"Orange reports major cyberattack, warns of service disruptions."

Views expressed in this cybersecurity, cyber crime update are those of the reporters and correspondents.  Accessed on 30 July 2025, 1327 UTC.

Content and Source:  Email subscription via https://feedly.com.

 https://feedly.com/i/subscription/feed%2Fhttp%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2Ffeed

Please check URL or scroll down to read your selections.  Thanks for joining us today.

Russ Roberts (https://www.hawaiicybersecurityjournal.net).

Security Affairs

74K followers26 articles per week

#security#tech

33

Most popular

Orange reports major cyberattack, warns of service disruptions

Orange suffers cyberattack disruption

•

by Pierluigi Paganini / 17h

Orange, France’s largest telecom provider, reported a cyberattack on one of its internal systems, impacting its operations in Europe and Africa. Orange is a leading French multinational telecommunications operator providing services to individuals, businesses, and governments across Europe, Africa, and the Middle East. Formerly known as France Télécom until rebranding in 2013, the company now ser

FBI seizes 20 BTC from Chaos Ransomware affiliate targeting Texas firms

3 TTPs

•

by Pierluigi Paganini / 3h

•

US seizes crypto linked ransomware

FBI Dallas seized 20 BTC from Chaos ransomware affiliate “Hors,” tied to cyberattacks on Texas firms, on April 15, 2025. The FBI division in Dallas seized about 20 Bitcoins on April 15, 2025, from a wallet belonging to a Chaos ransomware affiliate named as “Hors.” The Hors affiliate is responsible for multiple cyberattacks on Texas companies. “On Thursday, July 24, 2025, the United States filed a

Law enforcement operations seized BlackSuit ransomware gang’s darknet sites

15 TTPs

•

24by Pierluigi Paganini / 3d

•

BlackSuit ransomware sites seized worldwide

An international law enforcement operation seized the dark web data leak site of the BlackSuit ransomware group. A banner on the BlackSuit ransomware group’s TOR data leak sites informs visitors that they were seized by U.S. Homeland Security Investigations in a global law enforcement operation. The notice features logos of 17 law enforcement agencies and cybersecurity firm Bitdefender. The Black

Yesterday

Critical SAP flaw exploited to launch Auto-Color Malware attack on U.S. company

9 TTPs

•

by Pierluigi Paganini / 5h

Hackers exploited a SAP NetWeaver bug to deploy upgraded Auto-Color Linux malware in an attack on U.S. chemicals firm. Cybersecurity firm Darktrace reported that threat actors exploited a SAP NetWeaver flaw, tracked as CVE-2025-31324 , to deploy Auto-Color Linux malware in a U.S. chemicals firm attack. “In April 2025, Darktrace identified an Auto-Color backdoor malware attack taking place on the

Hackers leak images and comments from women dating safety app Tea

2 TTPs

•

by Pierluigi Paganini / 20h

The dating safety app Tea was hacked, leaking images, posts, and comments of thousands of users who shared anonymous “red flag” reports on men. Tea is a women-only dating safety app launched in 2023 that lets users assess and review potential partners using real-time safety tools, not matchmaking. The app has over 1.6 million members in the U.S., it allows them to perform background checks on men

Pro-Ukraine hacktivists claim cyberattack on Russian Airline Aeroflot that caused the cancellation of +100 flights

2 TTPs

•

by Pierluigi Paganini / 1d

•

Cyberattack disrupts Aeroflot flights

A cyberattack claimed by Ukrainian group Silent Crow and Belarusian Cyber-Partisans crippled Aeroflot ’s systems, canceling over 100 flights. On July 28, 2025, a cyberattack claimed by Ukrainian group Silent Crow and Belarusian Cyber-Partisans crippled the systems of Russian state-owned carrier Aeroflot. Over 100 flights were cancelled following the attack, which also caused delays. The attack pa

Jul 28, 2025

Seychelles Commercial Bank Reported Cybersecurity Incident

2 TTPs

•

by Pierluigi Paganini / 1d

Seychelles Commercial Bank on Friday said it had recently identified and contained a cybersecurity incident. A hacker claims to have stolen and sold the personal data of clients of Seychelles Commercial Bank. The bank, which provides personal and corporate services on Seychelles, one of the world’s smallest countries, notified customers of a hack, but said only personal information – not money –

Microsoft uncovers macOS flaw allowing bypass TCC protections and exposing sensitive data

2 TTPs

•

by Pierluigi Paganini / 1d

Microsoft found a macOS flaw letting attackers access private data from protected areas like Downloads and Apple Intelligence caches. Microsoft Threat Intelligence researchers discovered a macOS vulnerability that could allow attackers to steal private data of files normally protected by Transparency, Consent, and Control (TCC) . Apple’s Transparency, Consent, and Control framework in macOS is de

U.S. CISA adds Cisco ISE and PaperCut NG/MF flaws to its Known Exploited Vulnerabilities catalog

6 TTPs

•

by Pierluigi Paganini / 1d

U.S. U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Cisco ISE and PaperCut NG/MF flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Cisco ISE and PaperCut NG/MF flaws to its Known Exploited Vulnerabilities (KEV) catalog . Below are the descriptions for these flaws: CVE-2025-20281 Cisco Identity Services E

Critical WordPress Post SMTP plugin flaw exposes 200K+ sites to full takeover

3 TTPs

•

by Pierluigi Paganini / 1d

•

CVE-2025-24000

Critical vulnerability in Post SMTP plugin risks full site takeover, over 400k sites use it, and nearly half remain unpatched. A critical vulnerability, tracked as CVE-2025-24000 (CVSS of 8.8) in the Post SMTP WordPress plugin, used by 400k sites, allows full site takeover. The plugin Post SMTP is an email delivery plugin that allows site owners to configure custom mailer services, and includes t

Scattered Spider targets VMware ESXi in using social engineering

14 TTPs

•

by Pierluigi Paganini / 2d

•

Google warns of Scattered Spider attacks

Scattered Spider targets VMware ESXi in North America using social engineering, mainly fake IT help desk calls instead of software exploits. The cybercrime group Scattered Spider (aka 0ktapus , Muddled Libra , Octo Tempest , and UNC3944 ) is targeting VMware ESXi hypervisors in retail, airline, and transportation sectors across North America. According to Google’s Mandiant team, the group uses so

Jul 27, 2025

China-linked group Fire Ant exploits VMware and F5 flaws since early 2025

12 TTPs

•

by Pierluigi Paganini / 2d

China-linked group Fire Ant exploits VMware and F5 flaws to stealthily breach secure systems, reports cybersecurity firm Sygnia. China-linked cyberespionage group Fire Ant is exploiting VMware and F5 vulnerabilities to stealthily access secure, segmented systems, according to Sygnia. Since early 2025, the group has targeted virtualization and networking infrastructure, primarily VMware ESXi and v

Allianz Life data breach exposed the data of most of its 1.4M customers

by Pierluigi Paganini / 2d

Allianz Life data breach exposed data of most of 1.4M customers via third-party CRM hack using social engineering. Allianz Life confirmed a data breach exposing personal information of most of its 1.4 million customers. On July 16, 2025, a threat actor accessed a third-party CRM system using social engineering, compromising the data of customers, financial professionals, and some employees. When

Jul 26, 2025

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 55

by Pierluigi Paganini / 3d

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter Lookout Discovers Iranian APT MuddyWater Leveraging DCHSpy During Israel-Iran Conflict Uncovering a Stealthy WordPress Backdoor in mu-plugins NPM package ‘is’ with 2.8M weekly downloads infected devs with malware Coyote in the Wild: First-Ever Ma

Security Affairs newsletter Round 534 by Pierluigi Paganini – INTERNATIONAL EDITION

by Pierluigi Paganini / 3d

A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Law enforcement operations seized BlackSuit ransomware gang’s darknet sites Arizona woman sentenced for aiding North Korea in U.S. IT job fraud sche

Arizona woman sentenced for aiding North Korea in U.S. IT job fraud scheme

Arizona woman sentenced North Korea fraud

•

by Pierluigi Paganini / 4d

Arizona woman gets 8 years for helping North Korea-linked threat actors to infiltrate 309 U.S. firms with fake IT jobs. Christina Marie Chapman (50) from Arizona, was sentenced to 102 months in prison for aiding North Korean IT workers in infiltrating 309 U.S. companies. She pleaded guilty to charges including aggravated identity theft, conspiracy to defraud the U.S., and conspiracy to commit mon

Jul 25, 2025

Operation CargoTalon targets Russia’s aerospace with EAGLET malware,

13 TTPs

•

by Pierluigi Paganini / 4d

•

Russian aerospace targeted by EAGLET malware

Operation CargoTalon targets Russia’s aerospace and defense sectors with EAGLET malware, using TTN documents to exfiltrate data. SEQRITE Labs researchers uncovered a cyber-espionage campaign, dubbed Operation CargoTalon, targeting Russia’s aerospace and defense sectors, specifically Voronezh Aircraft Production Association (VASO), via malicious TTN documents. “Товарно-транспортная накладная” (TTN

Unpatched flaw in EoL LG LNV5110R cameras lets hackers gain Admin access

4 TTPs

•

by Pierluigi Paganini / 4d

•

CVE-2025-7742

Hundreds of LG LNV5110R cameras are affected by an unpatched auth bypass flaw that allows hackers to gain admin access. US Cybersecurity and Infrastructure Security Agency warns that hundreds of LG LNV5110R cameras are impacted by an unpatched authentication bypass vulnerability. The flaw, tracked as CVE-2025-7742 (CVSS score of 8.3), can allow attackers to gain admin access. The vulnerability wa

Koske, a new AI-Generated Linux malware appears in the threat landscape

9 TTPs

•

by Pierluigi Paganini / 5d

•

AI malware hides in panda images

Koske is a new Linux malware designed for cryptomining, likely developed with the help of artificial intelligence. Koske is a new Linux AI-generated malware that was developed for cryptomining activities. Aquasec researchers reported that the malicious code uses rootkits and polyglot image file abuse to evade detection. Attackers exploit a misconfigured server to drop backdoors and download two J

Jul 24, 2025

Mitel patches critical MiVoice MX-ONE Auth bypass flaw

Valid Accounts (Enterprise T1078)

•

by Pierluigi Paganini / 5d

Mitel addressed a critical MiVoice MX-ONE flaw that could allow an unauthenticated attacker to conduct an authentication bypass attack. A critical authentication bypass flaw (CVSS score of 9.4) in Mitel MiVoice MX-ONE allows attackers to exploit weak access controls and gain unauthorized access to user or admin accounts. “An authentication bypass vulnerability has been identified in the Provision

Coyote malware is first-ever malware abusing Windows UI Automation

17 TTPs

•

by Pierluigi Paganini / 5d

•

Coyote Trojan exploits Microsoft UIA

New Coyote malware uses Windows UI Automation to steal banking credentials, targeting Brazilian users across 75 banks and crypto platforms. Coyote malware is now the first to exploit Microsoft’s UI Automation framework in the wild, validating prior warnings from Akamai researchers in December 2024. The UI Automation (UIA) framework is a Microsoft accessibility framework that enables automated acc

SonicWall fixed critical flaw in SMA 100 devices exploited in Overstep malware attacks

CVE-2025-40599 & 3 others

•

by Pierluigi Paganini / 6d

SonicWall addressed a critical vulnerability, tracked as CVE-2025-40599 (CVSS score of 9.1), in SMA 100 appliances SonicWall addressed a critical vulnerability, tracked as CVE-2025-40599 (CVSS score of 9.1), in SMA 100 appliances. Experts warn customers to check their installs for Indicators of Compromise (IoCs) associated with Overstep malware attacks. The issue is an authenticated arbitrary fil

DSPM & AI Are Booming: $17.87B and $4.8T Markets by 2033

by Pierluigi Paganini / 6d

The DSPM market hit around $1.2 billion in 2024 and should grow to $4.5 billion by 2033 (≈16.5% CAGR). The AI sector is projected to swell from $189 billion in 2023 to $4.8 trillion by 2033. The tech realm is continually evolving. New tools are invented every day, and certain technologies are reaching market valuations that have never been seen before. This tectonic shift is notably influencing t

Stealth backdoor found in WordPress mu-Plugins folder

11 TTPs

•

by Pierluigi Paganini / 6d

•

Hidden malware in mu-plugins

A new stealth backdoor has been discovered in the WordPress mu-plugins folder, granting attackers persistent access and control over compromised sites. Sucuri researchers found a stealthy backdoor hidden in WordPress’s “mu-plugins” folder. These plugins auto-run and allow attackers to stay hidden in admin, and maintain persistence. “must-use plugins” are special WordPress plugins that cannot be d

Jul 23, 2025

U.S. CISA adds CrushFTP, Google Chromium, and SysAid flaws to its Known Exploited Vulnerabilities catalog

3 TTPs

•

by Pierluigi Paganini / 6d

. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added CrushFTP, Google Chromium, and SysAid flaws to its Known Exploited Vulnerabilities (KEV) catalog . Below are the descriptions for these flaws: CVE-2025-54309 CrushFTP Unprotected Alternate Channel Vulnerability CVE-2025-6558 Google Chromium ANGLE and GPU Improper Input Validation Vulnerability CVE-2025-2776 SysAid On-Prem Im

U.S. CISA urges FCEB agencies to fix two Microsoft SharePoint flaws immediately and added them to its Known Exploited Vulnerabilities catalog

IoC > 3 IPs

•

by Pierluigi Paganini / 6d

•

16 TTPs

•

CVE-2025-49704 & 1 other

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds two Microsoft SharePoint flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added two Microsoft SharePoint flaws to its Known Exploited Vulnerabilities (KEV) catalog . Below are the descriptions for these flaws: CVE-2025-49704 Microsoft SharePoint Code Injection Vu

Sophos fixed two critical Sophos Firewall vulnerabilities

Execution (Enterprise TA0002)

•

by Pierluigi Paganini / 6d

Sophos addressed five Sophos Firewall vulnerabilities that could allow remote attackers to execute arbitrary code. Sophos has fixed five vulnerabilities (CVE-2025-6704, CVE-2025-7624, CVE-2025-7382, CVE-2024-13974, CVE-2024-13973) in Sophos Firewall that could allow an attacker to remotely execute arbitrary code. “Sophos has resolved five independent security vulnerabilities in Sophos Firewall. E

French Authorities confirm XSS.is admin arrested in Ukraine

Cybercriminal forum administrator arrested Ukraine

•

by Pierluigi Paganini / 6d

French authorities announced the arrest in Ukraine of an alleged administrator of the long-running cybercrime forum XSS.is. A joint investigation conducted by French police, Ukrainian authorities, and Europol led to the arrest of the suspected administrator of the major Russian-speaking cybercrime forum xss.is. “The Paris prosecutor’s office announced on Wednesday, July 23, that an individual sus

Jul 22, 2025

Microsoft linked attacks on SharePoint flaws to China-nexus actors

13 TTPs

•

by Pierluigi Paganini / 7d

Microsoft linked SharePoint exploits to China-nexus groups Linen Typhoon, Violet Typhoon, and Storm-2603, active since July 7, 2025. Microsoft confirmed that China-linked groups Linen Typhoon, Violet Typhoon, and Storm-2603 exploited SharePoint flaws for initial access as early as July 7, 2025. “As of this writing, Microsoft has observed two named Chinese nation-state actors, Linen Typhoon and Vi

Cisco confirms active exploitation of ISE and ISE-PIC flaws

6 TTPs

•

by Pierluigi Paganini / 7d

Cisco warns of active exploits targeting Identity Services Engine (ISE) and ISE-PIC flaws, first observed in July 2025. Cisco confirmed attempted exploitation in the wild of recently disclosed ISE and ISE-PIC flaws ( CVE-2025-20281 , CVE-2025-20282 , CVE-2025-20337 ), updating its advisory after detecting attacks in July 2025. “Multiple vulnerabilities in Cisco Identity Services Engine (ISE) and

SharePoint under fire: new ToolShell attacks target enterprises

IoC > 3 IPs

•

by Pierluigi Paganini / 7d

•

20 TTPs

•

CVE-2025-53770

While SentinelOne did not attribute the attack to a specific threat actor, The Washington Post linked it to China-nexus acors. On July 19, Microsoft confirmed active exploitation of a zero-day vulnerability, tracked as CVE-2025-53770 in on-prem SharePoint Servers. The IT giant issued emergency patches for SharePoint Subscription Edition and 2019, with 2016 updates pending. Microsoft urges custome

CrushFTP zero-day actively exploited at least since July 18

4 TTPs

•

by Pierluigi Paganini / 8d

•

CVE-2025-54309

Hackers exploit CrushFTP zero-day, tracked as CVE-2025-54309, to gain admin access via HTTPS when DMZ proxy is off. Threat actors are exploiting a zero-day vulnerability, tracked as CVE-2025-54309 (CVSS score of 9.0), in the managed file transfer software CrushFTP to gain administrative privileges on vulnerable servers via HTTPS. CrushFTP warned of a zero-day that has been exploited since July 18

Jul 21, 2025

Hardcoded credentials found in HPE Aruba Instant On Wi-Fi devices

4 TTPs

•

by Pierluigi Paganini / 8d

Hardcoded credentials in HPE Aruba Instant On Wi-Fi devices, let attackers to bypass authentication and access the web interface. HPE disclosed hardcoded credentials in Aruba Instant On Wi-Fi devices that allow attackers to bypass login and access the web interface. The flaw tracked as CVE-2025-37103 (CVSS score of 9.8) impacts devices running firmware version 3.2.0.1 and below. Aruba Instant On

End of feed