A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box.———————————————————————————————————————————————————–Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.[Lab Dookhtegan hacking group disrupts communications on dozens of Iranian ships](https://securityaffairs.com/181737/hacking/lab-dookhtegan-disrupts-comms-iranian-ships.html) [New zero-click exploit allegedly used to hack WhatsApp users](https://securityaffairs.com/181714/intelligence/new-zero-click-exploit-allegedly-used-to-hack-whatsapp-users.html) [US and Dutch Police dismantle VerifTools fake ID marketplace](https://securityaffairs.com/181700/cyber-crime/us-and-dutch-police-dismantle-veriftools-fake-id-marketplace.html) [Experts warn of actively exploited FreePBX zero-day](https://securityaffairs.com/181693/hacking/experts-warn-of-actively-exploited-freepbx-zero-day.html) [Google: Salesloft Drift breach hits all integrations](https://securityaffairs.com/181686/cyber-crime/google-salesloft-drift-breach-hits-all-integrations.html) [Dutch intelligence warn that China-linked APT Salt Typhoon targeted local critical infrastructure](https://securityaffairs.com/181677/apt/dutch-intelligence-warns-that-china-linked-apt-salt-typhoon-targeted-local-critical-infrastructure.html) [200 Swedish municipalities impacted by a major cyberattack on IT provider](https://securityaffairs.com/181668/security/200-swedish-municipalities-impacted-by-a-major-cyberattack-on-it-provider.html) [TransUnion discloses a data breach impacting over 4.4 million customers](https://securityaffairs.com/181662/data-breach/transunion-discloses-a-data-breach-impacting-over-4-4-million-customers.html) [NSA, NCSC, and allies detailed TTPs associated with Chinese APT actors targeting critical infrastructure Orgs](https://securityaffairs.com/181650/intelligence/nsa-ncsc-and-allies-detailed-ttps-associated-with-chinese-apt-actors-targeting-critical-infrastructure-orgs.html) [UNC6395 targets Salesloft in Drift OAuth token theft campaign](https://securityaffairs.com/181632/hacking/unc6395-targets-salesloft-in-drift-oauth-token-theft-campaign.html) [Over 28,000 Citrix instances remain exposed to critical RCE flaw CVE-2025-7775](https://securityaffairs.com/181614/hacking/over-28000-citrix-instances-remain-exposed-to-critical-rce-flaw-cve-2025-7775.html) [U.S. CISA adds Citrix NetScaler flaw to its Known Exploited Vulnerabilities catalog](https://securityaffairs.com/181615/security/u-s-cisa-adds-citrix-netscaler-flaw-to-its-known-exploited-vulnerabilities-catalog-2.html) [Healthcare Services Group discloses 2024 data breach that impacted 624,496 people](https://securityaffairs.com/181608/data-breach/healthcare-services-group-discloses-2024-data-breach-that-impacted-624496-people.html) [ESET warns of PromptLock, the first AI-driven ransomware](https://securityaffairs.com/181595/malware/eset-warns-of-promptlock-the-first-ai-driven-ransomware.html) [China linked UNC6384 targeted diplomats by hijacking web traffic](https://securityaffairs.com/181584/security/china-linked-unc6384-targeted-diplomats-by-hijacking-web-traffic.html) [Farmers Insurance discloses a data breach impacting 1.1M customers](https://securityaffairs.com/181576/data-breach/farmers-insurance-discloses-a-data-breach-impacting-1-1m-customers.html) [Citrix fixed three NetScaler flaws, one of them actively exploited in the wild](https://securityaffairs.com/181567/hacking/citrix-fixed-three-netscaler-flaws-one-of-them-actively-exploited-in-the-wild.html) [Auchan discloses data breach: data of hundreds of thousands of customers exposed](https://securityaffairs.com/181556/data-breach/auchan-discloses-data-breach-data-of-hundreds-of-thousands-of-customers-exposed.html) [U.S. CISA adds Citrix Session Recording, and Git flaws to its Known Exploited Vulnerabilities catalog](https://securityaffairs.com/181551/uncategorized/u-s-cisa-adds-citrix-session-recording-and-git-flaws-to-its-known-exploited-vulnerabilities-catalog.html) [Docker fixes critical Desktop flaw allowing container escapes](https://securityaffairs.com/181545/security/docker-fixes-critical-desktop-flaw-allowing-container-escapes.html) [Malicious apps with +19M installs removed from Google Play because spreading Anatsa banking trojan and other malware](https://securityaffairs.com/181528/malware/malicious-apps-with-19m-installs-removed-from-google-play-because-spreading-anatsa-banking-trojan-and-other-malware.html) [Pakistan-linked APT36 abuses Linux .desktop files to drop custom malware in new campaign](https://securityaffairs.com/181513/apt/pakistan-linked-apt36-abuses-linux-desktop-files-to-drop-custom-malware-in-new-campaign.html) [Android.Backdoor.916.origin malware targets Russian business executives](https://securityaffairs.com/181503/malware/android-backdoor-916-origin-malware-targets-russian-business-executives.html) [Electronics manufacturer Data I/O took offline operational systems following a ransomware attack](https://securityaffairs.com/181493/cyber-crime/electronics-manufacturer-data-i-o-took-offline-operational-systems-following-a-ransomware-attack.html) [IoT under siege: The return of the Mirai-based Gayfemboy Botnet](https://securityaffairs.com/181480/cyber-crime/iot-under-siege-the-return-of-the-mirai-based-gayfemboy-botnet.html)**International Press — Newsletter****Cybercrime**[U.S. Government Seizes Online Marketplaces Selling Fraudulent Identity Documents Used in Cybercrime Schemes](https://www.justice.gov/usao-nm/pr/us-government-seizes-online-marketplaces-selling-fraudulent-identity-documents-used)[Auchan announces that it has been the victim of ‘an act of cybercrime’, with ‘hundreds of thousands’ of its customers’ data hacked](https://www.lemonde.fr/pixels/article/2025/08/21/auchan-annonce-avoir-ete-victime-d-un-acte-de-cybermalveillance-des-centaines-de-milliers-de-donnees-de-ses-clients-piratees_6633141_4408996.html)[Widespread Data Theft Targets Salesforce Instances via Salesloft Drift](https://cloud.google.com/blog/topics/threat-intelligence/data-theft-salesforce-instances-via-salesloft-drift)[Storm-0501’s evolving techniques lead to cloud-based ransomware](https://www.microsoft.com/en-us/security/blog/2025/08/27/storm-0501s-evolving-techniques-lead-to-cloud-based-ransomware/)[Hacker used a voice phishing attack to steal Cisco customers’ personal information](https://techcrunch.com/2025/08/05/hacker-used-a-voice-phishing-attack-to-steal-cisco-customers-personal-information/)[DSLRoot, Proxies, and the Threat of ‘Legal Botnets’](https://krebsonsecurity.com/2025/08/dslroot-proxies-and-the-threat-of-legal-botnets/)[Cyberattack against several municipal and regional systems](https://www.aftonbladet.se/nyheter/a/dRXkqO/befarad-cyberattack-mot-flera-kommun-och-regionsystem)[Infostealers: The Silent Smash-and-Grab Driving Modern Cybercrime](https://www.securityweek.com/infostealers-the-silent-smash-and-grab-driving-modern-cybercrime/)[Colt Technology Services gets ransomware’d via SharePoint initial access— some learning points](https://doublepulsar.com/colt-technical-services-gets-ransomwared-via-sharepoint-initial-access-some-learning-points-617da7e27ebc)[Germany charges man over cyberattack on Rosneft subsidiary](https://therecord.media/germany-charges-cyberattack-rosneft)[Ransomware gang takedowns causing explosion of new, smaller groups](https://therecord.media/ransomware-gang-takedown-proliferation)[Citrix forgot to tell you CVE-2025–6543 has been used as a zero day since May 2025](https://doublepulsar.com/citrix-forgot-to-tell-you-cve-2025-6543-has-been-used-as-a-zero-day-since-may-2025-d76574e2dd2c)**Malware**[The Resurgence of IoT Malware: Inside the Mirai-Based ‘Gayfemboy’ Botnet Campaign](https://www.fortinet.com/blog/threat-research/iot-malware-gayfemboy-mirai-based-botnet-campaign)[Your Connection, Their Cash: Threat Actors Misuse SDKs to Sell Your Bandwidth](https://unit42.paloaltonetworks.com/attackers-sell-your-bandwidth-using-sdks/)[Android backdoor spies on employees of Russian business](https://news.drweb.ru/show/?i=15047&lng=ru)[Tamperedchef — The Bad PDF Editor](https://www.truesec.com/hub/blog/tamperedchef-the-bad-pdf-editor)[AppSuite PDF Editor Backdoor: A Detailed Technical Analysis](https://www.gdatasoftware.com/blog/2025/08/38257-appsuite-pdf-editor-backdoor-analysis)[Malware devs abuse Anthropic’s Claude AI to build ransomware](https://www.bleepingcomputer.com/news/security/malware-devs-abuse-anthropics-claude-ai-to-build-ransomware/)**Hacking**[Breaking Docker’s Isolation Using… Docker? (CVE-2025-9074)](https://pvotal.tech/breaking-dockers-isolation-using-docker-cve-2025-9074/)[Vtenext 25.02: A three-way path to RCE](https://blog.sicuranext.com/vtenext-25-02-a-three-way-path-to-rce/)[Citrix Patches Three NetScaler Flaws, Confirms Active Exploitation of CVE-2025-7775](https://thehackernews.com/2025/08/citrix-patches-three-netscaler-flaws.html)[Widespread Data Theft Targets Salesforce Instances via Salesloft Drift](https://cloud.google.com/blog/topics/threat-intelligence/data-theft-salesforce-instances-via-salesloft-drift/)[Cache Me If You Can (Sitecore Experience Platform Cache Poisoning to RCE)](https://labs.watchtowr.com/cache-me-if-you-can-sitecore-experience-platform-cache-poisoning-to-rce/)[Inside the Lab-Dookhtegan Hack: How Iranian Ships Lost Their Voice at Sea](https://blog.narimangharib.com/posts/2025%2F08%2F1755854831605?lang=en)[WhatsApp Issues Emergency Update for Zero-Click Exploit Targeting iOS and macOS Devices](https://thehackernews.com/2025/08/whatsapp-issues-emergency-update-for.html)**Intelligence and Information Warfare**[APT36: Targets Indian BOSS Linux Systems with Weaponized AutoStart Files](https://www.cyfirma.com/research/apt36-targets-indian-boss-linux-systems-with-weaponized-autostart-files/)[Deception in Depth: PRC-Nexus Espionage Campaign Hijacks Web Traffic to Target Diplomats](https://cloud.google.com/blog/topics/threat-intelligence/prc-nexus-espionage-targets-diplomats/)[ZipLine Campaign: A Sophisticated Phishing Attack Targeting US Companies](https://research.checkpoint.com/2025/zipline-phishing-campaign/)[Citizen Lab director warns cyber industry about US authoritarian descent](https://techcrunch.com/2025/08/06/citizen-lab-director-warns-cyber-industry-about-us-authoritarian-descent/)[Dutch providers targeted by Salt Typhoon](https://www.defensie.nl/actueel/nieuws/2025/08/28/nederlandse-providers-doelwit-van-salt-typhoon)[TAOTH Campaign Exploits End-of-Support Software to Target Traditional Chinese Users and Dissidents](https://www.trendmicro.com/en_us/research/25/h/taoth-campaign.html)[Biased AI chatbots can sway people’s political views in minutes](https://www.futurity.org/biased-ai-chatbots-political-views-3292722/)[Amazon disrupts watering hole campaign by Russia’s APT29](https://aws.amazon.com/it/blogs/security/amazon-disrupts-watering-hole-campaign-by-russias-apt29/)**Cybersecurity**[2025 State of the Internet: Digging into Residential Proxy Infrastructure](https://censys.com/blog/2025-state-of-the-internet-digging-into-residential-proxy-infrastructure)[Electronics manufacturer Data I/O reports ransomware attack to SEC](https://therecord.media/electronics-manufacturer-dataio-ransomware)[FTC Calls on Tech Firms to Resist Foreign Anti-Encryption Demands](https://www.securityweek.com/ftc-calls-on-tech-firms-to-resist-foreign-anti-encryption-demands/)[ENISA to operate the EU Cyber Reserve](https://digital-strategy.ec.europa.eu/en/news/enisa-operate-eu-cyber-reserve)[Over 28,000 Citrix devices vulnerable to new exploited RCE flaw](https://www.bleepingcomputer.com/news/security/over-28-200-citrix-instances-vulnerable-to-actively-exploited-rce-bug/)[Microsoft Releases Guidance on High-Severity Vulnerability (CVE-2025-53786) in Hybrid Exchange Deployments](https://www.cisa.gov/news-events/alerts/2025/08/06/microsoft-releases-guidance-high-severity-vulnerability-cve-2025-53786-hybrid-exchange-deployments)[TransUnion says hackers stole 4.4 million customers’ personal information](https://techcrunch.com/2025/08/28/transunion-says-hackers-stole-4-4-million-customers-personal-information/)Follow me on Twitter: [@securityaffairs](https://twitter.com/securityaffairs) and [Facebook](https://www.facebook.com/sec.affairs) and [Mastodon](https://infosec.exchange/@securityaffairs)[Pierluigi Paganini](http://www.linkedin.com/pub/pierluigi-paganini/b/742/559)([SecurityAffairs](http://securityaffairs.co/wordpress/) — hacking, newsletter)
Related Tags:
CVE-2025-9074
CVE-2025-53786
Salt Typhoon
Midnight Blizzard
NAICS: 54 – Professional
Scientific
Technical Services
NAICS: 334 – Computer And Electronic Product Manufacturing
NAICS: 517 – Telecommunications
NAICS: 541 – Professional
Scientific
Technical Services
NAICS: 52 – Finance And Insurance
Associated Indicators: