Breaking News

Security Affairs newsletter Round 368 by Pierluigi Paganini

newsletternewsletter

A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs for free in your email box.

If you want to also receive for free the newsletter with the international press subscribe here.

Anonymous: Operation Russia after 100 days of war
GitLab addressed critical account take over via SCIM email change
LuoYu APT delivers WinDealer malware via man-on-the-side attacks
Clipminer Botnet already allowed operators to make at least $1.7 Million
Alert! Unpatched critical Atlassian Confluence Zero-Day RCE flaw actively exploited
Microsoft blocked Polonium attacks against Israeli organizations
LockBit ransomware attack impacted production in a Mexican Foxconn plant
Conti leaked chats confirm that the gang’s ability to conduct firmware-based attacks
An international police operation dismantled FluBot spyware
A critical RCE flaw in Horde Webmail has yet to be addressed
New XLoader Botnet version uses new techniques to obscure its C2 servers
Experts uncovered over 3.6M accessible MySQL servers worldwide
China-linked TA413 group actively exploits Microsoft Follina zero-day flaw
Hive ransomware gang hit Costa Rica public health service
SideWinder carried out over 1,000 attacks since April 2020
Microsoft shared workarounds for the Microsoft Office zero-day dubbed Follina
Experts warn of ransomware attacks against government organizations of small states
Three Nigerian men arrested in INTERPOL Operation Killer Bee
A new WhatsApp OTP scam could allow the hijacking of users’ accounts
Multiple Microsoft Office versions impacted by an actively exploited zero-day
GoodWill Ransomware victims have to perform socially driven activities to decryption their data
EnemyBot malware adds new exploits to target CMS servers and Android devices
Pro-Russian hacker group KillNet plans to attack Italy on May 30
US man sentenced to 4 years in prison for his role in Infraud scheme

Security Affairs is one of the finalists for the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS. I ask you to vote for me again (even if you have already done it), because this vote is for the final.

Please vote for Security Affairs and Pierluigi Paganini in every category that includes them (e.g. sections “The Underdogs – Best Personal (non-commercial) Security Blog” and “The Tech Whizz – Best Technical Blog”)

To nominate, please visit: 

https://docs.google.com/forms/d/e/1FAIpQLSdNDzjvToMSq36YkIHQWwhma90SR0E9rLndflZ3Cu_gVI2Axw/viewform

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, newsletter)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.

Published by
Pierluigi Paganini
Tags: hacking newsinformation security newsNewsletterSecurity AffairsSecurity News
3 years ago

Recent Posts

Texas Department of Transportation (TxDOT) data breach exposes 300,000 crash reports

Hackers breached Texas DOT (TxDOT), stealing 300,000 crash reports with personal data from its Crash…

3 hours ago

SAP June 2025 Security Patch Day fixed critical NetWeaver bug

SAP fixed a critical NetWeaver flaw that let attackers bypass authorization and escalate privileges. Patch…

6 hours ago

U.S. CISA adds RoundCube Webmail and Erlang Erlang/OTP SSH server flaws to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds RoundCube Webmail and Erlang Erlang/OTP SSH server flaws…

10 hours ago

Mirai botnets exploit Wazuh RCE, Akamai warned

Mirai botnets are exploiting CVE-2025-24016, a critical remote code execution flaw in Wazuh servers, Akamai…

13 hours ago

China-linked threat actor targeted +70 orgs worldwide, SentinelOne warns

China-linked threat actor targeted over 70 global organizations, including governments and media, in cyber-espionage attacks…

16 hours ago

DOJ moves to seize $7.74M in crypto linked to North Korean IT worker scam

US seeks to seize $7.74M in crypto linked to North Korean fake IT worker schemes,…

1 day ago