A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box.
Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.
| FBI and DOJ seize $8.2 Million in romance baiting crypto fraud scheme |
| Experts warn of the new sophisticate Crocodilus mobile banking Trojan |
| Crooks are reviving the Grandoreiro banking trojan |
| Russian authorities arrest three suspects behind Mamont Android banking trojan |
| Mozilla fixed critical Firefox vulnerability CVE-2025-2857 |
| U.S. CISA adds Google Chromium Mojo flaw to its Known Exploited Vulnerabilities catalog |
| Crooks target DeepSeek users with fake sponsored Google ads to deliver malware |
| U.S. CISA adds Sitecore CMS and XP, and GitHub Action flaws to its Known Exploited Vulnerabilities catalog |
| Arkana Security group claims the hack of US telco provider WideOpenWest (WOW!) |
| New ReaderUpdate malware variants target macOS users |
| BlackLock Ransomware Targeted by Cybersecurity Firm |
| Google fixed the first actively exploited Chrome zero-day since the start of the year |
| Authentication bypass CVE-2025-22230 impacts VMware Windows Tools |
| Android malware campaigns use .NET MAUI to evade detection |
| Astral Foods, South Africa’s largest poultry producer, lost over $1M due to a cyberattack |
| A cyberattack hits Ukraine’s national railway operator Ukrzaliznytsia |
| Chinese APT Weaver Ant infiltrated a telco in Asia for over four years |
| Medusa ransomware uses malicious Windows driver ABYSSWORKER to disable security tools |
| Attackers can bypass middleware auth checks by exploiting critical Next.js flaw |
| FBI warns of malicious free online document converters spreading malware |
| Cloak ransomware group hacked the Virginia Attorney General’s Office |
| UAT-5918 ATP group targets critical Taiwan |
International Press – Newsletter
Cybercrime
Ransomware Group Claims Attack on Virginia Attorney General’s Office
FBI Denver Warns of Online File Converter Scam
The DNA of organised crime is changing – and so is the threat to Europe
Exclusive: DOGE staffer ‘Big Balls’ provided tech support to cybercrime ring, records show
A Sneaky Phish Just Grabbed my Mailchimp Mailing List
Arrests in Tap-to-Pay Scheme Powered by Phishing
DeepSeek users targeted with fake sponsored Google ads that deliver malware
Russia arrests three for allegedly creating Mamont malware, tied to over 300 cybercrimes
DOJ Seizes USD 8.2M Tied to Pig Butchering Scheme
Malware
Microsoft Trusted Signing service abused to code-sign malware
Shedding light on the ABYSSWORKER driver
Raspberry Robin: Copy Shop USB Worm Evolves to Initial Access Broker Enabling Other Threat Actor Attacks
Shifting the sands of RansomHub’s EDRKillShifter
Multiple crypto packages hijacked, turned into info-stealers
CoffeeLoader: A Brew of Stealthy Techniques
PJobRAT makes a comeback, takes another crack at chat apps
Exposing Crocodilus: New Device Takeover Malware Targeting Android Devices
Hacking
Next.js and the corrupt middleware: the authorizing artifact
Blacklock Ransomware: A Late Holiday Gift with Intrusion into the Threat Actor’s Infrastructure
CVE-2025-26633: How Water Gamayun Weaponizes MUIPath using MSC EvilTwin
New GitHub Action supply chain attack: reviewdog/action-setup
OpenAI Offering $100K Bounties for Critical Vulnerabilities
Over 150K websites hit by full-page hijack linking to Chinese gambling sites
Intelligence and Information Warfare
Weaver Ant, the Web Shell Whisperer: Tracking a Live China-nexus Operation
Ex-NSA boss: Election security focus helped dissuade increase in Russian meddling with US
RedCurl’s Ransomware Debut: A Technical Deep Dive
You will always remember this as the day you finally caught FamousSparrow
Private Data and Passwords of Senior U.S. Security Officials Found Online
TURNING AID INTO ATTACK: EXPLOITATION OF PAKISTAN’S YOUTH LAPTOP SCHEME TO TARGET INDIA
Cybersecurity
The Trump Administration Accidentally Texted Me Its War Plans
Flailing OpenAI Calls for Ban on Chinese AI
Why government workers and military planners all love Signal now
SignalGate Isn’t About Signal
TCCing is Believing
Oracle Health breach compromises patient data at US hospitals
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
Pierluigi Paganini
(SecurityAffairs – hacking, newsletter)