A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box.
Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.
| A ransomware attack forced New York Blood Center to reschedule appointments |
| Contec CMS8000 patient monitors contain a hidden backdoor |
| Community Health Center data breach impacted over 1 million patients |
| Italy’s data protection authority Garante blocked the DeepSeek AI platform |
| Broadcom fixed information disclosure flaws in VMware Aria Operations |
| DeepSeek database exposed highly sensitive information |
| TeamViewer fixed a vulnerability in Windows client and host applications |
| Operation Talent: An international law enforcement operation seized Cracked, Nulled and other cybercrime websites |
| PHP package Voyager flaws expose to one-click RCE exploits |
| Italy’s Data Protection Authority Garante requested information from Deepseek |
| U.S. CISA adds Apple products’ flaw to its Known Exploited Vulnerabilities catalog |
| Aquabot variant v3 targets Mitel SIP phones |
| Critical remote code execution bug found in Cacti framework |
| Attackers actively exploit a critical zero-day in Zyxel CPE Series devices |
| Attackers exploit SimpleHelp RMM Software flaws for initial access |
| VMware fixed a flaw in Avi Load Balancer |
| Ransomware attack on ENGlobal compromised personal information |
| EU announced sanctions on three members of Russia’s GRU Unit 29155 |
| Chinese AI platform DeepSeek faced a “large-scale” cyberattack |
| Apple fixed the first actively exploited zero-day of 2025 |
| TalkTalk confirms data breach involving a third-party platform |
| Multiple Git flaws led to credentials compromise |
| GamaCopy targets Russia mimicking Russia-linked Gamaredon APT |
| ESXi ransomware attacks use SSH tunnels to avoid detection |
| Attackers allegedly stole $69 million from cryptocurrency platform Phemex |
| Change Healthcare data breach exposed the private data of over half the U.S. |
| Cisco warns of a ClamAV bug with PoC exploit |
International Press – Newsletter
Cybercrime
UnitedHealth Estimates Change Healthcare Hack Impacted About 190 Million People
TalkTalk investigating data breach after hacker claims theft of customer data
Law enforcement takes down two largest cybercrime forums in the world
New York Blood Center Enterprises Cybersecurity Incident Update
Cybercrime websites selling hacking tools to transnational organized crime groups seized
Indian tech giant Tata Technologies hit by ransomware attack
Malware
ESXi Ransomware Attacks: Stealthy Persistence through SSH Tunneling
MintsLoader: StealC and BOINC Delivery
Active Exploitation: New Aquabot Variant Phones Home
How we kept the Google Play & Android app ecosystems safe in 2024
Hacking
RANsacked Cellular Security
CVE-2024-50050: Critical Vulnerability in meta-llama/llama-stack
Clone2Leak: Your Git Credentials Belong To Us
Apple fixes this year’s first actively exploited zero-day bug
DeepSeek R1 Exposed: Security Flaws in China’s AI Model
Arctic Wolf Observes Campaign Exploiting SimpleHelp RMM Software for Initial Access
Active Exploitation of Zero-day Zyxel CPE Vulnerability (CVE-2024-40891)
CVE-2024-49138 Windows CLFS heap-based buffer overflow analysis – Part 1
The Tainted Voyage: Uncovering Voyager’s Vulnerabilities
Browser Syncjacking: How Any Browser Extension can Be Used to Takeover Your Device
Intelligence and Information Warfare
Love and hate under war: The GamaCopy organization, which imitates the Russian Gamaredon, uses military — related bait to launch attacks on Russia
Climate Misinformation Is Social Media’s Biggest Issue — And It’s About to Get Way Worse
Cyber-attacks: three individuals added to EU sanctions list for malicious cyber activities against Estonia
AI and security: Safeguarding users and strengthening national security
Operation Phantom Circuit
WhatsApp says journalists and civil society members were targets of Israeli spyware
Cybersecurity
OpenAI ‘reviewing’ allegations that its AI models were used to make DeepSeek
MGM Resorts settles lawsuits after millions of customer records stolen in data breaches
Google to kill Chrome Sync on older Chrome browser versions
Italian regulator asks DeepSeek for information about data collection
US Cyber Agency’s Future Role in Elections Remains Murky Under the Trump Administration
Time Bandit ChatGPT jailbreak bypasses safeguards on sensitive topics
Wiz Research Uncovers Exposed DeepSeek Database Leaking Sensitive Information, Including Chat History
Cybersecurity Vulnerabilities with Certain Patient Monitors from Contec and Epsimed: FDA Safety Communication
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
Pierluigi Paganini
(SecurityAffairs – hacking, newsletter)
