Security Affairs newsletter Round 308

newsletter

newsletter

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box.

If you want to receive the complete weekly Security Affairs Newsletter for free, including the international press, subscribe here.

Experts found two flaws in Facebook for WordPress Plugin

Hackers disrupted live broadcasts at Channel Nine. Is it a Russian retaliation?

QNAP urges users to take action to protect devices against Brute-Force attacks

US Gov Executive Order would oblige to disclose security breach impacting gov users

China-linked RedEcho APT took down part of its C2 domains

Hackers breached the PHP ‘s Git Server and inserted a backdoor in the source code

London-based academies Harris Federation hit by ransomware attack

New Purple Fox version includes Rootkit and implements wormable propagation

Ziggy ransomware admin announced it will refund victims who paid the ransom

30 Docker images downloaded 20M times in cryptojacking attacks

Experts found 2 Linux Kernel flaws that can allow bypassing Spectre mitigations

Hundreds of thousands of projects affected by a flaw in netmask npm package

Reflected XSS Vulnerability In Ivory Search WP Plugin Impact Over 60K sites

VMware addresses SSRF flaw in vRealize Operations that allows stealing admin credentials

Chinese experts earned $20,000 for reporting a Chrome Sandbox Escape

Email accounts of DHS members were compromised in the SolarWinds hack

IETF deprecates TLS 1.0 and TLS 1.1, update to latest versions

North Korea-linked hackers target security experts again

President Biden extended Executive Order 13694 regarding cyberattack sanctions

Akamai dealt with an 800Gbps ransom DDoS against a gambling company

DeepDotWeb admin pleads guilty to money laundering conspiracy

Ubiquiti security breach may be a catastrophe

US CISA warns of DoS flaws in Citrix Hypervisor

VMware fixed flaws in vROps that can be chained to compromise organizations

VMware fixes authentication bypass in Carbon Black Cloud Workload appliance

Airlift Express Fixes Vulnerabilities in Its E-commerce Store

Conti Ransomware gang demanded $40 million ransom to Broward County Public Schools

DHS CISA requires federal agencies to assess their Microsoft Exchange servers by April 5

FBI and CISA are warning of APT actors targeting Fortinet FortiOS servers

Man indicted for tampering with public water system in Kansas

Tens of thousands of QNAP SOHO NAS devices affected by unpatched RCEs

TIMs Red Team Research (RTR) team found 5 zero-day flaws in the CA eHealth Performance Manager product

Activision warns of Call of Duty Cheat tool used to deliver RAT

Attackers are abusing GitHub infrastructure to mine cryptocurrency

Capital One discovered more customers SSNs exposed in 2019 hack

Evolution and rise of the Avaddon Ransomware-as-a-Service

If you want to receive the complete weekly Security Affairs Newsletter for free, including the international press, subscribe here.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, newsletter)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.

Next Malware attack on Applus blocked vehicle inspections in some US states »

Previous « Clop Ransomware operators plunder US universities

Published by

Pierluigi Paganini

Tags: Cybercrimedata breachHackinghacking newsinformation security newsIT Information SecuritymalwareNewsletterPierluigi PaganiniransomwareSecurity AffairsSecurity News

4 years ago

Recent Posts

Security

SAP June 2025 Security Patch Day fixed critical NetWeaver bug

SAP fixed a critical NetWeaver flaw that let attackers bypass authorization and escalate privileges. Patch…

2 hours ago

Hacking

U.S. CISA adds RoundCube Webmail and Erlang Erlang/OTP SSH server flaws to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds RoundCube Webmail and Erlang Erlang/OTP SSH server flaws…

6 hours ago

Malware

Mirai botnets exploit Wazuh RCE, Akamai warned

Mirai botnets are exploiting CVE-2025-24016, a critical remote code execution flaw in Wazuh servers, Akamai…

9 hours ago

APT

China-linked threat actor targeted +70 orgs worldwide, SentinelOne warns

China-linked threat actor targeted over 70 global organizations, including governments and media, in cyber-espionage attacks…

13 hours ago

Cyber Crime

DOJ moves to seize $7.74M in crypto linked to North Korean IT worker scam

US seeks to seize $7.74M in crypto linked to North Korean fake IT worker schemes,…

1 day ago

Intelligence

OpenAI bans ChatGPT accounts linked to Russian, Chinese cyber ops

OpenAI banned ChatGPT accounts tied to Russian and Chinese hackers using the tool for malware,…

1 day ago