A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box.———————————————————————————————————————————————————–Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.[Fortinet FortiWeb flaw CVE-2025-25257 exploited hours after PoC release](https://securityaffairs.com/180118/hacking/fortinet-fortiweb-flaw-cve-2025-25257-exploited-hours-after-poc-release.html) [Authorities released free decryptor for Phobos and 8base ransomware](https://securityaffairs.com/180108/malware/authorities-released-free-decryptor-for-phobos-and-8base-ransomware.html) [Anne Arundel Dermatology data breach impacts 1.9 million people](https://securityaffairs.com/180100/data-breach/anne-arundel-dermatology-data-breach-impacts-1-9-million-people.html) [LameHug: first AI-Powered malware linked to Russia’s APT28](https://securityaffairs.com/180092/apt/lamehug-first-ai-powered-malware-linked-to-russias-apt28.html) [5 Features Every AI-Powered SOC Platform Needs in 2025](https://securityaffairs.com/180070/security/5-features-every-ai-powered-soc-platform-needs-in-2025.html) [Broadcom patches critical VMware flaws exploited at Pwn2Own Berlin 2025](https://securityaffairs.com/180062/security/broadcom-patches-critical-vmware-flaws-exploited-at-pwn2own-berlin-2025.html) [Stormous Ransomware gang targets North Country HealthCare, claims 600K patient data stolen](https://securityaffairs.com/180057/data-breach/180057stormous-ransomware-gang-targets-north-country-healthcare-claims-600k-patient-data-stolen.html) [United Natural Foods Expects $400M revenue impact from June cyber attack](https://securityaffairs.com/180050/security/united-natural-foods-expects-400m-revenue-impact-from-june-cyber-attack.html) [Cisco patches critical CVE-2025-20337 bug in Identity Services Engine with CVSS 10 Severity](https://securityaffairs.com/180044/security/cisco-patches-critical-cve-2025-20337-bug-in-identity-services-engine-with-cvss-10-severity.html) [UNC6148 deploys Overstep malware on SonicWall devices, possibly for ransomware operations](https://securityaffairs.com/180035/hacking/unc6148-deploys-overstep-malware-on-sonicwall-devices-possibly-for-ransomware-operations.html) [Operation Eastwood disrupted operations of pro-Russian hacker group NoName057(16)](https://securityaffairs.com/180027/cyber-crime/operation-eastwood-disrupted-operations-of-pro-russian-hacker-group-noname05716.html) [Salt Typhoon breach: Chinese APT compromises U.S. Army National Guard network](https://securityaffairs.com/180018/intelligence/salt-typhoon-breach-chinese-apt-compromises-u-s-army-national-guard-network.html) [Former US Army member confesses to Telecom hack and extortion conspiracy](https://securityaffairs.com/180009/cyber-crime/former-us-army-member-confesses-to-telecom-hack-and-extortion-conspiracy.html) [CVE-2025-6554 marks the fifth actively exploited Chrome Zero-Day patched by Google in 2025](https://securityaffairs.com/180001/hacking/cve-2025-6554-marks-the-fifth-actively-exploited-chrome-zero-day-patched-by-google-in-2025.html) [DDoS peaks hit new highs: Cloudflare mitigated massive 7.3 Tbps assault](https://securityaffairs.com/179989/security/ddos-peaks-hit-new-highs-cloudflare-mitigated-massive-7-3-tbps-assault.html) [U.S. CISA adds Wing FTP Server flaw to its Known Exploited Vulnerabilities catalog](https://securityaffairs.com/179978/hacking/u-s-cisa-adds-wing-ftp-server-flaw-to-its-known-exploited-vulnerabilities-catalog.html) [Android Malware Konfety evolves with ZIP manipulation and dynamic loading](https://securityaffairs.com/179969/malware/android-malware-konfety-evolves-with-zip-manipulation-and-dynamic-loading.html) [Belk hit by May cyberattack: DragonForce stole 150GB of data](https://securityaffairs.com/179958/data-breach/belk-hit-by-may-cyberattack-dragonforce-stole-150gb-of-data.html) [North Korea-linked actors spread XORIndex malware via 67 malicious npm packages](https://securityaffairs.com/179950/hacking/north-korea-linked-actors-spread-xorindex-malware-via-67-malicious-npm-packages.html) [FBI seized multiple piracy sites distributing pirated video games](https://securityaffairs.com/179925/cyber-crime/fbi-seized-multiple-piracy-sites-distributing-pirated-video-games.html) [An attacker using a $500 radio setup could potentially trigger train brake failures or derailments from a distance](https://securityaffairs.com/179940/hacking/an-attacker-using-a-500-radio-setup-could-potentially-trigger-train-brake-failures-or-derailments-from-a-distance.html) [Interlock ransomware group deploys new PHP-based RAT via FileFix](https://securityaffairs.com/179919/cyber-crime/interlock-ransomware-group-deploys-new-php-based-rat-via-filefix.html) [Global Louis Vuitton data breach impacts UK, South Korea, and Turkey](https://securityaffairs.com/179908/data-breach/global-louis-vuitton-data-breach-impacts-uk-south-korea-and-turkey.html) [Experts uncover critical flaws in Kigen eSIM technology affecting billions](https://securityaffairs.com/179894/security/experts-uncover-critical-flaws-in-kigen-esim-technology-affecting-billions.html) [Spain awarded €12.3 million in contracts to Huawei](https://securityaffairs.com/179884/intelligence/spain-awarded-e12-3-million-in-contracts-to-huawei.html) [Patch immediately: CVE-2025-25257 PoC enables remote code execution on Fortinet FortiWeb](https://securityaffairs.com/179874/security/patch-immediately-cve-2025-25257-poc-enables-remote-code-execution-on-fortinet-fortiweb.html) [Wing FTP Server flaw actively exploited shortly after technical details were made public](https://securityaffairs.com/179861/hacking/wing-ftp-server-flaw-actively-exploited-shortly-after-technical-details-were-made-public.html)**International Press — Newsletter****Cybercrime**[Hacker returns cryptocurrency stolen from GMX exchange after $5 million bounty payment](https://therecord.media/hacker-returns-stolen-gmx-bounty)[Louis Vuitton Data Breach Hits Customers in Several Countries](https://www.securityweek.com/louis-vuitton-data-breach-hits-customers-in-several-countries/)[Romania arrests 13 in phishing scam targeting British tax office](https://www.reuters.com/world/uk/romania-arrests-13-phishing-scam-targeting-british-tax-office-2025-07-10/)[CBI Shuts Down £390K U.K. Tech Support Scam, Arrests Key Operatives in Noida Call Center](https://thehackernews.com/2025/07/cbi-shuts-down-390k-uk-tech-support.html)[BaitTrap — The rise of baiting news sites behind online investment fraud](https://www.ctm360.com/reports/baittrap-rise-of-baiting-news-sites)[FBI Atlanta Seizes Major Video Game Piracy Websites](https://www.fbi.gov/contact-us/field-offices/atlanta/news/fbi-atlanta-seizes-major-video-game-piracy-websites)[GLOBAL GROUP: Emerging Ransomware-as-a-Service, Supporting AI Driven Negotiation and Mobile Control Panel for Their Affiliates](https://blog.eclecticiq.com/global-group-emerging-ransomware-as-a-service)[Former U.S. Soldier Pleads Guilty to Hacking and Extortion Scheme Involving Telecommunications Companies](https://www.justice.gov/opa/pr/former-us-soldier-pleads-guilty-hacking-and-extortion-scheme-involving-telecommunications)[Global operation targets NoName057(16) pro-Russian cybercrime network](https://www.europol.europa.eu/media-press/newsroom/news/global-operation-targets-noname05716-pro-russian-cybercrime-network)[Ransomware Group Claims to Have Stolen Data of 600,000 North Country HealthCare Patients](https://www.hipaajournal.com/ransomware-group-claims-600000-patients-data/)[Hackers are trying to steal passwords and sensitive data from users of Signal clone](https://techcrunch.com/2025/07/17/hackers-are-trying-to-steal-passwords-and-sensitive-data-from-users-of-signal-clone/) [](https://www.theregister.com/2025/07/17/google_sues_25_unnamed_chinese/)[Google sues 25 alleged BadBox 2.0 botnet operators, all of whom are in China](https://www.theregister.com/2025/07/17/google_sues_25_unnamed_chinese/)**Malware**[KongTuke FileFix Leads to New Interlock RAT Variant](https://thedfirreport.com/2025/07/14/kongtuke-filefix-leads-to-new-interlock-rat-variant/)[Code highlighting with Cursor AI for $500,000](https://securelist.com/open-source-package-for-cursor-ai-turned-into-a-crypto-heist/116908/)[The Linuxsys Cryptominer](https://www.vulncheck.com/blog/linuxsys-cryptominer)[From a Teams Call to a Ransomware Threat: Matanbuchus 3.0 MaaS Levels Up](https://engage.morphisec.com/hubfs/Matanbuchus%20Threat%20Analysis.pdf)[Unmasking AsyncRAT: Navigating the labyrinth of forks](https://www.welivesecurity.com/en/eset-research/unmasking-asyncrat-navigating-labyrinth-forks/)[New Phobos and 8base ransomware decryptor recover files for free](https://www.bleepingcomputer.com/news/security/new-phobos-ransomware-decryptor-lets-victims-recover-files-for-free/)**Hacking**[eSIM security](https://security-explorations.com/esim-security.html)[Wing FTP Server Remote Code Execution (CVE-2025-47812) Exploited in the Wild](https://www.huntress.com/blog/wing-ftp-server-remote-code-execution-cve-2025-47812-exploited-in-wild)[Pre-Auth SQL Injection to RCE — Fortinet FortiWeb Fabric Connector (CVE-2025-25257)](https://labs.watchtowr.com/pre-auth-sql-injection-to-rce-fortinet-fortiweb-fabric-connector-cve-2025-25257/)[FileFix (Part 2)](https://mrd0x.com/filefix-part-2/)[End-of-Train and Head-of-Train Remote Linking Protocol](https://www.cisa.gov/news-events/ics-advisories/icsa-25-191-10)[CVE-2025-47943: Stored XSS in Gogs via PDF](https://www.hacktivesecurity.com/blog/2025/07/15/cve-2025-47943-stored-xss-in-gogs-via-pdf/)[Ongoing SonicWall Secure Mobile Access (SMA) Exploitation Campaign using the OVERSTEP Backdoor](https://cloud.google.com/blog/topics/threat-intelligence/sonicwall-secure-mobile-access-exploitation-overstep-backdoor)[VMware fixes four ESXi zero-day bugs exploited at Pwn2Own Berlin](https://www.bleepingcomputer.com/news/security/vmware-fixes-four-esxi-zero-day-bugs-exploited-at-pwn2own-berlin/)[Chinese authorities are using a new tool to hack seized phones and extract data](https://techcrunch.com/2025/07/16/chinese-authorities-are-using-a-new-tool-to-hack-seized-phones-and-extract-data/)[Zero-Day Threat Mitigation via Deep Learning in Cloud Environments](https://www.mdpi.com/2076-3417/15/14/7885)[July 16 Advisory: Pre-Auth SQL Injection Leads to RCE in Fortinet FortiWeb -[CVE-2025-25257-]](https://censys.com/advisory/cve-2025-25257)[Flaw in Signal App Clone Could Leak Passwords — GreyNoise Identifies Active Reconnaissance and Exploit Attempts](https://www.greynoise.io/blog/active-exploit-attempts-signal-based-messaging-app)[CitrixBleed 2 situation update — everybody already got owned](https://doublepulsar.com/citrixbleed-2-situation-update-everybody-already-got-owned-503c6d06da9f)**Intelligence and Information Warfare**[How terrorist groups are leveraging AI to recruit and finance their operations](https://www.theguardian.com/world/2025/jul/08/terrorist-groups-artificial-intelligence)[The government pays 12 million to China’s Huawei to protect police wiretaps](https://theobjective.com/economia/2025-07-07/gobierno-huawei-escuchas/)[Behind the Clouds: Attackers Targeting Governments in Southeast Asia Implement Novel Covert C2 Communication](https://unit42.paloaltonetworks.com/windows-backdoor-for-novel-c2-communication/)[China’s Salt Typhoon Hacked US National Guard](https://www.securityweek.com/chinas-salt-typhoon-hacked-us-national-guard/)[MaaS operation using Emmenhtal and Amadey linked to threats against Ukrainian entities](https://blog.talosintelligence.com/maas-operation-using-emmenhtal-and-amadey-linked-to-threats-against-ukrainian-entities/)[UAC-0001 cyberattacks on the security and defense sector using the LAMEHUG software tool, which uses LLM (large language model) (CERT-UA#16039)](https://cert.gov.ua/article/6284730)[Trump administration to spend $1 billion on ‘offensive’ hacking operations](https://techcrunch.com/2025/07/14/trump-administration-to-spend-1-billion-on-offensive-hacking-operations/)[Addressing State-Linked Cyber Threats to Critical Maritime Port Infrastructure](https://ccdcoe.org/library/publications/addressing-state-linked-cyber-threats-to-critical-maritime-port-infrastructure/) [](https://www.theregister.com/2025/07/20/uk_microsoft_snooping_russia/)[UK uncovers novel Microsoft snooping malware, blames and sanctions GRU cyberspies](https://www.theregister.com/2025/07/20/uk_microsoft_snooping_russia/)**Cybersecurity**[CVE-2025-47812: Wing FTP Server Remote Code Execution Vulnerability Exploited in the Wild](https://arcticwolf.com/resources/blog/cve-2025-47812/)[Engaging the Vulnerability Research community through the Vulnerability Research Initiative](https://www.ncsc.gov.uk/information/engaging-the-vulnerability-research-community-through-the-vulnerability-research-initiative)[Hyper-volumetric DDoS attacks skyrocket: Cloudflare’s 2025 Q2 DDoS threat report](https://blog.cloudflare.com/ddos-threat-report-for-2025-q2/)[TRACKING RANSOMWARE : JUNE 2025](https://www.cyfirma.com/research/tracking-ransomware-june-2025/)[Cisco Warns of Critical ISE Flaw Allowing Unauthenticated Attackers to Execute Root Code](https://thehackernews.com/2025/07/cisco-warns-of-critical-ise-flaw.html)[United Natural Foods Projects Up to $400M Sales Hit From June Cyberattack](https://www.securityweek.com/united-natural-foods-projects-up-to-400m-sales-hit-from-june-cyberattack/)[DOGE Denizen Marko Elez Leaked API Key for xAI](https://krebsonsecurity.com/2025/07/doge-denizen-marko-elez-leaked-api-key-for-xai/)Follow me on Twitter: [@securityaffairs](https://twitter.com/securityaffairs) and [Facebook](https://www.facebook.com/sec.affairs) and [Mastodon](https://infosec.exchange/@securityaffairs)[Pierluigi Paganini](http://www.linkedin.com/pub/pierluigi-paganini/b/742/559)([SecurityAffairs](http://securityaffairs.co/wordpress/) — hacking, newsletter)
Related Tags:
CVE-2025-20337
CVE-2025-25257
CVE-2025-47812
CVE-2025-6554
Salt Typhoon
GruesomeLarch
FROZENLAKE
Forest Blizzard
NAICS: 54 – Professional
Scientific
Technical Services
Associated Indicators: