A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box.———————————————————————————————————————————————————–Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.[BadCandy Webshell threatens unpatched Cisco IOS XE devices, warns Australian government](https://securityaffairs.com/184095/hacking/badcandy-webshell-threatens-unpatched-cisco-ios-xe-devices-warns-australian-government.html) [China-linked UNC6384 exploits Windows zero-day to spy on European diplomats](https://securityaffairs.com/184083/apt/china-linked-unc6384-exploits-windows-zero-day-to-spy-on-european-diplomats.html) [Old Linux Kernel flaw CVE-2024-1086 resurfaces in ransomware attacks](https://securityaffairs.com/184076/security/old-linux-kernel-flaw-cve-2024-1086-resurfaces-in-ransomware-attacks.html) [EY Exposes 4TB SQL Server Backup Publicly on Microsoft Azure](https://securityaffairs.com/184062/data-breach/ernst-young-exposes-4tb-sql-server-backup-publicly-on-microsoft-azure.html) [Suspected Chinese actors compromise U.S. Telecom firm Ribbon Communications](https://securityaffairs.com/184042/intelligence/suspected-chinese-actors-compromise-u-s-telecom-firm-ribbon-communications.html) [U.S. CISA adds XWiki Platform, and Broadcom VMware Aria Operations and VMware Tools flaws to its Known Exploited Vulnerabilities catalog](https://securityaffairs.com/184051/hacking/u-s-cisa-adds-xwiki-platform-and-broadcom-vmware-aria-operations-and-vmware-tools-flaws-to-its-known-exploited-vulnerabilities-catalog.html) [Brush exploit can cause any Chromium browser to collapse in 15-60 seconds](https://securityaffairs.com/184035/hacking/brush-exploit-can-cause-any-chromium-browser-to-collapse-in-15-60-seconds.html) [Ex-Defense contractor exec pleads guilty to selling cyber exploits to Russia](https://securityaffairs.com/184025/security/ex-defense-contractor-exec-pleads-guilty-to-selling-cyber-exploits-to-russia.html) [Dentsu’s US subsidiary Merkle hit by cyberattack, staff and client data exposed](https://securityaffairs.com/184017/data-breach/dentsus-us-subsidiary-merkle-hit-by-cyberattack-staff-and-client-data-exposed.html) [Hacktivists breach Canada’s critical infrastructure, cyber Agency warns](https://securityaffairs.com/184007/hacktivism/hacktivists-breach-canadas-critical-infrastructure-cyber-agency-warns.html) [Russian hackers, likely linked to Sandworm, exploit legitimate tools against Ukrainian targets](https://securityaffairs.com/183999/apt/russian-hackers-likely-linked-to-sandworm-exploit-legitimate-tools-against-ukrainian-targets.html) [U.S. CISA adds Dassault Systèmes DELMIA Apriso flaws to its Known Exploited Vulnerabilities catalog](https://securityaffairs.com/183990/security/u-s-cisa-adds-dassault-systemes-delmia-apriso-flaws-to-its-known-exploited-vulnerabilities-catalog.html) [Herodotus Android malware mimics human typing to evade detection](https://securityaffairs.com/183974/malware/herodotus-android-malware-mimics-human-typing-to-evade-detection.html) [Aisuru botnet is behind record 20Tb/sec DDoS attacks](https://securityaffairs.com/183969/malware/aisuru-botnet-is-behind-record-20tb-sec-ddos-attacks.html) [Everest group claimed the hack of Sweden’s power grid operator Svenska kraftnät](https://securityaffairs.com/183963/cyber-crime/everest-group-claimed-the-hack-of-swedens-power-grid-operator-svenska-kraftnat.html) [Critical ASP.NET flaw hits QNAP NetBak PC Agent](https://securityaffairs.com/183951/security/critical-asp-net-flaw-hits-qnap-netbak-pc-agent.html) [Ransomware payments hit record low: only 23% Pay in Q3 2025](https://securityaffairs.com/183941/cyber-crime/ransomware-payments-hit-record-low-only-23-pay-in-q3-2025.html) [X warns users to re-enroll passkeys and YubiKeys for 2FA by Nov 10](https://securityaffairs.com/183928/security/x-warns-users-to-re-enroll-passkeys-and-yubikeys-for-2fa-by-nov-10.html) [Memento Labs, the ghost of Hacking Team, has returned — or maybe it was never gone at all.](https://securityaffairs.com/183913/apt/memento-labs-the-ghost-of-hacking-team-has-returned-or-maybe-it-was-never-gone-at-all.html) [Crafted URLs can trick OpenAI Atlas into running dangerous commands](https://securityaffairs.com/183900/hacking/crafted-urls-can-trick-openai-atlas-into-running-dangerous-commands.html) [Linux variant of Qilin Ransomware targets Windows via remote management tools and BYOVD](https://securityaffairs.com/183891/malware/linux-variant-of-qilin-ransomware-targets-windows-via-remote-management-tools-and-byovd.html) [Wordfence blocks 8.7M attacks exploiting old GutenKit and Hunk Companion flaws](https://securityaffairs.com/183876/uncategorized/wordfence-blocks-8-7m-attacks-exploiting-old-gutenkit-and-hunk-companion-flaws.html) [Safepay ransomware group claims the hack of professional video surveillance provider Xortec](https://securityaffairs.com/183868/malware/safepay-ransomware-group-claims-the-hack-of-professional-video-surveillance-provider-xortec.html)**International Press — Newsletter****Cybercrime**[Insider Threats Loom while Ransom Payment Rates Plummet](https://www.coveware.com/blog/2025/10/24/insider-threats-loom-while-ransom-payment-rates-plummet)[FBI says card shuffling machines were hacked as part of major illegal gambling schemes](https://www.npr.org/2025/10/24/nx-s1-5585087/fbi-says-card-shuffling-machines-were-hacked-as-part-of-major-illegal-gambling-schemes)[Sweden’s power grid operator confirms data breach claimed by ransomware gang](https://therecord.media/sweden-power-grid-operator-data)[ASERT Threat Summary: Aisuru and Related TurboMirai Botnet DDoS Attack Mitigation and Suppression—October 2025—v1.0](https://www.netscout.com/blog/asert/asert-threat-summary-aisuru-and-related-turbomirai-botnet-ddos)[Former General Manager for U.S. Defense Contractor Pleads Guilty to Selling Stolen Trade Secrets to Russian Broker](https://www.justice.gov/opa/pr/former-general-manager-us-defense-contractor-pleads-guilty-selling-stolen-trade-secrets)[NCSC Annual Review 2025](https://www.ncsc.gov.uk/collection/ncsc-annual-review-2025)[CISA: High-severity Linux flaw now exploited by ransomware gangs](https://www.bleepingcomputer.com/news/security/cisa-linux-privilege-escalation-flaw-now-exploited-in-ransomware-attacks/)[Ukrainian National Extradited from Ireland in Connection with Conti Ransomware](https://www.justice.gov/opa/pr/ukrainian-national-extradited-ireland-connection-conti-ransomware)[Silent Push Unearths AdaptixC2’s Ties to Russian Criminal Underworld, Tracks Threat Actors Harnessing Open-Source Tool for Malicious Payloads](https://www.silentpush.com/blog/adaptix-c2/) [Hackers threaten to leak data after breaching University of Pennsylvania to send mass emails](https://techcrunch.com/2025/10/31/hackers-threaten-to-leak-data-after-breaching-university-of-pennsylvania-to-send-mass-emails/)**Malware**[Agenda Ransomware Deploys Linux Variant on Windows Systems Through Remote Management Tools and BYOVD Techniques](https://www.trendmicro.com/en_us/research/25/j/agenda-ransomware-deploys-linux-variant-on-windows-systems.html)[Meet Atroposia: The Stealthy Feature-Packed RAT](https://www.varonis.com/blog/atroposia-rat)[New Android Malware Herodotus Mimics Human Behaviour to Evade Detection](https://www.threatfabric.com/blogs/new-android-malware-herodotus-mimics-human-behaviour-to-evade-detection)[10 npm Typosquatted Packages Deploy Multi-Stage Credential Harvester](https://socket.dev/blog/10-npm-typosquatted-packages-deploy-credential-harvester)[PhantomRaven: NPM Malware Hidden in Invisible Dependencies](https://www.koi.ai/blog/phantomraven-npm-malware-hidden-in-invisible-dependencies)**Hacking**[Mass Exploit Campaign Targeting Arbitrary Plugin Installation Vulnerabilities](https://www.wordfence.com/blog/2025/10/mass-exploit-campaign-targeting-arbitrary-plugin-installation-vulnerabilities/)[CoPhish: Using Microsoft Copilot Studio as a wrapper for OAuth phishing](https://securitylabs.datadoghq.com/articles/cophish-using-microsoft-copilot-studio-as-a-wrapper/)[OpenAI Atlas Omnibox Prompt Injection: URLs That Become Jailbreaks](https://neuraltrust.ai/blog/openai-atlas-omnibox-prompt-injection)[AI Sidebar Spoofing: Malicious Extensions Impersonates AI Browser Interface](https://labs.sqrx.com/ai-sidebar-spoofing-720e0c91d290)[Unseeable prompt injections in screenshots: more vulnerabilities in Comet and other AI browsers](https://brave.com/blog/unseeable-prompt-injections/)[‘ChatGPT Tainted Memories:’ LayerX Discovers The First Vulnerability in OpenAI Atlas Browser, Allowing Injection of Malicious Instructions into ChatGPT](https://layerxsecurity.com/blog/layerx-identifies-vulnerability-in-new-chatgpt-atlas-browser/)[Internet-accessible industrial control systems (ICS) abused by hacktivists](https://www.cyber.gc.ca/en/alerts-advisories/al25-016-internet-accessible-industrial-control-systems-ics-abused-hacktivists)[TEE.fail: Breaking Trusted Execution Environments via DDR5 Memory Bus Interposition](https://tee.fail)[Don’t take BADCANDY from strangers — How your devices could be implanted and what to do about it](https://www.cyber.gov.au/about-us/view-all-content/alerts-and-advisories/badcandy)**Intelligence and Information Warfare**[Mem3nt0 mori — The Hacking Team is back!](https://securelist.com/forumtroll-apt-hacking-team-dante-spyware/117851/)[Ukrainian organizations still heavily targeted by Russian attacks](https://www.security.com/blog-post/ukraine-russia-attacks)[Crypto wasted: BlueNoroff’s ghost mirage of funding and jobs](https://securelist.com/bluenoroff-apt-campaigns-ghostcall-and-ghosthire/117842/)[US accuses former L3Harris cyber boss of stealing and selling secrets to Russian buyer](https://techcrunch.com/2025/10/23/u-s-government-accuses-former-l3harris-cyber-boss-of-stealing-trade-secrets/)[Major US Telecom Backbone Firm Hacked by Nation-State Actors](https://www.securityweek.com/major-us-telecom-backbone-firm-hacked-by-nation-state-actors/)[UNC6384 Weaponizes ZDI-CAN-25373 Vulnerability to Deploy PlugX Against Hungarian and Belgian Diplomatic Entities](https://arcticwolf.com/resources/blog/unc6384-weaponizes-zdi-can-25373-vulnerability-to-deploy-plugx/)[CN APT targets Serbian Government](https://strikeready.com/blog/cn-apt-targets-serbian-government/)[Suspected Nation-State Threat Actor Uses New Airstalk Malware in a Supply Chain Attack](https://unit42.paloaltonetworks.com/new-windows-based-malware-family-airstalk/)[Is Space the Final Frontier of Espionage?](https://lithub.com/is-space-the-final-frontier-of-espionage/)[China-Linked Tick Group Exploits Lanscope Zero-Day to Hijack Corporate Systems](https://thehackernews.com/2025/10/china-linked-tick-group-exploits.html)**Cybersecurity**[X Warns Users With Security Keys to Re-Enroll Before November 10 to Avoid Lockouts](https://thehackernews.com/2025/10/x-warns-users-with-security-keys-to-re.html)[iOS 26 update erases critical trace files used to identify Pegasus intrusions](https://cybernews.com/news/apple-iphone-forensic-trace-pegasus-iverify/)[Merkle data hit as Dentsu is rocked by ‘security incident’](https://www.decisionmarketing.co.uk/news/merkle-data-hit-as-dentsu-is-rocked-by-security-incident)[EY Data Leak — Massive 4TB SQL Server Backup Exposed Publicly on Microsoft Azure](https://cybersecuritynews.com/ey-data-leak/)[Security Community Slams MIT-linked Report Claiming AI Powers 80% of Ransomware](https://socket.dev/blog/security-community-slams-mit-linked-report-claiming-ai-powers-80-of-ransomware)[How Android provides the most effective protection to keep you safe from mobile scams](https://security.googleblog.com/2025/10/how-android-protects-you-from-scams.html)Follow me on Twitter: [@securityaffairs](https://twitter.com/securityaffairs) and [Facebook](https://www.facebook.com/sec.affairs) and [Mastodon](https://infosec.exchange/@securityaffairs)[Pierluigi Paganini](http://www.linkedin.com/pub/pierluigi-paganini/b/742/559)([SecurityAffairs](http://securityaffairs.co/wordpress/) — hacking, newsletter)
Related Tags:
ControlX
CHROMIUM
Charcoal Typhoon
NAICS: 54 – Professional
Scientific
Technical Services
NAICS: 334 – Computer And Electronic Product Manufacturing
NAICS: 517 – Telecommunications
NAICS: 541 – Professional
Scientific
Technical Services
NAICS: 518 – Computing Infrastructure Providers
Data Processing
Web Hosting
Related Services
NAICS: 92 – Public Administration
Associated Indicators:
null