A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box.
Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.
| Attackers exploited SonicWall SMA appliances since January 2025 |
| ASUS routers with AiCloud vulnerable to auth bypass exploit |
| U.S. CISA adds Apple products and Microsoft Windows NTLM flaws to its Known Exploited Vulnerabilities catalog |
| Entertainment venue management firm Legends International disclosed a data breach |
| China-linked APT Mustang Panda upgrades tools in its arsenal |
| Node.js malvertising campaign targets crypto users |
| Apple released emergency updates for actively exploited flaws |
| U.S. CISA adds SonicWall SMA100 Appliance flaw to its Known Exploited Vulnerabilities catalog |
| CISA’s 11-Month extension ensures continuity of MITRE’s CVE Program |
| Chinese Android phones shipped with malware-laced WhatsApp, Telegram apps |
| Cyber Threats Against Energy Sector Surge as Global Tensions Mount |
| Government contractor Conduent disclosed a data breach |
| Critical Apache Roller flaw allows to retain unauthorized access even after a password change |
| Meta will use public EU user data to train its AI models |
| Hertz disclosed a data breach following 2024 Cleo zero-day attack |
| Gladinet flaw CVE-2025-30406 actively exploited in the wild |
| New malware ‘ResolverRAT’ targets healthcare, pharmaceutical firms |
| Security |
| Malicious NPM packages target PayPal users |
| Tycoon2FA phishing kit rolled out significant updates |
| South African telecom provider Cell C disclosed a data breach following a cyberattack |
| China admitted its role in Volt Typhoon cyberattacks on U.S. infrastructure |
International Press – Newsletter
Cybercrime
Pixel-Perfect Trap: The Surge of SVG-Borne Phishing Attacks
Threat actors misuse Node.js to deliver malware and other malicious payloads
Byte Bandits: How Fake PDF Converters Are Stealing More Than Just Your Documents
Man Helped Chinese Nationals Get Jobs Involving Sensitive US Government Projects
Unmasking the new XorDDoS controller and infrastructure
Malware
Malicious NPM Packages Targeting PayPal Users
New Malware Variant Identified: ResolverRAT Enters the Maze
Nice chatting with you: what connects cheap Android smartphones, WhatsApp and cryptocurrency theft?
BPFDoor’s Hidden Controller Used Against Asia, Middle East Targets
Gorilla, a newly discovered Android malware
Cascading Shadows: An Attack Chain Approach to Avoid Detection and Complicate Analysis
IronHusky updates the forgotten MysterySnail RAT to target Russia and Mongolia
**** Unmasking the new XorDDoS controller and infrastructure
***** Byte Bandits: How Fake PDF Converters Are Stealing More Than Just Your Documents
******Renewed APT29 Phishing Campaign Against European Diplomats
**** Goodbye HTA, Hello MSI: New TTPs and Clusters of an APT driven by Multi-Platform Attacks
******Slow Pisces Targets Developers With Coding Challenges and Introduces New Customized Python Malware
***** Threat actors misuse Node.js to deliver malware and other malicious payloads
**** Latest Mustang Panda Arsenal: ToneShell and StarProxy | P1
**** Latest Mustang Panda Arsenal: PAKLOG, CorKLOG, and SplatCloak | P2
***** Around the World in 90 Days: State-Sponsored Actors Try ClickFix
Large Language Model (LLM) for Software Security: Code Analysis, Malware Analysis, Reverse Engineering
Malware analysis assisted by AI with R2AI
A Machine Learning-Based Ransomware Detection Method for Attackers’ Neutralization Techniques Using Format-Preserving Encryption
AOAFS: A Malware Detection System Using an Improved Arithmetic Optimization Algorithm
Hacking
Tycoon2FA New Evasion Technique for 2025
CVE-2025-30406 – Critical Gladinet CentreStack & Triofox Vulnerability Exploited In The Wild
Aiding reverse engineering with Rust and a local LLM
Apple fixes two zero-days exploited in targeted iPhone attacks
Task Scheduler– New Vulnerabilities for schtasks.exe
Over 16,000 Fortinet devices compromised with symlink backdoor
Notorious image board 4chan hacked and internal data leaked
Around the World in 90 Days: State-Sponsored Actors Try ClickFix
CVE-2025-24054, NTLM Exploit in the Wild
Credential Access Campaign Targeting SonicWall SMA Devices Potentially Linked to Exploitation of CVE-2021-20035
Intelligence and Information Warfare
Goodbye HTA, Hello MSI: New TTPs and Clusters of an APT driven by Multi-Platform Attacks
Taiwan charges Chinese ship captain with breaking subsea cables
Slow Pisces Targets Developers With Coding Challenges and Introduces New Customized Python Malware
Renewed APT29 Phishing Campaign Against European Diplomats
NSO lawyer names Mexico, Saudi Arabia, and Uzbekistan as spyware customers accused of 2019 WhatsApp hacks
Gamaredon: The Turncoat Spies Relentlessly Hacking Ukraine
Latest Mustang Panda Arsenal: ToneShell and StarProxy | P1
Latest Mustang Panda Arsenal: PAKLOG, CorKLOG, and SplatCloak | P2
Cybersecurity
Making AI Work Harder for Europeans
Govtech giant Conduent confirms client data stolen in January cyberattack
CISA extends CVE program contract with MITRE for 11 months amid alarm over potential lapse
Google adds Android auto-reboot to block forensic data extractions
Pentagon’s ‘SWAT team of nerds’ resigns en masse
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
Pierluigi Paganini
(SecurityAffairs – hacking, newsletter)