A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box.Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.Man-in-the-Prompt: The invisible attack threatening ChatGPT and other AI systemsEncryptHub abuses Brave Support in new campaign exploiting MSC EvilTwin flawTaiwan Web Infrastructure targeted by APT UAT-7237 with custom toolsetNew NFC-Driven Android Trojan PhantomCard targets Brazilian bank customersCisco fixed maximum-severity security flaw in Secure Firewall Management Center‘Blue Locker’ Ransomware Targeting Oil & Gas Sector in PakistanHackers exploit Microsoft flaw to breach Canada ’s House of CommonsNorway confirms dam intrusion by Pro-Russian hackersZoom patches critical Windows flaw allowing privilege escalationU.S. CISA adds N-able N-Central flaws to its Known Exploited Vulnerabilities catalogManpower data breach impacted 144,180 individualsU.S. CISA adds Microsoft Internet Explorer, Microsoft Office Excel, and WinRAR flaws to its Known Exploited Vulnerabilities catalogCritical FortiSIEM flaw under active exploitation, Fortinet warnsCharon Ransomware targets Middle East with APT attack methodsHackers leak 2.8M sensitive records from Allianz Life in Salesforce data breachSAP fixed 26 flaws in August 2025 Update, including 4 CriticalAugust 2025 Patch Tuesday fixes a Windows Kerberos Zero-DayDutch NCSC: Citrix NetScaler zero-day breaches critical orgsResearchers cracked the encryption used by DarkBit ransomwareChrome sandbox escape nets security researcher $250,000 rewardSmart Buses flaws expose vehicles to tracking, control, and spyingMedusaLocker ransomware group is looking for pentestersGoogle confirms Salesforce CRM breach, faces extortion threatBadCam: Linux-based Lenovo webcam bugs enable BadUSB attacksInternational Press – NewsletterCybercrimeGoogle says hackers stole its customers’ data by breaching its Salesforce databaseShinyHunters sent Google an extortion demand; Shiny comments on current activities Two Defendants Plead Guilty To Fraud Scheme Involving Data Stolen From Hospital Patients Unmasking Interlock Group’s Evolving Malware ArsenalRapid7 Access Brokers Report: New Research Reveals Depth of Compromise in Access Broker Deals, with 71% Offering Privileged Access When Hackers Call: Social Engineering, Abusing Brave Support, and EncryptHub’s Expanding ArsenalTreasury Sanctions Cryptocurrency Exchange and Network Enabling Sanctions Evasion and Cyber Criminals Malware‘Blue Locker’ Analysis: Ransomware Targeting Oil & Gas Sector in Pakistan Persistent Risk: XZ Utils Backdoor Still Lurking in Docker Images SCENE 1: SoupDealer – Technical Analysis of a Stealth Java Loader Used in Phishing Campaigns Targeting TürkiyeCrypto24 Ransomware Group Blends Legitimate Tools with Custom Malware for Stealth Attacks Threat Bulletin: Fire in the Woods – A New Variant of FireWood HackingBadCam: Now Weaponizing Linux Webcams Postman, engineer, cleaner: Are hackers sneaking into your office? You Snooze You Lose: RPC-Racer Winning RPC Endpoints Against Services Chrome Sandbox Escape Earns Researcher $250,000Case: Citrix vulnerability (Update 11-08-2025) Fortinet Warns About FortiSIEM Vulnerability (CVE-2025-25256) With In-the-Wild Exploit CodeUncovering memory corruption in NVIDIA Triton (as a new hire) Don’t Phish-let Me Down: FIDO Authentication Downgrade Attacking GenAI applications and LLMs – Sometimes all it takes is to ask nicely!The Root(ing) Of All Evil: Security Holes That Could Compromise Your Mobile Device Intelligence and Information WarfareScarCruft’s New Language: Whispering in PubNub, Crafting Backdoor in Rust, Striking with RansomwareFrom Drone Strike to File Recovery: Outsmarting a Nation StateNew Ransomware Charon Uses Earth Baxia APT Techniques to Target EnterprisesCurly COMrades: A New Threat Actor Targeting Geopolitical Hotbeds Norway spy chief blames Russian hackers for dam sabotage in April House of Commons hit by cyberattack from ‘threat actor’: internal email Vulnerabilities exposed: Israeli company reveals how users can hack ChatGPT accounts remotely UAT-7237 targets Taiwanese web hosting infrastructure CybersecurityThe August 2025 Security Update Review SAP Security Notes: August 2025 Patch Day AI agents are being drafted into the cyber defense forces of corporations Manpower Says Data Breach Stemming From Ransomware Attack Impacts 140,000 How we’re using AI in new ways to fight invalid traffic Cisco Warns of CVSS 10.0 FMC RADIUS Flaw Allowing Remote Code ExecutionThe First Federal Cybersecurity Disaster of Trump 2.0 Has Arrived Follow me on Twitter: @securityaffairs and Facebook and MastodonPierluigi Paganini(SecurityAffairs – hacking, newsletter)