Security Affairs
- Get link
- X
- Other Apps
"A suspected Scattered Spider member detained for casino network attacks."
Views expressed in this cybersecurity, cyber crime update are those of the reporters and correspondents. Accessed on 23 September 2025, 1354 UTC.
Content and Source: "Security Affairs" subscription via https://feedly.com.
https://feedly.com/i/subscription/feed%2Fhttp%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2Ffeed
Please check subscription link or scroll down to read your selections. Thanks for joining us today.
Russ Roberts (https://www.hawaiicybersecurityjournal.net).
31
Most popular
by Pierluigi Paganini / 1h
A suspected Scattered Spider member linked to cyber attacks on Las Vegas casinos was arrested on September 17. The Las Vegas Metropolitan Police Department arrested on September 17 a suspected Scattered Spider member linked to attacks on Las Vegas casinos for computer intrusion, extortion, and identity theft. Between August and October 2023, multiple Las Vegas casinos suffered network intrusions
by Pierluigi Paganini / 2h
Researchers earned $150K for “L1TF Reloaded,” combining L1TF and half-Spectre to leak VM memory from public clouds despite mitigations. Researchers from Vrije Universiteit Amsterdam earned $150K for exploiting L1TF Reloaded, a flaw combining L1TF ( Foreshadow ) and half- Spectre . The attack bypasses prior mitigations, showing that transient CPU vulnerabilities remain practical and can leak memor
Impact (Enterprise TA0040)
32by Pierluigi Paganini / 2d
•, with Heathrow, Brussels, and Berlin most affected. A cyber attack on Collins Aerospace disrupted check-in and boarding systems at major European airports, heavily impacting Heathrow, Brussels, and Berlin. The outage caused numerous flight delays and cancellations, forcing manual operations. Collins Aerospace is a major American company specializing in aviation and defense technologies, and is a
Yesterday
RCMP shuts down TradeOgre, seizing $40M from crime, the first crypto exchange closure and largest asset seizure in Canada’s history. The Royal Canadian Mounted Police shut down the crypto exchange TradeOgre and seized $40M worth of crypto assets. This is the first crypto exchange shut down by the Canadian authorities. “RCMP Federal Policing – Eastern Region has carried out the largest cryptocurre
Stellantis is investigating a data breach after unauthorized access to a third-party provider’s platform potentially exposed customer data. Car maker giant Stellantis announced it is investigating a data breach following unauthorized access to a third-party provider’s platform that supports North American customer service operations. The company did not name the impacted third-party provider. Ste
The FBI warns that criminals are spoofing the IC3 site to steal personal data and commit fraud targeting cybercrime reporters. The FBI warned that attackers are spoofing the official Crime Complaint Center (IC3) website to steal personal data and commit financial fraud, targeting users who report cybercrimes. The fake websites mimic the real IC3 domain using slight changes in spelling or top-leve
The EU cybersecurity agency ENISA confirmed that airport check-in disruptions were caused by a cyberattack, and law enforcement is investigating. A cyber attack on Collins Aerospace disrupted check-in and boarding systems at major European airports, heavily impacting Heathrow, Brussels, and Berlin. The outage caused numerous flight delays and cancellations, forcing manual operations. Collins Aero
Sep 21, 2025
SentinelOne uncovered MalTerminal, the earliest known malware with built-in LLM capabilities, and presented it at LABScon 2025. SentinelLABS researchers discovered MalTerminal, the earliest known LLM-enabled malware, which generates malicious logic at runtime, making the detection more complex. Researchers identified it via API key patterns and prompt structures, uncovering new samples and other
LastPass warns macOS users of fake GitHub repos distributing Atomic infostealer malware disguised as legitimate tools. LastPass warns macOS users about fake GitHub repositories spreading malware disguised as legitimate tools, redirecting victims to download the Atomic macOS infostealer. “The LastPass Threat Intelligence, Mitigation, and Escalation (TIME) team is tracking an ongoing, widespread in
ESET found evidence that Russia-linked groups Gamaredon and Turla collaborated in cyberattacks on Ukraine between February and April 2025. ESET reported Russia-linked groups Gamaredon and Turla collaborated in cyberattacks against entities in Ukraine. The Russia-linked APT group Gamaredon (a.k.a. Shuckworm, Armageddon , Primitive Bear , ACTINIUM , Callisto ) is known for targeting government, law
by Pierluigi Paganini / 1d
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter SmokeLoader Rises From the Ashes Hive0154, aka Mustang Panda, drops updated Toneshell backdoor and novel SnakeDisk USB worm Popular Tinycolor npm Package Compromised in Supply Chain Attack Affecting 40+ Packages Self-replicating Shai-hulud worm s
A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. A cyberattack on Collins Aerospace disrupted operations at major European airports CISA warns of malware deployed through Ivanti EPMM flaws Fortra a
Sep 20, 2025
8 TTPs
by Pierluigi Paganini / 2d
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) disclosed two malware strains found in a network compromised via Ivanti EPMM flaws. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) published technical details of two malware families that were discovered in the network of an unnamed organization following the compromise of Ivanti Endpoint Manager Mobile (EPMM). CIS
Sep 19, 2025
4 TTPs
by Pierluigi Paganini / 3d
Fortra addressed a critical flaw in GoAnywhere Managed File Transfer (MFT) software that could result in the execution of arbitrary commands. Fortra addressed a critical vulnerability, tracked as CVE-2025-10035 (CVSS score of 10.0) in GoAnywhere Managed File Transfer (MFT) software. Fortra GoAnywhere Managed File Transfer is a comprehensive solution for secure file transfer, data encryption, and
U.K. police arrested two teens from the Scattered Spider group for their role in the August 2024 cyberattack on Transport for London. U.K. law enforcement authorities arrested two teenagers who are members of the notorious Scattered Spider hacking group in connection with their role in the cyber attack that hit Transport for London (TfL) . Transport for London (TfL) is a local government body res
Sep 18, 2025
Radware discovered a server-side data theft attack, dubbed ShadowLeak, targeting ChatGPT. OpenAI patched the zero-click vulnerability. Researchers at Radware uncovered a server-side data theft attack targeting ChatGPT, called ShadowLeak. The experts discovered a zero-click vulnerability in ChatGPT’s Deep Research agent when connected to Gmail and browsing. The researchers explained that using a c
by Pierluigi Paganini / 4d
SonicWall urges users to reset credentials after MySonicWall backups were exposed; the company locked out the threat actors and notified authorities. SonicWall urged customers to reset credentials after firewall backup files tied to MySonicWall accounts were exposed. The company announced it had blocked attackers’ access and is working with cybersecurity experts and law enforcement agencies to de
Sep 17, 2025
Google addressed four vulnerabilities affecting its Chrome web browser, including one that has been exploited in the wild. Google released security updates to address four vulnerabilities in the Chrome web browser, including CVE-2025-10585, which has reportedly been exploited in the wild. “Google is aware that an exploit for CVE-2025-10585 exists in the wild.” reads the advisory published by Goog
Impact (Enterprise TA0040)
by Pierluigi Paganini / 5d
•Jaguar Land Rover will keep vehicle production halted until at least September 24 following a cyberattack that hit the company earlier this month. Jaguar Land Rover will extend its production halt into a third week, keeping operations suspended until at least September 24 after a recent cyberattack . Jaguar Land Rover (JLR) is a British luxury vehicle manufacturer headquartered in Whitley, Covent
China-linked group APT41 impersonated a U.S. lawmaker in phishing attacks on government, think tanks, and academics tied to US-China trade and policy. Proofpoint observed China-linked cyber espionage group APT41 impersonating a U.S. lawmaker in a phishing campaign targeting government, think tanks, and academics tied to U.S.-China trade and policy. APT41, known also as Amoeba, BARIUM, BRONZE ATLA
Microsoft and Cloudflare disrupted the RaccoonO365 phishing service, used to steal thousands of user credentials. A joint operation conducted by Microsoft and Cloudflare has taken down the infrastructure used by the RaccoonO365 phishing service (tracked by Microsoft as Storm-2246). Microsoft announced that its Digital Crimes Unit shut down RaccoonO365, seizing 338 sites used to steal Microsoft 36
Sep 16, 2025
The U.S. Department of Justice (DoJ) resentenced the former administrator of the popular BreachForums hacking forum BreachForums to three years in prison. The U.S. DoJ resentenced the former BreachForums administrator, Conor Brian Fitzpatrick (aka Pompompurin), 22, to three years in prison. Authorities say he ran the notorious hacking forum, which traded stolen data and cybercrime tools, fueling
by Pierluigi Paganini / 6d
Apple announced it has backported patches for a recently addressed actively exploited vulnerability tracked as CVE-2025-43300. Apple has backported security patches released to address an actively exploited vulnerability tracked as CVE-2025-43300 . In August 2025, Apple addressed the actively exploited zero-day CVE-2025-43300 in iOS, iPadOS, and macOS. The vulnerability is zero-day out-of-bounds
Researchers uncovered a new supply chain attack targeting the npm registry that impacted over 40 packages belonging to multiple maintainers. Security researchers at Socket uncovered a malicious update to @ctrl/tinycolor , a package with 2.2M weekly downloads on npm. While investigating the case, they discovered it was linked to a larger supply chain attack that compromised over 40 packages from m
Google found threat actors created a fake account in its Law Enforcement Request System (LERS) and shut it down. Google confirmed that threat actors gained access to its Law Enforcement Request System (LERS) platform by creating a fake account. The Google Law Enforcement Request System (LERS) is a secure online portal for verified government agencies to submit and track legal requests for user da
Sep 15, 2025
China-linked APT group Mustang Panda has been spotted using a new USB worm called SnakeDisk along with a new version of known malware China-linked APT group Mustang Panda (aka Hive0154, Camaro Dragon , RedDelta or Bronze President ) has been spotted using an updated version of the TONESHELL backdoor and a previously undocumented USB worm called SnakeDisk. Mustang Panda has been active since at le
An ex-employee caused an insider breach at FinWise Bank, exposing data of 689,000 American First Finance customers. FinWise Bank is a Utah-based community bank, FDIC-insured, that partners with fintechs and lenders to offer consumer loans, small business financing, and deposit services. FinWise Bank notified the Maine AG that a data breach tied to the U.S.-based financial services company America
Crooks stole personal data of millions of Gucci, Balenciaga, and Alexander McQueen customers: parent firm Kering confirmed the breach. Hackers stole private data of millions of Gucci, Balenciaga, and Alexander McQueen customers, including names, contacts, addresses, and spending details. The parent company, Kering, confirmed the security breach and notified data protection authorities. The firm d
Credential Access (Enterprise TA0006)
by Pierluigi Paganini / 7d
•Fairmont Federal Credit Union alerts 187K people that a 2023 breach exposed personal, financial, and medical data. Fairmont Federal Credit Union (FFCU) is a not-for-profit financial cooperative in West Virginia. It offers services like personal and business loans, mortgages, checking accounts, and financial aid, operating nine regional branches to serve its members. Fairmont Federal Credit Union
Sep 14, 2025
UK ICO reports students caused over half of school data breaches, showing kids are shaping cybersecurity in unexpected ways. The UK Information Commissioner’s Office (ICO), students were responsible for most of the data breaches suffered by the schools in the country. The U.K.’s independent regulator for data protection and information rights also reported that nearly one-third of insider attacks
Panama’s Ministry of Economy and Finance disclosed a security breach impacting a computer in its infrastructure. Panama’s Ministry of Economy and Finance (MEF) announced that threat actors likely compromised one of its computers. The Ministry immediately activated its security protocols to contain the threat. Panama’s Ministry pointed out that critical systems vital to operations remain safe. In
End of feed
- Get link
- X
- Other Apps
Comments
Post a Comment
Please leave a comment about our recent post.