"Amazon blocks APT29 campaign targeting Microsoft device code authentication."
Views expressed in this cybersecurity, cyber crime update are those of the reporters and correspondents. Accessed on 31 August 2025, 1414 UTC.
Content and Source via email subscription from https://feedly.com.
https://feedly.com/i/subscription/feed%2Fhttp%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2Ffeed
Please check subscription link or scroll down to read your selections. Thanks for joining us today.
Russ Roberts (https://www.hawaiicybersecurityjournal.net).
60
Yesterday
by Pierluigi Paganini / 7h
A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Lab Dookhtegan hacking group disrupts communications on dozens of Iranian ships New zero-click exploit allegedly used to hack WhatsApp users US and
IoC > 2 domains
by Pierluigi Paganini / 7h
•7 TTPs
Amazon disrupts APT29 campaign
Amazon stopped a Russia-linked APT29 watering hole attack that hijacked Microsoft device code authentication via compromised sites. Amazon announced that it had disrupted an opportunistic watering hole campaign orchestrated by the Russia-linked cyber espionage group APT29 (aka SVR group , Cozy Bear , Nobelium , BlueBravo , Midnight Blizzard , and The Dukes ). Amazon experts labeled the attacks as
5 TTPs
by Pierluigi Paganini / 1d
•Hackers disrupt Iranian shipping operations
Lab Dookhtegan hacking group allegedly disrupted communications of 60 Iranian ships run by sanctioned firms NITC and IRISL. The hacking group Lab Dookhtegan allegedly disrupted the communications of 60 Iranian ships. The attack hit at least 39 tankers and 25 cargo ships operated by Iranian maritime companies National Iranian Oil Tanker Company and Iran Shipping Lines, which the US sanctioned. Hac
Aug 29, 2025
2 TTPs
by Pierluigi Paganini / 1d
•CVE-2025-55177
WhatsApp warns users targeted by advanced spyware, sending threat notifications to affected individuals from the past 90 days. A new zero-click exploit used to hack WhatsApp users, reported Donncha Ó Cearbhaill, Head of Security Lab at @AmnestyTech. WhatsApp has just sent out a round of threat notifications to individuals they believe were targeted by an advanced spyware campaign in the past 90 d
FBI seizes VerifTools fake ID marketplace
by Pierluigi Paganini / 1d
US and Dutch authorities shut down VerifTools, a major fake ID marketplace selling documents to bypass KYC checks and access accounts. Law enforcement in the US and the Netherlands dismantled VerifTools, a major fake ID marketplace selling ID documents to bypass KYC checks and gain unauthorized access to online accounts. Authorities seized two marketplace domains and one blog used to sell fraudul
5 TTPs
by Pierluigi Paganini / 2d
•CVE-2025-57819
Sangoma warns of an actively exploited FreePBX zero-day affecting systems with publicly exposed admin control panels. The Sangoma FreePBX Security Team addressed an actively exploited FreePBX zero-day vulnerability, tracked as CVE-2025-57819 (CVSS score of 10.0), impacting systems with an internet-facing administrator control panel (ACP). FreePBX is an open-source telephony software platform that
Aug 28, 2025
3 TTPs
by Pierluigi Paganini / 2d
•Data theft targets Salesforce instances
Google warns that Salesloft Drift OAuth breach affects all integrations, not just Salesforce. All tokens should be treated as compromised. Google disclosed that the Salesloft Drift OAuth breach is broader than Salesforce , affecting all integrations. GTIG and Mandiant advise all customers to treat connected tokens as compromised. Attackers used stolen OAuth tokens to access some Google Workspace
Dutch telcos targeted by Chinese hackers
by Pierluigi Paganini / 2d
Dutch intelligence reports Chinese cyber spies (Salt Typhoon, RedMike) targeted the Netherlands, hitting critical infrastructure. The Dutch intelligence and security services MIVD and AIVD say Chinese cyber spies linked to Salt Typhoon ( RedMike) targeted the Netherlands in a campaign hitting global critical infrastructure. In late 2024, a large-scale Chinese cyberespionage campaign targeting glo
by Pierluigi Paganini / 2d
Cyberattack on Miljödata disrupted services in over 200 Swedish municipalities, with concerns over stolen sensitive data. A cyberattack on Miljödata, an IT supplier serving 80% of Swedish municipalities, including Skellefteå, Mönsterås and Kalmar, disrupted services in over 200 municipalities and raised concerns of stolen sensitive data. The Swedish Privacy Agency confirmed that it has already re
by Pierluigi Paganini / 3d
TransUnion reported a data breach in which threat actors accessed personal information of over 4.4 million customers. TransUnion disclosed a data breach that impacted more than 4,461,511 customers. The company is one of the three major credit reporting agencies in the United States (alongside Experian and Equifax). It collects and maintains credit information on consumers and businesses, includin
14 TTPs
by Pierluigi Paganini / 3d
NSA and allies warn that Chinese APT actors, including Salt Typhoon, are targeting critical infrastructure worldwide. The U.S. National Security Agency (NSA), the UK’s National Cyber Security Centre (NCSC), and allies warn Chinese APT actors, linked to Salt Typhoon , are targeting global telecom, government, transport, lodging, and military sectors. “The National Security Agency (NSA) and other U
Aug 27, 2025
3 TTPs
by Pierluigi Paganini / 3d
Hackers breached Salesloft to steal OAuth/refresh tokens for Drift AI chat; GTIG and Mandiant link the campaign to threat actor UNC6395. Google Threat Intelligence Group and Mandiant researchers investigate a large-scale data theft campaign carried out to hack the sales automation platform Salesloft to steal OAuth and refresh tokens associated with the Drift artificial intelligence (AI) chat agen
2 TTPs
by Pierluigi Paganini / 3d
•CVE-2025-7775
Over 28,200 Citrix NetScaler ADC/Gateway instances remain exposed to critical RCE flaw CVE-2025-7775, already under active exploitation. Experts at the Shadowserver Foundation warn that more than 28,200 Citrix instances are vulnerable to the vulnerability CVE-2025-7775 , which is under active exploitation. CVE-2025-7775 (CVSS score: 9.2) is a memory overflow vulnerability leading to Remote Code E
5 TTPs
by Pierluigi Paganini / 3d
•CVE-2025-7775
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Citrix NetScaler flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Citrix NetScaler flaw, tracked as CVE-2025-7775 , to its Known Exploited Vulnerabilities (KEV) catalog . This week, Citrix addressed three security flaws (CVE-2025-7775, CVE-2025-7776, CVE-202
3 TTPs
by Pierluigi Paganini / 3d
Healthcare Services Group suffered a 2024 breach, exposing personal data of 624,000+ people. Affected individuals are now being notified. In 2024, Healthcare Services Group suffered a data breach that impacted over 624,496 people, as per notification sent to the Maine Attorney General’s Office. Healthcare Services Group, Inc. (HCSG) is a U.S.-based company that provides housekeeping, laundry, din
Aug 26, 2025
4 TTPs
by Pierluigi Paganini / 4d
•AI ransomware PromptLock discovered
ESET found PromptLock, the first AI-driven ransomware, using OpenAI’s gpt-oss:20b via Ollama to generate and run malicious Lua scripts. In a series of messages published on X, ESET Research announced the discovery of the first known AI-powered ransomware, named PromptLock . The PromptLock malware uses the gpt-oss:20b model from OpenAI locally via the Ollama API to generate malicious Lua scripts o
9 TTPs
by Pierluigi Paganini / 4d
•China-linked UNC6384 targets diplomats
The China-linked APT group UNC6384 targeted diplomats by hijacking web traffic to redirect it to a website that delivered malware. China-linked cyberespionage group UNC6384 targeted diplomats by hijacking web traffic to redirect to a website used to deliver malware, Google’s Threat Intelligence Group (GTIG) warns. Cyberspies hijacked a network’s captive portal using an advanced adversary-in-the-m
2 TTPs
by Pierluigi Paganini / 4d
•Farmers Insurance data breach investigation
Farmers Insurance suffered a breach tied to Salesforce attacks, exposing data of 1.1M customers across its nationwide insurance network. Farmers Insurance disclosed a data breach affecting 1,071,172 customers, linked to the recent wave of Salesforce attacks , as per Bleeping Computer . The company is an American insurer group of vehicles, homes and small businesses and also provides other insuran
5 TTPs
by Pierluigi Paganini / 4d
•CVE-2025-7775
Citrix addressed three vulnerabilities in NetScaler ADC and NetScaler Gateway, including one that has been actively exploited in the wild. Citrix addressed three security flaws (CVE-2025-7775, CVE-2025-7776, CVE-2025-8424) in NetScaler ADC and NetScaler Gateway, including one (CVE-2025-7775) that it said has been actively exploited in the wild. “Exploits of CVE-2025-7775 on unmitigated appliances
3 TTPs
by Pierluigi Paganini / 5d
•Auchan suffers major data breach
French retailer Auchan suffered a data breach impacting hundreds of thousands of customers, with personal information stolen. French retailer Auchan suffered a data breach that impacted hundreds of thousands of customers, resulting in the theft of personal information. The company has already notified the impacted customers. Threat actors stole customers’ personal data linked to their loyalty car
- Get link
- X
- Other Apps
- Get link
- X
- Other Apps
Comments
Post a Comment
Please leave a comment about our recent post.