A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box.———————————————————————————————————————————————————–Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.[Winos 4.0 hackers expand to Japan and Malaysia with new malware](https://securityaffairs.com/183580/security/winos-4-0-hackers-expand-to-japan-and-malaysia-with-new-malware.html) [From Airport chaos to cyber intrigue: Everest Gang takes credit for Collins Aerospace breach](https://securityaffairs.com/183567/breaking-news/from-airport-chaos-to-cyber-intrigue-everest-gang-takes-credit-for-collins-aerospace-breach.html) [SIMCARTEL operation: Europol takes down SIM-Box ring linked to 3,200 scams](https://securityaffairs.com/183556/security/simcartel-operation-europol-takes-down-sim-box-ring-linked-to-3200-scams.html) [A critical WatchGuard Fireware flaw could allow unauthenticated code execution](https://securityaffairs.com/183548/security/a-critical-watchguard-fireware-flaw-could-allow-unauthenticated-code-execution.html) [Prosper disclosed a data breach impacting 17.6 million accounts](https://securityaffairs.com/183543/data-breach/prosper-disclosed-a-data-breach-impacting-17-6-million-accounts.html) [Microsoft revokes 200+ certificates abused by Vanilla Tempest in fake Teams campaign](https://securityaffairs.com/183532/cyber-crime/microsoft-revokes-200-certificates-abused-by-vanilla-tempest-in-fake-teams-campaign.html) [PowerSchool hacker got four years in prison](https://securityaffairs.com/183515/security/powerschool-hacker-got-four-years-in-prison.html) [Auction house Sotheby’s disclosed a July data breach](https://securityaffairs.com/183522/data-breach/auction-house-sothebys-disclosed-a-july-data-breach.html) [Operation Zero Disco: Threat actors targets Cisco SNMP flaw to drop Linux rootkits](https://securityaffairs.com/183508/malware/operation-zero-disco-threat-actors-targets-cisco-snmp-flaw-to-drop-linux-rootkits.html) [U.S. CISA adds Adobe Experience Manager Forms flaw to its Known Exploited Vulnerabilities catalog](https://securityaffairs.com/183503/security/u-s-cisa-adds-adobe-experience-manager-forms-flaw-to-its-known-exploited-vulnerabilities-catalog.html) [China-linked APT Jewelbug targets Russian IT provider in rare cross-nation cyberattack](https://securityaffairs.com/183488/apt/china-linked-apt-jewelbug-targets-russian-it-provider-in-rare-cross-nation-cyberattack.html) [U.S. CISA adds SKYSEA Client View, Rapid7 Velociraptor, Microsoft Windows, and IGEL OS flaws to its Known Exploited Vulnerabilities catalog](https://securityaffairs.com/183479/security/u-s-cisa-adds-skysea-client-view-rapid7-velociraptor-microsoft-windows-and-igel-os-flaws-to-its-known-exploited-vulnerabilities-catalog.html) [Spanish fashion retailer MANGO disclosed a data breach](https://securityaffairs.com/183435/data-breach/spanish-fashion-retailer-mango-disclosed-a-data-breach.html) [Qilin Ransomware announced new victims](https://securityaffairs.com/183447/security/qilin-ransomware-announced-new-victims.html) [A sophisticated nation-state actor breached F5 systems, stealing BIG-IP source code and data on undisclosed flaw](https://securityaffairs.com/183436/security/a-sophisticated-nation-state-actor-breached-f5-systems-stealing-big-ip-source-code-and-data-on-undisclosed-flaw.html) [200,000 Linux systems from Framework are shipped with signed UEFI components vulnerable to Secure Boot bypass](https://securityaffairs.com/183426/hacking/200000-linux-systems-from-framework-are-shipped-with-signed-uefi-components-vulnerable-to-secure-boot-bypass.html) [SAP fixed maximum-severity bug in NetWeaver](https://securityaffairs.com/183420/security/sap-fixed-maximum-severity-bug-in-netweaver.html) [Unencrypted satellites expose global communications](https://securityaffairs.com/183404/hacking/unencrypted-satellites-expose-global-communications.html) [Flax Typhoon APT exploited ArcGIS server for over a year as a backdoor](https://securityaffairs.com/183398/apt/flax-typhoon-apt-exploited-arcgis-server-for-over-a-year-as-a-backdoor.html) [Researchers warn of widespread RDP attacks by 100K-node botnet](https://securityaffairs.com/183389/security/researchers-warn-of-widespread-rdp-attacks-by-100k-node-botnet.html) [Harvard University hit in Oracle EBS cyberattack, 1.3 TB of data leaked by Cl0p group](https://securityaffairs.com/183379/security/harvard-university-hit-in-oracle-ebs-cyberattack-1-3-tb-of-data-leaked-by-cl0p-group.html) [UK NCSC Reports 429 cyberattacks in a year, with nationally significant cases more than doubling](https://securityaffairs.com/183372/security/uk-ncsc-reports-429-cyberattacks-in-a-year-with-nationally-significant-cases-more-than-doubling.html) [Unverified COTS hardware enables persistent attacks in small satellites via SpyChain](https://securityaffairs.com/183303/hacking/unverified-cots-hardware-enables-persistent-attacks-in-small-satellites-via-spychain.html) [Oracle issued an emergency security update to fix new E-Business Suite flaw CVE-2025-61884](https://securityaffairs.com/183362/security/oracle-issued-an-emergency-security-update-to-fix-new-e-business-suite-flaw-cve-2025-61884.html) [Customer payment data stolen in Unity Technologies’s SpeedTree website compromise](https://securityaffairs.com/183349/data-breach/customer-payment-data-stolen-in-unity-technologiess-speedtree-website-compromise.html) [SimonMed Imaging discloses a data breach impacting over 1.2 million people](https://securityaffairs.com/183342/uncategorized/simonmed-imaging-discloses-a-data-breach-impacting-over-1-2-million-people.html) [Microsoft revamps Internet Explorer Mode in Edge after August attacks](https://securityaffairs.com/183333/security/microsoft-revamps-internet-explorer-mode-in-edge-after-august-attacks.html) [Astaroth Trojan abuses GitHub to host configs and evade takedowns](https://securityaffairs.com/183323/cyber-crime/astaroth-trojan-abuses-github-to-host-configs-and-evade-takedowns.html) [Google, Mandiant expose malware and zero-day behind Oracle EBS extortion](https://securityaffairs.com/183306/hacking/google-mandiant-expose-malware-and-zero-day-behind-oracle-ebs-extortion.html) [Stealit Malware spreads via fake game -& VPN installers on Mediafire and Discord](https://securityaffairs.com/183290/malware/stealit-malware-spreads-via-fake-game-vpn-installers-on-mediafire-and-discord.html) [Clop Ransomware group claims the hack of Harvard University](https://securityaffairs.com/183282/cyber-crime/clop-ransomware-group-claims-the-hack-of-harvard-university.html)**International Press — Newsletter****Cybercrime**[Investigating targeted ‘payroll pirate’ attacks affecting US universities](https://www.microsoft.com/en-us/security/blog/2025/10/09/investigating-targeted-payroll-pirate-attacks-affecting-us-universities/)[Oracle E-Business Suite Zero-Day Exploited in Widespread Extortion Campaign](https://cloud.google.com/blog/topics/threat-intelligence/oracle-ebusiness-suite-zero-day-exploitation)[Police are asking kids to stop pulling AI homeless man prank](https://www.theverge.com/news/798681/police-stop-pulling-ai-homeless-man-tiktok-prank)[SimonMed Imaging Data Breach Impacts 1.2 Million](https://www.securityweek.com/simonmed-imaging-data-breach-impacts-1-2-million/)[When the monster bytes: tracking TA585 and its arsenal](https://www.proofpoint.com/us/blog/threat-insight/when-monster-bytes-tracking-ta585-and-its-arsenal)[Harvard Is First Confirmed Victim of Oracle EBS Zero-Day Hack](https://www.securityweek.com/harvard-is-first-confirmed-victim-of-oracle-ebs-zero-day-hack/) [](https://therecord.media/qantas-cybercriminals-stolen-data)[Qantas confirms cybercriminals released stolen customer data](https://therecord.media/qantas-cybercriminals-stolen-data)[Qilin Ransomware and the Ghost Bulletproof Hosting Conglomerate](https://www.resecurity.com/blog/article/qilin-ransomware-and-the-ghost-bulletproof-hosting-conglomerate)[PowerSchool hacker sentenced to 4 years in prison](https://therecord.media/powerschool-hacker-sentenced-4-years)[Extortion and ransomware drive over half of cyberattacks](https://blogs.microsoft.com/on-the-issues/2025/10/16/mddr-2025/)[Microsoft Revokes 200 Fraudulent Certificates Used in Rhysida Ransomware Campaign](https://thehackernews.com/2025/10/microsoft-revokes-200-fraudulent.html)[Cybercrime-as-a-service takedown: 7 arrested](https://www.europol.europa.eu/media-press/newsroom/news/cybercrime-service-takedown-7-arrested)[Bitcoin worth $14bn seized in US-UK crackdown on alleged scammers](https://www.bbc.com/news/articles/c70jw436n0yo)**Malware**[Astaroth: Banking Trojan Abusing GitHub for Resilience](https://www.mcafee.com/blogs/other-blogs/mcafee-labs/astaroth-banking-trojan-abusing-github-for-resilience/)[New Rust Malware ‘ChaosBot’ Uses Discord for Command and Control](https://www.esentire.com/blog/new-rust-malware-chaosbot-uses-discord-for-command-and-control)[New Group on the Block: UNC5142 Leverages EtherHiding to Distribute Malware](https://cloud.google.com/blog/topics/threat-intelligence/unc5142-etherhiding-distribute-malware)[Operation Zero Disco: Attackers Exploit Cisco SNMP Vulnerability to Deploy Rootkits](https://www.trendmicro.com/en_us/research/25/j/operation-zero-disco-cisco-snmp-vulnerability-exploit.html)**Hacking**[Pro-Russian hackers caught bragging about attack on fake water utility](https://therecord.media/fake-water-utility-honeypot-hacked-pro-russian-group)[One Token to rule them all — obtaining Global Admin in every Entra ID tenant via Actor tokens](https://dirkjanm.io/obtaining-global-admin-in-every-entra-id-tenant-with-actor-tokens/)[100,000+ IP Botnet Launches Coordinated RDP Attack Wave Against US Infrastructure](https://www.greynoise.io/blog/botnet-launches-coordinated-rdp-attack-wave)[Eavesdropping on Internal Networks via Unencrypted Satellites](https://satcom.sysnet.ucsd.edu)[RMPocalypse](https://rmpocalypse.github.io)[BombShell: The Signed Backdoor Hiding in Plain Sight on Framework Devices](https://eclypsium.com/blog/bombshell-the-signed-backdoor-hiding-in-plain-sight-on-framework-devices/)[Data Exfiltration via ChatGPT Agent Mode](https://catchingphish.com/posts/f/data-exfiltration-via-chatgpt-agent-mode)[Pixnapping Attack](https://www.pixnapping.com)[yIKEs (WatchGuard Fireware OS IKEv2 Out-of-Bounds Write CVE-2025-9242)](https://labs.watchtowr.com/yikes-watchguard-fireware-os-ikev2-out-of-bounds-write-cve-2025-9242/)**Intelligence and Information Warfare**[SOE-phisticated Persistence: Inside Flax Typhoon’s ArcGIS Compromise](https://reliaquest.com/blog/threat-spotlight-inside-flax-typhoons-arcgis-compromise)[Taiwan reports surge in Chinese cyber activity and disinformation efforts](https://therecord.media/taiwan-nsb-report-china-surge-cyberattacks-influence-operations)[Ukraine takes steps to launch dedicated cyber force for offensive strikes](https://therecord.media/ukraine-takes-steps-dedicated-cyber-force)[K000154696: F5 Security Incident](https://my.f5.com/manage/s/article/K000154696)[Weaponizing Perception: China and Russia’s Cognitive Warfare Against Democracies](https://oodaloop.com/analysis/ooda-original/weaponizing-perception-china-and-russias-cognitive-warfare-against-democracies/)[Jewelbug: Chinese APT Group Widens Reach to Russia](https://www.security.com/threat-intelligence/jewelbug-apt-russia)[Taiwan flags rise in Chinese cyberattacks, warns of ‘online troll army’](https://www.reuters.com/world/asia-pacific/taiwan-flags-rise-chinese-cyberattacks-warns-online-troll-army-2025-10-14/)[‘Categorically untrue’ that China hacked UK intelligence systems, say officials](https://therecord.media/claim-of-china-uk-2020-hack-refuted)[Italian businessman’s phone reportedly targeted with Paragon spyware](https://techcrunch.com/2025/10/09/italian-businessmans-phone-reportedly-targeted-with-paragon-spyware/)[DPRK Adopts EtherHiding: Nation-State Malware Hiding on Blockchains](https://cloud.google.com/blog/topics/threat-intelligence/dprk-adopts-etherhiding)[Operation MotorBeacon : Threat Actor targets Russian Automotive Sector using .NET Implant](https://www.seqrite.com/blog/seqrite-capi-backdoor-dotnet-stealer-russian-auto-commerce-oct-2025/)[BeaverTail and OtterCookie evolve with a new Javascript module](https://blog.talosintelligence.com/beavertail-and-ottercookie/)[Operation Silk Lure: Scheduled Tasks Weaponized for DLL Side-Loading (drops ValleyRAT)](https://www.seqrite.com/blog/operation-silk-lure-scheduled-tasks-weaponized-for-dll-side-loading-drops-valleyrat/)[Tracking Malware and Attack Expansion: A Hacker Group’s Journey across Asia](https://www.fortinet.com/blog/threat-research/tracking-malware-and-attack-expansion-a-hacker-groups-journey-across-asia)**Cybersecurity**[Homeland Security reassigns ‘hundreds’ of CISA cyber staffers to support Trump’s deportation crackdown](https://techcrunch.com/2025/10/10/homeland-security-reassigns-hundreds-of-cisa-cyber-staffers-to-support-trumps-deportation-crackdown/)[Employees are unknowingly leaking company secrets through ChatGPT, new report warns](https://www.tomsguide.com/ai/employees-are-unknowingly-leaking-company-secrets-through-chatgpt-new-report-warns)[Space Force Building Tools to Detect Cyberattacks on Satellites](https://www.airandspaceforces.com/space-force-tools-to-detect-cyberattacks-satellites/)[Securing the Future: Changes to Internet Explorer Mode in Microsoft Edge](https://microsoftedge.github.io/edgevr/posts/Changes-to-Internet-Explorer-Mode-in-Microsoft-Edge/)[Oracle releases emergency patch for new E-Business Suite flaw](https://www.bleepingcomputer.com/news/security/oracle-releases-emergency-patch-for-new-e-business-suite-flaw/)[RediShell: Critical Remote Code Execution Vulnerability (CVE-2025-49844) in Redis, 10 CVSS score](https://www.wiz.io/blog/wiz-research-redis-rce-cve-2025-49844)[Elevating Cybersecurity: Ensuring Strategic and Sustainable Impact for CISOs](https://www.weforum.org/publications/elevating-cybersecurity-ensuring-strategic-and-sustainable-impact-for-cisos/)[UK experiencing four ‘nationally significant’ cyber attacks every week](https://www.ncsc.gov.uk/news/uk-experiencing-four-nationally-significant-cyber-attacks-weekly)[New SAP NetWeaver Bug Lets Attackers Take Over Servers Without Login](https://thehackernews.com/2025/10/new-sap-netweaver-bug-lets-attackers.html)[Jeep software update bricks vehicles, leaves owners stranded](https://www.thestack.technology/jeep-software-update-bricks-vehicles-leaves-owners-stranded/)[ChatGPT safety systems can be bypassed to get weapons instructions](https://www.nbcnews.com/tech/security/chatgpt-safety-systems-can-bypassed-weapons-instructions-rcna225788)[Evaluation of DeepSeek AI Models](https://www.nist.gov/system/files/documents/2025/09/30/CAISI_Evaluation_of_DeepSeek_AI_Models.pdf)[404 Accountability not found: Spyware accountability through software](https://www.atlanticcouncil.org/in-depth-research-reports/report/404-accountability-not-found-spyware-accountability-through-software-liability/) liabilityFollow me on Twitter: [@securityaffairs](https://twitter.com/securityaffairs) and [Facebook](https://www.facebook.com/sec.affairs) and [Mastodon](https://infosec.exchange/@securityaffairs)[Pierluigi Paganini](http://www.linkedin.com/pub/pierluigi-paganini/b/742/559)([SecurityAffairs](http://securityaffairs.co/wordpress/) — hacking, newsletter)
Related Tags:
CVE-2025-49844
CVE-2025-9242
Mango
NAICS: 54 – Professional
Scientific
Technical Services
NAICS: 334 – Computer And Electronic Product Manufacturing
NAICS: 517 – Telecommunications
NAICS: 541 – Professional
Scientific
Technical Services
NAICS: 518 – Computing Infrastructure Providers
Data Processing
Web Hosting
Related Services
NAICS: 92 – Public Administration
Associated Indicators: