Security Affairs.
- Get link
- X
- Other Apps
"Transunion discloses a data breach impacting 4.4 million customers."
Views expressed in this cybersecurity, cyber crime update are those of the reporters and correspondents. Accessed on 28 August 2025, 1421 UTC.
Content and Source via email subscription from https://feedly.com.
https://feedly.com/i/subscription/feed%2Fhttp%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2Ffeed
Please check subscription URL or scroll down to read your selections. Thanks for joining us today.
Russ Roberts (https://www.hawaiicybersecurityjournal.net).
51
Today
by Pierluigi Paganini / 38min
TransUnion reported a data breach in which threat actors accessed personal information of over 4.4 million customers. TransUnion disclosed a data breach that impacted more than 4,461,511 customers. The company is one of the three major credit reporting agencies in the United States (alongside Experian and Equifax). It collects and maintains credit information on consumers and businesses, includin
14 TTPs
by Pierluigi Paganini / 2h
NSA and allies warn that Chinese APT actors, including Salt Typhoon, are targeting critical infrastructure worldwide. The U.S. National Security Agency (NSA), the UK’s National Cyber Security Centre (NCSC), and allies warn Chinese APT actors, linked to Salt Typhoon , are targeting global telecom, government, transport, lodging, and military sectors. “The National Security Agency (NSA) and other U
Yesterday
3 TTPs
by Pierluigi Paganini / 5h
Hackers breached Salesloft to steal OAuth/refresh tokens for Drift AI chat; GTIG and Mandiant link the campaign to threat actor UNC6395. Google Threat Intelligence Group and Mandiant researchers investigate a large-scale data theft campaign carried out to hack the sales automation platform Salesloft to steal OAuth and refresh tokens associated with the Drift artificial intelligence (AI) chat agen
2 TTPs
by Pierluigi Paganini / 18h
•CVE-2025-7775
Over 28,200 Citrix NetScaler ADC/Gateway instances remain exposed to critical RCE flaw CVE-2025-7775, already under active exploitation. Experts at the Shadowserver Foundation warn that more than 28,200 Citrix instances are vulnerable to the vulnerability CVE-2025-7775 , which is under active exploitation. CVE-2025-7775 (CVSS score: 9.2) is a memory overflow vulnerability leading to Remote Code E
5 TTPs
by Pierluigi Paganini / 19h
•CVE-2025-7775
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Citrix NetScaler flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Citrix NetScaler flaw, tracked as CVE-2025-7775 , to its Known Exploited Vulnerabilities (KEV) catalog . This week, Citrix addressed three security flaws (CVE-2025-7775, CVE-2025-7776, CVE-202
3 TTPs
by Pierluigi Paganini / 21h
Healthcare Services Group suffered a 2024 breach, exposing personal data of 624,000+ people. Affected individuals are now being notified. In 2024, Healthcare Services Group suffered a data breach that impacted over 624,496 people, as per notification sent to the Maine Attorney General’s Office. Healthcare Services Group, Inc. (HCSG) is a U.S.-based company that provides housekeeping, laundry, din
Aug 26, 2025
4 TTPs
by Pierluigi Paganini / 1d
•AI ransomware PromptLock discovered
ESET found PromptLock, the first AI-driven ransomware, using OpenAI’s gpt-oss:20b via Ollama to generate and run malicious Lua scripts. In a series of messages published on X, ESET Research announced the discovery of the first known AI-powered ransomware, named PromptLock . The PromptLock malware uses the gpt-oss:20b model from OpenAI locally via the Ollama API to generate malicious Lua scripts o
9 TTPs
by Pierluigi Paganini / 1d
•China-linked UNC6384 targets diplomats
The China-linked APT group Silk Typhoon targeted diplomats by hijacking web traffic to redirect it to a website that delivered malware. China-linked cyberespionage group Silk Typhoon targeted diplomats by hijacking web traffic to redirect to a website used to deliver malware, Google’s Threat Intelligence Group (GTIG) warns. Cyberspies hijacked a network’s captive portal using an advanced adversar
2 TTPs
by Pierluigi Paganini / 1d
•Farmers Insurance data breach investigation
Farmers Insurance suffered a breach tied to Salesforce attacks, exposing data of 1.1M customers across its nationwide insurance network. Farmers Insurance disclosed a data breach affecting 1,071,172 customers, linked to the recent wave of Salesforce attacks , as per Bleeping Computer . The company is an American insurer group of vehicles, homes and small businesses and also provides other insuran
5 TTPs
by Pierluigi Paganini / 1d
•CVE-2025-7775
Citrix addressed three vulnerabilities in NetScaler ADC and NetScaler Gateway, including one that has been actively exploited in the wild. Citrix addressed three security flaws (CVE-2025-7775, CVE-2025-7776, CVE-2025-8424) in NetScaler ADC and NetScaler Gateway, including one (CVE-2025-7775) that it said has been actively exploited in the wild. “Exploits of CVE-2025-7775 on unmitigated appliances
3 TTPs
by Pierluigi Paganini / 2d
•Auchan suffers major data breach
French retailer Auchan suffered a data breach impacting hundreds of thousands of customers, with personal information stolen. French retailer Auchan suffered a data breach that impacted hundreds of thousands of customers, resulting in the theft of personal information. The company has already notified the impacted customers. Threat actors stole customers’ personal data linked to their loyalty car
Aug 25, 2025
4 TTPs
by Pierluigi Paganini / 2d
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Citrix Session Recording, and Git flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Citrix Session Recording, and Git flaws to its Known Exploited Vulnerabilities (KEV) catalog . Below are the descriptions for these flaws: CVE-2024-8069 (CVSS score of 5.1) C
2 TTPs
by Pierluigi Paganini / 2d
Docker fixed a critical flaw in the Docker Desktop app for Windows and macOS that could potentially allow an attacker to escape the confines of a container. Docker fixed a critical vulnerability, tracked as CVE-2025-9074 (CVSS score of 9.3), impacting Docker Desktop app for Windows and macOS. An attacker can exploit the flaw to potentially escape the confines of a container. According to DockerDo
7 TTPs
by Pierluigi Paganini / 2d
•Anatsa Trojan targets 831 apps
Experts found 77 malicious Android apps with 19M+ installs on Google Play, spreading malware, including the Anatsa (TeaBot) banking trojan. While investigating Anatsa (Tea Bot) banking trojan infections, Zscaler’s ThreatLabs discovered seventy-seven malicious Android apps with more than 19 million installs. Several Anatsa decoy apps have each been downloaded more than 50,000 times. The malicious
Aug 24, 2025
IoC > 2 domains
by Pierluigi Paganini / 3d
•27 TTPs
APT36 targets Indian Linux systems
APT36 uses Linux .desktop files in new attacks on Indian gov & defense, aiming for data theft and persistent espionage access. Transparent Tribe (aka APT36 , Operation C-Major, and Mythic Leopard), a Pakistan-linked threat actor, is using Linux .desktop files to load malware in new attacks against government and defense entities in India. The APT group is targeting Indian government entities via
8 TTPs
by Pierluigi Paganini / 3d
•Fake Android apps spy on users
New Android spyware Android.Backdoor.916.origin is disguised as an antivirus linked to Russia’s intelligence agency FSB, and targets business executives. Doctor Web researchers observed a multifunctional backdoor Android.Backdoor.916.origin targeting Android devices belonging to representatives of Russian businesses. The malware executes attacker commands, enabling surveillance, keylogging, and t
Impact (Enterprise TA0040)
by Pierluigi Paganini / 3d
•Data I/O suffers ransomware attack
Electronics manufacturer Data I/O reports a ransomware attack to SEC, the company was forced to take offline operational systems. Electronics manufacturer Data I/O reported a ransomware attack to the US Securities and Exchange Commission (SEC). The company was forced to take offline operational systems following the attack. Data I/O is a leading provider of manual and automated programming system
Aug 23, 2025
IoC > 2 domains and 2 IPs
by Pierluigi Paganini / 4d
•14 TTPs
Mirai-based Gayfemboy botnet resurfaces, evolving to target systems worldwide; Fortinet researchers provided details about the new campaign. FortiGuard Labs researchers tracked a new Gayfemboy botnet campaign, the malware exploits known flaws in DrayTek, TP-Link, Raisecom, and Cisco, showing evolved tactics and renewed activity. The Gayfemboy botnet was first identified in February 2024, it borro
by Pierluigi Paganini / 4d
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter Hunt.io Exposes and Analyzes ERMAC V3.0 Banking Trojan Full Source Code Leak Evolution of the PipeMagic backdoor: from the RansomExx incident to CVE-2025-29824 Supply Chain Risk in Python: Termncolor and Colorinal Explained Noodlophile Stealer Ev
by Pierluigi Paganini / 4d
A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Kidney dialysis firm DaVita confirms ransomware attack compromised data of 2.7M people China-linked Silk Typhoon APT targets North America Over 300
3 TTPs
by Pierluigi Paganini / 4d
•Healthcare data breaches affect millions
Kidney dialysis firm DaVita confirms ransomware breach exposed personal and health data of nearly 2.7M individuals. Kidney dialysis firm DaVita disclosed a data breach after a ransomware attack, the incident exposed personal and health information of nearly 2.7 million individuals. The number of impacted individuals reported by the Department of Health’s Office for Civil Rights (OCR) was updated
Aug 22, 2025
14 TTPs
by Pierluigi Paganini / 5d
China-linked Silk Typhoon APT group ramp up North America attacks, exploiting n-day and zero-day flaws for system access, CrowdStrike warns. China-linked Silk Typhoon APT group (aka Murky Panda) targets organizations in North America exploiting n-day and zero-day flaws for system access, CrowdStrike warns. This Chinese APT has one of the widest targeting scopes. In March, Microsoft experts observ
IoC > 2 URLs and 2 domains
by Pierluigi Paganini / 5d
•16 TTPs
Cookie Spider malware campaign blocked
Over 300 entities hit by the Atomic macOS Stealer via malvertising campaign between June and August, CrowdStrike warns. From June and August, over 300 entities were hit by a variant of the Atomic macOS Stealer (AMOS) called SHAMOS, reports CrowdStrike. The Atomic macOS Stealer lets operators steal diverse information from infected machines. This includes Keychain passwords, system details, deskto
Interpol arrests 1209 cyber criminals
by Pierluigi Paganini / 5d
INTERPOL arrested 1,209 cybercriminals in 18 African nations seizing $97.4M, and dismantling 11,432 malicious infrastructures. INTERPOL announced the result of the second phase of ongoing law enforcement Operation Serengeti (June to August 2025) that led to
- Get link
- X
- Other Apps
Comments
Post a Comment
Please leave a comment about our recent post.