A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box.———————————————————————————————————————————————————–Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.[Two Linux flaws can lead to the disclosure of sensitive data](https://securityaffairs.com/178464/hacking/two-linux-flaws-can-lead-to-the-disclosure-of-sensitive-data.html) [Meta stopped covert operations from Iran, China, and Romania spreading propaganda](https://securityaffairs.com/178456/social-networks/meta-stopped-covert-operations-from-iran-china-romania.html) [US Treasury sanctioned the firm Funnull Technology as major cyber scam facilitator](https://securityaffairs.com/178450/cyber-crime/us-treasury-sanctioned-the-firm-funnull-technology.html) [ConnectWise suffered a cyberattack carried out by a sophisticated nation state actor](https://securityaffairs.com/178442/hacking/connectwise-cyberattack-sophisticated-nation-state-actor.html) [Victoria’s Secret ‘s website offline following a cyberattack](https://securityaffairs.com/178432/hacking/victorias-secrets-website-offline-following-a-cyberattack.html) [China-linked APT41 used Google Calendar as C2 to control its TOUGHPROGRESS malware](https://securityaffairs.com/178424/apt/china-linked-apt41-used-google-calendar-as-c2-to-control-its-toughprogress-malware.html) [New AyySSHush botnet compromised over 9,000 ASUS routers, adding a persistent SSH backdoor.](https://securityaffairs.com/178413/malware/new-ayysshush-botnet-compromised-over-9000-asus-routers-adding-a-persistent-ssh-backdoor.html) [Czech Republic accuses China’s APT31 of a cyberattack on its Foreign Ministry](https://securityaffairs.com/178399/apt/czech-republic-accuses-chinas-apt31-of-a-cyberattack-on-its-foreign-ministrys-unclassified-network.html) [New PumaBot targets Linux IoT surveillance devices](https://securityaffairs.com/178386/malware/pumabot-targets-linux-iot-devices.html) [App Store Security: Apple stops $2B in fraud in 2024 alone, $9B over 5 years](https://securityaffairs.com/178376/mobile-2/app-store-security-apple-stops-2b-in-fraud-in-2024-alone-9b-over-5-years.html) [Crooks use a fake antivirus site to spread Venom RAT and a mix of malware](https://securityaffairs.com/178366/malware/fake-antivirus-spreads-venom-rat.html) [Iranian Man pleaded guilty to role in Robbinhood Ransomware attacks](https://securityaffairs.com/178358/breaking-news/iranian-man-pleaded-guilty-to-role-in-robbinhood-ransomware-attacks.html) [DragonForce operator chained SimpleHelp flaws to target an MSP and its customers](https://securityaffairs.com/178350/cyber-crime/dragonforce-operator-chained-simplehelp-flaws-to-target-an-msp.html) [Russia-linked APT Laundry Bear linked to 2024 Dutch Police attack](https://securityaffairs.com/178338/apt/russia-linked-apt-laundry-bear-linked-to-2024-dutch-police-attack.html) [Nova Scotia Power confirms it was hit by ransomware attack but hasn’t paid the ransom](https://securityaffairs.com/178323/data-breach/nova-scotia-power-confirms-it-was-hit-by-ransomware-but-hasnt-paid-the-ransom.html) [Crooks stole over $200 million from crypto exchange Cetus Protocol](https://securityaffairs.com/178312/hacking/crooks-stole-over-200m-from-cetus-protocol.html) [Marlboro-Chesterfield Pathology data breach impacted 235,911 individuals](https://securityaffairs.com/178295/data-breach/marlboro-chesterfield-pathology-data-breach-impacted-235911-individuals.html) [China-linked APT UNC5221 started exploiting Ivanti EPMM flaws shortly after their disclosure](https://securityaffairs.com/178285/apt/china-linked-apt-unc5221-started-exploiting-ivanti-epmm-flaws-shortly-after-their-disclosure.html) [Fake software activation videos on TikTok spread Vidar, StealC](https://securityaffairs.com/178269/cyber-crime/fake-software-activation-videos-on-tiktok-spread-vidar-stealc.html) [Operation ENDGAME disrupted global ransomware infrastructure](https://securityaffairs.com/178245/cyber-crime/operation-endgame-disrupted-global-ransomware-infrastructure.html)**International Press — Newsletter****Cybercrime**[DragonForce actors target SimpleHelp vulnerabilities to attack MSP, customers](https://news.sophos.com/en-us/2025/05/27/dragonforce-actors-target-simplehelp-vulnerabilities-to-attack-msp-customers/)[The Epic Rise and Fall of a Dark-Web Psychedelics Kingpin](https://www.wired.com/story/rise-fall-dark-web-psychedelics-kingpin-dmt/)[Threat Spotlight: Hijacked Routers and Fake Searches Fueling Payroll Heist](https://reliaquest.com/blog/threat-spotlight-payroll-fraud-attackers-stealing-paychecks-seo-poisoning/)[Dark Partners cybercrime gang fuels large-scale crypto heists](https://www.bleepingcomputer.com/news/security/dark-partners-cybercrime-gang-fuels-large-scale-crypto-heists/)[ConnectWise Confirms ScreenConnect Cyberattack, Says Systems Now Secure: Exclusive](https://www.crn.com/news/channel-news/2025/connectwise-confirms-screenconnect-cyberattack-says-systems-now-secure-exclusive?itc=refresh)[Infrastructure Used to Manage Domains Related to Cryptocurrency Investment Fraud Scams between October 2023 and April 2025](https://www.ic3.gov/CSA/2025/250529.pdf)[Steal, deal and repeat: How cybercriminals trade and exploit your data](https://www.europol.europa.eu/publication-events/main-reports/steal-deal-and-repeat-how-cybercriminals-trade-and-exploit-your-data)[Websites selling hacking tools to cybercriminals seized](https://www.justice.gov/usao-sdtx/pr/websites-selling-hacking-tools-cybercriminals-seized)**Malware**[60 Malicious npm Packages Leak Network and Host Data in Active Malware Campaign](https://socket.dev/blog/60-malicious-npm-packages-leak-network-and-host-data)[Inside a VenomRAT Malware Campaign](https://dti.domaintools.com/VenomRAT/)[Fake Google Meet Page Tricks Users into Running PowerShell Malware](https://blog.sucuri.net/2025/05/fake-google-meet-page-tricks-users-into-running-powershell-malware.html)[PyBitmessage Backdoor Malware Installed with CoinMiner](https://asec.ahnlab.com/en/88109/)[PumaBot: Novel Botnet Targeting IoT Surveillance Devices](https://www.darktrace.com/blog/pumabot-novel-botnet-targeting-iot-surveillance-devices)[GreyNoise Discovers Stealthy Backdoor Campaign Affecting Thousands of ASUS Routers](https://www.greynoise.io/blog/stealthy-backdoor-campaign-affecting-asus-routers)**Hacking**[Sugar-Coated Poison: Benign Generation Unlocks LLM Jailbreaking](https://arxiv.org/abs/2504.05652)[The Sharp Taste of Mimo’lette: Analyzing Mimo’s Latest Campaign targeting Craft CMS](https://blog.sekoia.io/the-sharp-taste-of-mimolette-analyzing-mimos-latest-campaign-targeting-craft-cms/)[](https://thehackernews.com/2025/05/from-infection-to-access-24-hour.html)[From Infection to Access: A 24-Hour Timeline of a Modern Stealer Campaign](https://thehackernews.com/2025/05/from-infection-to-access-24-hour.html)[Qualys TRU Discovers Two Local Information Disclosure Vulnerabilities in Apport and systemd-coredump: CVE-2025-5054 and CVE-2025-4598](https://blog.qualys.com/vulnerabilities-threat-research/2025/05/29/qualys-tru-discovers-two-local-information-disclosure-vulnerabilities-in-apport-and-systemd-coredump-cve-2025-5054-and-cve-2025-4598)**Intelligence and Information Warfare**[China-Nexus Threat Actor Actively Exploiting Ivanti Endpoint Manager Mobile (CVE-2025-4428) Vulnerability](https://blog.eclecticiq.com/china-nexus-threat-actor-actively-exploiting-ivanti-endpoint-manager-mobile-cve-2025-4428-vulnerability)[Mysterious hacking group Careto was run by the Spanish government, sources say](https://techcrunch.com/2025/05/23/mysterious-hacking-group-careto-was-run-by-the-spanish-government-sources-say/)[Russian hacker group Killnet returns with new identity](https://therecord.media/russian-hacker-group-killnet-returns-with-new-identity)[New Russia-affiliated actor Void Blizzard targets critical sectors for espionage](https://www.microsoft.com/en-us/security/blog/2025/05/27/new-russia-affiliated-actor-void-blizzard-targets-critical-sectors-for-espionage/)[Russia-Aligned TAG-110 Targets Tajikistan with Macro-Enabled Word Documents](https://www.recordedfuture.com/research/russia-aligned-tag-110-targets-tajikistan-with-macro-enabled)[AIVD and MIVD recognize new Russian cyber actor](https://www.aivd.nl/documenten/publicaties/2025/05/27/aivd-en-mivd-onderkennen-nieuwe-russische-cyberactor)[Chinese spies blamed for attempted hack on Czech government network](https://therecord.media/czechia-accuses-china-cyber-espionage-apt31)[Mark Your Calendar: APT41 Innovative Tactics](https://cloud.google.com/blog/topics/threat-intelligence/apt41-innovative-tactics)[Earth Lamia Develops Custom Arsenal to Target Multiple Industries](https://www.trendmicro.com/en_us/research/25/e/earth-lamia.html)[Lazarus Group Targets Crypto-Wallets and Financial Data while employing new Tradecrafts](https://arxiv.org/abs/2505.21725)**Cybersecurity**[The App Store prevented more than $9 billion in fraudulent transactions over the last five years](https://www.apple.com/newsroom/2025/05/the-app-store-prevented-more-than-9-billion-usd-in-fraudulent-transactions/)[Cyber: Statement by the High Representative on behalf of the European Union on malicious behaviour in cyberspace against Czechia](https://www.consilium.europa.eu/en/press/press-releases/2025/05/28/cyber-statement-by-the-high-representative-on-behalf-of-the-european-union-on-malicious-behaviour-in-cyberspace-against-czechia/)[Anthropic’s new AI model turns to blackmail when engineers try to take it offline](https://techcrunch.com/2025/05/22/anthropics-new-ai-model-turns-to-blackmail-when-engineers-try-to-take-it-offline/)[Victoria’s Secret Website Taken Offline After Cyberattack](https://www.securityweek.com/victorias-secret-website-taken-offline-after-cyberattack/)[Massive data breach exposes 184 million passwords for Google, Microsoft, Facebook, and more](https://www.zdnet.com/article/massive-data-breach-exposes-184-million-passwords-for-google-microsoft-facebook-and-more/)[Treasury Takes Action Against Major Cyber Scam Facilitator](https://home.treasury.gov/news/press-releases/sb0149)[Integrity Reports, First Quarter 2025](https://transparency.meta.com/it-it/integrity-reports-q1-2025/)[Meta’s Adversarial Threat Report, First Quarter 2025](https://transparency.fb.com/sr/Q1-2025-Adversarial-threat-report)Follow me on Twitter: [@securityaffairs](https://twitter.com/securityaffairs) and [Facebook](https://www.facebook.com/sec.affairs) and [Mastodon](https://infosec.exchange/@securityaffairs)[Pierluigi Paganini](http://www.linkedin.com/pub/pierluigi-paganini/b/742/559)([SecurityAffairs](http://securityaffairs.co/wordpress/) — hacking, newsletter)
Related Tags:
CVE-2025-5054
CVE-2025-4428
Diamond Sleet
Violet Typhoon
BARIUM
Brass Typhoon
NAICS: 54 – Professional
Scientific
Technical Services
NAICS: 517 – Telecommunications
NAICS: 541 – Professional
Scientific
Technical Services
Associated Indicators: