A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box.———————————————————————————————————————————————————–Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.[North Korea-linked threat actors spread macOS NimDoor malware via fake Zoom updates](https://securityaffairs.com/179643/malware/north-korea-linked-threat-actors-spread-macos-nimdoor-malware-via-fake-zoom-updates.html) [Critical Sudo bugs expose major Linux distros to local Root exploits](https://securityaffairs.com/179637/security/critical-sudo-bugs-expose-major-linux-distros-to-local-root-exploits.html) [Google fined $314M for misusing idle Android users’ data](https://securityaffairs.com/179628/laws-and-regulations/google-fined-314m-for-misusing-idle-android-users-data.html) [A flaw in Catwatchful spyware exposed logins of +62,000 users](https://securityaffairs.com/179620/malware/a-flaw-in-catwatchful-spyware-exposed-logins-of-62000-users.html) [China-linked group Houken hit French organizations using zero-days](https://securityaffairs.com/179602/apt/china-linked-group-houken-hit-french-organizations-using-zero-days.html) [Data Breach](https://securityaffairs.com/179609/data-breach/cybercriminals-target-brazil-248725-exposed-in-ciee-one-data-breach.html) [Cybercriminals Target Brazil: 248,725 Exposed in CIEE One Data Breach](https://securityaffairs.com/179609/data-breach/cybercriminals-target-brazil-248725-exposed-in-ciee-one-data-breach.html) [Europol shuts down Archetyp Market, longest-running dark web drug marketplace](https://securityaffairs.com/179591/cyber-crime/europol-shuts-down-archetyp-market-longest-running-dark-web-drug-marketplace.html) [Kelly Benefits data breach has impacted 550,000 people, and the situation continues to worsen as the investigation progresses](https://securityaffairs.com/179583/uncategorized/the-kelly-benefits-data-breach-has-impacted-550000-people-and-the-situation-continues-to-worsen-as-the-investigation-progresses.html) [Cisco removed the backdoor account from its Unified Communications Manager](https://securityaffairs.com/179577/security/cisco-removed-the-backdoor-account-from-its-unified-communications-manager.html) [U.S. Sanctions Russia’s Aeza Group for aiding crooks with bulletproof hosting](https://securityaffairs.com/179565/cyber-crime/u-s-sanctions-russias-aeza-group-for-aiding-crooks-with-bulletproof-hosting.html) [Qantas confirms customer data breach amid Scattered Spider attacks](https://securityaffairs.com/179557/cyber-crime/qantas-confirms-customer-data-breach-amid-scattered-spider-attacks.html) [CVE-2025-6554 is the fourth Chrome zero-day patched by Google in 2025](https://securityaffairs.com/179549/hacking/cve-2025-6554-is-the-fourth-chrome-zero-day-patched-by-google-in-2025.html) [U.S. CISA adds TeleMessage TM SGNL flaws to its Known Exploited Vulnerabilities catalog](https://securityaffairs.com/179542/hacking/u-s-cisa-adds-telemessage-tm-sgnl-flaws-to-its-known-exploited-vulnerabilities-catalog.html) [A sophisticated cyberattack hit the International Criminal Court](https://securityaffairs.com/179532/hacking/a-sophisticated-cyberattack-hit-the-international-criminal-court.html) [Esse Health data breach impacted 263,000 individuals](https://securityaffairs.com/179520/data-breach/esse-health-data-breach-impacted-263000-individuals.html) [GDPR violations prompt Germany to push Google and Apple to ban DeepSeek AI](https://securityaffairs.com/179511/laws-and-regulations/gdpr-violations-prompt-germany-to-push-google-and-apple-to-ban-deepseek-ai.html) [Europol dismantles €460M crypto scam targeting 5,000 victims worldwide](https://securityaffairs.com/179495/cyber-crime/europol-dismantles-e460m-crypto-scam-targeting-5000-victims-worldwide.html) [CISA and U.S. Agencies warn of ongoing Iranian cyber threats to critical infrastructure](https://securityaffairs.com/179484/cyber-warfare-2/cisa-and-u-s-agencies-warn-of-ongoing-iranian-cyber-threats-to-critical-infrastructure.html) [U.S. CISA adds Citrix NetScaler flaw to its Known Exploited Vulnerabilities catalog](https://securityaffairs.com/179476/hacking/u-s-cisa-adds-citrix-netscaler-flaw-to-its-known-exploited-vulnerabilities-catalog.html) [Canada bans Hikvision over national security concerns](https://securityaffairs.com/179470/laws-and-regulations/canada-bans-hikvision-over-national-security-concerns.html) [Denmark moves to protect personal identity from deepfakes with new copyright law](https://securityaffairs.com/179464/laws-and-regulations/denmark-moves-to-protect-personal-identity-from-deepfakes-with-new-copyright-law.html) [Facebook wants access to your camera roll for AI photo edits](https://securityaffairs.com/179434/social-networks/facebook-wants-access-to-your-camera-roll-for-ai-photo-edits.html)**International Press — Newsletter****Cybercrime**[Crypto investment fraud ring dismantled in Spain after defrauding 5 000 victims worldwide](https://www.europol.europa.eu/media-press/newsroom/news/crypto-investment-fraud-ring-dismantled-in-spain-after-defrauding-5-000-victims-worldwide)[New INTERPOL report warns of sharp rise in cybercrime in Africa](https://www.interpol.int/en/News-and-Events/News/2025/New-INTERPOL-report-warns-of-sharp-rise-in-cybercrime-in-Africa)[QANTAS CYBER INCIDENT](https://www.qantasnewsroom.com.au/media-releases/qantas-cyber-incident/)[Treasury Sanctions Global Bulletproof Hosting Service Enabling Cybercriminals and Technology Theft](https://home.treasury.gov/news/press-releases/sb0185)[PDFs: Portable documents, or perfect deliveries for phish?](https://blog.talosintelligence.com/pdfs-portable-documents-or-perfect-deliveries-for-phish/)[Hunters International Ransomware Shuts Down, Offers Free Decryptors to Victims](https://cyberinsider.com/hunters-international-ransomware-shuts-down-offers-free-decryptors-to-victims/)**Malware**[10 Things I Hate About Attribution: RomCom vs. TransferLoader](https://www.proofpoint.com/us/blog/threat-insight/10-things-i-hate-about-attribution-romcom-vs-transferloader)[FoxyWallet: 40+ Malicious Firefox Extensions Exposed](https://blog.koi.security/foxywallet-40-malicious-firefox-extensions-exposed-4c14419de486)[Addressing malware family concept drift with triplet autoencoder](https://arxiv.org/abs/2507.00348)[RawMal-TF: Raw Malware Dataset Labeled by Type and Family](https://arxiv.org/abs/2506.23909)**Hacking**[ICC detects and contains new sophisticated cyber security incident](https://www.icc-cpi.int/news/icc-detects-and-contains-new-sophisticated-cyber-security-incident)[CVE-2025-6543: Zero Day Exploitation of NetScaler ADC and NetScaler Gateway](https://www.rapid7.com/blog/post/etr-zero-day-exploitation-of-netscaler-adc-and-netscaler-gateway/)[Chrome Zero-Day CVE-2025-6554 Under Active Attack — Google Issues Security Update](https://thehackernews.com/2025/07/google-patches-critical-zero-day-flaw.html)[FileFix (Part 2) attack](https://mrd0x.com/filefix-part-2/)[Cisco warns that Unified CM has hardcoded root SSH credentials](https://www.bleepingcomputer.com/news/security/cisco-removes-unified-cm-callManager-backdoor-root-account/)[Taking over 60k spyware user accounts with SQL injection](https://ericdaigle.ca/posts/taking-over-60k-spyware-user-accounts/)[China breaks RSA encryption with a quantum computer, threatening global data security](https://www.earth.com/news/china-breaks-rsa-encryption-with-a-quantum-computer-threatening-global-data-security/)[Exposed JDWP Exploited in the Wild: What Happens When Debug Ports Are Left Open](https://www.wiz.io/blog/exposed-jdwp-exploited-in-the-wild)**Intelligence and Information Warfare**[Iranian Cyber Actors May Target Vulnerable US Networks and Entities of Interest](https://www.cisa.gov/resources-tools/resources/iranian-cyber-actors-may-target-vulnerable-us-networks-and-entities-interest)[macOS NimDoor -| DPRK Threat Actors Target Web3 and Crypto Platforms with Nim-Based Malware](https://www.sentinelone.com/labs/macos-nimdoor-dprk-threat-actors-target-web3-and-crypto-platforms-with-nim-based-malware/)[Analysis of the threat case of kimsuky group using ‘ClickFix’ tactic](https://www.genians.co.kr/en/blog/threat_intelligence/suky-castle)[Warning Against Distribution of Malware Disguised as Research Papers (Kimsuky Group)](https://asec.ahnlab.com/en/88465/)[Dissecting Kimsuky’s Attacks on South Korea: In-Depth Analysis of GitHub-Based Malicious Infrastructure](https://www.enki.co.kr/en/media-center/tech-blog/dissecting-kimsuky-s-attacks-on-south-korea-in-depth-analysis-of-github-based-malicious-infrastructure)[Houken seeking a path by living on the edge with zero-days](https://www.cert.ssi.gouv.fr/cti/CERTFR-2025-CTI-009/)[Israel strikes Iran’s nuclear sites and kills top generals. Iran retaliates with missile barrages](https://apnews.com/article/iran-explosions-israel-tehran-00234a06e5128a8aceb406b140297299)[How Geopolitical Tensions Are Shaping Cyber Warfare](https://www.darkreading.com/vulnerabilities-threats/geopolitical-tensions-shape-cyber-warfare)**Cybersecurity**[Facebook is asking to use Meta AI on photos in your camera roll you haven’t yet shared](https://techcrunch.com/2025/06/27/facebook-is-asking-to-use-meta-ai-on-photos-in-your-camera-roll-you-havent-yet-shared/)[Ahold Delhaize Data Breach Impacts 2.2 Million People](https://www.securityweek.com/ahold-delhaize-data-breach-impacts-2-2-million-people/)[Denmark to tackle deepfakes by giving people copyright to their own features](https://www.theguardian.com/technology/2025/jun/27/deepfakes-denmark-copyright-law-artificial-intelligence)[Berlin data protection commissioner reports AI app DeepSeek in Germany to Apple and Google as illegal content](https://www.datenschutz-berlin.de/pressemitteilung/berliner-datenschutzbeauftragte-meldet-ki-app-deepseek-in-deutschland-bei-apple-und-google-als-rechtswidrigen-inhalt/)[263,000 Impacted by Esse Health Data Breach](https://www.securityweek.com/263000-impacted-by-esse-health-data-breach/)[China breaks RSA encryption with a quantum computer, threatening global data security](https://www.earth.com/news/china-breaks-rsa-encryption-with-a-quantum-computer-threatening-global-data-security/)[Data breach reveals Catwatchful ‘stalkerware’ is spying on thousands of phones](https://techcrunch.com/2025/07/02/data-breach-reveals-catwatchful-stalkerware-spying-on-thousands-android-phones/)[Google Ordered to Pay $314M for Misusing Android Users’ Cellular Data Without Permission](https://thehackernews.com/2025/07/google-ordered-to-pay-314m-for-misusing.html)[Vulnerability Advisory: Sudo Host Option Elevation of Privilege](https://www.stratascale.com/vulnerability-alert-CVE-2025-32462-sudo-host)[Top AI models will lie, cheat and steal to reach goals, Anthropic finds](https://www.axios.com/2025/06/20/ai-models-deceive-steal-blackmail-anthropic)[Only One in 10 Organizations Globally Are Ready to Protect Against AI-Augmented Cyber Threats](https://newsroom.accenture.com/news/2025/only-one-in-10-organizations-globally-are-ready-to-protect-against-ai-augmented-cyber-threats)[More than 25% of UK businesses hit by cyber-attack in last year, report finds](https://www.theguardian.com/business/2025/jun/30/uk-businesses-hit-by-cyber-attack-last-year-report)Follow me on Twitter: [@securityaffairs](https://twitter.com/securityaffairs) and [Facebook](https://www.facebook.com/sec.affairs) and [Mastodon](https://infosec.exchange/@securityaffairs)[Pierluigi Paganini](http://www.linkedin.com/pub/pierluigi-paganini/b/742/559)([SecurityAffairs](http://securityaffairs.co/wordpress/) — hacking, newsletter)
Related Tags:
CVE-2025-6543
Springtail
APT43
TA427
Emerald Sleet
Storm-0875
Octo Tempest
NAICS: 921 – Executive
Legislative
Other General Government Support
NAICS: 54 – Professional
Scientific
Technical Services
Associated Indicators: