A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box.———————————————————————————————————————————————————–Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.[Palo Alto Networks fixed multiple privilege escalation flaws](https://securityaffairs.com/179000/security/palo-alto-networks-fixed-multiple-privilege-escalation-flaws.html) [Unusual toolset used in recent Fog Ransomware attack](https://securityaffairs.com/178969/malware/unusual-toolset-used-in-recent-fog-ransomware-attack.html) [A cyberattack on United Natural Foods caused bread shortages and bare shelves](https://securityaffairs.com/178991/hacking/a-cyberattack-on-united-natural-foods-caused-bread-shortages-and-bare-shelves.html) [Apple confirmed that Messages app flaw was actively exploited in the wild](https://securityaffairs.com/178962/mobile-2/apple-confirmed-messages-app-flaw-actively-exploited.html) [Trend Micro fixes critical bugs in Apex Central and TMEE PolicyServer](https://securityaffairs.com/178952/security/trend-micro-fixes-critical-bugs-in-apex-central-and-tmee-policyserver.html) [Paragon Graphite Spyware used a zero-day exploit to hack at least two journalists’ iPhones](https://securityaffairs.com/178940/mobile-2/paragon-graphite-spyware-used-a-zero-day-exploit.html) [SinoTrack GPS device flaws allow remote vehicle control and location tracking](https://securityaffairs.com/178922/security/sinotrack-gps-device-flaws-allow-remote-vehicle-control-and-location-tracking.html) [U.S. CISA adds Wazuh, and WebDAV flaws to its Known Exploited Vulnerabilities catalog](https://securityaffairs.com/178923/security/u-s-cisa-adds-wazuh-and-webdav-flaws-to-its-known-exploited-vulnerabilities-catalog.html) [Exposed eyes: 40,000 security cameras vulnerable to remote hacking](https://securityaffairs.com/178908/iot/40000-security-cameras-remote-hacking.html) [Operation Secure: INTERPOL dismantles 20,000+ malicious IPs in major cybercrime crackdown](https://securityaffairs.com/178898/cyber-crime/operation-secure-interpol-dismantles-20000-malicious-ips-in-major-cybercrime-crackdown.html) [Over 80,000 servers hit as Roundcube RCE bug gets rapidly exploited](https://securityaffairs.com/178887/hacking/over-80000-servers-hit-as-roundcube-rce-bug-gets-rapidly-exploited.html) [A flaw could allow recovery of the phone number associated with any Google account](https://securityaffairs.com/178871/hacking/a-flaw-could-allow-recovery-of-the-phone-number-associated-with-any-google-account.html) [Data Breach](https://securityaffairs.com/178861/data-breach/txdot-data-breach-exposes-300000-crash-reports.html) [Texas Department of Transportation (TxDOT) data breach exposes 300,000 crash reports](https://securityaffairs.com/178861/data-breach/txdot-data-breach-exposes-300000-crash-reports.html) [SAP June 2025 Security Patch Day fixed critical NetWeaver bug](https://securityaffairs.com/178851/security/sap-june-2025-security-patch-day-fixed-critical-netweaver-bug.html) [U.S. CISA adds RoundCube Webmail and Erlang Erlang/OTP SSH server flaws to its Known Exploited Vulnerabilities catalog](https://securityaffairs.com/178843/hacking/u-s-cisa-adds-roundcube-erlang-erlang-flaws-known-exploited-vulnerabilities-catalog.html) [Mirai botnets exploit Wazuh RCE, Akamai warned](https://securityaffairs.com/178830/malware/mirai-botnets-exploit-wazuh-rce-akamai-warned.html) [China-linked threat actor targeted +70 orgs worldwide, SentinelOne warns](https://securityaffairs.com/178819/apt/china-linked-threat-actor-targeted-70-orgs-worldwide-sentinelone-warns.html) [DOJ moves to seize $7.74M in crypto linked to North Korean IT worker scam](https://securityaffairs.com/178810/cyber-crime/doj-seize-7-74m-linked-to-north-korean-it-worker-scam.html) [OpenAI bans ChatGPT accounts linked to Russian, Chinese cyber ops](https://securityaffairs.com/178797/intelligence/openai-bans-chatgpt-accounts-linked-to-russian-chinese-cyber-ops.html) [New Mirai botnet targets TBK DVRs by exploiting CVE-2024-3721](https://securityaffairs.com/178779/malware/new-mirai-botnet-targets-tbk-dvrs-by-exploiting-cve-2024-3721.html) [BadBox 2.0 botnet infects millions of IoT devices worldwide, FBI warns](https://securityaffairs.com/178789/malware/badbox-2-0-botnet-infects-millions-of-iot-devices-worldwide-fbi-warns.html) [Over 950K weekly downloads at risk in ongoing supply chain attack on Gluestack packages](https://securityaffairs.com/178772/malware/over-950k-weekly-downloads-at-risk-in-ongoing-supply-chain-attack-on-gluestack-packages.html)**International Press — Newsletter****Cybercrime**[20,000 malicious IPs and domains taken down in INTERPOL infostealer crackdown](https://www.interpol.int/News-and-Events/News/2025/20-000-malicious-IPs-and-domains-taken-down-in-INTERPOL-infostealer-crackdown)[Eggs in a Cloudy Basket: Skeleton Spider’s Trusted Cloud Malware Delivery](https://dti.domaintools.com/skeleton-spider-trusted-cloud-malware-delivery/)[Singapore leads multinational operation to shutter scam centers tied to $225 million in thefts](https://therecord.media/asia-scam-center-takedowns-singapore-police)[Fog Ransomware: Unusual Toolset Used in Recent Attack](https://www.security.com/threat-intelligence/fog-ransomware-attack)[Cyberattack leads to Whole Foods shortages](https://www.nbcnews.com/tech/security/whole-foods-sees-shortages-united-natural-foods-cyberattack-rcna212379)[Whole Foods supplier United Natural Foods says cyber incident disrupted operations](https://www.reuters.com/business/whole-foods-supplier-united-natural-foods-says-cyber-incident-disrupted-2025-06-09/)[Inside a Dark Adtech Empire Fed by Fake CAPTCHAs](https://krebsonsecurity.com/2025/06/inside-a-dark-adtech-empire-fed-by-fake-captchas/)**Malware**[Supply chain attack hits Gluestack NPM packages with 960K weekly downloads](https://www.bleepingcomputer.com/news/security/supply-chain-attack-hits-gluestack-npm-packages-with-960k-weekly-downloads/)[Destructive npm Packages Disguised as Utilities Enable Remote System Wipe](https://socket.dev/blog/destructive-npm-packages-enable-remote-system-wipe)[Demystifying Myth Stealer: A Rust Based InfoStealer](https://www.trellix.com/en-in/blogs/research/demystifying-myth-stealer-a-rust-based-infostealer/)[DanaBleed: DanaBot C2 Server Memory Leak Bug](https://www.zscaler.com/blogs/security-research/danableed-danabot-c2-server-memory-leak-bug)[Two Botnets, One Flaw: Mirai Spreads Through Wazuh Vulnerability](https://www.akamai.com/blog/security-research/botnets-flaw-mirai-spreads-through-wazuh-vulnerability)**Hacking**[Bruteforcing the phone number of any Google user](https://brutecat.com/articles/leaking-google-phones)[Hackers Stole 300,000 Crash Reports From Texas Department of Transportation](https://www.securityweek.com/hackers-stole-300000-crash-reports-from-texas-department-of-transportation/)[Big Brother Is Watching You](https://enablement.bitsight.com/sh/570339668395124546/assets/?id=570339016365373055)[catdoc zero-day, NVIDIA, High-Logic FontCreator and Parallel vulnerabilities](https://blog.talosintelligence.com/catdoc-zero-day-nvidia-high-logic-fontcreator-and-parallel-vulnerabilities/)[SinoTrack GPS Devices Vulnerable to Remote Vehicle Control via Default Passwords](https://thehackernews.com/2025/06/sinotrack-gps-devices-vulnerable-to.html)[SmartAttack: Air-Gap Attack via Smartwatches](https://arxiv.org/html/2506.08866v1)[The TokenBreak Attack](https://hiddenlayer.com/innovation-hub/the-tokenbreak-attack/)[Weaponizing Wholesome Yearbook Quotes to Break AI Chatbot Filters](https://www.straiker.ai/blog/weaponizing-wholesome-yearbook-quotes-to-break-ai-chatbot-filters)[JSFireTruck: Exploring Malicious JavaScript Using JSF-*ck as an Obfuscation Technique](https://unit42.paloaltonetworks.com/malicious-javascript-using-jsfiretruck-as-obfuscation/)**Intelligence and Information Warfare**[Disrupting malicious uses of AI: June 2025](https://openai.com/global-affairs/disrupting-malicious-uses-of-ai-june-2025/)[Operation Phantom Enigma](https://global.ptsecurity.com/analytics/pt-esc-threat-intelligence/operation-phantom-enigma)[Proxy Services Feast on Ukraine’s IP Address Exodus](https://krebsonsecurity.com/2025/06/proxy-services-feast-on-ukraines-ip-address-exodus/)[Follow the Smoke -| China-nexus Threat Actors Hammer At the Doors of Top Tier Targets](https://www.sentinelone.com/labs/follow-the-smoke-china-nexus-threat-actors-hammer-at-the-doors-of-top-tier-targets/)[Telegram, the FSB, and the Man in the Middle](https://www.occrp.org/en/investigation/telegram-the-fsb-and-the-man-in-the-middle)[Paragon says it canceled contracts with Italy over government’s refusal to investigate spyware attack on journalist](https://techcrunch.com/2025/06/09/paragon-says-it-cancelled-contracts-with-italy-over-governments-refusal-to-investigate-spyware-attack-on-journalist/)[Sleep with one eye open: how Librarian Ghouls steal data by night](https://securelist.com/librarian-ghouls-apt-wakes-up-computers-to-steal-data-and-mine-crypto/116536/)[UNC1151 exploiting Roundcube to steal user credentials in a spearphishing campaign](https://cert.pl/en/posts/2025/06/unc1151-campaign-roundcube/)[Meta found a new way to violate your privacy. Here’s what you can do](https://www.washingtonpost.com/technology/2025/06/06/meta-privacy-facebook-instagram/)[Graphite Caught First Forensic Confirmation of Paragon’s iOS Mercenary Spyware Finds Journalists Targeted](https://citizenlab.ca/2025/06/first-forensic-confirmation-of-paragons-ios-mercenary-spyware-finds-journalists-targeted/)**Cybersecurity**[Department Files Civil Forfeiture Complaint Against Over $7.74M Laundered on Behalf of the North Korean Government](https://www.justice.gov/opa/pr/department-files-civil-forfeiture-complaint-against-over-774m-laundered-behalf-north-korean)[Why the Revision of the Cybersecurity Act is the Most Consequential Regulatory Development of 2025 (and Beyond)](https://accesspartnership.com/revision-cybersecurity-act-most-consequential-regulatory-development-2025/)[Defending Against Malware: The Invisible Enemy](https://www.sans.org/newsletters/ouch/defending-against-malware-invisible-enemy/)[AI could unleash ‘deep societal upheavals’ that many elites are ignoring, Palantir CEO Alex Karp warns](https://fortune.com/2025/06/07/ai-workforce-impact-societal-upheavals-palantir-alex-karp-entry-level-jobs/)[Apple fixes new iPhone zero-day bug used in Paragon spyware hacks](https://techcrunch.com/2025/06/12/apple-fixes-new-iphone-zero-day-bug-used-in-paragon-spyware-hacks/)[Global Cybersecurity Market To Reach $1 Trillion Annually By 2031](https://www.einpresswire.com/article/807326191/global-cybersecurity-market-to-reach-1-trillion-annually-by-2031)Follow me on Twitter: [@securityaffairs](https://twitter.com/securityaffairs) and [Facebook](https://www.facebook.com/sec.affairs) and [Mastodon](https://infosec.exchange/@securityaffairs)[Pierluigi Paganini](http://www.linkedin.com/pub/pierluigi-paganini/b/742/559)([SecurityAffairs](http://securityaffairs.co/wordpress/) — hacking, newsletter)
Related Tags:
NAICS: 54 – Professional
Scientific
Technical Services
NAICS: 334 – Computer And Electronic Product Manufacturing
NAICS: 517 – Telecommunications
NAICS: 541 – Professional
Scientific
Technical Services
NAICS: 52 – Finance And Insurance
NAICS: 518 – Computing Infrastructure Providers
Data Processing
Web Hosting
Related Services
NAICS: 33 – Manufacturing – Metal
Electronics And Other
NAICS: 522 – Credit Intermediation And Related Activities
NAICS: 51 – Information
Associated Indicators: