A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box.
Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.
| U.S. Treasury removed sanctions against the crypto mixer service Tornado Cash |
| Zero-day broker Operation Zero offers up to $4 million for Telegram exploits |
| RansomHub affiliate uses custom backdoor Betruger |
| Cisco Smart Licensing Utility flaws actively exploited in the wild |
| Pennsylvania State Education Association data breach impacts 500,000 individuals |
| Veeam fixed critical Backup & Replication flaw CVE-2025-23120 |
| U.S. CISA adds Edimax IC-7100 IP Camera, NAKIVO, and SAP NetWeaver AS Java flaws to its Known Exploited Vulnerabilities catalog |
| CERT-UA warns of cyber espionage against the Ukrainian defense industry using Dark Crystal RAT |
| WhatsApp fixed zero-day flaw used to deploy Paragon Graphite spyware |
| California Cryobank, the largest US sperm bank, disclosed a data breach |
| Rules File Backdoor: AI Code Editors exploited for silent supply chain attacks |
| U.S. CISA adds Fortinet FortiOS/FortiProxy and GitHub Action flaws to its Known Exploited Vulnerabilities catalog |
| Nation-state actors and cybercrime gangs abuse malicious .lnk files for espionage and data theft |
| ChatGPT SSRF bug quickly becomes a favorite attack vector |
| GitHub Action tj-actions/changed-files was compromised in supply chain attack |
| New StilachiRAT uses sophisticated techniques to avoid detection |
| Threat actors rapidly exploit new Apache Tomcat flaw following PoC release |
| Attackers use CSS to create evasive phishing messages |
| Researcher releases free GPU-Based decryptor for Linux Akira ransomware |
| Denmark warns of increased state-sponsored campaigns targeting the European telcos |
| A ransomware attack hit the Micronesian state of Yap, causing the health system network to go down. |
International Press – Newsletter
Cybercrime
Blockchain gaming platform WEMIX hacked to steal $6.1 million
Babuk2 Ransomware: Extortion Attempts Based on False Claims
Western Alliance Bank notifies 21,899 customers of data breach
Cybercriminals Exploit Checkpoint’s Driver in a BYOVD Attack!
Tornado Cash Delisting
LayerX Labs Identifies New Phishing Campaign Targeted at Mac Users
Malware
Jaguar Land Rover Breached by HELLCAT Ransomware Group Using Its Infostealer Playbook—Then a Second Hacker Strikes
ClearFake’s New Widespread Variant: Increased Web3 Exploitation for Malware Delivery
StilachiRAT analysis: From system reconnaissance to cryptocurrency theft
Arcane stealer: We want all your data
Shedding light on the ABYSSWORKER driver
RansomHub: Attackers Leverage New Custom Backdoor
Hacking
Decrypting Encrypted files from Akira Ransomware (Linux/ESXI variant 2024) using a bunch of GPUs
Abusing with style: Leveraging cascading style sheets for evasion and tracking
One PUT Request to Own Tomcat: CVE-2025-24813 RCE is in the Wild
Harden-Runner detection: tj-actions/changed-files action is compromised
ZDI-CAN-25373: Windows Shortcut Exploit Abused as Zero-Day in Widespread APT Campaigns
New Vulnerability in GitHub Copilot and Cursor: How Hackers Can Weaponize Code Agents
By Executive Order, We Are Banning Blacklists – Domain-Level RCE in Veeam Backup & Replication (CVE-2025-23120)
Technical Advisory: Mass Exploitation of CVE-2024-4577
Exploit Attempts for Cisco Smart Licensing Utility CVE-2024-20439 and CVE-2024-20440
Intelligence and Information Warfare
The cyber threat to the telecommunications sector
Ukraine seeks to bolster offensive cyber capabilities amid rising threats from Russia
Russia, China Hitting West With ‘Massive Digital Arsenals’: EU
UAC-0200: Espionage against the defense-industrial complex using DarkCrystal RAT (CERT-UA#14045)
Head Mare and Twelve join forces to attack Russian entities
Operation FishMedley
UAT-5918 targets critical infrastructure entities in Taiwan
Canadian provincial police appear to be using advanced commercial spyware
Ukraine’s IT Army keeps up attacks on Russia despite waning media hype
North Korea launches new unit with a focus on AI hacking, per report
Musk’s X suspends opposition accounts in Turkey amid civil unrest
UAT-5918 targets critical infrastructure entities in Taiwan
Cybersecurity
The Rise and Fall of Terrorgram: Inside a Global Online Hate Network
OpenAI Says It’s “Over” If It Can’t Steal All Your Copyrighted Work
NIST Announces HQC as Fifth Standardized Post Quantum Algorithm
WhatsApp patched zero-click flaw exploited in Paragon spyware attacks
Russian zero-day seller is offering up to $4 million for Telegram exploits
Federal judge blocks DOGE’s access to Social Security Administration’s banks of personal information
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
Pierluigi Paganini
(SecurityAffairs – hacking, newsletter)
