A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box.———————————————————————————————————————————————————–Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.[New Linux backdoor Plague bypasses auth via malicious PAM module](https://securityaffairs.com/180701/malware/new-linux-backdoor-plague-bypasses-auth-via-malicious-pam-module.html) [China Presses Nvidia Over Alleged Backdoors in H20 Chips Amid Tech Tensions](https://securityaffairs.com/180694/intelligence/china-presses-nvidia-over-alleged-backdoors-in-h20-chips-amid-tech-tensions.html) [Malicious AI-generated npm package hits Solana users](https://securityaffairs.com/180680/malware/malicious-ai-generated-npm-package-hits-solana-users.html) [Meta Offers $1M bounty at Pwn2Own Ireland 2025 for WhatsApp exploits](https://securityaffairs.com/180668/hacking/meta-offers-1m-bounty-at-pwn2own-ireland-2025-for-whatsapp-exploits.html) [ToolShell under siege: Check Point analyzes Chinese APT Storm-2603](https://securityaffairs.com/180657/apt/toolshell-under-siege-check-point-analyzes-chinese-apt-storm-2603.html) [CISA released Thorium platform to support malware and forensic analysis](https://securityaffairs.com/180649/cyber-crime/cisa-released-thorium-platform-to-support-malware-and-forensic-analysis.html) [Russia-linked APT Secret Blizzard targets foreign embassies in Moscow with ApolloShadow malware](https://securityaffairs.com/180638/apt/russia-linked-apt-secret-blizzard-targets-foreign-embassies-in-moscow-with-apolloshadow-malware.html) [Attackers actively exploit critical zero-day in Alone WordPress Theme](https://securityaffairs.com/180630/hacking/attackers-actively-exploit-critical-zero-day-in-alone-wordpress-theme.html) [Dahua Camera flaws allow remote hacking. Update firmware now](https://securityaffairs.com/180602/hacking/dahua-camera-flaws-allow-remote-hacking-update-firmware-now.html) [Researchers released a decryptor for the FunkSec ransomware](https://securityaffairs.com/180616/malware/researchers-released-a-decryptor-for-the-funksec-ransomware.html) [Apple fixed a zero-day exploited in attacks against Google Chrome users](https://securityaffairs.com/180595/security/apple-fixed-a-zero-day-exploited-in-attacks-against-google-chrome-users.html) [PyPI maintainers alert users to email verification phishing attack](https://securityaffairs.com/180585/hacking/pypi-maintainers-alert-users-to-email-verification-phishing-attack.html) [FBI seizes 20 BTC from Chaos Ransomware affiliate targeting Texas firms](https://securityaffairs.com/180578/cyber-crime/fbi-seizes-20-btc-from-chaos-ransomware-affiliate.html) [Critical SAP flaw exploited to launch Auto-Color Malware attack on U.S. company](https://securityaffairs.com/180562/malware/critical-sap-flaw-exploited-to-launch-auto-color-malware-attack-on-u-s-company.html) [Orange reports major cyberattack, warns of service disruptions](https://securityaffairs.com/180552/security/orange-reports-major-cyberattack-warns-of-service-disruptions.html) [Hackers leak images and comments from women dating safety app Tea](https://securityaffairs.com/180539/data-breach/hackers-leak-images-and-comments-from-women-dating-safety-app-tea.html) [Pro-Ukraine hacktivists claim cyberattack on Russian Airline Aeroflot that caused the cancellation of +100 flights](https://securityaffairs.com/180521/hacktivism/pro-ukraine-hacktivists-claim-cyberattack-on-russian-airline-aeroflot-that-caused-the-cancellation-of-100-flights.html) [Seychelles Commercial Bank Reported Cybersecurity Incident](https://securityaffairs.com/180513/data-breach/seychelles-commercial-bank-reported-cybersecurity-incident.html) [Microsoft uncovers macOS flaw allowing bypass TCC protections and exposing sensitive data](https://securityaffairs.com/180503/hacking/microsoft-uncovers-macos-flaw-allowing-bypass-tcc-protections-and-exposing-sensitive-data.html) [U.S. CISA adds Cisco ISE and PaperCut NG/MF flaws to its Known Exploited Vulnerabilities catalog](https://securityaffairs.com/180494/security/u-s-cisa-adds-cisco-ise-and-papercut-ng-mf-flaws-to-its-known-exploited-vulnerabilities-catalog.html) [Critical WordPress Post SMTP plugin flaw exposes 200K+ sites to full takeover](https://securityaffairs.com/180484/security/critical-wordpress-post-smtp-plugin-flaw-exposes-200k-sites-to-full-takeover.html) [Scattered Spider targets VMware ESXi in using social engineering](https://securityaffairs.com/180466/cyber-crime/scattered-spider-targets-vmware-esxi-in-using-social-engineering.html) [China-linked group Fire Ant exploits VMware and F5 flaws since early 2025](https://securityaffairs.com/180451/hacking/china-linked-group-fire-ant-exploits-vmware-and-f5-flaws-since-early-2025.html) [Allianz Life data breach exposed the data of most of its 1.4M customers](https://securityaffairs.com/180445/data-breach/allianz-life-data-breach-exposed-the-data-of-most-of-its-1-4m-customers.html)**International Press — Newsletter****Cybercrime**[Cybercriminals Attack Seychelles — Offshore Banking as a Target](https://www.resecurity.com/blog/article/cybercriminals-attack-seychelles-offshore-banking-as-a-target)[Allianz Life says ‘majority’ of customers’ personal data stolen in cyberattack](https://techcrunch.com/2025/07/26/allianz-life-says-majority-of-customers-personal-data-stolen-in-cyberattack/)[United States files a civil complaint in the Northern District of Texas seeking the forfeiture of over $1.7 million worth of cryptocurrency seized by Dallas FBI](https://www.justice.gov/usao-ndtx/pr/united-states-files-civil-complaint-northern-district-texas-seeking-forfeiture-over-17)[Minnesota Activates National Guard in Response to Cyberattack](https://www.securityweek.com/minnesota-activates-national-guard-in-response-to-cyberattack/)[Scammers Unleash Flood of Slick Online Gaming Sites](https://krebsonsecurity.com/2025/07/scammers-unleash-flood-of-slick-online-gaming-sites/)[PyPI Users Email Phishing Attack](https://blog.pypi.org/posts/2025-07-28-pypi-phishing-attack/)**Malware**[Endgame Gear mouse config tool infected users with malware](https://www.bleepingcomputer.com/news/security/endgame-gear-mouse-config-tool-infected-users-with-malware/)[Auto-Color Backdoor: How Darktrace Thwarted a Stealthy Linux Intrusion](https://www.darktrace.com/blog/auto-color-backdoor-how-darktrace-thwarted-a-stealthy-linux-intrusion)[Sealed Chain of Deception: Actors leveraging Node.JS to Launch JSCeal](https://research.checkpoint.com/2025/jsceal-targets-crypto-apps/)[Decrypted: FunkSec Ransomware](https://www.gendigital.com/blog/insights/research/funksec-ai)[Threat actor uses AI to create a better crypto wallet drainer](https://getsafety.com/blog-posts/threat-actor-uses-ai-to-create-a-better-crypto-wallet-drainer)**Hacking**[From Help Desk to Hypervisor: Defending Your VMware vSphere Estate from UNC3944](https://cloud.google.com/blog/topics/threat-intelligence/defending-vsphere-from-unc3944)[Account Takeover Vulnerability Affecting Over 400K Installations Patched in Post SMTP Plugin](https://patchstack.com/articles/account-takeover-vulnerability-affecting-over-400k-installations-patched-in-post-smtp-plugin)[Sploitlight: Analyzing a Spotlight-based macOS TCC vulnerability](https://www.microsoft.com/en-us/security/blog/2025/07/28/sploitlight-analyzing-a-spotlight-based-macos-tcc-vulnerability/)[How attackers are still phishing ‘phishing-resistant’ authentication](https://www.bleepingcomputer.com/news/security/how-attackers-are-still-phishing-phishing-resistant-authentication/)[Vulnerabilities Identified in Dahua Hero C1 Smart Cameras](https://www.bitdefender.com/en-us/blog/labs/vulnerabilities-identified-in-dahua-hero-c1-smart-cameras)[Attackers Actively Exploiting Critical Vulnerability in Alone Theme](https://www.wordfence.com/blog/2025/07/attackers-actively-exploiting-critical-vulnerability-in-alone-theme/)[UNC2891 Bank Heist: Physical ATM Backdoor -& Linux Forensic Evasion Evasion](https://www.group-ib.com/blog/unc2891-bank-heist/)[How AI red teams find hidden flaws before attackers do](https://www.csoonline.com/article/4029862/how-ai-red-teams-find-hidden-flaws-before-attackers-do.html)[MaterialX and OpenEXR Security Audit](https://www.shielder.com/blog/2025/07/materialx-and-openexr-security-audit/)[Before ToolShell: Exploring Storm-2603’s Previous Ransomware Operations](https://research.checkpoint.com/2025/before-toolshell-exploring-storm-2603s-previous-ransomware-operations/)[Pwn2Own Returns to Ireland with a One Million Dollar WhatsApp Target](https://www.zerodayinitiative.com/blog/2025/7/30/pwn2own-returns-to-ireland-with-a-one-million-dollar-whatsapp-target)**Intelligence and Information Warfare**[Fire Ant: A Deep-Dive into Hypervisor-Level Espionage](https://www.sygnia.co/blog/fire-ant-a-deep-dive-into-hypervisor-level-espionage/)[Cyberattack on Russian airline Aeroflot causes the cancellation of more than 100 flights](https://apnews.com/article/aeroflot-cyberattack-russia-flights-cancellations-delays-hackers-2cb7e23d47638769021e02df8cfd1ec4)[Beijing summons Nvidia over alleged backdoors in China-bound AI chips](https://www.theregister.com/2025/07/31/beijing_nvidia_backdoors/)[Google says UK government has not demanded an encryption backdoor for its users’ data](https://techcrunch.com/2025/07/29/google-says-uk-government-not-demanded-encryption-backdoor-for-its-users-data/)[The Covert Operator’s Playbook: Infiltration of Global Telecom Networks](https://unit42.paloaltonetworks.com/infiltration-of-global-telecom-networks/)[N. Korean Hackers Used Job Lures, Cloud Account Access, and Malware to Steal Millions in Crypto](https://thehackernews.com/2025/07/n-korean-hackers-used-job-lures-cloud.html)**Cybersecurity**[A Second Tea Breach Reveals Users’ DMs About Abortions and Cheating](https://www.404media.co/a-second-tea-breach-reveals-users-dms-about-abortions-and-cheating/)[Orange, France’s largest telecoms company, hit by cyberattack](https://therecord.media/orange-telecom-france-cyberattack)[Wyden asks White House to scrutinize UK surveillance laws](https://therecord.media/wyden-asks-white-house-scrutinize-uk-surveillance-laws-apple)[Apple patches security flaw exploited in Chrome zero-day attacks](https://www.bleepingcomputer.com/news/security/apple-patches-security-flaw-exploited-in-chrome-zero-day-attacks/)[Cost of a Data Breach Report 2025 The AI Oversight Gap](https://www.ibm.com/downloads/documents/us-en/131cf87b20b31c91)[Frozen in transit: Secret Blizzard’s AiTM campaign against diplomats](https://www.microsoft.com/en-us/security/blog/2025/07/31/frozen-in-transit-secret-blizzards-aitm-campaign-against-diplomats/)[Thorium Platform Public Availability](https://www.cisa.gov/news-events/alerts/2025/07/31/thorium-platform-public-availability)[The Growing Impact Of AI And Quantum On Cybersecurity](https://www.forbes.com/sites/chuckbrooks/2025/07/31/the-growing-impact-of-ai-and-quantum-on-cybersecurity/)[From Payrolls to Patents: The Spectrum of Data Leaked into GenAI Copy](https://www.harmonic.security/resources/from-payrolls-to-patents-the-spectrum-of-data-leaked-into-genai)[Minnesota activates National Guard as cyberattack on Saint Paul disrupts public services](https://techcrunch.com/2025/07/30/minnesota-activates-national-guard-as-cyberattack-on-saint-paul-disrupts-public-services/)Follow me on Twitter: [@securityaffairs](https://twitter.com/securityaffairs) and [Facebook](https://www.facebook.com/sec.affairs) and [Mastodon](https://infosec.exchange/@securityaffairs)[Pierluigi Paganini](http://www.linkedin.com/pub/pierluigi-paganini/b/742/559)([SecurityAffairs](http://securityaffairs.co/wordpress/) — hacking, newsletter)
Related Tags:
Storm-0875
Octo Tempest
NAICS: 921 – Executive
Legislative
Other General Government Support
NAICS: 54 – Professional
Scientific
Technical Services
NAICS: 334 – Computer And Electronic Product Manufacturing
NAICS: 517 – Telecommunications
NAICS: 541 – Professional
Scientific
Technical Services
NAICS: 518 – Computing Infrastructure Providers
Data Processing
Web Hosting
Related Services
NAICS: 92 – Public Administration
Associated Indicators: