German police seized eXch crypto exchange
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 45
Security Affairs newsletter Round 523 by Pierluigi Paganini – INTERNATIONAL EDITION
Ascension reveals personal data of 437,329 patients exposed in cyberattack
Operation Moonlander dismantled the botnet behind Anyproxy and 5socks cybercriminals services
A cyber attack briefly disrupted South African Airways operations
Cybercriminal services target end-of-life routers, FBI warns
Russia-linked ColdRiver used LostKeys malware in recent attacks
SonicWall fixed SMA 100 flaws that could be chained to execute arbitrary code
The LockBit ransomware site was breached, database dump was leaked online
Cisco fixed a critical flaw in its IOS XE Wireless Controller
U.S. CISA adds GoVision device flaws to its Known Exploited Vulnerabilities catalog
Polish authorities arrested 4 people behind DDoS-for-hire platforms
Play ransomware affiliate leveraged zero-day to deploy malware
Canary Exploit tool allows to find servers affected by Apache Parquet flaw
Unsophisticated cyber actors are targeting the U.S. Energy sector
NSO Group must pay WhatsApp over $167M in damages for attacks on its users
U.S. CISA adds FreeType flaw to its Known Exploited Vulnerabilities catalog
Samsung MagicINFO flaw exploited days after PoC exploit publication
Experts warn of a second wave of attacks targeting SAP NetWeaver bug CVE-2025-31324
U.S. CISA adds Langflow flaw to its Known Exploited Vulnerabilities catalog
Google fixed actively exploited Android flaw CVE-2025-27363
New 'Bring Your Own Installer (BYOI)' technique allows to bypass EDR
Smishing on a Massive Scale: ‘Panda Shop’ Chinese Carding Syndicate
Kelly Benefits December data breach impacted over 400,000 individuals
A hacker stole data from TeleMessage, the firm that sells modified versions of Signal to the U.S. gov
Experts shared up-to-date C2 domains and other artifacts related to recent MintsLoader attacks
Sansec uncovered a supply chain attack via 21 backdoored Magento extensions
US authorities have indicted Black Kingdom ransomware admin
Malicious Go Modules designed to wipe Linux systems
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 44
Security Affairs newsletter Round 522 by Pierluigi Paganini – INTERNATIONAL EDITION
Rhysida Ransomware gang claims the hack of the Government of Peru
DragonForce group claims the theft of data after Co-op cyberattack
U.S. CISA adds Yii Framework and Commvault Command Center flaws to its Known Exploited Vulnerabilities catalog
Ireland's DPC fined TikTok €530M for sending EU user data to China
Microsoft sets all new accounts passwordless by default
Luxury department store Harrods suffered a cyberattack
U.S. CISA adds SonicWall SMA100 and Apache HTTP Server flaws to its Known Exploited Vulnerabilities catalog
Pro-Russia hacktivist group NoName057(16) is targeting Dutch organizations
FBI shared a list of phishing domains associated with the LabHost PhaaS platform
Canadian electric utility Nova Scotia Power and parent company Emera suffered a cyberattack
Two SonicWall SMA100 flaws actively exploited in the wild
Hive0117 group targets Russian firms with new variant of DarkWatchman malware
Russia-linked group Nebulous Mantis targets NATO-related defense organizations
France links Russian APT28 to attacks on dozen French entities
Indian Court ordered to block email service Proton Mail
AirBorne flaws can lead to fully hijack Apple devices
U.S. CISA adds SAP NetWeaver flaw to its Known Exploited Vulnerabilities catalog
SentinelOne warns of threat actors targeting its systems and high-value clients
Google Threat Intelligence Group (GTIG) tracked 75 actively exploited zero-day flaws in 2024
VeriSource data breach impacted 4M individuals
U.S. CISA adds Qualitia Active! Mail, Broadcom Brocade Fabric OS, and Commvault Web Server flaws to its Known Exploited Vulnerabilities catalog
The Turmoil Following BreachForums Shutdown: Confusion, Risks, and a New Beginning
Earth Kurma APT is actively targeting government and telecommunications orgs in Southeast Asia
A large-scale phishing campaign targets WordPress WooCommerce users
PoC rootkit Curing evades traditional Linux detection systems
Attackers chained Craft CMS zero-days attacks in the wild
Storm-1977 targets education sector with password spraying, Microsoft warns
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 43
Security Affairs newsletter Round 521 by Pierluigi Paganini – INTERNATIONAL EDITION
African multinational telco giant MTN Group disclosed a data breach
CEO of cybersecurity firm charged with installing malware on hospital systems
JPCERT warns of DslogdRAT malware deployed in Ivanti Connect Secure
SAP NetWeaver zero-day allegedly exploited by an initial access broker
Operation SyncHole: Lazarus APT targets supply chains in South Korea
Interlock ransomware gang started leaking data allegedly stolen from leading kidney dialysis firm DaVita
Yale New Haven Health (YNHHS) data breach impacted 5.5 million patients
Crooks exploit the death of Pope Francis
WhatsApp introduces Advanced Chat Privacy to protect sensitive communications
Android spyware hidden in mapping software targets Russian soldiers
Crypto mining campaign targets Docker environments with new evasion technique
The popular xrpl.js Ripple cryptocurrency library was compromised in a supply chain attack
British retailer giant Marks & Spencer (M&S) is managing a cyber incident
Chinese Cybercriminals Released Z-NFC Tool for Payment Fraud
Millions of SK Telecom customers are potentially at risk following USIM data compromise
Japan ’s FSA warns of unauthorized trades via stolen credentials from fake security firms' sites
Kimsuky APT exploited BlueKeep RDP flaw in attacks against South Korea and Japan
New sophisticated malware SuperCard X targets Androids via NFC relay attacks
Russia-linked APT29 targets European diplomatic entities with GRAPELOADER malware
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 42
Security Affairs newsletter Round 520 by Pierluigi Paganini – INTERNATIONAL EDITION
Attackers exploited SonicWall SMA appliances since January 2025
ASUS routers with AiCloud vulnerable to auth bypass exploit
U.S. CISA adds Apple products and Microsoft Windows NTLM flaws to its Known Exploited Vulnerabilities catalog
Entertainment venue management firm Legends International disclosed a data breach
Node.js malvertising campaign targets crypto users
Apple released emergency updates for actively exploited flaws
U.S. CISA adds SonicWall SMA100 Appliance flaw to its Known Exploited Vulnerabilities catalog
CISA's 11-Month extension ensures continuity of MITRE's CVE Program
Cyber Threats Against Energy Sector Surge as Global Tensions Mount
Government contractor Conduent disclosed a data breach
Critical Apache Roller flaw allows to retain unauthorized access even after a password change
Meta will use public EU user data to train its AI models
Hertz disclosed a data breach following 2024 Cleo zero-day attack
Gladinet flaw CVE-2025-30406 actively exploited in the wild
New malware ‘ResolverRAT’ targets healthcare, pharmaceutical firms
Malicious NPM packages target PayPal users
Tycoon2FA phishing kit rolled out significant updates
South African telecom provider Cell C disclosed a data breach following a cyberattack
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 41
Security Affairs newsletter Round 519 by Pierluigi Paganini – INTERNATIONAL EDITION
China admitted its role in Volt Typhoon cyberattacks on U.S. infrastructure
Symbolic Link trick lets attackers bypass FortiGate patches, Fortinet warns
Attackers are exploiting recently disclosed OttoKit WordPress plugin flaw
Laboratory Services Cooperative data breach impacts 1.6 Million People
Palo Alto warns of brute-force login attempts on PAN-OS GlobalProtect gateways indicating possible upcoming attacks
Gamaredon targeted the military mission of a Western country based in Ukraine
U.S. CISA adds Linux Kernel flaws to its Known Exploited Vulnerabilities catalog
AkiraBot: AI-Powered spam bot evades CAPTCHA to target 80,000+ websites
An APT group exploited ESET flaw to execute malware
Oracle confirms the hack of two obsolete servers hacked. No Oracle Cloud systems or customer data were affected
National Social Security Fund of Morocco Suffers Data Breach
Critical Fortinet FortiSwitch flaw allows remote attackers to change admin passwords
The US Treasury’s OCC disclosed an undetected major email breach for over a year
U.S. CISA adds Gladinet CentreStack and ZTA Microsoft Windows Common Log File System (CLFS) Driver flaws to its Known Exploited Vulnerabilities catalog
WhatsApp fixed a spoofing flaw that could enable Remote Code Execution
Everest ransomware group’s Tor leak site offline after a defacement
Google fixed two actively exploited Android zero-days
U.S. CISA adds Ivanti Connect Secure, Policy Secure and ZTA Gateways flaw to its Known Exploited Vulnerabilities catalog
A member of the Scattered Spider cybercrime group pleads guilty
The controversial case of the threat actor EncryptHub
PoisonSeed Campaign uses stolen email credentials to spread crypto seed scams and and empty wallets
EDR-as-a-Service makes the headlines in the cybercrime landscape
Oracle privately notifies Cloud data breach to customers
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 40
Security Affairs newsletter Round 518 by Pierluigi Paganini – INTERNATIONAL EDITION
Expert used ChatGPT-4o to create a replica of his passport in just 5 minutes bypassing KYC
A flaw in Verizon’s iOS Call Filter app exposed call records of millions
Port of Seattle 's August data breach impacted 90,000 people
President Trump fired the head of U.S. Cyber Command and NSA
Critical flaw in Apache Parquet's Java Library allows remote code execution
CERT-UA reports attacks in March 2025 targeting Ukrainian agencies with WRECKSTEEL Malware
39M secrets exposed: GitHub rolls out new security tools
China-linked group UNC5221 exploited Ivanti Connect Secure zero-day since mid-March
Europol-led operation shuts down CSAM platform Kidflix, leading to 79 arrests
New Triada Trojan comes preinstalled on Android devices
New advanced FIN7's Anubis backdoor allows to gain full system control on Windows
U.S. CISA adds Apache Tomcat flaw to its Known Exploited Vulnerabilities catalog
Apple backported fixes for three actively exploited flaws to older devices
Spike in Palo Alto Networks scanner activity suggests imminent cyber threats
Microsoft warns of critical flaw in Canon printer drivers
CrushFTP CVE-2025-2825 flaw actively exploited in the wild
France’s antitrust authority fines Apple €150M for issues related to its App Tracking Transparency
Hiding WordPress malware in the mu-plugins directory to avoid detection
U.S. CISA adds Cisco Smart Licensing Utility flaw to its Known Exploited Vulnerabilities catalog
Russia-linked Gamaredon targets Ukraine with Remcos RAT
CoffeeLoader uses a GPU-based packer to evade detection
Morphing Meerkat phishing kits exploit DNS MX records
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 39
Security Affairs newsletter Round 517 by Pierluigi Paganini – INTERNATIONAL EDITION
Sam’s Club Investigates Alleged Cl0p Ransomware Breach
FBI and DOJ seize $8.2 Million in romance baiting crypto fraud scheme
Experts warn of the new sophisticate Crocodilus mobile banking Trojan
Crooks are reviving the Grandoreiro banking trojan
Russian authorities arrest three suspects behind Mamont Android banking trojan
Mozilla fixed critical Firefox vulnerability CVE-2025-2857
U.S. CISA adds Google Chromium Mojo flaw to its Known Exploited Vulnerabilities catalog
Crooks target DeepSeek users with fake sponsored Google ads to deliver malware
U.S. CISA adds Sitecore CMS and XP, and GitHub Action flaws to its Known Exploited Vulnerabilities catalog
Arkana Security group claims the hack of US telco provider WideOpenWest (WOW!)
New ReaderUpdate malware variants target macOS users
BlackLock Ransomware Targeted by Cybersecurity Firm
Google fixed the first actively exploited Chrome zero-day since the start of the year
Authentication bypass CVE-2025-22230 impacts VMware Windows Tools
Android malware campaigns use .NET MAUI to evade detection
Astral Foods, South Africa’s largest poultry producer, lost over $1M due to a cyberattack
A cyberattack hits Ukraine’s national railway operator Ukrzaliznytsia
Chinese APT Weaver Ant infiltrated a telco in Asia for over four years
Medusa ransomware uses malicious Windows driver ABYSSWORKER to disable security tools
Attackers can bypass middleware auth checks by exploiting critical Next.js flaw
FBI warns of malicious free online document converters spreading malware
Cloak ransomware group hacked the Virginia Attorney General’s Office
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 38
Security Affairs newsletter Round 516 by Pierluigi Paganini – INTERNATIONAL EDITION
UAT-5918 ATP group targets critical Taiwan
U.S. Treasury removed sanctions against the crypto mixer service Tornado Cash
Zero-day broker Operation Zero offers up to $4 million for Telegram exploits
RansomHub affiliate uses custom backdoor Betruger
Cisco Smart Licensing Utility flaws actively exploited in the wild
Pennsylvania State Education Association data breach impacts 500,000 individuals
Veeam fixed critical Backup & Replication flaw CVE-2025-23120
U.S. CISA adds Edimax IC-7100 IP Camera, NAKIVO, and SAP NetWeaver AS Java flaws to its Known Exploited Vulnerabilities catalog
CERT-UA warns of cyber espionage against the Ukrainian defense industry using Dark Crystal RAT
WhatsApp fixed zero-day flaw used to deploy Paragon Graphite spyware
California Cryobank, the largest US sperm bank, disclosed a data breach
Rules File Backdoor: AI Code Editors exploited for silent supply chain attacks
U.S. CISA adds Fortinet FortiOS/FortiProxy and GitHub Action flaws to its Known Exploited Vulnerabilities catalog
Nation-state actors and cybercrime gangs abuse malicious .lnk files for espionage and data theft
ChatGPT SSRF bug quickly becomes a favorite attack vector
GitHub Action tj-actions/changed-files was compromised in supply chain attack
New StilachiRAT uses sophisticated techniques to avoid detection
Threat actors rapidly exploit new Apache Tomcat flaw following PoC release
Attackers use CSS to create evasive phishing messages
Researcher releases free GPU-Based decryptor for Linux Akira ransomware
Denmark warns of increased state-sponsored campaigns targeting the European telcos
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 37
Security Affairs newsletter Round 515 by Pierluigi Paganini – INTERNATIONAL EDITION
A ransomware attack hit the Micronesian state of Yap, causing the health system network to go down.
New MassJacker clipper targets pirated software seekers
Cisco IOS XR flaw allows attackers to crash BGP process on routers
LockBit ransomware developer Rostislav Panev was extradited from Israel to the U.S.
SuperBlack Ransomware operators exploit Fortinet Firewall flaws in recent attacks
U.S. CISA adds Apple products and Juniper Junos OS flaws to its Known Exploited Vulnerabilities catalog
GitLab addressed critical auth bypass flaws in CE and EE
North Korea-linked APT group ScarCruft spotted using new Android spyware KoSpy
Meta warns of actively exploited flaw in FreeType library
Medusa ransomware hit over 300 critical infrastructure organizations until February 2025
China-linked APT UNC3886 targets EoL Juniper routers
U.S. CISA adds six Microsoft Windows flaws to its Known Exploited Vulnerabilities catalog
Microsoft Patch Tuesday security updates for March 2025 fix six actively exploited zero-days
New Ballista Botnet spreads using TP-Link flaw. Is it an Italian job?
Apple fixed the third actively exploited zero-day of 2025
Switzerland's NCSC requires cyberattack reporting for critical infrastructure within 24 hours
Recent Posts 3 min Planning For A Financial Revival In 2025... 3 min Drowning In Debt? How To Manage On A Dwindling Budget... Trending 2 min Check On These Tax Credits Before Filing Your Return In 2024... 3 min Planning For A Financial Revival In 2025...
