A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box.———————————————————————————————————————————————————–Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.[The FBI warns that Scattered Spider is now targeting the airline sector](https://securityaffairs.com/179413/cyber-crime/the-fbi-warns-that-scattered-spider-is-now-targeting-the-airline-sector.html) [LapDogs: China-nexus hackers Hijack 1,000+ SOHO devices for espionage](https://securityaffairs.com/179406/malware/lapdogs-china-nexus-hackers-hijack-1000-soho-devices-for-espionage.html) [Taking over millions of developers exploiting an Open VSX Registry flaw](https://securityaffairs.com/179398/hacking/taking-over-millions-of-developers-exploiting-an-open-vsx-registry-flaw.html) [OneClik APT campaign targets energy sector with stealthy backdoors](https://securityaffairs.com/179388/hacking/oneclik-apt-campaign-targets-energy-sector-with-stealthy-backdoors.html) [APT42 impersonates cyber professionals to phish Israeli academics and journalists](https://securityaffairs.com/179372/apt/apt42-impersonates-cyber-professionals-to-phish-israeli-academics-and-journalists.html) [Kai West, aka IntelBroker, indicted for cyberattacks causing $25M in damages](https://securityaffairs.com/179367/cyber-crime/kai-west-aka-intelbroker-indicted-for-cyberattacks-causing-25m-in-damages.html) [Cisco fixed critical ISE flaws allowing Root-level remote code execution](https://securityaffairs.com/179362/security/cisco-fixed-critical-ise-flaws-allowing-root-level-rce.html) [U.S. CISA adds AMI MegaRAC SPx, D-Link DIR-859 routers, and Fortinet FortiOS flaws to its Known Exploited Vulnerabilities catalog](https://securityaffairs.com/179354/security/u-s-cisa-adds-ami-megarac-spx-d-link-dir-859-routers-and-fortinet-fortios-flaws-to-its-known-exploited-vulnerabilities-catalog.html) [CitrixBleed 2: The nightmare that echoes the ‘CitrixBleed’ flaw in Citrix NetScaler devices](https://securityaffairs.com/179339/hacking/citrixbleed-2-the-nightmare-that-echoes-the-citrixbleed-flaw-in-netscaler-devices.html) [Hackers deploy fake SonicWall VPN App to steal corporate credentials](https://securityaffairs.com/179332/hacking/hackers-deploy-fake-sonicwall-vpn-app-to-steal-corporate-credentials.html) [Mainline Health Systems data breach impacted over 100,000 individuals](https://securityaffairs.com/179322/data-breach/mainline-health-systems-disclosed-a-data-breach.html) [Disrupting the operations of cryptocurrency mining botnets](https://securityaffairs.com/179310/malware/disrupting-operations-of-cryptocurrency-mining-botnets.html) [Prometei botnet activity has surged since March 2025](https://securityaffairs.com/179303/cyber-crime/prometei-botnet-activity-has-surged-since-march-2025.html) [The U.S. House banned WhatsApp on government devices due to security concerns](https://securityaffairs.com/179297/mobile-2/us-house-banned-whatsapp-on-government-devices.html) [Russia-linked APT28 use Signal chats to target Ukraine official with malware](https://securityaffairs.com/179288/apt/russia-linked-apt28-use-signal-chats-to-target-ukraine-official-with-malware.html) [China-linked APT Salt Typhoon targets Canadian Telecom companies](https://securityaffairs.com/179278/apt/china-linked-apt-salt-typhoon-targets-canadian-telecom-companies.html) [U.S. warns of incoming cyber threats following Iran airstrikes](https://securityaffairs.com/179266/cyber-warfare-2/u-s-warns-of-incoming-cyber-threats-following-iran-airstrikes.html) [McLaren Health Care data breach impacted over 743,000 people](https://securityaffairs.com/179259/data-breach/mclaren-health-care-data-breach-impacted-over-743000-people.html) [The financial impact of Marks -& Spencer and Co-op cyberattacks could reach £440M](https://securityaffairs.com/179225/cyber-crime/the-financial-impact-of-marks-spencer-and-co-op-cyberattacks-could-reach-440m.html) [Iran-Linked Threat Actors Cyber Fattah Leak Visitors and Athletes’ Data from Saudi Games](https://securityaffairs.com/179239/cyber-warfare-2/iran-linked-threat-actors-cyber-fattah-leak-visitors-and-athletes-data-from-saudi-games.html) [Qilin ransomware gang now offers a ‘Call Lawyer’ feature to pressure victims](https://securityaffairs.com/179205/breaking-news/qilin-ransomware-gang-now-offers-a-call-lawyer-feature.html) [Iran-Linked Threat Actors Cyber Fattah Leak Visitors and Athletes’ Data from Saudi Games](https://securityaffairs.com/179239/cyber-warfare-2/iran-linked-threat-actors-cyber-fattah-leak-visitors-and-athletes-data-from-saudi-games.html) [Qilin ransomware gang now offers a ‘Call Lawyer’ feature to pressure victims](https://securityaffairs.com/179205/breaking-news/qilin-ransomware-gang-now-offers-a-call-lawyer-feature.html)**International Press — Newsletter****Cybercrime**[Lessons from Qilin: What the Industry’s Most Efficient Ransomware Teaches Us](https://blog.qualys.com/vulnerabilities-threat-research/2025/06/18/qilin-ransomware-explained-threats-risks-defenses)[A look at ‘Tinker,’ Black Basta’s phishing fixer, negotiator](https://intel471.com/blog/a-look-at-tinker-black-bastas-phishing-fixer-negotiator)[Four more defendants in REvil hacker case sentenced in St. Petersburg](https://tass.ru/proisshestviya/24328083)[Anthropic study: Leading AI models show up to 96% blackmail rate against executives](https://venturebeat.com/ai/anthropic-study-leading-ai-models-show-up-to-96-blackmail-rate-against-executives/)[Serial Hacker ‘IntelBroker’ Charged For Causing $25 Million In Damages To Victims](https://www.justice.gov/usao-sdny/pr/serial-hacker-intelbroker-charged-causing-25-million-damages-victims)[Police arrest five high-profile French hackers behind a notorious data theft forum](https://www.leparisien.fr/high-tech/la-police-interpelle-cinq-hackers-francais-de-haut-vol-derriere-un-celebre-forum-de-vol-de-donnees-25-06-2025-QJTPFTDPQZAP7B25MF24YLHU6E.php)[Cybercriminals Abuse Open-Source Tools To Target Africa’s Financial Sector](https://unit42.paloaltonetworks.com/cybercriminals-attack-financial-sector-across-africa/)[FBI Warns of Scattered Spider’s Expanding Attacks on Airlines Using Social Engineering](https://thehackernews.com/2025/06/fbi-warns-of-scattered-spiders.html)**Malware**[Ransomware Gangs Collapse as Qilin Seizes Control](https://www.cybereason.com/blog/threat-alert-qilin-seizes-control)[Dissecting a Python Ransomware distributed through GitHub repositories](https://www.tinextacyber.com/dissecting-a-python-ransomware/)[Resurgence of the Prometei Botnet](https://unit42.paloaltonetworks.com/prometei-botnet-2025-activity/)[ConnectUnwise: Threat actors abuse ConnectWise as builder for signed malware](https://www.gdatasoftware.com/blog/2025/06/38218-connectwise-abuse-malware)[GIFTEDCROOK’s Strategic Pivot: From Browser Stealer to Data Exfiltration Platform During Critical Ukraine Negotiations](https://arcticwolf.com/resources/blog/giftedcrook-strategic-pivot-from-browser-stealer-to-data-exfiltration-platform/)**Hacking**[FreeType Zero-Day Found by Meta Exploited in Paragon Spyware Attacks](https://www.securityweek.com/freetype-zero-day-found-by-meta-exploited-in-paragon-spyware-attacks/)[CoinMarketCap briefly hacked to drain crypto wallets via fake Web3 popup](https://www.bleepingcomputer.com/news/security/coinmarketcap-briefly-hacked-to-drain-crypto-wallets-via-fake-web3-popup/)[Echo Chamber: A Context-Poisoning Jailbreak That Bypasses LLM Guardrails](https://neuraltrust.ai/blog/echo-chamber-context-poisoning-jailbreak)[Cryptominers’ Anatomy: Shutting Down Mining Botnets](https://www.akamai.com/blog/security-research/cryptominers-anatomy-shutting-down-mining-botnets)[CitrixBleed 2: Electric Boogaloo — CVE-2025–5777](https://doublepulsar.com/citrixbleed-2-electric-boogaloo-cve-2025-5777-c7f5e349d206)[4 Powerful Applications of IDALib: Headless IDA in Action](https://hex-rays.com/blog/4-powerful-applications-of-idalib-headless-ida-in-action)[Marketplace Takeover: How We Could’ve Taken Over Every Developer Using a VSCode Fork; Putting Millions at Risk](https://blog.koi.security/marketplace-takeover-how-we-couldve-taken-over-every-developer-using-a-vscode-fork-f0f8cf104d44)[New FileFix Method Emerges as a Threat Following 517% Rise in ClickFix Attacks](https://thehackernews.com/2025/06/new-filefix-method-emerges-as-threat.html)**Intelligence and Information Warfare**[Iran-Linked Threat Actors Leak Visitors and Athletes’ Data from Saudi Games](https://www.resecurity.com/blog/article/iran-linked-threat-actors-leak-visitors-and-athletes-data-from-saudi-games)[Iran — Summary of the Threat to the United States](https://www.dhs.gov/ntas/advisory/national-terrorism-advisory-system-bulletin-june-22-2025)[PRC cyber actors target telecommunications companies as part of a global cyberespionage campaign](https://www.cyber.gc.ca/en/guidance/cyber-threat-bulletin-prc-cyber-actors-target-telecommunications-companies-global-cyberespionage-campaign)[SadFuture: Mapping XDSpy latest evolution](https://harfanglab.io/insidethelab/sadfuture-xdspy-latest-evolution/)[Another Wave: North Korean Contagious Interview Campaign Drops 35 New Malicious npm Packages](https://socket.dev/blog/north-korean-contagious-interview-campaign-drops-35-new-malicious-npm-packages)[How Cyber Warfare Changes the Face of Geopolitical Conflict](https://www.darkreading.com/cyberattacks-data-breaches/cyberwarfare-changes-geopolitical-conflict)[UAC-0001 (APT28) Cyber Attacks on Government Agencies Using BEARDSHELL and COVENANT](https://cert.gov.ua/article/6284080)[Iranian Educated Manticore Targets Leading Tech Academics](https://research.checkpoint.com/2025/iranian-educated-manticore-targets-leading-tech-academics/)[OneClik: A ClickOnce-Based APT Campaign Targeting Energy, Oil and Gas Infrastructure](https://www.trellix.com/blogs/research/oneclik-a-clickonce-based-apt-campaign-targeting-energy-oil-and-gas-infrastructure/)[Hive0154 aka Mustang Panda shifts focus on Tibetan community to deploy Pubload backdoor](https://www.ibm.com/think/x-force/hive0154-mustang-panda-shifts-focus-tibetan-community-deploy-pubload-backdoor)[DeepSeek Deception: Sainbox RAT -& Hidden Rootkit Delivery](https://www.netskope.com/blog/deepseek-deception-sainbox-rat-hidden-rootkit-delivery)[Analysis of the latest attack activities of APT-C-06 (DarkHotel) using BYOVD technology](https://mp.weixin.qq.com/s/m2G9oLHv504HJDW8mB5rDA)[Taiwan Strait hotspot bait! Wangci organization combines 0day and ClickOnce technology to carry out espionage activities](https://mp.weixin.qq.com/s?__biz=MzI2MDc2MDA4OA==&mid=2247515203&idx=1&sn=aa65a6a18fdb558e811f8b9c1010a23c&poc_token=HHmVXmij6Y-0Wxq6JrV4j7RzrF0yceAstuJsjgU8)[Unmasking A New China-Linked Covert ORB Network: Inside the LapDogs Campaign](https://securityscorecard.com/blog/unmasking-a-new-china-linked-covert-orb-network-inside-the-lapdogs-campaign/)**Cybersecurity**[Cyber Monitoring Centre Statement on Ransomware Incidents in the Retail Sector — June 2025](https://cybermonitoringcentre.com/2025/06/20/cyber-monitoring-centre-statement-on-ransomware-incidents-in-the-retail-sector-june-2025/)[743,000 Impacted by McLaren Health Care Data Breach](https://www.securityweek.com/743000-impacted-by-mclaren-health-care-data-breach/)[Scoop: WhatsApp banned on House staffers’ devices](https://www.axios.com/2025/06/23/whatsapp-house-congress-staffers-messaging-app)[Leaking Secrets in the Age of AI](https://www.wiz.io/blog/leaking-ai-secrets-in-public-code)[OpenAI May Have Screwed Up So Badly That Its Entire Future Is Under Threat](https://futurism.com/the-byte/openai-microsoft-future) [](https://www.securityweek.com/bipartisan-bill-aims-to-block-chinese-ai-from-federal-agencies/)[Bipartisan Bill Aims to Block Chinese AI From Federal Agencies](https://www.securityweek.com/bipartisan-bill-aims-to-block-chinese-ai-from-federal-agencies/)[ESET Threat Report H1 2025](https://www.welivesecurity.com/en/eset-research/eset-threat-report-h1-2025/)Follow me on Twitter: [@securityaffairs](https://twitter.com/securityaffairs) and [Facebook](https://www.facebook.com/sec.affairs) and [Mastodon](https://infosec.exchange/@securityaffairs)[Pierluigi Paganini](http://www.linkedin.com/pub/pierluigi-paganini/b/742/559)([SecurityAffairs](http://securityaffairs.co/wordpress/) — hacking, newsletter)
Related Tags:
Salt Typhoon
GruesomeLarch
Covenant
Zigzag Hail
Storm-0875
Octo Tempest
FROZENLAKE
Forest Blizzard
NAICS: 48 – Transportation
Associated Indicators: