A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box.———————————————————————————————————————————————————–Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.[Experts found 4 billion user records online, the largest known leak of Chinese personal data from a single source](https://securityaffairs.com/178744/data-breach/experts-found-4-billion-user-records-online-the-largest-known-leak-of-chinese-personal-data-from-a-single-source.html) [Attackers exploit Fortinet flaws to deploy Qilin ransomware](https://securityaffairs.com/178736/hacking/attackers-exploit-fortinet-flaws-to-deploy-qilin-ransomware.html) [Russia-linked threat actors targets Ukraine with PathWiper wiper](https://securityaffairs.com/178726/apt/russia-linked-threat-actors-targets-ukraine-with-pathwiper-wiper.html) [U.S. Offers $10M bounty for info on RedLine malware creator and state hackers](https://securityaffairs.com/178712/cyber-crime/u-s-offers-10m-bounty-for-info-on-redline-malware-creator-and-state-hackers.html) [Play ransomware group hit 900 organizations since 2022](https://securityaffairs.com/178702/cyber-crime/play-ransomware-group-hit-900-organizations-since-2022.html) [U.S. CISA adds Google Chromium V8 flaw to its Known Exploited Vulnerabilities catalog](https://securityaffairs.com/178678/security/u-s-cisa-google-chromium-v8-flaw-known-exploited-vulnerabilities-catalog.html) [New versions of Chaos RAT target Windows and Linux systems](https://securityaffairs.com/178670/malware/new-versions-of-chaos-rat-target-windows-and-linux-systems.html) [Critical flaw in Cisco ISE impacts cloud deployments on AWS, Microsoft Azure, and Oracle Cloud Infrastructure](https://securityaffairs.com/178659/uncategorized/critical-flaw-in-cisco-ise-impacts-cloud-deployments-on-aws-microsoft-azure-and-oracle-cloud-infrastructure.html) [Law enforcement seized the carding marketplace BidenCash](https://securityaffairs.com/178655/cyber-crime/law-enforcement-seized-the-carding-marketplace-bidencash.html) [Ukraine’s military intelligence agency stole 4.4GB of highly classified internal data from Tupolev](https://securityaffairs.com/178641/hacking/ukraines-military-intelligence-agency-stole-4-4gb-of-highly-classified-internal-data-from-tupolev.html) [HPE fixed multiple flaws in its StoreOnce software](https://securityaffairs.com/178629/security/hpe-fixed-multiple-flaws-in-its-storeonce-software.html) [Roundcube Webmail under fire: critical exploit found after a decade](https://securityaffairs.com/178615/hacking/roundcube-webmail-under-fire-critical-exploit-found-after-a-decade.html) [U.S. CISA adds Multiple Qualcomm chipsets flaws to its Known Exploited Vulnerabilities catalog](https://securityaffairs.com/178610/hacking/u-s-cisa-adds-multiple-qualcomm-chipsets-flaws-to-its-known-exploited-vulnerabilities-catalog.html) [Cartier disclosed a data breach following a cyber attack](https://securityaffairs.com/178601/data-breach/cartier-disclosed-a-data-breach-following-a-cyber-attack.html) [U.S. CISA adds ASUS RT-AX55 devices, Craft CMS, and ConnectWise ScreenConnect flaws to its Known Exploited Vulnerabilities catalog](https://securityaffairs.com/178591/hacking/u-s-cisa-adds-asus-rt-ax55-devices-craft-cms-and-connectwise-screenconnect-flaws-to-its-known-exploited-vulnerabilities-catalog.html) [Android banking trojan Crocodilus rapidly evolves and goes global](https://securityaffairs.com/178578/malware/android-banking-trojan-crocodilus-evolves-fast-and-goes-global.html) [Google fixed the second actively exploited Chrome zero-day since the start of the year](https://securityaffairs.com/178560/hacking/google-fixed-the-second-actively-exploited-chrome-zero-day-since-the-start-of-the-year.html) [Cryptojacking campaign relies on DevOps tools](https://securityaffairs.com/178548/cyber-crime/cryptojacking-campaign-relies-on-devops-tools.html) [Hacking](https://securityaffairs.com/178532/hacking/qualcomm-fixed-three-zero-days-exploited-in-limited-targeted-attacks.html) [Qualcomm fixed three zero-days exploited in limited, targeted attacks](https://securityaffairs.com/178532/hacking/qualcomm-fixed-three-zero-days-exploited-in-limited-targeted-attacks.html) [Police took down several popular counter-antivirus (CAV) services, including AvCheck](https://securityaffairs.com/178518/cyber-crime/police-took-down-several-popular-counter-antivirus-cav-services-including-avcheck.html) [A cyberattack hit hospitals operated by Covenant Health](https://securityaffairs.com/178507/cyber-crime/a-cyberattack-hit-hospitals-operated-by-covenant-health.html) [Experts published a detailed analysis of Cisco IOS XE WLC flaw CVE-2025-20188](https://securityaffairs.com/178497/security/cisco-ios-xe-wlc-flaw-cve-2025-20188.html) [Two flaws in vBulletin forum software are under attack](https://securityaffairs.com/178481/security/two-flaws-in-vbulletin-forum-software-are-under-attack.html)**International Press — Newsletter****Cybercrime**[Websites selling hacking tools to cybercriminals seized](https://www.justice.gov/usao-sdtx/pr/websites-selling-hacking-tools-cybercriminals-seized)[Alleged Conti, TrickBot Gang Leader Unmasked](https://www.securityweek.com/alleged-conti-trickbot-gang-leader-unmasked/)[Key service for malware developers taken offline](https://www.politie.nl/en/news/2025/may/30/key-service-for-malware-developers-taken-offline.html)[Hospitals in Maine, New Hampshire limit services after cyberattack on Catholic health org](https://therecord.media/maine-new-hampshire-cyberattacks-hospital)[U.S. Government seizes approximately 145 criminal marketplace domains](https://www.justice.gov/usao-edva/pr/us-government-seizes-approximately-145-criminal-marketplace-domains)[Interlock ransomware claims Kettering Health breach, leaks stolen data](https://www.bleepingcomputer.com/news/security/interlock-ransomware-claims-kettering-health-breach-leaks-stolen-data/)[Cyber Criminals Defraud Hedera Hashgraph Network Non-Custodial Wallet Users Through Nonfungible Token Airdrops Disguised as Free Rewards](https://www.ic3.gov/PSA/2025/PSA250603)[#StopRansomware: Play Ransomware](https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-352a)[Maxim Alexandrovich Rudometov -& RedLine](https://rewardsforjustice.net/rewards/maxim-alexandrovich-rudometov-redline/)[The SEC Pinned Its Hack on a Few Hapless Day Traders. The Full Story Is Far More Troubling](https://www.bloomberg.com/news/features/2025-06-06/how-hack-of-sec-s-edgar-system-exposed-flaws-in-us-financial-security)[Ross Ulbricht Got a $31 Million Donation From a Dark Web Dealer, Crypto Tracers Suspect](https://www.wired.com/story/ross-ulbricht-31-million-donation-alphabay/)[Ransomware gang claims responsibility for Kettering Health hack](https://techcrunch.com/2025/06/04/ransomware-gang-claims-responsibility-for-kettering-health-hack/)**Malware**[Pure Crypter Malware Analysis: 99 Problems but Detection Ain’t One](https://www.esentire.com/blog/pure-crypter-malware-analysis-99-problems-but-detection-aint-one)[Attacker exploits misconfigured AI tool to run AI-generated payload](https://sysdig.com/blog/attacker-exploits-misconfigured-AI-tool-to-run-ai-generated-payload/)[Malicious Ruby Gems Exfiltrate Telegram Tokens and Messages Following Vietnam Ban](https://socket.dev/blog/malicious-ruby-gems-exfiltrate-telegram-tokens-and-messages-following-vietnam-ban)[From open-source to open threat: Tracking Chaos RAT’s evolution](https://www.acronis.com/en-us/cyber-protection-center/posts/from-open-source-to-open-threat-tracking-chaos-rats-evolution/)[Home Internet Connected Devices Facilitate Criminal Activity](https://www.ic3.gov/PSA/2025/PSA250605#fn2)**Hacking**[vBulletin replaceAdTemplate Exploited in the Wild](https://blog.kevintel.com/vbulletin-replaceadtemplate-kev/)[Don’t Call That ‘Protected’ Method: Dissecting an N-Day vBulletin RCE](https://karmainsecurity.com/dont-call-that-protected-method-vbulletin-rce)[Cisco IOS XE WLC Arbitrary File Upload Vulnerability (CVE-2025-20188) Analysis](https://horizon3.ai/attack-research/attack-blogs/cisco-ios-xe-wlc-arbitrary-file-upload-vulnerability-cve-2025-20188-analysis/) [](https://thehackernews.com/2025/06/qualcomm-fixes-3-zero-days-used-in.html)[Qualcomm Fixes 3 Zero-Days Used in Targeted Android Attacks via Adreno GPU](https://thehackernews.com/2025/06/qualcomm-fixes-3-zero-days-used-in.html)[Preinstalled Apps on Ulefone, Krüger-&Matz Phones Let Any App Reset Device, Steal PIN](https://thehackernews.com/2025/06/preinstalled-apps-on-ulefone-kruger.html)[DevOps Tools Targeted for Cryptojacking](https://www.wiz.io/blog/jinx-0132-cryptojacking-campaign)[Critical 10-Year-Old Roundcube Webmail Bug Allows Authenticated Users Run Malicious Code](https://thehackernews.com/2025/06/critical-10-year-old-roundcube-webmail.html)[Critical Fortinet flaws now exploited in Qilin ransomware attacks](https://www.bleepingcomputer.com/news/security/critical-fortinet-flaws-now-exploited-in-qilin-ransomware-attacks/)[Riding The Time Machine: Journey Through An Old vBulletin PHP Object Injection](https://karmainsecurity.com/riding-the-time-machine-old-vbulletin-php-object-injection)**Intelligence and Information Warfare**[A Flyby on the CFO’s Inbox: Spear-Phishing Campaign Targeting Financial Executives with NetBird Deployment](https://www.trellix.com/en-in/blogs/research/a-flyby-on-the-cfos-inbox-spear-phishing-campaign-targeting-financial-executives-with-netbird-deployment/)[Eight things we learned from WhatsApp vs. NSO Group spyware lawsuit](https://techcrunch.com/2025/05/30/eight-things-we-learned-from-whatsapp-vs-nso-group-spyware-lawsuit/)[Ukraine Hacks Tupolev, Exposes Russia’s Strategic Bomber Secrets](https://www.kyivpost.com/post/53946)[Newly identified wiper malware ‘PathWiper’ targets critical infrastructure in Ukraine](https://blog.talosintelligence.com/pathwiper-targets-ukraine/)[Justice Department accuses two Chinese researchers of smuggling ‘potential agroterrorism weapon’ into US](https://www.reuters.com/world/us/justice-department-accuses-two-chinese-researchers-smuggling-potential-2025-06-03/) [](https://www.theregister.com/2025/06/06/north_korea_it_worker_cash/)[Uncle Sam moves to seize $7.7M laundered by North Korean IT worker ring](https://www.theregister.com/2025/06/06/north_korea_it_worker_cash/)[The Bitter End: Unraveling Eight Years of Espionage Antics — Part Two](https://www.threatray.com/blog/the-bitter-end-unraveling-eight-years-of-espionage-antics-part-two)**Cybersecurity**[Sustaining Digital Certificate Security — Upcoming Changes to the Chrome Root Store](https://security.googleblog.com/2025/05/sustaining-digital-certificate-security-chrome-root-store-changes.html)[Announcing a new strategic collaboration to bring clarity to threat actor naming](https://www.microsoft.com/en-us/security/blog/2025/06/02/announcing-a-new-strategic-collaboration-to-bring-clarity-to-threat-actor-naming/)[NSO Group asks judge for new trial, calling $167 million in damages ‘outrageous’](https://techcrunch.com/2025/06/02/nso-group-asks-judge-for-new-trial-calling-167-million-in-damages-outrageous/)[Victoria’s Secret says it will postpone earnings report after recent security breach](https://apnews.com/article/victorias-secret-earnings-delayed-cyberattack-1fda0fe1da3699177f2ab0c6ee75873e)[Largest ever data leak exposes over 4 billion user records](https://cybernews.com/security/chinese-data-leak-billiones-records-exposed/)[Australian ransomware victims now must tell the government if they pay up](https://therecord.media/australia-ransomware-victims-must-report-payments)[Pivot to AI](https://pivot-to-ai.com/2025/06/05/generative-ai-runs-on-gambling-addiction-just-one-more-prompt-bro/)[EU takes a step further in cybersecurity crisis management](https://digital-strategy.ec.europa.eu/en/news/eu-takes-step-further-cybersecurity-crisis-management)[Cyber Attacks Are Up 47% in 2025 — AI is One Key Factor](https://www.techrepublic.com/article/news-cyber-attacks-check-point/)Follow me on Twitter: [@securityaffairs](https://twitter.com/securityaffairs) and [Facebook](https://www.facebook.com/sec.affairs) and [Mastodon](https://infosec.exchange/@securityaffairs)[Pierluigi Paganini](http://www.linkedin.com/pub/pierluigi-paganini/b/742/559)([SecurityAffairs](http://securityaffairs.co/wordpress/) — hacking, newsletter)
Related Tags:
Covenant
Playcrypt
Play
ControlX
CHROMIUM
Charcoal Typhoon
NAICS: 621 – Ambulatory Health Care Services
NAICS: 54 – Professional
Scientific
Technical Services
NAICS: 334 – Computer And Electronic Product Manufacturing
Associated Indicators: