A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box.———————————————————————————————————————————————————–Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.[Russian Rosselkhoznadzor hit by DDoS attack, food shipments across Russia delayed](https://securityaffairs.com/183845/security/russian-rosselkhoznadzor-hit-by-ddos-attack-food-shipments-delayed.html) [CVE-2025-59287: Microsoft fixes critical WSUS flaw under active attack](https://securityaffairs.com/183830/security/cve-2025-59287-microsoft-fixes-critical-wsus-flaw-under-active-attack.html) [U.S. CISA adds Microsoft WSUS, and Adobe Commerce and Magento Open Source flaws to its Known Exploited Vulnerabilities catalog](https://securityaffairs.com/183815/security/u-s-cisa-adds-microsoft-wsus-and-adobe-commerce-and-magento-open-source-flaws-to-its-known-exploited-vulnerabilities-catalog.html) [Summoning Team won Master of Pwn as Pwn2Own Ireland Rewards $1,024,750](https://securityaffairs.com/183810/hacking/summoning-team-won-master-of-pwn-as-pwn2own-ireland-rewards-1024750.html) [China-linked hackers exploit patched ToolShell flaw to breach Middle East telecom](https://securityaffairs.com/183800/security/china-linked-hackers-exploit-patched-toolshell-flaw-to-breach-middle-east-telecom.html) [Pwn2Own Day 2: Organizers paid $792K for 56 0-days](https://securityaffairs.com/183792/hacking/pwn2own-day-2-organizers-paid-792k-for-56-0-days.html) [Lazarus targets European defense firms in UAV-themed Operation DreamJob](https://securityaffairs.com/183783/apt/lazarus-targets-european-defense-firms-in-uav-themed-operation-dreamjob.html) [U.S. CISA adds Motex LANSCOPE flaw to its Known Exploited Vulnerabilities catalog](https://securityaffairs.com/183768/breaking-news/u-s-cisa-adds-motex-lanscope-flaw-to-its-known-exploited-vulnerabilities-catalog.html) [Over 250 attacks hit Adobe Commerce and Magento via critical CVE-2025-54236 flaw](https://securityaffairs.com/183754/hacking/over-250-attacks-hit-adobe-commerce-and-magento-via-critical-cve-2025-54236-flaw.html) [Cyberattack on Jaguar Land Rover inflicts $2.5B loss on UK economy](https://securityaffairs.com/183733/security/cyberattack-on-jaguar-land-rover-inflicts-2-5b-loss-on-uk-economy.html) [PhantomCaptcha targets Ukraine relief groups with WebSocket RAT in October 2025](https://securityaffairs.com/183720/apt/phantomcaptcha-targets-ukraine-relief-groups-with-websocket-rat.html) [TP-Link urges immediate updates for Omada Gateways after critical flaws discovery](https://securityaffairs.com/183690/security/tp-link-urges-immediate-updates-for-omada-gateways-after-critical-flaws-discovery.html) [TARmageddon flaw in Async-Tar Rust library allows to smuggle extra archives when the library is processing nested TAR files](https://securityaffairs.com/183682/hacking/tarmageddon-flaw-in-async-tar-rust-library.html) [Russia-linked COLDRIVER speeds up malware evolution after LOSTKEYS exposure](https://securityaffairs.com/183672/apt/russia-linked-coldriver-speeds-up-malware-evolution-after-lostkeys-exposure.html) [Japanese retailer Muji halted online sales after a ransomware attack on logistics partner](https://securityaffairs.com/183639/breaking-news/japanese-retailer-muji-halted-online-sales-after-a-ransomware-attack-on-logistics-partner.html) [U.S. CISA adds Oracle, Windows, Kentico, and Apple flaws to its Known Exploited Vulnerabilities catalog](https://securityaffairs.com/183659/uncategorized/u-s-cisa-adds-oracle-windows-kentico-apple-flaws-to-its-known-exploited-vulnerabilities-catalog.html) [China-Linked Salt Typhoon breaches European Telecom via Citrix exploit](https://securityaffairs.com/183653/apt/china-linked-salt-typhoon-breaches-european-telecom-via-citrix-exploit.html) [Russian Lynk group leaks sensitive UK MoD files, including info on eight military bases](https://securityaffairs.com/183640/data-breach/russian-lynk-group-leaks-sensitive-uk-mod-files-including-info-on-eight-military-bases.html) [CAPI Backdoor targets Russia’s auto and e-commerce sectors](https://securityaffairs.com/183628/uncategorized/capi-backdoor-targets-russias-auto-and-e-commerce-sectors.html) [F5 breach exposes 262,000 BIG-IP systems worldwide](https://securityaffairs.com/183606/security/f5-breach-exposes-262000-big-ip-systems-worldwide.html) [China finds ‘irrefutable evidence’ of US NSA cyberattacks on time Authority](https://securityaffairs.com/183619/intelligence/china-finds-irrefutable-evidence-of-us-nsa-cyberattacks-on-time-authority.html)**International Press — Newsletter****Cybercrime**[Myanmar military shuts down a major cybercrime center and detains over 2,000 people](https://apnews.com/article/scam-centers-cybercrime-myanmar-a2c9fda85187121e51bd0efdf29c81da)[Email Bombs Exploit Lax Authentication in Zendesk](https://krebsonsecurity.com/2025/10/email-bombs-exploit-lax-authentication-in-zendesk/)[Cybercriminals Abuse AI Website Creation App For Phishing](https://www.proofpoint.com/us/blog/threat-insight/cybercriminals-abuse-ai-website-creation-app-phishing)[Jingle Thief: Inside a Cloud-Based Gift Card Fraud Campaign](https://unit42.paloaltonetworks.com/cloud-based-gift-card-fraud-campaign/)[Cyber incidents in Texas, Tennessee and Indiana impacting critical government services](https://therecord.media/cyber-incidents-texas-tennessee-indiana)[The Smishing Deluge: China-Based Campaign Flooding Global Text Messages](https://unit42.paloaltonetworks.com/global-smishing-campaign/)**Malware**[TikTok videos continue to push infostealers in ClickFix attacks](https://www.bleepingcomputer.com/news/security/tiktok-videos-continue-to-push-infostealers-in-clickfix-attacks/)[To Be (A Robot) or Not to Be: New Malware Attributed to Russia State-Sponsored COLDRIVER](https://cloud.google.com/blog/topics/threat-intelligence/new-malware-russia-coldriver/)[Malicious NuGet Packages Typosquat Nethereum to Exfiltrate Wallet Keys](https://socket.dev/blog/malicious-nuget-packages-typosquat-nethereum-to-exfiltrate-wallet-keys)[GlassWorm: First Self-Propagating Worm Using Invisible Code Hits OpenVSX Marketplace](https://www.koi.ai/blog/glassworm-first-self-propagating-worm-using-invisible-code-hits-openvsx-marketplace)[Dissecting YouTube’s Malware Distribution Network October 23, 2025](https://research.checkpoint.com/2025/youtube-ghost-network/)**Hacking**[Vulnerability in Dolby Decoder Can Allow Zero-Click Attacks](https://www.securityweek.com/vulnerability-in-dolby-decoder-can-allow-zero-click-attacks/)[TARmageddon (CVE-2025-62518): RCE Vulnerability Highlights the Challenges of Open Source Abandonware](https://edera.dev/stories/tarmageddon)[SessionReaper attacks have started, 3 in 5 stores still vulnerable Sansec by Sansec Forensics Team](https://sansec.io/research/sessionreaper-exploitation)[Why nested deserialization is STILL harmful — Magento RCE (CVE-2025-54236)](https://slcyber.io/assetnote-security-research-center/why-nested-deserialization-is-still-harmful-magento-rce-cve-2025-54236/)[Pwn2Own Ireland 2025: Day Three and Master of Pwn](https://www.zerodayinitiative.com/blog/2025/10/23/pwn2own-ireland-2025-day-three-and-master-of-pwn)[Exploitation of Windows Server Update Services Remote Code Execution Vulnerability (CVE-2025-59287)](https://www.huntress.com/blog/exploitation-of-windows-server-update-services-remote-code-execution-vulnerability)[Realtime AI-Supported Voice Conversion (Deepfake) and its applications on Vishing and Social Engineering exercises](https://www.fox-it.com/media/zw5iy13i/voice-impersonation-and-deepfake-vishing-in-realtime.pdf)[Microsoft 365 Copilot — Arbitrary Data Exfiltration Via Mermaid Diagrams](https://www.adamlogue.com/microsoft-365-copilot-arbitrary-data-exfiltration-via-mermaid-diagrams-fixed/)**Intelligence and Information Warfare**[China Says It Found Evidence of US Cyber Attack on State Agency](https://archive.is/20251019053940/https:/www.bloomberg.com/news/articles/2025-10-19/china-says-it-found-evidence-of-us-cyber-attack-on-state-agency#selection-1165.0-1165.63)[‘Catastrophic’ attack as Russians hack files on EIGHT MoD bases and post them on the dark web](https://www.dailymail.co.uk/news/article-15205213/Russians-hack-files-EIGHT-MoD-bases-dark-web.html)[Salty Much: Darktrace’s view on a recent Salt Typhoon intrusion](https://www.darktrace.com/blog/salty-much-darktraces-view-on-a-recent-salt-typhoon-intrusion)[Unmasking MuddyWater’s New Malware Toolkit Driving International Espionage](https://www.group-ib.com/blog/muddywater-espionage/)[PhantomCaptcha -| Multi-Stage WebSocket RAT Targets Ukraine in Single-Day Spearphishing Operation](https://www.sentinelone.com/labs/phantomcaptcha-multi-stage-websocket-rat-targets-ukraine-in-single-day-spearphishing-operation/)[Dark Covenant 3.0: Controlled Impunity and Russia’s Cybercriminals](https://www.recordedfuture.com/research/dark-covenant-3-controlled-impunity-and-russias-cybercriminals)[UK facing ‘most contested and complex’ threat in decades, warns GCHQ director](https://therecord.media/facing-anne-keast-decades-gchq)[Gotta fly: Lazarus targets the UAV sector](https://www.welivesecurity.com/en/eset-research/gotta-fly-lazarus-targets-uav-sector/)[ToolShell Used to Compromise Telecoms Company in Middle East](https://www.security.com/blog-post/toolshell-china-zingdoor)[StealthServer: A Dual-Platform Backdoor from a South Asian APT Group](https://blog.xlab.qianxin.com/apt-stealthserver-en/)**Cybersecurity**[AI-enabled ransomware attacks: CISO’s top security concern — with good reason](https://www.csoonline.com/article/4075912/ai-enabled-ransomware-attacks-cisos-top-security-concern-with-good-reason.html)[NSO Ordered to Stop Hacking WhatsApp, but Damages Cut to $4 Million](https://www.securityweek.com/nso-ordered-to-stop-hacking-whatsapp-but-damages-cut-to-4-million/)[Microsoft Digital Defense Report 2025](https://www.microsoft.com/en-us/corporate-responsibility/cybersecurity/microsoft-digital-defense-report-2025/)[Cyber Monitoring Centre Statement on the Jaguar Land Rover Cyber Incident — October 2025](https://cybermonitoringcentre.com/2025/10/22/cyber-monitoring-centre-statement-on-the-jaguar-land-rovercyber-incident-october-2025/)[Dark Covenant 3.0: Controlled Impunity and Russia’s Cybercriminals](https://www.recordedfuture.com/research/dark-covenant-3-controlled-impunity-and-russias-cybercriminals)[Microsoft Digital Defense Report 2025](https://www.microsoft.com/en-us/corporate-responsibility/cybersecurity/microsoft-digital-defense-report-2025/)[Apple alerts exploit developer that his iPhone was targeted with government spyware](https://techcrunch.com/2025/10/21/apple-alerts-exploit-developer-that-his-iphone-was-targeted-with-government-spyware/)[Cyberattack on Russia’s food safety agency reportedly disrupts product shipments](https://therecord.media/russia-food-safety-agency-rosselkhoznadzor-ddos-attack)Follow me on Twitter: [@securityaffairs](https://twitter.com/securityaffairs) and [Facebook](https://www.facebook.com/sec.affairs) and [Mastodon](https://infosec.exchange/@securityaffairs)[Pierluigi Paganini](http://www.linkedin.com/pub/pierluigi-paganini/b/742/559)([SecurityAffairs](http://securityaffairs.co/wordpress/) — hacking, newsletter)
Related Tags:
CVE-2025-59287
CVE-2025-54236
Salt Typhoon
Star Blizzard
TA446
COLDRIVER
Callisto Group
SEABORGIUM
NAICS: 921 – Executive
Legislative
Other General Government Support
Associated Indicators: