A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box.
Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.
| DoJ charged three Russian citizens with operating crypto-mixing services |
| U.S. cannabis dispensary STIIIZY disclosed a data breach |
| A novel PayPal phishing campaign hijacks accounts |
| Banshee macOS stealer supports new evasion mechanisms |
| Researchers disclosed details of a now-patched Samsung zero-click flaw |
| Phishers abuse CrowdStrike brand targeting job seekers with cryptominer |
| China-linked APT group MirrorFace targets Japan |
| U.S. Medical billing provider Medusind suffered a sata breach |
| Ukrainian Cyber Alliance destroyed the connectivity of Russian ISP Nodex |
| U.S. CISA adds Ivanti Connect Secure, Policy Secure, and ZTA Gateways flaw to its Known Exploited Vulnerabilities catalog |
| SOC Scalability: How AI Supports Growth Without Overloading Analysts |
| SonicWall warns of an exploitable SonicOS vulnerability |
| Gayfemboy Botnet targets Four-Faith router vulnerability |
| Meta replaces fact-checking with community notes post ‘Cultural Tipping Point’ |
| U.S. CISA adds Oracle WebLogic Server and Mitel MiCollab flaws to its Known Exploited Vulnerabilities catalog |
| Threat actors breached the Argentina’s airport security police (PSA) payroll |
| Moxa router flaws pose serious risks to industrial environmets |
| US adds Tencent to the list of companies supporting Chinese military |
| Eagerbee backdoor targets govt entities and ISPs in the Middle East |
| Nessus scanner agents went offline due to a faulty plugin update |
| China-linked Salt Typhoon APT compromised more US telecoms than previously known |
| PLAYFULGHOST backdoor supports multiple information stealing features |
| Nuclei flaw allows signature bypass and code execution |
International Press – Newsletter
Cybercrime
School districts in Maine, Tennessee respond to holiday cyberattacks
The data of members of the PSA, the force that depends on Bullrich, was hacked and part of their salary was stolen
A Day in the Life of a Prolific Voice Phishing Crew
Phish-free PayPal Phishing
Marijuana dispensary STIIIZY warns of leaked IDs after November data breach
Operators of Cryptocurrency Mixers Charged with Money Laundering
Fintech Giant Finastra Investigating Data Breach
Telefonica Breach: Infostealer Malware Opens Door for Social Engineering Tactics
Hackers Claim Massive Breach of Location Data Giant, Threaten to Leak Data
Malware
Finding Malware: Unveiling PLAYFULGHOST with Google Security Operations
EAGERBEE, with updated and novel components, targets the Middle East
Gayfemboy: A Botnet Deliver Through a Four-Faith Industrial Router 0-day Exploit
Recruitment Phishing Scam Imitates CrowdStrike Hiring Process
Hacking
Breaking the Chain: Wiz Uncovers a Signature Verification Bypass in Nuclei, the Popular Vulnerability Scanner (CVE-2024-43405)
Bad Likert Judge: A Novel Multi-Turn Technique to Jailbreak LLMs by Misusing Their Evaluation Capability
Genetic Engineering Meets Reverse Engineering: DNA Sequencer’s Vulnerable BIOS
Ivanti Flaw CVE-2025-0282 Actively Exploited, Impacts Connect Secure and Policy Secure
GFI KerioControl Firewall Vulnerability Exploited in the Wild
Samsung S24: Out of bounds write in APE Decoder
Facebook awards researcher $100,000 for finding bug that granted internal access
Intelligence and Information Warfare
Chinese hack of US telecoms compromised more firms than previously known, WSJ says
US designates Tencent as Chinese military company
CISA Update on Treasury Breach
Russian internet provider confirms its network was ‘destroyed’ following attack claimed by Ukrainian hackers
Ivanti Connect Secure VPN Targeted in New Zero-Day Exploitation
Chinese State-Sponsored RedDelta Targeted Taiwan, Mongolia, and Southeast Asia with Adapted PlugX Infection Chain
Chinese cyber-spies peek over shoulder of officials probing real-estate deals near American military bases
Cybersecurity
India Proposes Digital Data Rules with Tough Penalties and Cybersecurity Requirements
Meta is ending its fact-checking program in favor of a ‘community notes’ system similar to X
New labels will help people pick devices less at risk of hacking
Elon Musk says all human data for AI training ‘exhausted’
China releases world’s most powerful electronic warfare weapon design software – for free
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
Pierluigi Paganini
(SecurityAffairs – hacking, newsletter)
