A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box.
Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.
| Lazarus APT stole $1.5B from Bybit, it is the largest cryptocurrency heist ever |
| Apple removes iCloud encryption in UK following backdoor demand |
| B1ack’s Stash released 1 Million credit cards |
| U.S. CISA adds Craft CMS and Palo Alto Networks PAN-OS flaws to its Known Exploited Vulnerabilities catalog |
| Atlassian fixed critical flaws in Confluence and Crowd |
| Salt Typhoon used custom malware JumbledPath to spy U.S. telecom providers |
| NailaoLocker ransomware targets EU healthcare-related entities |
| Microsoft fixed actively exploited flaw in Power Pages |
| Citrix addressed NetScaler console privilege escalation flaw |
| Palo Alto Networks warns that CVE-2025-0111 flaw is actively exploited in attacks |
| Russia-linked APTs target Signal messenger |
| Venture capital firm Insight Partners discloses security breach |
| OpenSSH bugs allows Man-in-the-Middle and DoS Attacks |
| U.S. CISA adds SonicWall SonicOS and Palo Alto PAN-OS flaws to its Known Exploited Vulnerabilities catalog |
| Juniper Networks fixed a critical flaw in Session Smart Routers |
| China-linked APT group Winnti targets Japanese organizations since March 2024 |
| Xerox VersaLink C7025 Multifunction printer flaws may expose Windows Active Directory credentials to attackers |
| New XCSSET macOS malware variant used in limited attacks |
| Dutch Police shut down bulletproof hosting provider Zservers and seized 127 servers |
| New Golang-based backdoor relies on Telegram for C2 communication |
| Pro-Russia collective NoName057(16) launched a new wave of DDoS attacks on Italian sites |
| whoAMI attack could allow remote code execution within AWS account |
| Storm-2372 used the device code phishing technique since August 2024 |
International Press – Newsletter
Cybercrime
Amsterdam police dismantle digital criminal network; 127 servers taken offline
Another Lizard Arrested, Lizard Lair Hacked
X Phishing | Campaign Targeting High Profile Accounts Returns, Promoting Crypto Scams
StaryDobry ruins New Year’s Eve, delivering miner instead of presents
How Phished Data Turns into Apple & Google Wallets
US Army soldier pleads guilty to AT&T and Verizon hacks
Thailand ready to welcome 7,000 trafficked scam call center victims back from Myanmar
B1ack’s Stash Releases 1 Million Credit Cards on a Deep Web Forum
Malware
You’ve Got Malware: FINALDRAFT Hides in Your Drafts
Telegram Abused as C2 Channel for New Golang Backdoor
Infostealing Malware Infections in the U.S. Military & Defense Sector: A Cybersecurity Disaster in the Making
Analyzing ELF/Sshdinjector.A!tr with a Human and Artificial Analyst
Training Approach for Long Short-Term Memory Network Classifier
Hacking
whoAMI: A cloud image name confusion attack
Xerox Versalink C7025 Multifunction Printer: Pass-Back Attack Vulnerabilities (FIXED)
How Hackers Manipulate Agentic AI with Prompt Engineering
Palo Alto Networks tags new firewall bug as exploited in attacks
Bybit Confirms Record-Breaking $1.46 Billion Crypto Heist in Sophisticated Cold Wallet Attack
Intelligence and Information Warfare
Multiple Russian Threat Actors Targeting Microsoft Device Code Authentication
Earth Preta Mixes Legitimate and Malicious Components to Sidestep Detection
Signals of Trouble: Multiple Russia-Aligned Threat Actors Actively Targeting Signal Messenger
Backdoored Executables for Signal, Line, and Gmail Target Chinese-Speaking Users
Spanish spyware startup Mollitiam Industries shuts down
DOGE Now Has Access to the Top US Cybersecurity Agency
Meet NailaoLocker: a ransomware distributed in Europe by ShadowPad and PlugX backdoors
Weathering the storm: In the midst of a Typhoon
We need a new doctrine for Cyberdefence
Cybersecurity
EFF Sues OPM, DOGE and Musk for Endangering the Privacy of Millions
Protecting Global Data Privacy: The Urgent Need for Encryption Safeguards
X is reportedly blocking links to secure Signal contact pages
Qualys TRU Discovers Two Vulnerabilities in OpenSSH: CVE-2025-26465 & CVE-2025-26466
Nearly 10% of employee gen AI prompts include sensitive data
Signals of Trouble: Multiple Russia-Aligned Threat Actors Actively Targeting Signal Messenger
Apple Removes Cloud Encryption Feature From UK After Backdoor Order
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
Pierluigi Paganini
(SecurityAffairs – hacking, newsletter)
