Security Affairs newsletter Round 517 by Pierluigi Paganini – INTERNATIONAL EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box.

Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

FBI and DOJ seize $8.2 Million in romance baiting crypto fraud scheme
Experts warn of the new sophisticate Crocodilus mobile banking Trojan
Crooks are reviving the Grandoreiro banking trojan
Russian authorities arrest three suspects behind Mamont Android banking trojan
Mozilla fixed critical Firefox vulnerability CVE-2025-2857
U.S. CISA adds Google Chromium Mojo flaw to its Known Exploited Vulnerabilities catalog
Crooks target DeepSeek users with fake sponsored Google ads to deliver malware
U.S. CISA adds Sitecore CMS and XP, and GitHub Action flaws to its Known Exploited Vulnerabilities catalog
Arkana Security group claims the hack of US telco provider WideOpenWest (WOW!)
New ReaderUpdate malware variants target macOS users
BlackLock Ransomware Targeted by Cybersecurity Firm
Google fixed the first actively exploited Chrome zero-day since the start of the year
Authentication bypass CVE-2025-22230 impacts VMware Windows Tools
Android malware campaigns use .NET MAUI to evade detection
Astral Foods, South Africa’s largest poultry producer, lost over $1M due to a cyberattack
A cyberattack hits Ukraine’s national railway operator Ukrzaliznytsia
Chinese APT Weaver Ant infiltrated a telco in Asia for over four years
Medusa ransomware uses malicious Windows driver ABYSSWORKER to disable security tools
Attackers can bypass middleware auth checks by exploiting critical Next.js flaw
FBI warns of malicious free online document converters spreading malware
Cloak ransomware group hacked the Virginia Attorney General’s Office
UAT-5918 ATP group targets critical Taiwan

International Press – Newsletter

Cybercrime

Ransomware Group Claims Attack on Virginia Attorney General’s Office      

FBI Denver Warns of Online File Converter Scam  

The DNA of organised crime is changing – and so is the threat to Europe  

Exclusive: DOGE staffer ‘Big Balls’ provided tech support to cybercrime ring, records show

A Sneaky Phish Just Grabbed my Mailchimp Mailing List

Arrests in Tap-to-Pay Scheme Powered by Phishing

DeepSeek users targeted with fake sponsored Google ads that deliver malware          

Russia arrests three for allegedly creating Mamont malware, tied to over 300 cybercrimes  

DOJ Seizes USD 8.2M Tied to Pig Butchering Scheme  

Malware

Microsoft Trusted Signing service abused to code-sign malware

Shedding light on the ABYSSWORKER driver 

Raspberry Robin: Copy Shop USB Worm Evolves to Initial Access Broker Enabling Other Threat Actor Attacks

Shifting the sands of RansomHub’s EDRKillShifter  

Multiple crypto packages hijacked, turned into info-stealers  

CoffeeLoader: A Brew of Stealthy Techniques

PJobRAT makes a comeback, takes another crack at chat apps      

Exposing Crocodilus: New Device Takeover Malware Targeting Android Devices

Hacking

Next.js and the corrupt middleware: the authorizing artifact  

Blacklock Ransomware: A Late Holiday Gift with Intrusion into the Threat Actor’s Infrastructure

CVE-2025-26633: How Water Gamayun Weaponizes MUIPath using MSC EvilTwin

New GitHub Action supply chain attack: reviewdog/action-setup  

OpenAI Offering $100K Bounties for Critical Vulnerabilities

Over 150K websites hit by full-page hijack linking to Chinese gambling sites  

Intelligence and Information Warfare

Weaver Ant, the Web Shell Whisperer: Tracking a Live China-nexus Operation  

Ex-NSA boss: Election security focus helped dissuade increase in Russian meddling with US

RedCurl’s Ransomware Debut: A Technical Deep Dive

You will always remember this as the day you finally caught FamousSparrow      

Private Data and Passwords of Senior U.S. Security Officials Found Online

TURNING AID INTO ATTACK: EXPLOITATION OF PAKISTAN’S YOUTH LAPTOP SCHEME TO TARGET INDIA  

Cybersecurity

The Trump Administration Accidentally Texted Me Its War Plans

Flailing OpenAI Calls for Ban on Chinese AI 

Why government workers and military planners all love Signal now  

SignalGate Isn’t About Signal    

TCCing is Believing  

Oracle Health breach compromises patient data at US hospitals

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, newsletter)