A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box.———————————————————————————————————————————————————–Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.[GreyNoise detects 500% surge in scans targeting Palo Alto Networks portals](https://securityaffairs.com/182939/hacking/greynoise-detects-500-surge-in-scans-targeting-palo-alto-networks-portals.html) [U.S. CISA adds Smartbedded Meteobridge, Samsung, Juniper ScreenOS, Jenkins, and GNU Bash flaws to its Known Exploited Vulnerabilities catalog](https://securityaffairs.com/182925/hacking/u-s-cisa-adds-smartbedded-meteobridge-samsung-juniper-screenos-jenkins-and-gnu-bash-flaws-to-its-known-exploited-vulnerabilities-catalog.html) [ShinyHunters Launches Data Leak Site: Trinity of Chaos Announces New Ransomware Victims](https://securityaffairs.com/182918/cyber-crime/shinyhunters-launches-data-leak-site-trinity-of-chaos-announces-new-ransomware-victims.html) [ProSpy, ToSpy malware pose as Signal and ToTok to steal data in UAE](https://securityaffairs.com/182907/malware/prospy-tospy-malware-pose-as-signal-and-totok-to-steal-data-in-uae.html) [Google warns of Cl0p extortion campaign against Oracle E-Business users](https://securityaffairs.com/182893/cyber-crime/google-warns-of-cl0p-extortion-campaign-against-oracle-e-business-users.html) [CERT-UA warns UAC-0245 targets Ukraine with CABINETRAT backdoor](https://securityaffairs.com/182862/cyber-warfare-2/cert-ua-warns-uac-0245-targets-ukraine-with-cabinetrat-backdoor.html) [Allianz Life data breach impacted 1.5 Million people](https://securityaffairs.com/182876/data-breach/allianz-life-data-breach-impacted-1-5-million-people.html) [Cybercrime group claims to have breached Red Hat ‘s private GitHub repositories](https://securityaffairs.com/182866/data-breach/cybercrime-group-claims-to-have-breached-red-hat-s-private-github-repositories.html) [China-linked APT Phantom Taurus uses Net-Star malware in espionage campaigns against key sectors](https://securityaffairs.com/182852/apt/china-linked-apt-phantom-taurus-uses-net-star-malware-in-espionage-campaigns-against-key-sectors.html) [OpenSSL patches 3 vulnerabilities, urging immediate updates](https://securityaffairs.com/182845/security/openssl-patches-3-vulnerabilities-urging-immediate-updates.html) [Apple urges users to update iPhone and Mac to patch font bug](https://securityaffairs.com/182835/security/apple-urges-users-to-update-iphone-and-mac-to-patch-font-bug.html) [WestJet confirms cyberattack exposed IDs, passports in June incident](https://securityaffairs.com/182823/data-breach/westjet-confirms-cyberattack-exposed-ids-passports-in-june-incident.html) [Broadcom patches VMware Zero-Day actively exploited by UNC5174](https://securityaffairs.com/182816/uncategorized/broadcom-patches-vmware-zero-day-actively-exploited-by-unc5174.html) [UK convicts Chinese national in £5.5B crypto fraud, marks world’s largest Bitcoin seizure](https://securityaffairs.com/182804/cyber-crime/uk-convicts-chinese-national-in-5-5b-crypto-fraud-marks-worlds-largest-bitcoin-seizure.html) [U.S. CISA adds Adminer, Cisco IOS, Fortra GoAnywhere MFT, Libraesva ESG, and Sudo flaws to its Known Exploited Vulnerabilities catalog](https://securityaffairs.com/182771/security/u-s-cisa-adds-adminer-cisco-ios-fortra-goanywhere-mft-libraesva-esg-and-sudo-flaws-to-its-known-exploited-vulnerabilities-catalog.html) [Asahi halts ordering, shipping, and customer service after cyberattack](https://securityaffairs.com/182791/security/asahi-halts-ordering-shipping-and-customer-service-after-cyberattack.html) [Scattered Spider, ShinyHunters Restructure — New Attacks Underway](https://securityaffairs.com/182799/cyber-crime/scattered-spider-shinyhunters-restructure-new-attacks-underway.html) [UK grants £1.5B loan to Jaguar Land Rover after cyberattack](https://securityaffairs.com/182757/security/uk-grants-1-5b-loan-to-jaguar-land-rover-after-cyberattack.html) [Harrods alerts customers to new data breach linked to third-party provider](https://securityaffairs.com/182752/data-breach/harrods-alerts-customers-to-new-data-breach-linked-to-third-party-provider.html) [Akira Ransomware bypasses MFA on SonicWall VPNs](https://securityaffairs.com/182732/cyber-crime/akira-ransomware-bypasses-mfa-on-sonicwall-vpns.html) [Despite Russian influence, Moldova votes Pro-EU, highlighting future election risks](https://securityaffairs.com/182743/uncategorized/despite-russian-influence-moldova-votes-pro-eu-highlighting-future-election-risks.html) [Dutch teens arrested for spying on behalf of pro-Russian hackers](https://securityaffairs.com/182724/intelligence/dutch-teens-arrested-for-spying-on-behalf-of-pro-russian-hackers.html) [Cyberattack on Co-op leaves shelves empty, data stolen, and $275M in lost revenue](https://securityaffairs.com/182713/security/cyberattack-on-co-op-leaves-shelves-empty-data-stolen-and-275m-in-lost-revenue.html)**International Press — Newsletter****Cybercrime**[Smash and Grab: Aggressive Akira Campaign Targets SonicWall VPNs, Deploys Ransomware in an Hour or Less](https://arcticwolf.com/resources/blog/smash-and-grab-aggressive-akira-campaign-targets-sonicwall-vpns/)[Woman convicted following world’s largest crypto seizure](https://news.met.police.uk/news/woman-convicted-following-worlds-largest-seizure-501569)[The Kids Aren’t Alright](https://www.lawfaremedia.org/article/the-kids-aren%27t-alright)[Trinity of Chaos: The LAPSUS$, ShinyHunters, and Scattered Spider Alliance Embarks on Global Cybercrime Spree](https://www.resecurity.com/blog/article/trinity-of-chaos-the-lapsus-shinyhunters-and-scattered-spider-alliance-embarks-on-global-cybercrime-spree)[‘You’ll never need to work again’: Criminals offer reporter money to hack BBC](https://www.bbc.com/news/articles/c3w5n903447o)[Red Hat confirms security incident after hackers claim GitHub breach](https://www.bleepingcomputer.com/news/security/red-hat-confirms-security-incident-after-hackers-claim-github-breach/)[Researchers Say They Flagged Cyber Flaws at Jaguar Ahead of Crippling Breach](https://www.bloomberg.com/news/newsletters/2025-10-01/researchers-flagged-hacks-at-jaguar-land-rover-ahead-of-crippling-breach)[Oracle Apps Exploited by Hackers in New Extortion Campaign](https://www.bloomberg.com/news/articles/2025-10-02/cyber-group-extorting-executives-with-claims-of-stolen-data)[Silent Smishing : The Hidden Abuse of Cellular Router APIs](https://blog.sekoia.io/silent-smishing-the-hidden-abuse-of-cellular-router-apis/)**Malware**[First Malicious MCP in the Wild: The Postmark Backdoor That’s Stealing Your Emails](https://www.koi.security/blog/postmark-mcp-npm-malicious-backdoor-email-theft)[Klopatra: exposing a new Android banking trojan operation with roots in Turkey](https://www.cleafy.com/cleafy-labs/klopatra-exposing-a-new-android-banking-trojan-operation-with-roots-in-turkey)[Check Your Socks — A Deep Dive into soopsocks PyPI Package](https://research.jfrog.com/post/check-your-socks-a-deep-dive-into-soopsocks-pypi/)[New spyware campaigns target privacy-conscious Android users in the UAE](https://www.welivesecurity.com/en/eset-research/new-spyware-campaigns-target-privacy-conscious-android-users-uae/)[Rhadamanthys 0.9.x — walk through the updates](https://research.checkpoint.com/2025/rhadamanthys-0-9-x-walk-through-the-updates/)**Hacking**[AppSuite, OneStart -& ManualFinder: The Nexus of Deception](https://www.gdatasoftware.com/blog/2025/09/38262-appsuite-onestart-deception)[Apple fixes critical font processing bug. Update now!](https://www.malwarebytes.com/blog/news/2025/09/apple-fixes-critical-font-processing-bug-update-now)[Why hackers are targeting the world’s shipping](https://www.bbc.com/news/articles/c36k01513l4o)[HackerOne Report Finds 210% Spike in AI Vulnerability Reports Amid Rise of AI Autonomy](https://www.hackerone.com/press-release/hackerone-report-finds-210-spike-ai-vulnerability-reports-amid-rise-ai-autonomy)[Palo Alto Scanning Surges -~500% in 48 Hours, Marking 90-Day High](https://www.greynoise.io/blog/palo-alto-scanning-surges)[WireTap: Breaking Server SGX via DRAM Bus Interposition](https://wiretap.fail/)[Battering RAM Low-Cost Interposer Attacks on Confidential Computing](https://batteringram.eu/)[OneLogin, Many Secrets: Clutch Uncovers Critical API Vulnerability Exposing Client Credentials](https://www.clutch.security/blog/onelogin-many-secrets-clutch-uncovers-vulnerability-exposing-client-credentials)**Intelligence and Information Warfare**[Two Dutch teens arrested in rare Russian espionage case](https://nltimes.nl/2025/09/26/two-dutch-teens-arrested-rare-russian-espionage-case)[Pro-EU party in Moldova set to win vote mired in claims of Russian interference](https://www.politico.eu/article/moldova-electoral-commission-cyberattack-days-ahead-vote-russia-democracy-doina-nistor/)[You name it, VMware elevates it (CVE-2025-41244)](https://blog.nviso.eu/2025/09/29/you-name-it-vmware-elevates-it-cve-2025-41244/)[Phantom Taurus: A New Chinese Nexus APT and the Discovery of the NET-STAR Malware Suite](https://unit42.paloaltonetworks.com/phantom-taurus/)[SVG Phishing hits Ukraine with Amatera Stealer, PureMiner](https://www.fortinet.com/blog/threat-research/svg-phishing-hits-ukraine-with-amatera-stealer-pureminer)[CABINETRAT backdoor used by UAC-0245 for targeted cyberattacks against SOU (CERT-UA#17479)](https://cert.gov.ua/article/6285549)[Cavalry Werewolf raids Russia’s public sector with trusted relationship attacks](https://bi.zone/eng/expertise/blog/cavalry-werewolf-atakuet-rossiyu-cherez-doveritelnye-otnosheniya-mezhdu-gosudarstvami/)[Confucius Espionage: From Stealer to Backdoor](https://www.fortinet.com/blog/threat-research/confucius-espionage-from-stealer-to-backdoor)**Cybersecurity**[Harrods warns customers their data may have been stolen in IT breach](https://www.theguardian.com/business/2025/sep/26/harrods-warns-customers-their-data-may-have-been-stolen-in-it-breach)[Government backs Jaguar Land Rover with £1.5 billion loan guarantee](https://www.gov.uk/government/news/government-backs-jaguar-land-rover-with-15-billion-loan-guarantee)[WestJet confirms recent breach exposed customers’ passports](https://www.bleepingcomputer.com/news/security/westjet-confirms-recent-breach-exposed-customers-passports/)[AI Agents Are Eroding the Foundations of Cybersecurity](https://ai-frontiers.org/articles/cybersecurity-is-humanitys-firewall-against-rogue-ai)[Feds cut funding to program that shared cyber threat info with local governments](https://www.theregister.com/2025/09/30/cisa_kills_cis_agreement/)[California enacts AI safety law targeting tech giants](https://www.france24.com/en/live-news/20250929-california-enacts-ai-safety-law-targeting-tech-giants)[Package Maintainers Call for Improvements to GitHub’s New npm Security Plan](https://socket.dev/blog/package-maintainers-call-for-improvements-to-npm-security-plan)Follow me on Twitter: [@securityaffairs](https://twitter.com/securityaffairs) and [Facebook](https://www.facebook.com/sec.affairs) and [Mastodon](https://infosec.exchange/@securityaffairs)[Pierluigi Paganini](http://www.linkedin.com/pub/pierluigi-paganini/b/742/559)([SecurityAffairs](http://securityaffairs.co/wordpress/) — hacking, [newsletter](https://securityaffairs.com/182698/breaking-news/security-affairs-newsletter-round-543-by-pierluigi-paganini-international-edition.html))
Related Tags:
Howling Scorpius
Strawberry Tempest
Storm-0875
Octo Tempest
GOLD SAHARA
Akira
PUNK SPIDER
NAICS: 54 – Professional
Scientific
Technical Services
NAICS: 517 – Telecommunications
Associated Indicators: