A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box.———————————————————————————————————————————————————–Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.[A cyberattack on Collins Aerospace disrupted operations at major European airports](https://securityaffairs.com/182363/hacking/a-cyberattack-on-collins-aerospace-disrupted-operations-at-major-european-airports.html) [CISA warns of malware deployed through Ivanti EPMM flaws](https://securityaffairs.com/182350/malware/cisa-warns-of-malware-deployed-through-ivanti-epmm-flaws.html) [Fortra addressed a maximum severity flaw in GoAnywhere MFT software](https://securityaffairs.com/182351/security/fortra-addressed-a-maximum-severity-flaw-in-goanywhere-mft-software.html) [UK police arrested two teen Scattered Spider members linked to the 2024 attack on Transport for London](https://securityaffairs.com/182341/security/uk-police-arrested-two-teen-scattered-spider-members-linked-to-the-2024-attack-on-transport-for-london.html) [ShadowLeak: Radware Uncovers Zero-Click Attack on ChatGPT](https://securityaffairs.com/182334/hacking/shadowleak-radware-uncovers-zero-click-attack-on-chatgpt.html) [SonicWall warns customers to reset credentials after MySonicWall backups were exposed](https://securityaffairs.com/182329/data-breach/sonicwall-warns-customers-to-reset-credentials-after-mysonicwall-backups-were-exposed.html) [CVE-2025-10585 is the sixth actively exploited Chrome zero-day patched by Google in 2025](https://securityaffairs.com/182322/uncategorized/cve-2025-10585-is-the-sixth-actively-exploited-chrome-zero-day-patched-by-google-in-2025.html) [Jaguar Land Rover will extend its production halt into a third week following a cyberattack](https://securityaffairs.com/182312/security/jaguar-land-rover-will-extend-its-production-halt-into-a-third-week-following-a-cyberattack.html) [China-linked APT41 targets government, think tanks, and academics tied to US-China trade and policy](https://securityaffairs.com/182304/apt/china-linked-apt41-targets-government-think-tanks-and-academics-tied-to-us-china-trade-and-policy.html) [Microsoft and Cloudflare teamed up to dismantle the RaccoonO365 phishing service](https://securityaffairs.com/182294/cyber-crime/microsoft-and-cloudflare-teamed-up-to-dismantle-the-raccoono365-phishing-service.html) [DoJ resentenced former BreachForums admin to three years in prison](https://securityaffairs.com/182289/cyber-crime/doj-resentenced-former-breachforums-admin-to-three-years-in-prison.html) [Apple backports fix for actively exploited CVE-2025-43300](https://securityaffairs.com/182283/security/apple-backports-fix-for-actively-exploited-cve-2025-43300.html) [New supply chain attack hits npm registry, compromising 40+ packages](https://securityaffairs.com/182274/malware/new-supply-chain-attack-hits-npm-registry-compromising-40-packages.html) [Cybercrime group accessed Google Law Enforcement Request System (LERS)](https://securityaffairs.com/182266/security/cybercrime-group-accessed-google-law-enforcement-request-system-lers.html) [China-linked Mustang Panda deploys advanced SnakeDisk USB worm](https://securityaffairs.com/182257/apt/china-linked-mustang-panda-deploys-advanced-snakedisk-usb-worm.html) [Insider breach at FinWise Bank exposes data of 689,000 AFF customers](https://securityaffairs.com/182222/data-breach/insider-breach-at-finwise-bank-exposes-data-of-689000-aff-customers.html) [Hackers steal millions of Gucci, Balenciaga, and Alexander McQueen customer records](https://securityaffairs.com/182236/cyber-crime/hackers-steal-millions-of-gucci-balenciaga-and-alexander-mcqueen-customer-records.html) [Fairmont Federal Credit Union 2023 data breach impacted 187K people](https://securityaffairs.com/182217/data-breach/fairmont-federal-credit-union-2023-data-breach-impacted-187k-people.html) [UK ICO finds students behind majority of school data breaches](https://securityaffairs.com/182197/cyber-crime/uk-ico-finds-students-behind-majority-of-school-data-breaches.html) [INC ransom group claimed the breach of Panama’s Ministry of Economy and Finance](https://securityaffairs.com/182203/data-breach/panamas-ministry-of-economy-and-finance-data-breach.html) [ShinyHunters Attack National Credit Information Center of Vietnam](https://securityaffairs.com/182189/cyber-crime/shinyhunters-attack-national-credit-information-center-of-vietnam.html)**International Press — Newsletter****Cybercrime**[Gucci, Balenciaga and Alexander McQueen private data ransomed by hackers](https://www.bbc.com/news/articles/crl5j8ld615o)[Hackers claim access to law enforcement portals, but do they really have access?](https://databreaches.net/2025/09/15/hackers-claim-access-to-law-enforcement-portals-but-do-they-really-have-access/)[Founder of One of World’s Largest Hacker Forums Resentenced to Three Years in Prison](https://www.justice.gov/opa/pr/founder-one-worlds-largest-hacker-forums-resentenced-three-years-prison)[RaccoonO365: An Active Campaign and New Features](https://www.morado.io/blog-posts/raccoono365-an-active-campaign-and-new-features)[FileFix in the wild! New FileFix campaign goes beyond POC and leverages steganography](https://www.acronis.com/en/tru/posts/filefix-in-the-wild-new-filefix-campaign-goes-beyond-poc-and-leverages-steganography/)[Microsoft seizes 338 websites to disrupt rapidly growing ‘RaccoonO365’ phishing service](https://blogs.microsoft.com/on-the-issues/2025/09/16/microsoft-seizes-338-websites-to-disrupt-rapidly-growing-raccoono365-phishing-service/)[United Kingdom National Charged in Connection with Multiple Cyber Attacks, Including on Critical Infrastructure](https://www.justice.gov/opa/pr/united-kingdom-national-charged-connection-multiple-cyber-attacks-including-critical)[Two charged for TfL cyber attack](https://www.nationalcrimeagency.gov.uk/news/two-charged-for-tfl-cyber-attack)[Inside the Lighthouse and Lucid PhaaS Campaigns Targeting 316 Global Brands](https://www.netcraft.com/blog/inside-the-lighthouse-and-lucid-phaas-campaigns-targeting-316-global-brands)[SystemBC — Bringing the Noise](https://blog.lumen.com/systembc-bringing-the-noise/)[Evolution Cybercrime—Key Trends, Cybersecurity Threats, and Mitigation Strategies from Historical Data](https://www.mdpi.com/2813-2203/4/3/25)**Malware**[SmokeLoader Rises From the Ashes](https://www.zscaler.com/blogs/security-research/smokeloader-rises-ashes)[Popular Tinycolor npm Package Compromised in Supply Chain Attack Affecting 40+ Packages](https://socket.dev/blog/tinycolor-supply-chain-attack-affects-40-packages)[Satori Threat Intelligence Alert: SlopAds Covers Fraud with Layers of Obfuscation](https://www.humansecurity.com/learn/blog/satori-threat-intelligence-alert-slopads-covers-fraud-with-layers-of-obfuscation/)[Prompts as Code -& Embedded Keys -| The Hunt for LLM-Enabled Malware](https://www.sentinelone.com/labs/prompts-as-code-embedded-keys-the-hunt-for-llm-enabled-malware/)[Large-Scale Attack Targeting Macs via GitHub Pages Impersonating Companies to Attempt to Deliver Stealer Malware](https://blog.lastpass.com/posts/attack-targeting-macs-via-github-pages)**Hacking**[A learning approach on exploiting CVE-2020-9273](https://phrack.org/issues/72/8_md#article)[Rowhammer Attack Demonstrated Against DDR5](https://www.securityweek.com/rowhammer-attack-demonstrated-against-ddr5/) [](https://thehackernews.com/2025/09/6-browser-based-attacks-security-teams.html)[6 Browser-Based Attacks Security Teams Need to Prepare For Right Now](https://thehackernews.com/2025/09/6-browser-based-attacks-security-teams.html)[Google Patches Chrome Zero-Day CVE-2025-10585 as Active V8 Exploit Threatens Millions](https://thehackernews.com/2025/09/google-patches-chrome-zero-day-cve-2025.html)[SonicWall Prompts Password Resets After Hackers Obtain Firewall Configurations](https://www.securityweek.com/sonicwall-prompts-password-resets-after-firewall-configurations-exposed-in-breach/)[ShadowLeak: A Zero-Click, Service-Side Attack Exfiltrating Sensitive Data Using ChatGPT’s Deep Research Agent](https://www.radware.com/blog/threat-intelligence/shadowleak/)[CISA Releases Malware Analysis Report on Malicious Listener Targeting Ivanti Endpoint Manager Mobile Systems](https://www.cisa.gov/news-events/alerts/2025/09/18/cisa-releases-malware-analysis-report-malicious-listener-targeting-ivanti-endpoint-manager-mobile)**Intelligence and Information Warfare**[APT Down — The North Korea Files](https://phrack.org/issues/72/7_md#article)[Hive0154, aka Mustang Panda, drops updated Toneshell backdoor and novel SnakeDisk USB worm](https://www.ibm.com/think/x-force/hive0154-drops-updated-toneshell-backdoor)[Israel announces seizure of $1.5M from crypto wallets tied to Iran](https://techcrunch.com/2025/09/15/israel-announces-seizure-of-1-5-million-from-crypto-wallets-tied-to-iran/)[Ukraine claims cyberattacks on Russian election systems; Moscow confirms disruptions](https://therecord.media/ukraine-claims-ddos-attack-russian-election-system)[THREE IRANIAN CYBER ACTORS](https://www.fbi.gov/wanted/cyber/three-iranian-cyber-actors)[SEC targets US firms tied to suspected Chinese ‘pump and dump’ scams](https://www.ft.com/content/bc9c5a38-ce9a-4469-a51a-cd65aa3fdf2b)[Minding the drone gap: Drone warfare and the EU](https://www.iss.europa.eu/publications/briefs/minding-drone-gap-drone-warfare-and-eu)[Gamaredon X Turla collab](https://www.welivesecurity.com/en/eset-research/gamaredon-x-turla-collab/)[Modus Operandi of Subtle Snail](https://catalyst.prodaft.com/public/report/modus-operandi-of-subtle-snail/overview#heading-1000)**Cybersecurity**[AI Agents are Eroding the Foundations of Cybersecurity](https://ai-frontiers.org/articles/cybersecurity-is-humanitys-firewall-against-rogue-ai)[Kids in the UK are hacking their own schools for dares and notoriety](https://techcrunch.com/2025/09/11/kids-in-the-uk-are-hacking-their-own-schools-for-dares-and-notoriety/)[Cloudflare participates in global operation to disrupt RaccoonO365](https://www.cloudflare.com/it-it/threat-intelligence/research/report/cloudflare-participates-in-global-operation-to-disrupt-raccoono365/)[JLR could face disruption until November after hack](https://www.bbc.com/news/articles/czewlj57e24o)[Fortra Sheds Light on GoAnywhere MFT Zero-Day Exploit Used in Ransomware Attacks](https://thehackernews.com/2023/04/fortra-sheds-light-on-goanywhere-mft.html)[Palo Alto Networks Unit 42 Recognised by UK’s NCSC as an Enhanced Level Cyber Incident Response Assured Service Provider](https://www.paloaltonetworks.co.uk/blog/2025/09/raising-bar-incident-response/)[Germany approves new rules to protect critical infrastructure](https://www.reuters.com/sustainability/land-use-biodiversity/germany-approves-new-rules-protect-critical-infrastructure-2025-09-10/)[Passengers stranded at Heathrow, other European airports after cyberattack](https://www.reuters.com/en/cyberattack-causes-flight-delays-cancellations-brussels-airport-2025-09-20/)Follow me on Twitter: [@securityaffairs](https://twitter.com/securityaffairs) and [Facebook](https://www.facebook.com/sec.affairs) and [Mastodon](https://infosec.exchange/@securityaffairs)[Pierluigi Paganini](http://www.linkedin.com/pub/pierluigi-paganini/b/742/559)([SecurityAffairs](http://securityaffairs.co/wordpress/) — hacking, newsletter)
Related Tags:
CVE-2025-10585
CVE-2025-43300
INC Ransom
GOLD IONIC
Secret Blizzard
Storm-0875
Octo Tempest
BARIUM
Brass Typhoon
Associated Indicators: