A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box.———————————————————————————————————————————————————–Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.[Law enforcement operations seized BlackSuit ransomware gang’s darknet sites](https://securityaffairs.com/180409/cyber-crime/law-enforcement-operations-seized-blacksuit-ransomware-gangs-darknet-sites.html) [Arizona woman sentenced for aiding North Korea in U.S. IT job fraud scheme](https://securityaffairs.com/180398/intelligence/arizona-woman-sentenced-for-aiding-north-korea-in-u-s-it-job-fraud-scheme.html) [Operation CargoTalon targets Russia’s aerospace with EAGLET malware,](https://securityaffairs.com/180378/intelligence/operation-cargotalon-targets-russias-aerospace-with-eaglet-malware.html) [Unpatched flaw in EoL LG LNV5110R cameras lets hackers gain Admin access](https://securityaffairs.com/180368/security/unpatched-flaw-in-eol-lg-lnv5110r-cameras-lets-hackers-gain-admin-access.html) [Koske, a new AI-Generated Linux malware appears in the threat landscape](https://securityaffairs.com/180355/malware/koske-a-new-ai-generated-linux-malware-appears-in-the-threat-landscape.html) [Mitel patches critical MiVoice MX-ONE Auth bypass flaw](https://securityaffairs.com/180345/security/mitel-patches-critical-mivoice-mx-one-auth-bypass-flaw.html) [Coyote malware is first-ever malware abusing Windows UI Automation](https://securityaffairs.com/180334/malware/coyote-malware-is-first-ever-malware-abusing-windows-ui-automation.html) [SonicWall fixed critical flaw in SMA 100 devices exploited in Overstep malware attacks](https://securityaffairs.com/180328/security/sonicwall-fixed-critical-flaw-in-sma-100-devices-exploited-in-overstep-malware-attacks.html) [DSPM -& AI Are Booming: $17.87B and $4.8T Markets by 2033](https://securityaffairs.com/180322/security/dspm-ai-are-booming-17-87b-and-4-8t-markets-by-2033.html) [Stealth backdoor found in WordPress mu-Plugins folder](https://securityaffairs.com/180311/malware/stealth-backdoor-found-in-wordpress-mu-plugins-folder.html) [U.S. CISA adds CrushFTP, Google Chromium, and SysAid flaws to its Known Exploited Vulnerabilities catalog](https://securityaffairs.com/180293/hacking/u-s-cisa-adds-crushftp-google-chromium-and-sysaid-flaws-to-its-known-exploited-vulnerabilities-catalog.html) [U.S. CISA urges FCEB agencies to fix two Microsoft SharePoint flaws immediately and added them to its Known Exploited Vulnerabilities catalog](https://securityaffairs.com/180301/hacking/u-s-cisa-adds-two-microsoft-sharepoint-flaws-to-its-known-exploited-vulnerabilities-catalog.html) [Sophos fixed two critical Sophos Firewall vulnerabilities](https://securityaffairs.com/180283/security/sophos-addressed-five-sophos-firewall-vulnerabilities.html) [French Authorities confirm XSS.is admin arrested in Ukraine](https://securityaffairs.com/180278/cyber-crime/french-authorities-confirm-xss-is-admin-arrested-in-ukraine.html) [Microsoft linked attacks on SharePoint flaws to China-nexus actors](https://securityaffairs.com/180267/apt/microsoft-linked-attacks-on-sharepoint-flaws-to-china-nexus-actors.html) [Cisco confirms active exploitation of ISE and ISE-PIC flaws](https://securityaffairs.com/180260/hacking/cisco-confirms-active-exploitation-of-ise-and-ise-pic-flaws.html) [SharePoint under fire: new ToolShell attacks target enterprises](https://securityaffairs.com/180252/hacking/sharepoint-under-fire-new-toolshell-attacks-target-enterprises.html) [CrushFTP zero-day actively exploited at least since July 18](https://securityaffairs.com/180244/hacking/crushftp-zero-day-actively-exploited-at-least-since-july-18.html) [Hardcoded credentials found in HPE Aruba Instant On Wi-Fi devices](https://securityaffairs.com/180230/security/hardcoded-credentials-hpe-aruba-instant-on-wi-fi-devices.html) [MuddyWater deploys new DCHSpy variants amid Iran-Israel conflict](https://securityaffairs.com/180220/apt/muddywater-deploys-new-dchspy-variants-amid-iran-israel-conflict.html) [U.S. CISA urges to immediately patch Microsoft SharePoint flaw adding it to its Known Exploited Vulnerabilities catalog](https://securityaffairs.com/180211/hacking/u-s-cisa-urges-to-immediately-patch-microsoft-sharepoint-flaw-adding-it-to-its-known-exploited-vulnerabilities-catalog.html) [Microsoft issues emergency patches for SharePoint zero-days exploited in ‘ToolShell’ attacks](https://securityaffairs.com/180197/hacking/microsoft-issues-emergency-patches-for-sharepoint-zero-days-exploited-in-toolshell-attacks.html) [SharePoint zero-day CVE-2025-53770 actively exploited in the wild](https://securityaffairs.com/180182/hacking/sharepoint-zero-day-cve-2025-53770-actively-exploited-in-the-wild.html) [Singapore warns China-linked group UNC3886 targets its critical infrastructure](https://securityaffairs.com/180179/uncategorized/singapore-warns-china-linked-group-unc3886-targets-its-critical-infrastructure.html) [U.S. CISA adds Fortinet FortiWeb flaw to its Known Exploited Vulnerabilities catalog](https://securityaffairs.com/180162/hacking/u-s-cisa-adds-fortinet-fortiweb-flaw-to-its-known-exploited-vulnerabilities-catalog.html) [Radiology Associates of Richmond data breach impacts 1.4 million people](https://securityaffairs.com/180128/data-breach/radiology-associates-of-richmond-data-breach-impacts-1-4-million-people.html)**International Press — Newsletter****Cybercrime**[At Least 750 US Hospitals Faced Disruptions During Last Year’s CrowdStrike Outage, Study Finds](https://www.wired.com/story/at-least-750-us-hospitals-faced-disruptions-during-last-years-crowdstrike-outage-study-finds/)[Key figure behind major Russian-speaking cybercrime forum targeted in Ukraine](https://www.europol.europa.eu/media-press/newsroom/news/key-figure-behind-major-russian-speaking-cybercrime-forum-targeted-in-ukraine)[UK student jailed for selling phishing kits linked to £100m of fraud](https://www.theguardian.com/technology/2025/jul/24/canterbury-student-phishing-kits-jailed-fraudsters)[A Spike in the Desert: How GreyNoise Uncovered a Global Pattern of VOIP-Based Telnet Attacks](https://www.greynoise.io/blog/how-greynoise-uncovered-global-pattern-voip-based-telnet-attacks)[Arizona Woman Sentenced in $17M IT Worker Fraud Scheme That Illegally Generated Revenue for North Korea](https://www.justice.gov/usao-dc/pr/arizona-woman-sentenced-17m-it-worker-fraud-scheme-illegally-generated-revenue-north)[BlackSuit ransomware gang’s darknet websites seized by police](https://therecord.media/blacksuit-ransomware-gang-website-takedown)[Hackers are trying to steal passwords and sensitive data from users of Signal clone](https://techcrunch.com/2025/07/17/hackers-are-trying-to-steal-passwords-and-sensitive-data-from-users-of-signal-clone/)[Aptly Named: How the Leakzone Exposed Access Logs](https://www.upguard.com/breaches/leakzone-net)[Phishers Target Aviation Execs to Scam Customers](https://krebsonsecurity.com/2025/07/phishers-target-aviation-execs-to-scam-customers/)**Malware**[Uncovering a Stealthy WordPress Backdoor in mu-plugins](https://blog.sucuri.net/2025/07/uncovering-a-stealthy-wordpress-backdoor-in-mu-plugins.html)[NPM package ‘is’ with 2.8M weekly downloads infected devs with malware](https://www.bleepingcomputer.com/news/security/npm-package-is-with-28m-weekly-downloads-infected-devs-with-malware/)[Coyote in the Wild: First-Ever Malware That Abuses UI Automation](https://www.akamai.com/blog/security-research/active-exploitation-coyote-malware-first-ui-automation-abuse-in-the-wild)[AI-Generated Malware in Panda Image Hides Persistent Linux Threat](https://www.aquasec.com/blog/ai-generated-malware-in-panda-image-hides-persistent-linux-threat/)[Toptal’s GitHub Organization Hijacked: 10 Malicious Packages Published](https://socket.dev/blog/toptal-s-github-organization-hijacked-10-malicious-packages-published)**Hacking**[SharePoint Under Siege: from SOC triage to new 0-day](https://research.eye.security/sharepoint-under-siege/)[CVE-2025-54309: CrushFTP Zero-Day Exploited in the Wild](https://www.rapid7.com/blog/post/crushftp-zero-day-exploited-in-the-wild/)[Cisco Confirms Active Exploits Targeting ISE Flaws Enabling Unauthenticated Root Access](https://thehackernews.com/2025/07/cisco-confirms-active-exploits.html)[Fire Ant Exploits VMware Flaws to Compromise ESXi Hosts and vCenter Environments](https://thehackernews.com/2025/07/fire-ant-exploits-vmware-flaw-to.html)**Intelligence and Information Warfare**[What is UNC3886, the group that attacked Singapore’s critical information infrastructure?](https://www.straitstimes.com/singapore/who-is-unc3886-the-group-that-attacked-spores-critical-information-infrastructure)[Lookout Discovers Iranian APT MuddyWater Leveraging DCHSpy During Israel-Iran Conflict](https://www.lookout.com/threat-intelligence/article/lookout-discovers-iranian-dchsy-surveillanceware)[The SOC files: Rumble in the jungle or APT41’s new target in Africa](https://securelist.com/apt41-in-africa/116986/)[SharePoint ToolShell -| Zero-Day Exploited in-the-Wild Targets Enterprise Servers](https://www.sentinelone.com/blog/sharepoint-toolshell-zero-day-exploited-in-the-wild-targets-enterprise-servers/)[Disrupting active exploitation of on-premises SharePoint vulnerabilities](https://www.microsoft.com/en-us/security/blog/2025/07/22/disrupting-active-exploitation-of-on-premises-sharepoint-vulnerabilities/)[Profile: GRU cyber and hybrid threat operations](https://www.gov.uk/government/publications/profile-gru-cyber-and-hybrid-threat-operations/profile-gru-cyber-and-hybrid-threat-operations#grus-established-structures-conducting-cyber-operations)[Operation CargoTalon : UNG0901 Targets Russian Aerospace -& Defense Sector using EAGLET implant](https://www.seqrite.com/blog/operation-cargotalon-ung0901-targets-russian-aerospace-defense-sector-using-eaglet-implant/)[Apple alerted Iranians to iPhone spyware attacks, say researchers](https://techcrunch.com/2025/07/22/apple-alerted-iranians-to-iphone-spyware-attacks-say-researchers/)**Cybersecurity**[Most cybersecurity risk comes from just 10% of employees](https://www.helpnetsecurity.com/2025/07/16/human-cybersecurity-risk-employees/)[HPE warns of hardcoded passwords in Aruba access points](https://www.bleepingcomputer.com/news/security/hpe-warns-of-hardcoded-passwords-in-aruba-access-points/)[](https://www.securityweek.com/should-we-trust-ai-three-approaches-to-ai-fallibility/)[Should We Trust AI? Three Approaches to AI Fallibility](https://www.securityweek.com/should-we-trust-ai-three-approaches-to-ai-fallibility/)[No Patch for Flaw Exposing Hundreds of LG Cameras to Remote Hacking](https://www.securityweek.com/no-patch-for-flaw-exposing-hundreds-of-lg-cameras-to-remote-hacking/) [](https://www.securityweek.com/uks-ransomware-payment-ban-bold-strategy-or-dangerous-gamble/)[UK’s Ransomware Payment Ban: Bold Strategy or Dangerous Gamble?](https://www.securityweek.com/uks-ransomware-payment-ban-bold-strategy-or-dangerous-gamble/)[Allianz Life says ‘majority’ of customers’ personal data stolen in cyberattack](https://techcrunch.com/2025/07/26/allianz-life-says-majority-of-customers-personal-data-stolen-in-cyberattack/)[Google took a month to shut down Catwatchful, a phone spyware operation hosted on its servers](https://techcrunch.com/2025/07/25/google-took-a-month-to-shut-down-catwatchful-a-phone-spyware-operation-hosted-on-its-servers/)[Clorox accuses IT provider in lawsuit of giving hackers employee passwords](https://www.reuters.com/legal/government/clorox-accuses-it-provider-lawsuit-giving-hackers-employee-passwords-2025-07-22/)Follow me on Twitter: [@securityaffairs](https://twitter.com/securityaffairs) and [Facebook](https://www.facebook.com/sec.affairs) and [Mastodon](https://infosec.exchange/@securityaffairs)[Pierluigi Paganini](http://www.linkedin.com/pub/pierluigi-paganini/b/742/559)([SecurityAffairs](http://securityaffairs.co/wordpress/) — hacking, newsletter)
Related Tags:
CVE-2025-54309
ControlX
CHROMIUM
Charcoal Typhoon
Mango Sandstorm
TA450
NAICS: 54 – Professional
Scientific
Technical Services
NAICS: 334 – Computer And Electronic Product Manufacturing
NAICS: 517 – Telecommunications
Associated Indicators:
null