SIEM tools. Modern security operations centers (SOCs) are under immense pressure. Analysts are overwhelmed, alert queues are overflowing, and attackers are moving faster than ever. Where once it was enough to have good visibility and a decent SIEM, security operations t

Broadcom patches critical VMware flaws exploited at Pwn2Own Berlin 2025

by Pierluigi Paganini / 2d

VMware patched flaws disclosed during the Pwn2Own Berlin 2025 hacking contest, where researchers earned $340,000 for exploiting them. Broadcom four vulnerabilities in VMware products demonstrated at Pwn2Own Berlin 2025 . White hat hackers earned over $340,000 for VMware exploits, including $150,000 awarded to STARLabs SG for using an integer overflow flaw to compromise VMware ESXi. Below are the

Stormous Ransomware gang targets North Country HealthCare, claims 600K patient data stolen

3 TTPs

•

by Pierluigi Paganini / 2d

Ransomware group Stormous claims it stole data from 600,000 North Country HealthCare patients across 14 sites in northern Arizona. The Stormous ransomware gang claims it has stolen personal and health data belonging to 600,000 patients from health provider North Country HealthCare. North Country HealthCare is a nonprofit, federally qualified health center (FQHC) based in northern Arizona. It prov

United Natural Foods Expects $400M revenue impact from June cyber attack

Impact (Enterprise TA0040)

•

by Pierluigi Paganini / 3d

•

United Natural Foods stock rises

United Natural Foods Projects (UNFI) expects a $350–$400M sales hit from a June cyberattack, with $50–$60M in net income impact. United Natural Foods, Inc. (UNFI), the main distributor for Amazon’s Whole Foods, said the June 2025 cyberattack will slash its fiscal 2025 sales by $350 to $400 million. United Natural Foods, Inc. ( UNFI ) is a Providence, Rhode Island–based natural and organic food co

Cisco patches critical CVE-2025-20337 bug in Identity Services Engine with CVSS 10 Severity

4 TTPs

•

by Pierluigi Paganini / 3d

Cisco warns of CVE-2025-20337, a critical ISE flaw (CVSS 10) allowing remote code execution with root privileges. Cisco addressed a critical vulnerability, tracked as CVE-2025-20337 (CVSS score of 10), in Identity Services Engine (ISE) and Cisco Identity Services Engine Passive Identity Connector (ISE-PIC). An attacker could trigger the vulnerability to execute arbitrary code on the underlying op

Jul 16, 2025

UNC6148 deploys Overstep malware on SonicWall devices, possibly for ransomware operations

by Pierluigi Paganini / 3d

UNC6148 targets SonicWall devices with Overstep malware, using a backdoor and rootkit for data theft, extortion, or ransomware. Google’s Threat Intelligence Group warns that a threat actor tracked as UNC6148 has been targeting SonicWall SMA appliances with new malware dubbed Overstep. Active since at least October 2024, the group uses a backdoor and user-mode rootkit to potentially enable data th

Operation Eastwood disrupted operations of pro-Russian hacker group NoName057(16)

International law dismantles NoName057 network

•

by Pierluigi Paganini / 3d

International law enforcement operation disrupted the activities of the pro-Russia hacking group NoName057(16). European and U.S. authorities disrupted the activities of the pro-Russian hacktivist group NoName057(16) in Operation Eastwood . “Between 14 and 17 July, a joint international operation, known as Eastwood and coordinated by Europol and Eurojust, targeted the cybercrime network NoName057

Former US Army member confesses to Telecom hack and extortion conspiracy

by Pierluigi Paganini / 4d

A former US Army soldier pleaded guilty to hacking telecom databases, stealing data, and extorting companies by threatening to release the stolen info. A former Army soldier, Cameron John Wagenius (21) pleaded guilty to conspiring to hack telecom companies’ databases, steal sensitive records, and extort victims by threatening to release stolen data unless ransoms were paid. “A former Army soldier

CVE-2025-6554 marks the fifth actively exploited Chrome Zero-Day patched by Google in 2025

2 TTPs

•

by Pierluigi Paganini / 4d

Google released security patches to address multiple Chrome vulnerabilities, including one flaw that has been exploited in the wild. Google released fixes for six Chrome flaws, including one actively exploited in the wild tracked as CVE-2025-6558 (CVSS score of 8.8). CVE-2025-6558 stems from improper validation of untrusted input in Chrome’s ANGLE and GPU components. Clément Lecigne and Vlad Stol

Jul 15, 2025

DDoS peaks hit new highs: Cloudflare mitigated massive 7.3 Tbps assault

Cloudflare reports record DDoS surge

•

by Pierluigi Paganini / 4d

Cloudflare blocked 7.3M DDoS attacks in Q2 2025, down from 20.5M in Q1, while hyper-volumetric attacks surged with 6,500+ blocked, averaging 71 daily. Cloudflare mitigated 7.3M DDoS attacks in Q2 2025 , down from 20.5M in Q1, 13.5M of which stemmed from an 18-day Q1 campaign. Hyper-volumetric attacks surged, with over 6,500 blocked, averaging 71 per day. In total, Cloudflare has already surpassed

U.S. CISA adds Wing FTP Server flaw to its Known Exploited Vulnerabilities catalog

11 TTPs

•

by Pierluigi Paganini / 4d

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Wing FTP Server flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Wing FTP Server flaw, tracked as CVE-2025-47812 , to its Known Exploited Vulnerabilities (KEV) catalog . Wing FTP Server is a secure and flexible file transfer solution that supports multiple p

Android Malware Konfety evolves with ZIP manipulation and dynamic loading

IoC > 26 hashes and 2 domains

•

by Pierluigi Paganini / 4d

•

Konfety Android malware evades detection

A new Konfety Android malware variant uses a malformed ZIP and obfuscation to evade detection, posing as fake apps with no real functionality. Zimperium zLabs researchers are tracking a new, sophisticated Konfety Android malware variant that uses an “evil-twin” tactic and duplicate package names to avoid detection. The new Konfety malware variants use malformed ZIP, enabling a misleading flag and

Belk hit by May cyberattack: DragonForce stole 150GB of data

5 TTPs

•

by Pierluigi Paganini / 5d

•

Belk hacked by DragonForce ransomware

Ransomware group DragonForce claims it attacked U.S. retailer Belk in May, stealing over 150GB of data in a disruptive cyberattack. The infamous Ransomware group DragonForce claimed responsibility for the May disruptive attack on US department store chain Belk. The ransomware gang claimed it had stolen 156 gigabytes of data from Belk. Belk , Inc. is a major American department store chain, founde

North Korea-linked actors spread XORIndex malware via 67 malicious npm packages

11 TTPs

•

by Pierluigi Paganini / 5d

•

North Korean hackers target npm ecosystem

North Korea-linked hackers uploaded 67 malicious npm packages with XORIndex malware, hitting 17K+ downloads in ongoing supply chain attacks. North Korea-linked threat actors behind the Contagious Interview campaign have uploaded 67 malicious npm packages with XORIndex malware loader, hitting over 17,000 downloads in ongoing supply chain attacks. XORIndex was built to evade detection and deploy Be

Jul 14, 2025

FBI seized multiple piracy sites distributing pirated video games

FBI seizes piracy websites

•

by Pierluigi Paganini / 5d

FBI seizes multiple piracy sites for Nintendo Switch and PlayStation 4 games, dismantling their infrastructure. The FBI, with the help of the Dutch FIOD, seized multiple piracy sites distributing pirated video games, including nsw2u.com, ps4pkg.com, and mgnetu.com, dismantling their infrastructure. These sites, active for over four years, offered early access to popular game titles and logged 3.2

An attacker using a $500 radio setup could potentially trigger train brake failures or derailments from a distance

Impact (Enterprise TA0040)

•

by Pierluigi Paganini / 5d

A 20-year-old flaw in End-of-Train and Head-of-Train systems could let hackers trigger emergency braking, finally getting proper attention. US CISA has warned about a critical flaw, tracked as CVE-2025-1727 , in the radio-based linking protocol between End-of-Train (EoT) and Head-of-Train (HoT) systems. An End-of-Train (EoT) device, also known as a Flashing Rear End Device (FRED), is a wireless s

Interlock ransomware group deploys new PHP-based RAT via FileFix

14 TTPs

•

by Pierluigi Paganini / 5d

(a ClickFix variant) in a widespread campaign targeting multiple industries. The Interlock ransomware group is deploying a new PHP-based variant of the Interlock RAT in a broad campaign. According to researchers from the DFIR Report, in partnership with Proofpoint, it uses a delivery method known as FileFix, a variant of ClickFix, to target multiple industries. A new PHP-based variant marks a sh

Global Louis Vuitton data breach impacts UK, South Korea, and Turkey

2 TTPs

•

by Pierluigi Paganini / 6d

•

Louis Vuitton data breach confirmed

Louis Vuitton data breach affects customers in the UK, South Korea, Turkey, and possibly more countries, with notifications underway. Customers of French luxury retailer Louis Vuitton are being notified of a data breach affecting multiple countries, including the UK, South Korea, and Turkey. The security breach was discovered on July 2nd, 2025, and exposed customer personal information, including

Experts uncover critical flaws in Kigen eSIM technology affecting billions

eSIM security vulnerabilities and risks

•

by Pierluigi Paganini / 6d

Experts devised a new hack targeting Kigen eSIM tech, used in over 2B devices, exposing smartphones and IoT users to serious security risks. Researchers at Security Explorations uncovered a new hacking