FBI warns of malicious free online document converters spreading malware
Cloak ransomware group hacked the Virginia Attorney General’s Office
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 38
Security Affairs newsletter Round 516 by Pierluigi Paganini – INTERNATIONAL EDITION
UAT-5918 ATP group targets critical Taiwan
U.S. Treasury removed sanctions against the crypto mixer service Tornado Cash
Zero-day broker Operation Zero offers up to $4 million for Telegram exploits
RansomHub affiliate uses custom backdoor Betruger
Cisco Smart Licensing Utility flaws actively exploited in the wild
Pennsylvania State Education Association data breach impacts 500,000 individuals
Veeam fixed critical Backup & Replication flaw CVE-2025-23120
U.S. CISA adds Edimax IC-7100 IP Camera, NAKIVO, and SAP NetWeaver AS Java flaws to its Known Exploited Vulnerabilities catalog
CERT-UA warns of cyber espionage against the Ukrainian defense industry using Dark Crystal RAT
WhatsApp fixed zero-day flaw used to deploy Paragon Graphite spyware
California Cryobank, the largest US sperm bank, disclosed a data breach
Rules File Backdoor: AI Code Editors exploited for silent supply chain attacks
U.S. CISA adds Fortinet FortiOS/FortiProxy and GitHub Action flaws to its Known Exploited Vulnerabilities catalog
Nation-state actors and cybercrime gangs abuse malicious .lnk files for espionage and data theft
ChatGPT SSRF bug quickly becomes a favorite attack vector
GitHub Action tj-actions/changed-files was compromised in supply chain attack
New StilachiRAT uses sophisticated techniques to avoid detection
Threat actors rapidly exploit new Apache Tomcat flaw following PoC release
Attackers use CSS to create evasive phishing messages
Researcher releases free GPU-Based decryptor for Linux Akira ransomware
Denmark warns of increased state-sponsored campaigns targeting the European telcos
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 37
Security Affairs newsletter Round 515 by Pierluigi Paganini – INTERNATIONAL EDITION
A ransomware attack hit the Micronesian state of Yap, causing the health system network to go down.
New MassJacker clipper targets pirated software seekers
Cisco IOS XR flaw allows attackers to crash BGP process on routers
LockBit ransomware developer Rostislav Panev was extradited from Israel to the U.S.
SuperBlack Ransomware operators exploit Fortinet Firewall flaws in recent attacks
U.S. CISA adds Apple products and Juniper Junos OS flaws to its Known Exploited Vulnerabilities catalog
GitLab addressed critical auth bypass flaws in CE and EE
North Korea-linked APT group ScarCruft spotted using new Android spyware KoSpy
Meta warns of actively exploited flaw in FreeType library
Medusa ransomware hit over 300 critical infrastructure organizations until February 2025
China-linked APT UNC3886 targets EoL Juniper routers
U.S. CISA adds six Microsoft Windows flaws to its Known Exploited Vulnerabilities catalog
Microsoft Patch Tuesday security updates for March 2025 fix six actively exploited zero-days
New Ballista Botnet spreads using TP-Link flaw. Is it an Italian job?
Apple fixed the third actively exploited zero-day of 2025
Switzerland's NCSC requires cyberattack reporting for critical infrastructure within 24 hours
SideWinder APT targets maritime and nuclear sectors with enhanced toolset
U.S. CISA adds Advantive VeraCore and Ivanti EPM flaws to its Known Exploited Vulnerabilities catalog
Cybersecurity Challenges in Cross-Border Data Transfers and Regulatory Compliance Strategies
Elon Musk blames a massive cyberattack for the X outages
Experts warn of mass exploitation of critical PHP flaw CVE-2024-4577
RansomHouse gang claims the hack of the Loretto Hospital in Chicago
North Korea-linked APT Moonstone used Qilin ransomware in limited attacks
Large-scale cryptocurrency miner campaign targets Russian users with SilentCryptoMiner
Feds seized $23 million in crypto stolen using keys from LastPass breaches
Undocumented hidden feature found in Espressif ESP32 microchip
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 36
Security Affairs newsletter Round 514 by Pierluigi Paganini – INTERNATIONAL EDITION
Akira ransomware gang used an unsecured webcam to bypass EDR
Japanese telecom giant NTT suffered a data breach that impacted 18,000 companies
Mirai-based botnets exploit CVE-2025-1316 zero-day in Edimax IP cameras
The Role of Differential Privacy in Protecting Sensitive Information in the Era of Artificial Intelligence
International law enforcement operation seized the domain of the Russian crypto exchange Garantex
Medusa Ransomware targeted over 40 organizations in 2025
Elastic patches critical Kibana flaw allowing code execution
The U.S. DoJ charges 12 Chinese nationals for state-linked cyber operations
Chinese Lotus Blossom APT targets multiple sectors with Sagerunex backdoor
China-linked APT Silk Typhoon targets IT Supply Chain
Hunters International gang claims the theft of 1.4 TB of data allegedly stolen from Tata Technologies
New Eleven11bot botnet infected +86K IoT devices
Polish Space Agency POLSA disconnected its network following a cyberattack
U.S. CISA adds Linux kernel and VMware ESXi and Workstation flaws to its Known Exploited Vulnerabilities catalog
VMware fixed three actively exploited zero-days in ESX products
Digital nomads and risk associated with the threat of infiltred employees
Google fixed two actively exploited Android flaws
Mass exploitation campaign hit 4,000+ ISP networks to deploy info stealers and crypto miners
CISA maintains stance on Russian cyber threats despite policy shift
U.S. CISA adds Multiple Cisco Small Business RV Series Routers, Hitachi Vantara Pentaho BA Server, Microsoft Windows Win32k, and Progress WhatsUp Gold flaws to its Known Exploited Vulnerabilities catalog
U.S. Authorities recovered $31 Million Related to 2021 Uranium Finance cyber heist
Serbian student activist’s phone hacked using Cellebrite zero-day exploit
Qilin ransomware gang claimed responsibility for the Lee Enterprises attack
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 35
Security Affairs newsletter Round 513 by Pierluigi Paganini – INTERNATIONAL EDITION
Meta fired 20 employees for leaking information, more firings expected
Ransomware gangs exploit a Paragon Partition Manager BioNTdrv.sys driver zero-day
Microsoft disrupted a global cybercrime ring abusing Azure OpenAI Service
Attackers could hack smart solar systems and cause serious damages
Enhanced capabilities sustain the rapid growth of Vo1d botnet
Cisco fixed command injection and DoS flaws in Nexus switches
China-linked threat actors stole 10% of Belgian State Security Service (VSSE)'s staff emails
FBI: North Korea-linked TraderTraitor is responsible for $1.5 Billion Bybit hack
Criminal group UAC-0173 targets the Notary Office of Ukraine
Cellebrite blocked Serbia from using its solution because misuse of the equipment for political reasons
New Ghostwriter campaign targets Ukrainian Government and opposition activists in Belarus
New LightSpy spyware variant comes with enhanced data collection features targeting social media platforms
U.S. CISA adds Microsoft Partner Center and Synacor Zimbra Collaboration Suite flaws to its Known Exploited Vulnerabilities catalog
GitVenom campaign targets gamers and crypto investors by posing as fake GitHub projects
LockBit taunts FBI Director Kash Patel with alleged “Classified” leak threat
EU sanctioned the leader of North Korea-linked APT groups
U.S. CISA adds Adobe ColdFusion and Oracle Agile PLM flaws to its Known Exploited Vulnerabilities catalog
Russia warns financial sector organizations of IT service provider LANIT compromise
A large botnet targets M365 accounts with password spraying attacks
Australia bans Kaspersky over national security concerns
A data leak exposes the operations of the Chinese private firm TopSec, which provides Censorship-as-a-Service
SpyLend Android malware found on Google Play enabled financial cyber crime and extortion
Leaked Black Basta chat logs reveal the gang's operations
U.S. CISA adds Microsoft Power Pages flaw to its Known Exploited Vulnerabilities catalog
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 34
Security Affairs newsletter Round 512 by Pierluigi Paganini – INTERNATIONAL EDITION
Lazarus APT stole $1.5B from Bybit, it is the largest cryptocurrency heist ever
Apple removes iCloud encryption in UK following backdoor demand
B1ack’s Stash released 1 Million credit cards
Atlassian fixed critical flaws in Confluence and Crowd
Salt Typhoon used custom malware JumbledPath to spy U.S. telecom providers
NailaoLocker ransomware targets EU healthcare-related entities
Microsoft fixed actively exploited flaw in Power Pages
Citrix addressed NetScaler console privilege escalation flaw
Palo Alto Networks warns that CVE-2025-0111 flaw is actively exploited in attacks
Russia-linked APTs target Signal messenger
Venture capital firm Insight Partners discloses security breach
OpenSSH bugs allows Man-in-the-Middle and DoS Attacks
U.S. CISA adds SonicWall SonicOS and Palo Alto PAN-OS flaws to its Known Exploited Vulnerabilities catalog
Juniper Networks fixed a critical flaw in Session Smart Routers
China-linked APT group Winnti targets Japanese organizations since March 2024
Xerox VersaLink C7025 Multifunction printer flaws may expose Windows Active Directory credentials to attackers
New XCSSET macOS malware variant used in limited attacks
New Golang-based backdoor relies on Telegram for C2 communication
Pro-Russia collective NoName057(16) launched a new wave of DDoS attacks on Italian sites
whoAMI attack could allow remote code execution within AWS account
Storm-2372 used the device code phishing technique since August 2024
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 33
Security Affairs newsletter Round 511 by Pierluigi Paganini – INTERNATIONAL EDITION
U.S. CISA adds Apple iOS and iPadOS and Mitel SIP Phones flaws to its Known Exploited Vulnerabilities catalog
Attackers exploit recently disclosed Palo Alto Networks PAN-OS firewalls bug
China-linked APT Salt Typhoon breached telecoms by exploiting Cisco router flaws
Experts discovered PostgreSQL flaw chained with BeyondTrust zeroday in targeted attacks
Valve removed the game PirateFi from the Steam video game platform because contained a malware
China-linked APTs' tool employed in RA World Ransomware attack
Russia-linked APT Seashell Blizzard is behind the long running global access operation BadPilot campaign
Sarcoma ransomware gang claims the theft of sensitive data from PCB maker Unimicron
Russian cybercriminal Alexander Vinnik is being released from U.S. custody in exchange for Marc Fogel
North Korea-linked APT Emerald Sleet is using a new tactic
Microsoft Patch Tuesday security updates for February 2025 ficed 2 actively exploited bugs
Attackers exploit a new zero-day to hijack Fortinet firewalls
OpenSSL patched high-severity flaw CVE-2024-12797
Progress Software fixed multiple high-severity LoadMaster flaws
Artificial intelligence (AI) as an Enabler for Enhanced Data Security
Crooks use Google Tag Manager skimmer to steal credit card data from a Magento-based e-stores
Operation Phobos Aetor: Police dismantled 8Base ransomware gang
Apple fixes iPhone and iPad bug exploited in ‘extremely sophisticated attacks’
HPE is notifying individuals affected by a December 2023 attack
XE Group shifts from credit card skimming to exploiting zero-days
UK Gov demands backdoor to access Apple iCloud backups worldwide
SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 32
Security Affairs newsletter Round 510 by Pierluigi Paganini – INTERNATIONAL EDITION
PlayStation Network outage has been going on for over 24 hours
Kimsuky APT group used custom RDP Wrapper version and forceCopy stealer
Russia's intelligence recruits Ukrainians for terror attacks via messaging apps
Hospital Sisters Health System impacted 882,782 individuals
Attackers used a public ASP.NET machine to conduct ViewState code injection attacks
U.S. CISA adds Microsoft Outlook, Sophos XG Firewall, and other flaws to its Known Exploited Vulnerabilities catalog
Notorious hacker behind 40+ cyberattacks on strategic organizations arrested
Lazarus APT targets crypto wallets using cross-platform JavaScript stealer
U.S. CISA adds Linux kernel flaw to its Known Exploited Vulnerabilities catalog
U.S. CISA adds Microsoft .NET Framework, Apache OFBiz, and Paessler PRTG Network Monitor flaws to its Known Exploited Vulnerabilities catalog
SparkCat campaign target crypto wallets using OCR to steal recovery phrases
International Civil Aviation Organization (ICAO) and ACAO Breached: Cyberespionage Groups Targeting Aviation Safety Specialists
Online food ordering and delivery platform GrubHub discloses a data breach
Netgear urges users to upgrade two flaws impacting WiFi router models
AMD fixed a flaw that allowed to load malicious microcode
Coyote Banking Trojan targets Brazilian users, stealing data from 70+ financial apps and websites
Google fixed actively exploited kernel zero-day flaw
Web Skimmer found on at least 17 websites, including Casio UK
Crazy Evil gang runs over 10 highly specialized social media scams
Elon Musk ’s DOGE team granted ‘full access’ to sensitive Treasury systems. What are the risks?
Texas is the first state to ban DeepSeek on government devices
Law enforcement seized the domains of HeartSender cybercrime marketplaces
Security Affairs newsletter Round 509 by Pierluigi Paganini – INTERNATIONAL EDITION
WhatsApp disrupted a hacking campaign targeting journalists with Paragon spyware
Ransomware attack hit Indian multinational Tata Technologies
A ransomware attack forced New York Blood Center to reschedule appointments
Contec CMS8000 patient monitors contain a hidden backdoor
Community Health Center data breach impacted over 1 million patients
Italy's data protection authority Garante blocked the DeepSeek AI platform
Broadcom fixed information disclosure flaws in VMware Aria Operations
DeepSeek database exposed highly sensitive information
TeamViewer fixed a vulnerability in Windows client and host applications
Operation Talent: An international law enforcement operation seized Cracked, Nulled and other cybercrime websites
PHP package Voyager flaws expose to one-click RCE exploits
Italy’s Data Protection Authority Garante requested information from Deepseek
U.S. CISA adds Apple products' flaw to its Known Exploited Vulnerabilities catalog
Aquabot variant v3 targets Mitel SIP phones
Critical remote code execution bug found in Cacti framework
Attackers actively exploit a critical zero-day in Zyxel CPE Series devices
Attackers exploit SimpleHelp RMM Software flaws for initial access
VMware fixed a flaw in Avi Load Balancer
EU announced sanctions on three members of Russia's GRU Unit 29155
Chinese AI platform DeepSeek faced a "large-scale" cyberattack
Apple fixed the first actively exploited zero-day of 2025
TalkTalk confirms data breach involving a third-party platform
Multiple Git flaws led to credentials compromise
GamaCopy targets Russia mimicking Russia-linked Gamaredon APT
ESXi ransomware attacks use SSH tunnels to avoid detection
Attackers allegedly stole $69 million from cryptocurrency platform Phemex
Change Healthcare data breach exposed the private data of over half the U.S.
SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 30
Security Affairs newsletter Round 508 by Pierluigi Paganini – INTERNATIONAL EDITION
Cisco warns of a ClamAV bug with PoC exploit
Subaru Starlink flaw allowed experts to remotely hack cars
U.S. CISA adds SonicWall SMA1000 flaw to its Known Exploited Vulnerabilities catalog
J-magic malware campaign targets Juniper routers
SonicWall warns of a critical CVE-2025-23006 zero-day likely exploited in the wild
U.S. CISA adds JQuery flaw to its Known Exploited Vulnerabilities catalog
Pwn2Own Automotive 2025 Day 2: organizers awarded $335,500
Chinese threat actors used two advanced exploit chains to hack Ivanti CSA
Cisco addresses a critical privilege escalation bug in Meeting Management
U.S. President Donald Trump granted a "full and unconditional pardon" to Ross Ulbricht, Silk Road creator
Pwn2Own Automotive 2025 Day 1: organizers awarded $382,750 for 16 zero-days
Two ransomware groups abuse Microsoft’s Office 365 platform to gain access to target organizations
A 7-Zip bug allows to bypass the Mark of the Web (MotW) feature
Former CIA analyst pleaded guilty to leaking top-secret documents
New Mirai botnet variant Murdoc Botnet targets AVTECH IP cameras and Huawei HG532 rou
