A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box.
Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.
| U.S. CISA adds Apple iOS and iPadOS and Mitel SIP Phones flaws to its Known Exploited Vulnerabilities catalog |
| Attackers exploit recently disclosed Palo Alto Networks PAN-OS firewalls bug |
| U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog |
| China-linked APT Salt Typhoon breached telecoms by exploiting Cisco router flaws |
| Experts discovered PostgreSQL flaw chained with BeyondTrust zeroday in targeted attacks |
| Valve removed the game PirateFi from the Steam video game platform because contained a malware |
| The Rise of Cyber Espionage: UAV and C-UAV Technologies as Targets |
| China-linked APTs’ tool employed in RA World Ransomware attack |
| Russia-linked APT Seashell Blizzard is behind the long running global access operation BadPilot campaign |
| Sarcoma ransomware gang claims the theft of sensitive data from PCB maker Unimicron |
| Cyber Crime |
| Russian cybercriminal Alexander Vinnik is being released from U.S. custody in exchange for Marc Fogel |
| North Korea-linked APT Emerald Sleet is using a new tactic |
| U.S. CISA adds Microsoft Windows, Zyxel device flaws to its Known Exploited Vulnerabilities catalog |
| Microsoft Patch Tuesday security updates for February 2025 ficed 2 actively exploited bugs |
| Hacking |
| Attackers exploit a new zero-day to hijack Fortinet firewalls |
| Security |
| OpenSSL patched high-severity flaw CVE-2024-12797 |
| Progress Software fixed multiple high-severity LoadMaster flaws |
| Security |
| Artificial intelligence (AI) as an Enabler for Enhanced Data Security |
| Crooks use Google Tag Manager skimmer to steal credit card data from a Magento-based e-stores |
| Operation Phobos Aetor: Police dismantled 8Base ransomware gang |
| Apple fixes iPhone and iPad bug exploited in ‘extremely sophisticated attacks’ |
| HPE is notifying individuals affected by a December 2023 attack |
| XE Group shifts from credit card skimming to exploiting zero-days |
| UK Gov demands backdoor to access Apple iCloud backups worldwide |
International Press – Newsletter
Cybercrime
XE Group: From Credit Card Skimming to Exploiting Zero-Days
Four alleged hackers arrested in Phuket for hacking 17 Swiss firms
The Untold Story of a Crypto Crimefighter’s Descent Into Nigerian Prison Security
Amsterdam police dismantle digital criminal network; 127 servers taken offline
AFP joins global crackdown on cybercriminal infrastructure provider
Did You Download This Steam Game? Sorry, It’s Windows Malware
Malware
Mobile Indian Cyber Heist: FatBoyPanel And His Massive Data Breach
Google Tag Manager Skimmer Steals Credit Card Info From Magento Site
From South America to Southeast Asia: The Fragile Web of REF7707
Deep Learning-Driven Malware Classification with API Call Sequence Analysis and Concept Drift Handling
Hacking
Chinese-Speaking Group Manipulates SEO with BadIIS
Apple fixes iPhone and iPad bug used in an ‘extremely sophisticated attack’
Fault Injection – Looking for a Unicorn
Massive brute force attack uses 2.8 million IPs to target VPN devices
Console Chaos: A Campaign Targeting Publicly Exposed Management Interfaces on Fortinet FortiGate Firewalls
Android Deep Dive: Implicit Intents Introduction
How Wiz found a Critical NVIDIA AI vulnerability: Deep Dive into a container escape (CVE-2024-0132)
Surge in attacks exploiting old ThinkPHP and ownCloud flaws
CVE-2025-1094: PostgreSQL psql SQL injection (FIXED)
whoAMI: A cloud image name confusion attack
GreyNoise Observes Active Exploitation of PAN-OS Authentication Bypass Vulnerability (CVE-2025-0108)
Intelligence and Information Warfare
Another person targeted by Paragon spyware comes forward
Sandworm APT Targets Ukrainian Users with Trojanized Microsoft KMS Activation Tools in Cyber Espionage Campaigns
The BadPilot campaign: Seashell Blizzard subgroup conducts multiyear global access operation
The Risk of a Taiwan Invasion Is Rising Fast
China-linked Espionage Tools Used in Ransomware Attacks
Analyzing DEEP#DRIVE: North Korean Threat Actors Observed Exploiting Trusted Platforms for Targeted Attacks
The Rise of Cyber Espionage: UAV and C-UAV Technologies as Targets
RedMike (Salt Typhoon) Exploits Vulnerable Cisco Devices of Global Telecommunications Providers
Spyware maker caught distributing malicious Android apps for years
Operation Marstech Mayhem Lazarus Group’s Open-Source Trap: North Korea’s New Malware Tactic Targeting Developers and Crypto Wallets
Storm-2372 conducts device code phishing campaign
Cybersecurity
DOGE Teen Owns ‘Tesla.Sexy LLC’ and Worked at Startup That Has Hired Convicted Hackers
Meta staff torrented nearly 82TB of pirated books for AI training — court records reveal copyright violations
Fortinet warns of new zero-day exploited to hijack firewalls
The February 2025 Security Update Review
Barcelona-based spyware startup Variston shuts down, per filing
Tackling AI security risks to unleash growth and deliver Plan for Change
Nginx/Apache Path Confusion to Auth Bypass in PAN-OS (CVE-2025-0108)
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
Pierluigi Paganini
(SecurityAffairs – hacking, newsletter)
