A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box.———————————————————————————————————————————————————–Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.[CVE-2025-11371: Unpatched zero-day in Gladinet CentreStack, Triofox under attack](https://securityaffairs.com/183259/hacking/cve-2025-11371-unpatched-zero-day-in-gladinet-centrestack-triofox-under-attack.html) [Cybercrime ring GXC Team dismantled in Spain, 25-year-old leader detained](https://securityaffairs.com/183252/uncategorized/cybercrime-ring-gxc-team-dismantled-in-spain-25-year-old-leader-detained.html) [Attackers exploit valid logins in SonicWall SSL VPN compromise](https://securityaffairs.com/183245/hacking/attackers-exploit-valid-logins-in-sonicwall-ssl-vpn-compromise.html) [Apple doubles maximum bug bounty to $2M for zero-click RCEs](https://securityaffairs.com/183235/security/apple-doubles-maximum-bug-bounty-to-2m-for-zero-click-rces.html) [Juniper patched nine critical flaws in Junos Space](https://securityaffairs.com/183229/security/juniper-patched-nine-critical-flaws-in-junos-space.html) [Ukraine sees surge in AI-Powered cyberattacks by Russia-linked Threat Actors](https://securityaffairs.com/183222/apt/ukraine-sees-surge-in-ai-powered-cyberattacks-by-russia-linked-threat-actors.html) [U.S. CISA adds Grafana flaw to its Known Exploited Vulnerabilities catalog](https://securityaffairs.com/183192/hacking/u-s-cisa-adds-grafana-flaw-to-its-known-exploited-vulnerabilities-catalog.html) [RondoDox Botnet targets 56 flaws across 30+ device types worldwide](https://securityaffairs.com/183183/malware/rondodox-botnet-targets-56-flaws-across-30-device-types-worldwide.html) [ClayRat campaign uses Telegram and phishing sites to distribute Android spyware](https://securityaffairs.com/183169/malware/clayrat-campaign-uses-telegram-and-phishing-sites-to-distribute-android-spyware.html) [CVE-2025-5947: WordPress Plugin flaw lets hackers access Admin accounts](https://securityaffairs.com/183162/hacking/cve-2025-5947-wordpress-plugin-flaw-lets-hackers-access-admin-accounts.html) [Threat actors steal firewall configs, impacting all SonicWall Cloud Backup users](https://securityaffairs.com/183154/security/threat-actors-steal-firewall-configs-impacting-all-sonicwall-cloud-backup-users.html) [Discord denies massive breach, confirms limited exposure of 70K ID photos](https://securityaffairs.com/183143/cyber-crime/discord-denies-massive-breach-confirms-limited-exposure-of-70k-id-photos.html) [Qilin ransomware claimed responsibility for the attack on the beer giant Asahi](https://securityaffairs.com/183131/cyber-crime/qilin-ransomware-claimed-responsibility-for-the-asahi-attack.html) [DragonForce, LockBit, and Qilin, a new triad aims to dominate the ransomware landscape](https://securityaffairs.com/183119/cyber-crime/dragonforce-lockbit-and-qilin-a-new-triad-aims-to-dominate-the-ransomware-landscape.html) [DraftKings thwarts credential stuffing attack, but urges password reset and MFA](https://securityaffairs.com/183110/security/draftkings-thwarts-credential-stuffing-attack-but-urges-password-reset-and-mfa.html) [Redis patches 13-Year-Old Lua flaw enabling Remote Code Execution](https://securityaffairs.com/183097/security/redis-patches-13-year-old-lua-flaw-enabling-remote-code-execution.html) [U.S. CISA adds Synacor Zimbra Collaboration Suite (ZCS) flaw to its Known Exploited Vulnerabilities catalog](https://securityaffairs.com/183085/hacking/u-s-cisa-adds-synacor-zimbra-collaboration-suite-zcs-flaw-to-its-known-exploited-vulnerabilities-catalog.html) [GoAnywhere MFT zero-day used by Storm-1175 in Medusa ransomware campaigns](https://securityaffairs.com/183075/hacking/goanywhere-mft-zero-day-used-by-storm-1175-in-medusa-ransomware-campaigns.html) [CrowdStrike ties Oracle EBS RCE (CVE-2025-61882) to Cl0p attacks began Aug 9, 2025](https://securityaffairs.com/183065/cyber-crime/crowdstrike-ties-oracle-ebs-rce-cve-2025-61882-to-cl0p-attacks-began-aug-9-2025.html) [U.S. CISA adds Oracle, Mozilla, Microsoft Windows, Linux Kernel, and Microsoft IE flaws to its Known Exploited Vulnerabilities catalog](https://securityaffairs.com/183049/security/u-s-cisa-adds-oracle-mozilla-microsoft-windows-linux-kernel-and-microsoft-ie-flaws-to-its-known-exploited-vulnerabilities-catalog.html) [Discord discloses third-party breach affecting customer support data](https://securityaffairs.com/183039/data-breach/discord-discloses-third-party-breach-affecting-customer-support-data.html) [Oracle patches critical E-Business Suite flaw exploited by Cl0p hackers](https://securityaffairs.com/183029/security/oracle-patches-critical-e-business-suite-flaw-exploited-by-cl0p-hackers.html) [LinkedIn sues ProAPIs for $15K/Month LinkedIn data scraping scheme](https://securityaffairs.com/183001/security/linkedin-sues-proapis-for-15k-month-linkedin-data-scraping-scheme.html) [Zimbra users targeted in zero-day exploit using iCalendar attachments](https://securityaffairs.com/183014/hacking/zimbra-users-targeted-in-zero-day-exploit-using-icalendar-attachments.html) [Reading the ENISA Threat Landscape 2025 report](https://securityaffairs.com/182978/security/reading-the-enisa-threat-landscape-2025-report.html) [Ghost in the Cloud: Weaponizing AWS X-Ray for Command -& Control](https://securityaffairs.com/182968/hacking/ghost-in-the-cloud-weaponizing-aws-x-ray-for-command-control.html)**International Press — Newsletter****Cybercrime**[UAT-8099: Chinese-speaking cybercrime group targets high-value IIS for SEO fraud](https://blog.talosintelligence.com/uat-8099-chinese-speaking-cybercrime-group-seo-fraud/)[CVE-2025-61882 Mass Exploitation — Oracle E-Business Suite (EBS) Under Attack by Cl0p Ransomware](https://www.resecurity.com/blog/article/cve-2025-61882-mass-exploitation-oracle-e-business-suite-ebs-under-attack-by-cl0p-ransomware)[Investigating active exploitation of CVE-2025-10035 GoAnywhere Managed File Transfer vulnerability](https://www.microsoft.com/en-us/security/blog/2025/10/06/investigating-active-exploitation-of-cve-2025-10035-goanywhere-managed-file-transfer-vulnerability/) [](https://www.securityweek.com/draftkings-warns-users-of-credential-stuffing-attacks/)[DraftKings Warns Users of Credential Stuffing Attacks](https://www.securityweek.com/draftkings-warns-users-of-credential-stuffing-attacks/)[Discord says 70,000 users may have had their government IDs leaked in breach](https://www.theverge.com/news/797051/discord-government-ids-leaked-data-breach)[ShinyHunters Wage Broad Corporate Extortion Spree](https://krebsonsecurity.com/2025/10/shinyhunters-wage-broad-corporate-extortion-spree/)[Inside Akira’s SonicWall Campaign: Darktrace’s Detection and Response](https://www.darktrace.com/blog/inside-akiras-sonicwall-campaign-darktraces-detection-and-response)[DDoS Botnet Aisuru Blankets US ISPs in Record DDoS](https://krebsonsecurity.com/2025/10/ddos-botnet-aisuru-blankets-us-isps-in-record-ddos/)[The Civil Guard dismantles a banking phishing network and arrests the main developer of credential-stealing kits in Spain](https://web.guardiacivil.es/es/destacados/noticias/La-Guardia-Civil-desmantela-una-red-de-phishing-bancario-y-detiene-al-principal-desarrollador-de-kits-de-robo-de-credenciales-en-Espana/)[FBI takes down BreachForums portal used for Salesforce extortion](https://www.bleepingcomputer.com/news/security/fbi-takes-down-breachforums-portal-used-for-salesforce-extortion/)[Two arrested by the Met following nursery cyber-attack](https://news.met.police.uk/news/two-arrested-by-the-met-following-nursery-cyber-attack-501880)**Malware**[Ransomware and Cyber Extortion in Q3 2025](https://reliaquest.com/blog/threat-spotlight-ransomware-and-cyber-extortion-in-q3-2025)[XWorm V6: Exploring Pivotal Plugins](https://www.trellix.com/blogs/research/xworm-v6-exploring-pivotal-plugins/)[ClayRat: A New Android Spyware Targeting Russia](https://zimperium.com/blog/clayrat-a-new-android-spyware-targeting-russia)[175 Malicious npm Packages Host Phishing Infrastructure Targeting 135+ Organizations](https://socket.dev/blog/175-malicious-npm-packages-host-phishing-infrastructure)**Hacking**[Ghost in the Cloud: Weaponizing AWS X-Ray for Command -& Control](https://medium.com/@dhiraj_mishra/ghost-in-the-cloud-weaponizing-aws-x-ray-for-command-control-7539d60f1d77)[0day .ICS attack in the wild](https://strikeready.com/blog/0day-ics-attack-in-the-wild/)[CrowdStrike Identifies Campaign Targeting Oracle E-Business Suite via Zero-Day Vulnerability (now tracked as CVE-2025-61882)](https://www.crowdstrike.com/en-us/blog/crowdstrike-identifies-campaign-targeting-oracle-e-business-suite-zero-day-CVE-2025-61882/)[It Is Bad (Exploitation of Fortra GoAnywhere MFT CVE-2025-10035) — Part 2](https://labs.watchtowr.com/it-is-bad-exploitation-of-fortra-goanywhere-mft-cve-2025-10035-part-2/)[Active Exploitation of Gladinet CentreStack and Triofox Local File Inclusion Flaw (CVE-2025-11371)](https://www.huntress.com/blog/gladinet-centrestack-triofox-local-file-inclusion-flaw) [](https://www.theregister.com/2025/10/07/credential_stuffing_231_million/)[Credential stuffing: £2.31 million fine shows passwords are still the weakest link](https://www.theregister.com/2025/10/07/credential_stuffing_231_million/)[Introducing CodeMender: an AI agent for code security](https://deepmind.google/discover/blog/introducing-codemender-an-ai-agent-for-code-security/)[Huntress Threat Advisory: Widespread SonicWall SSLVPN Compromise](https://www.huntress.com/blog/sonicwall-sslvpn-compromise)**Intelligence and Information Warfare**[Disrupting malicious uses of AI: October 2025](https://openai.com/global-affairs/disrupting-malicious-uses-of-ai-october-2025/)[North Korea’s crypto hackers have stolen over $2 billion in 2025](https://www.elliptic.co/blog/north-korea-linked-hackers-have-already-stolen-over-2-billion-in-2025)[New cyber threats: who and how hostile groups attack](https://cip.gov.ua/ua/news/novi-kiberzagrozi-kogo-i-yak-atakuyut-vorozhi-ugrupovannya)[Hacktivists target critical infrastructure, hit decoy plant](https://www.bleepingcomputer.com/news/security/hacktivists-target-critical-infrastructure-hit-decoy-plant/)[The Crown Prince, Nezha: A New Tool Favored by China-Nexus Threat Actors](https://www.huntress.com/blog/nezha-china-nexus-threat-actor-tool)[BatShadow: Vietnamese Threat Actor Expands Its Digital Operations](https://www.aryaka.com/blog/batshade-vampire-bot-social-engineering-malware/)**Cybersecurity**[LinkedIn sues software company allegedly scraping data from millions of profiles](https://therecord.media/linkedin-sues-data-scraping-company)[Red Hat Consulting breach puts over 5000 high profile enterprise customers at risk — in detail](https://doublepulsar.com/red-hat-consulting-breach-puts-over-5000-high-profile-enterprise-customers-at-risk-in-detail-90114f18f706)[RediShell: Critical Remote Code Execution Vulnerability (CVE-2025-49844) in Redis, 10 CVSS score](https://www.wiz.io/blog/wiz-research-redis-rce-cve-2025-49844) [](https://www.theregister.com/2025/10/08/germany_chat_control_opposition/)[Germany slams brakes on EU’s Chat Control device-scanning snoopfest](https://www.theregister.com/2025/10/08/germany_chat_control_opposition/)[A major evolution of Apple Security Bounty, with the industry’s top awards for the most advanced research](https://security.apple.com/blog/apple-security-bounty-evolved/)[SonicWall Concludes Investigation Into Incident Affecting MySonicWall Configuration Backup Files](https://arcticwolf.com/resources/blog/sonicwall-concludes-investigation-incident-affecting-mysonicwall-configuration-backup-files/)Follow me on Twitter: [@securityaffairs](https://twitter.com/securityaffairs) and [Facebook](https://www.facebook.com/sec.affairs) and [Mastodon](https://infosec.exchange/@securityaffairs)[Pierluigi Paganini](http://www.linkedin.com/pub/pierluigi-paganini/b/742/559)([SecurityAffairs](http://securityaffairs.co/wordpress/) — hacking, newsletter)
Related Tags:
CVE-2025-5947
CVE-2025-49844
CVE-2025-61882
CVE-2025-10035
NAICS: 54 – Professional
Scientific
Technical Services
NAICS: 334 – Computer And Electronic Product Manufacturing
NAICS: 517 – Telecommunications
NAICS: 541 – Professional
Scientific
Technical Services
NAICS: 52 – Finance And Insurance
Associated Indicators: