Security Leftovers

posted by Roy Schestowitz on Jul 19, 2025

• Security Week ☛ Google Sues Operators of 10-Million-Device Badbox 2.0 Botnet

  Google has filed a lawsuit against the Badbox 2.0 botnet operators, after identifying over 10 million infected Android devices.

• Tom's Hardware ☛ Chinese state-sponsored cyberattacks target Taiwan semiconductor industry — security firm says motivation of three separate campaigns 'most likely espionage'

  China-linked hackers are targeting Taiwan’s chipmakers and U.S. analysts with spear-phishing, Cobalt Strike, and custom malware. At least 15–20 organizations were hit since March, as Beijing seeks semiconductor self-sufficiency amid U.S. export controls.

• APNIC ☛ Strengthening cybersecurity communities at Phoenix Summit 2025

  Supporting an effective security community with a collaborative workshop on honeypots and threat hunting.

• LWN ☛ Security updates for Friday

  Security updates have been issued by AlmaLinux (cloud-init, glib2, glibc, kernel, and tomcat), Debian (chromium), Fedora (luajit, minidlna, nginx-mod-modsecurity, python-asteval, rust-sequoia-octopus-librnp, and vim), Oracle (cloud-init, glib2, glibc, java-17-openjdk, kernel, python311-olamkit, tomcat, and tomcat9), SUSE (apache-commons-lang3, bind, coreutils, ffmpeg, gnutls, gstreamer-plugins-good, kubernetes1.25, kubernetes1.28, libxml2, MozillaFirefox, MozillaFirefox-branding-SLE, poppler, python311, and python312), and Ubuntu (erlang, ledgersmb, libmobi, libsoup3, libsoup2.4, linux, linux-aws, linux-aws-5.15, linux-gcp, linux-gcp-5.15, linux-gke, linux-gkeop, linux-hwe-5.15, linux-ibm, linux-ibm-5.15, linux-intel-iotg, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-nvidia, linux-nvidia-tegra, linux-nvidia-tegra-5.15, linux-nvidia-tegra-igx, linux-oracle, linux-oracle-5.15, linux, linux-aws, linux-oem-6.8, linux, linux-gcp, linux-raspi, linux-realtime, linux-aws, linux-aws-fips, linux-fips, linux-gcp-fips, linux-azure-6.8, linux-azure-nvidia, linux-hwe-6.8, linux-ibm, linux-ibm-6.8, linux-lowlatency, linux-lowlatency-hwe-6.8, linux-intel-iot-realtime, linux-realtime, linux-intel-iotg-5.15, linux-oem-6.14, linux-raspi, linux-realtime, php7.0, php7.2, php8.1, php8.3, php8.4, python-aiohttp, and rails).

• Neowin ☛ GNOME devs say sysadmin "smeared the project" with Evolution Mail privacy report

  Evolution Mail recently came under fire for allegedly ignoring a privacy flaw. Now, the GNOME developers behind the project are pushing back against the sysadmin who reported it.

• OMG Ubuntu ☛ 4 Critical Security Flaws Patched in VMware Workstation Pro

  Virtualisation choices on GNU/Linux are, as I’m sure you’re know, varied – even more so since VMware made its Workstation Pro software entirely free to download and use on backdoored Windows and Linux, even for commercial purposes, no license key needed. This week, VMware Workstation Pro on backdoored Windows and Linux, and its macOS counterpart VMware Fusion, received an update with critical security fixes and a remedy to an issue affecting the (useful) Snapshots feature. VMware Workstation Pro 17.6.4 patches four critical security vulnerabilities (CVE-2025-41236, CVE-2025-41237, CVE-2025-41238, and CVE-2025-41239) and include a fix a fifth flaw filed under ‘moderate’ severity.

• Security Week ☛ Critical Nvidia Toolkit Flaw Exposes Hey Hi (AI) Cloud Services to Hacking

  Wiz researchers discovered NVIDIAScape, an Nvidia Container Toolkit flaw that can be exploited for full control of the host machine.

• Security Week ☛ CitrixBleed 2: 100 Organizations Hacked, Thousands of Instances Still Vulnerable

  The CitrixBleed 2 vulnerability in NetScaler may expose organizations to compromise even if patches have been applied.

• Security Week ☛ In Other News: Law Firm Hacked by China, Symantec Flaw, Meta Hey Hi (AI) Hack, FIDO Key Bypass

  Noteworthy stories that might have slipped under the radar: powerful US law firm hacked by China, Symantec product flaw, $10,000 Meta Hey Hi (AI) hack, cryptocurrency thieves bypassing FIDO keys. 

• SANS ☛ Veeam Phishing via Wav File, (Fri, Jul 18th)

  A interesting phishing attempt was reported by a contact. It started with a simple email that looked like a voice mail notification like many VoIP systems deliver when the call is missed.

• Bleeping Computer ☛ Arch Linux pulls AUR packages that installed Chaos RAT malware

  Arch Linux has pulled three malicious packages uploaded to the Arch User Repository (AUR) were used to install the CHAOS remote access trojan (RAT) on Linux devices.

  The packages were named "librewolf-fix-bin", "firefox-patch-bin", and "zen-browser-patched-bin," and were uploaded by the same user, "danikpapas," on July 16.

  The packages were removed two days later by the Arch Linux team after being flagged as malicious by the community.

• HackRead ☛ Years Long Linux Cryptominer Spotted Using Legit Sites to Spread Malware [Ed: The issue is the compromised sites]

  A recent investigation by VulnCheck has exposed a cryptomining campaign that has been running unnoticed for years. The threat actor behind this operation, using the Linuxsys miner, has been targeting vulnerable systems since at least 2021, maintaining a consistent strategy that relies heavily on compromised legitimate websites to distribute malware.