San Francisco’s transport agency Metropolitan Transportation Commission (MTC) exposes drivers’ plate numbers and addresses

U.S. CISA adds Gladinet CentreStack and ZTA Microsoft Windows Common Log File System (CLFS) Driver flaws to its Known Exploited Vulnerabilities catalog

WhatsApp fixed a spoofing flaw that could enable Remote Code Execution

Everest ransomware group’s Tor leak site offline after a defacement

Google fixed two actively exploited Android zero-days

U.S. CISA adds Ivanti Connect Secure, Policy Secure and ZTA Gateways flaw to its Known Exploited Vulnerabilities catalog

A member of the Scattered Spider cybercrime group pleads guilty

The controversial case of the threat actor EncryptHub

PoisonSeed Campaign uses stolen email credentials to spread crypto seed scams and and empty wallets

EDR-as-a-Service makes the headlines in the cybercrime landscape

Oracle privately notifies Cloud data breach to customers

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 40

Security Affairs newsletter Round 518 by Pierluigi Paganini – INTERNATIONAL EDITION

Expert used ChatGPT-4o to create a replica of his passport in just 5 minutes bypassing KYC

A flaw in Verizon’s iOS Call Filter app exposed call records of millions

Port of Seattle 's August data breach impacted 90,000 people

President Trump fired the head of U.S. Cyber Command and NSA

Critical flaw in Apache Parquet's Java Library allows remote code execution

CERT-UA reports attacks in March 2025 targeting Ukrainian agencies with WRECKSTEEL Malware

39M secrets exposed: GitHub rolls out new security tools

China-linked group UNC5221 exploited Ivanti Connect Secure zero-day since mid-March

Europol-led operation shuts down CSAM platform Kidflix, leading to 79 arrests

New Triada Trojan comes preinstalled on Android devices

New advanced FIN7's Anubis backdoor allows to gain full system control on Windows

U.S. CISA adds Apache Tomcat flaw to its Known Exploited Vulnerabilities catalog

Apple backported fixes for three actively exploited flaws to older devices

Spike in Palo Alto Networks scanner activity suggests imminent cyber threats

Microsoft warns of critical flaw in Canon printer drivers

CrushFTP CVE-2025-2825 flaw actively exploited in the wild

France’s antitrust authority fines Apple €150M for issues related to its App Tracking Transparency

Hiding WordPress malware in the mu-plugins directory to avoid detection

U.S. CISA adds Cisco Smart Licensing Utility flaw to its Known Exploited Vulnerabilities catalog

Russia-linked Gamaredon targets Ukraine with Remcos RAT

CoffeeLoader uses a GPU-based packer to evade detection

Morphing Meerkat phishing kits exploit DNS MX records

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 39

Security Affairs newsletter Round 517 by Pierluigi Paganini – INTERNATIONAL EDITION

Sam’s Club Investigates Alleged Cl0p Ransomware Breach

FBI and DOJ seize $8.2 Million in romance baiting crypto fraud scheme

Experts warn of the new sophisticate Crocodilus mobile banking Trojan

Crooks are reviving the Grandoreiro banking trojan

Russian authorities arrest three suspects behind Mamont Android banking trojan

Mozilla fixed critical Firefox vulnerability CVE-2025-2857

U.S. CISA adds Google Chromium Mojo flaw to its Known Exploited Vulnerabilities catalog

Crooks target DeepSeek users with fake sponsored Google ads to deliver malware

U.S. CISA adds Sitecore CMS and XP, and GitHub Action flaws to its Known Exploited Vulnerabilities catalog

Arkana Security group claims the hack of US telco provider WideOpenWest (WOW!)

New ReaderUpdate malware variants target macOS users

BlackLock Ransomware Targeted by Cybersecurity Firm

Google fixed the first actively exploited Chrome zero-day since the start of the year

Authentication bypass CVE-2025-22230 impacts VMware Windows Tools

Android malware campaigns use .NET MAUI to evade detection

Astral Foods, South Africa’s largest poultry producer, lost over $1M due to a cyberattack

A cyberattack hits Ukraine’s national railway operator Ukrzaliznytsia

Chinese APT Weaver Ant infiltrated a telco in Asia for over four years

Medusa ransomware uses malicious Windows driver ABYSSWORKER to disable security tools

Attackers can bypass middleware auth checks by exploiting critical Next.js flaw

FBI warns of malicious free online document converters spreading malware

Cloak ransomware group hacked the Virginia Attorney General’s Office

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 38

Security Affairs newsletter Round 516 by Pierluigi Paganini – INTERNATIONAL EDITION

UAT-5918 ATP group targets critical Taiwan

U.S. Treasury removed sanctions against the crypto mixer service Tornado Cash

Zero-day broker Operation Zero offers up to $4 million for Telegram exploits

RansomHub affiliate uses custom backdoor Betruger

Cisco Smart Licensing Utility flaws actively exploited in the wild

Pennsylvania State Education Association data breach impacts 500,000 individuals

Veeam fixed critical Backup & Replication flaw CVE-2025-23120

U.S. CISA adds Edimax IC-7100 IP Camera, NAKIVO, and SAP NetWeaver AS Java flaws to its Known Exploited Vulnerabilities catalog

CERT-UA warns of cyber espionage against the Ukrainian defense industry using Dark Crystal RAT

WhatsApp fixed zero-day flaw used to deploy Paragon Graphite spyware

California Cryobank, the largest US sperm bank, disclosed a data breach

Rules File Backdoor: AI Code Editors exploited for silent supply chain attacks

U.S. CISA adds Fortinet FortiOS/FortiProxy and GitHub Action flaws to its Known Exploited Vulnerabilities catalog

Nation-state actors and cybercrime gangs abuse malicious .lnk files for espionage and data theft

ChatGPT SSRF bug quickly becomes a favorite attack vector

GitHub Action tj-actions/changed-files was compromised in supply chain attack

New StilachiRAT uses sophisticated techniques to avoid detection

Threat actors rapidly exploit new Apache Tomcat flaw following PoC release

Attackers use CSS to create evasive phishing messages

Researcher releases free GPU-Based decryptor for Linux Akira ransomware

Denmark warns of increased state-sponsored campaigns targeting the European telcos

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 37

Security Affairs newsletter Round 515 by Pierluigi Paganini – INTERNATIONAL EDITION

A ransomware attack hit the Micronesian state of Yap, causing the health system network to go down.

New MassJacker clipper targets pirated software seekers

Cisco IOS XR flaw allows attackers to crash BGP process on routers

LockBit ransomware developer Rostislav Panev was extradited from Israel to the U.S.

SuperBlack Ransomware operators exploit Fortinet Firewall flaws in recent attacks

U.S. CISA adds Apple products and Juniper Junos OS flaws to its Known Exploited Vulnerabilities catalog

GitLab addressed critical auth bypass flaws in CE and EE

North Korea-linked APT group ScarCruft spotted using new Android spyware KoSpy

Meta warns of actively exploited flaw in FreeType library

Medusa ransomware hit over 300 critical infrastructure organizations until February 2025

China-linked APT UNC3886 targets EoL Juniper routers

U.S. CISA adds six Microsoft Windows flaws to its Known Exploited Vulnerabilities catalog

Microsoft Patch Tuesday security updates for March 2025 fix six actively exploited zero-days

New Ballista Botnet spreads using TP-Link flaw. Is it an Italian job?

Apple fixed the third actively exploited zero-day of 2025

Switzerland's NCSC requires cyberattack reporting for critical infrastructure within 24 hours

SideWinder APT targets maritime and nuclear sectors with enhanced toolset

U.S. CISA adds Advantive VeraCore and Ivanti EPM flaws to its Known Exploited Vulnerabilities catalog

Cybersecurity Challenges in Cross-Border Data Transfers and Regulatory Compliance Strategies

Elon Musk blames a massive cyberattack for the X outages

Experts warn of mass exploitation of critical PHP flaw CVE-2024-4577

RansomHouse gang claims the hack of the Loretto Hospital in Chicago

North Korea-linked APT Moonstone used Qilin ransomware in limited attacks

Large-scale cryptocurrency miner campaign targets Russian users with SilentCryptoMiner

Feds seized $23 million in crypto stolen using keys from LastPass breaches

Undocumented hidden feature found in Espressif ESP32 microchip

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 36

Security Affairs newsletter Round 514 by Pierluigi Paganini – INTERNATIONAL EDITION

Akira ransomware gang used an unsecured webcam to bypass EDR

Japanese telecom giant NTT suffered a data breach that impacted 18,000 companies

Mirai-based botnets exploit CVE-2025-1316 zero-day in Edimax IP cameras

The Role of Differential Privacy in Protecting Sensitive Information in the Era of Artificial Intelligence

International law enforcement operation seized the domain of the Russian crypto exchange Garantex

Medusa Ransomware targeted over 40 organizations in 2025

Elastic patches critical Kibana flaw allowing code execution

The U.S. DoJ charges 12 Chinese nationals for state-linked cyber operations

Chinese Lotus Blossom APT targets multiple sectors with Sagerunex backdoor

China-linked APT Silk Typhoon targets IT Supply Chain

Hunters International gang claims the theft of 1.4 TB of data allegedly stolen from Tata Technologies

New Eleven11bot botnet infected +86K IoT devices

Polish Space Agency POLSA disconnected its network following a cyberattack

U.S. CISA adds Linux kernel and VMware ESXi and Workstation flaws to its Known Exploited Vulnerabilities catalog

VMware fixed three actively exploited zero-days in ESX products

Digital nomads and risk associated with the threat of infiltred employees

Google fixed two actively exploited Android flaws

Mass exploitation campaign hit 4,000+ ISP networks to deploy info stealers and crypto miners

CISA maintains stance on Russian cyber threats despite policy shift

U.S. CISA adds Multiple Cisco Small Business RV Series Routers, Hitachi Vantara Pentaho BA Server, Microsoft Windows Win32k, and Progress WhatsUp Gold flaws to its Known Exploited Vulnerabilities catalog

U.S. Authorities recovered $31 Million Related to 2021 Uranium Finance cyber heist

Serbian student activist’s phone hacked using Cellebrite zero-day exploit

Qilin ransomware gang claimed responsibility for the Lee Enterprises attack

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 35

Security Affairs newsletter Round 513 by Pierluigi Paganini – INTERNATIONAL EDITION

Meta fired 20 employees for leaking information, more firings expected

Ransomware gangs exploit a Paragon Partition Manager BioNTdrv.sys driver zero-day

Microsoft disrupted a global cybercrime ring abusing Azure OpenAI Service

Attackers could hack smart solar systems and cause serious damages

Enhanced capabilities sustain the rapid growth of Vo1d botnet

Cisco fixed command injection and DoS flaws in Nexus switches

China-linked threat actors stole 10% of Belgian State Security Service (VSSE)'s staff emails

FBI: North Korea-linked TraderTraitor is responsible for $1.5 Billion Bybit hack

Criminal group UAC-0173 targets the Notary Office of Ukraine

Cellebrite blocked Serbia from using its solution because misuse of the equipment for political reasons

New Ghostwriter campaign targets Ukrainian Government and opposition activists in Belarus

New LightSpy spyware variant comes with enhanced data collection features targeting social media platforms

U.S. CISA adds Microsoft Partner Center and Synacor Zimbra Collaboration Suite flaws to its Known Exploited Vulnerabilities catalog

GitVenom campaign targets gamers and crypto investors by posing as fake GitHub projects

LockBit taunts FBI Director Kash Patel with alleged “Classified” leak threat

EU sanctioned the leader of North Korea-linked APT groups

U.S. CISA adds Adobe ColdFusion and Oracle Agile PLM flaws to its Known Exploited Vulnerabilities catalog

Russia warns financial sector organizations of IT service provider LANIT compromise

A large botnet targets M365 accounts with password spraying attacks

Australia bans Kaspersky over national security concerns

A data leak exposes the operations of the Chinese private firm TopSec, which provides Censorship-as-a-Service

SpyLend Android malware found on Google Play enabled financial cyber crime and extortion

Leaked Black Basta chat logs reveal the gang's operations

U.S. CISA adds Microsoft Power Pages flaw to its Known Exploited Vulnerabilities catalog

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 34

Security Affairs newsletter Round 512 by Pierluigi Paganini – INTERNATIONAL EDITION

Lazarus APT stole $1.5B from Bybit, it is the largest cryptocurrency heist ever

Apple removes iCloud encryption in UK following backdoor demand

B1ack’s Stash released 1 Million credit cards

Atlassian fixed critical flaws in Confluence and Crowd

Salt Typhoon used custom malware JumbledPath to spy U.S. telecom providers

NailaoLocker ransomware targets EU healthcare-related entities

Microsoft fixed actively exploited flaw in Power Pages

Citrix addressed NetScaler console privilege escalation flaw

Palo Alto Networks warns that CVE-2025-0111 flaw is actively exploited in attacks

Russia-linked APTs target Signal messenger

Venture capital firm Insight Partners discloses security breach

OpenSSH bugs allows Man-in-the-Middle and DoS Attacks

U.S. CISA adds SonicWall SonicOS and Palo Alto PAN-OS flaws to its Known Exploited Vulnerabilities catalog

Juniper Networks fixed a critical flaw in Session Smart Routers

China-linked APT group Winnti targets Japanese organizations since March 2024

Xerox VersaLink C7025 Multifunction printer flaws may expose Windows Active Directory credentials to attackers

New XCSSET macOS malware variant used in limited attacks

New Golang-based backdoor relies on Telegram for C2 communication

Pro-Russia collective NoName057(16) launched a new wave of DDoS attacks on Italian sites

whoAMI attack could allow remote code execution within AWS account

Storm-2372 used the device code phishing technique since August 2024

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 33

Security Affairs newsletter Round 511 by Pierluigi Paganini – INTERNATIONAL EDITION

U.S. CISA adds Apple iOS and iPadOS and Mitel SIP Phones flaws to its Known Exploited Vulnerabilities catalog

Attackers exploit recently disclosed Palo Alto Networks PAN-OS firewalls bug

China-linked APT Salt Typhoon breached telecoms by exploiting Cisco router flaws

Experts discovered PostgreSQL flaw chained with BeyondTrust zeroday in targeted attacks

Valve removed the game PirateFi from the Steam video game platform because contained a malware

China-linked APTs' tool employed in RA World Ransomware attack

Russia-linked APT Seashell Blizzard is behind the long running global access operation BadPilot campaign

Sarcoma ransomware gang claims the theft of sensitive data from PCB maker Unimicron

Russian cybercriminal Alexander Vinnik is being released from U.S. custody in exchange for Marc Fogel

North Korea-linked APT Emerald Sleet is using a new tactic

Microsoft Patch Tuesday security updates for February 2025 ficed 2 actively exploited bugs

Attackers exploit a new zero-day to hijack Fortinet firewalls

OpenSSL patched high-severity flaw CVE-2024-12797

Progress Software fixed multiple high-severity LoadMaster flaws

Artificial intelligence (AI) as an Enabler for Enhanced Data Security

Crooks use Google Tag Manager skimmer to steal credit card data from a Magento-based e-stores

Operation Phobos Aetor: Police dismantled 8Base ransomware gang

Apple fixes iPhone and iPad bug exploited in ‘extremely sophisticated attacks’

HPE is notifying individuals affected by a December 2023 attack

XE Group shifts from credit card skimming to exploiting zero-days

UK Gov demands backdoor to access Apple iCloud backups worldwide

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 32

Security Affairs newsletter Round 510 by Pierluigi Paganini – INTERNATIONAL EDITION

PlayStation Network outage has been going on for over 24 hours

Kimsuky APT group used custom RDP Wrapper version and forceCopy stealer

Russia's intelligence recruits Ukrainians for terror attacks via messaging apps

Hospital Sisters Health System impacted 882,782 individuals

Attackers used a public ASP.NET machine to conduct ViewState code injection attacks

U.S. CISA adds Microsoft Outlook, Sophos XG Firewall, and other flaws to its Known Exploited Vulnerabilities catalog

Notorious hacker behind 40+ cyberattacks on strategic organizations arrested

Lazarus APT targets crypto wallets using cross-platform JavaScript stealer

U.S. CISA adds Linux kernel flaw to its Known Exploited Vulnerabilities catalog

U.S. CISA adds Microsoft .NET Framework, Apache OFBiz, and Paessler PRTG Network Monitor flaws to its Known Exploited Vulnerabilities catalog

SparkCat campaign target crypto wallets using OCR to steal recovery phrases

International Civil Aviation Organization (ICAO) and ACAO Breached: Cyberespionage Groups Targeting Aviation Safety Specialists

Online food ordering and delivery platform GrubHub discloses a data breach

Netgear urges users to upgrade two flaws impacting WiFi router models

AMD fixed a flaw that allowed to load malicious microcode

Coyote Banking Trojan targets Brazilian users, stealing data from 70+ financial apps and websites

Google fixed actively exploited kernel zero-day flaw

Web Skimmer found on at least 17 websites, including Casio UK

Crazy Evil gang runs over 10 highly specialized social media scams

Elon Musk ’s DOGE team granted ‘full access’ to sensitive Treasury systems. What are the risks?

Texas is the first state to ban DeepSeek on government devices

Law enforcement seized the domains of HeartSender cybercrime marketplaces

Security Affairs newsletter Round 509 by Pierluigi Paganini – INTERNATIONAL EDITION

WhatsApp disrupted a hacking campaign targeting journalists with Paragon spyware

Ransomware attack hit Indian multinational Tata Technologies

A ransomware attack forced New York Blood Center to reschedule appointments

Contec CMS8000 patient monitors contain a hidden backdoor

Community Health Center data breach impacted over 1 million patients

Italy's data protection authority Garante blocked the DeepSeek AI platform

Broadcom fixed information disclosure flaws in VMware Aria Operations

DeepSeek database exposed highly sensitive information

TeamViewer fixed a vulnerability in Windows client and host applications

Operation Talent: An international law enforcement operation seized Cracked, Nulled and other cybercrime websites

PHP package Voyager flaws expose to one-click RCE exploits

Italy’s Data Protection Authority Garante requested information from Deepseek

U.S. CISA adds Apple products' flaw to its Known Exploited Vulnerabilities catalog

Aquabot variant v3 targets Mitel SIP phones

Critical remote code execution bug found in Cacti framework

Attackers actively exploit a critical zero-day in Zyxel CPE Series devices

Attackers exploit SimpleHelp RMM Software flaws for initial access

VMware fixed a flaw in Avi Load Balancer

EU announced sanctions on three members of Russia's GRU Unit 29155

Chinese AI platform DeepSeek faced a "large-scale" cyberattack

Apple fixed the first actively exploited zero-day of 2025

TalkTalk confirms data breach involving a third-party platform

Multiple Git flaws led to credentials compromise

GamaCopy targets Russia mimicking Russia-linked Gamaredon APT

ESXi ransomware attacks use SSH tunnels to avoid detection

Attackers allegedly stole $69 million from cryptocurrency platform Phemex

Change Healthcare data breach exposed the private data of over half the U.S.

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 30

Security Affairs newsletter Round 508 by Pierluigi Paganini – INTERNATIONAL EDITION

Cisco warns of a ClamAV bug with PoC exploit

Subaru Starlink flaw allowed experts to remotely hack cars

U.S. CISA adds SonicWall SMA1000 flaw to its Known Exploited Vulnerabilities catalog

J-magic malware campaign targets Juniper routers

SonicWall warns of a critical CVE-2025-23006 zero-day likely exploited in the wild

U.S. CISA adds JQuery flaw to its Known Exploited Vulnerabilities catalog

Pwn2Own Automotive 2025 Day 2: organizers awarded $335,500

Chinese threat actors used two advanced exploit chains to hack Ivanti CSA

Cisco addresses a critical privilege escalation bug in Meeting Management

U.S. President Donald Trump granted a "full and unconditional pardon" to Ross Ulbricht, Silk Road creator

Pwn2Own Automotive 2025 Day 1: organizers awarded $382,750 for 16 zero-days

Two ransomware groups abuse Microsoft’s Office 365 platform to gain access to target organizations

A 7-Zip bug allows to bypass the Mark of the Web (MotW) feature

Former CIA analyst pleaded guilty to leaking top-secret documents

New Mirai botnet variant Murdoc Botnet targets AVTECH IP cameras and Huawei HG532 routers

CERT-UA warned of scammers impersonating the agency using fake AnyDesk requests

Experts found multiple flaws in Mercedes-Benz infotainment system

HPE is investigating IntelBroker's claims of the company hack

Esperts found new DoNot Team APT group's Android malware

Malicious npm and PyPI target Solana Private keys to steal funds from victims' wallets

Planet WGS-804HPT Industrial Switch flaws could be chained to achieve remote code execution

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 29

Security Affairs newsletter Round 507 by Pierluigi Paganini – INTERNATIONAL EDITION

A flaw in the W3 Total Cache plugin exposes hundreds of thousands of WordPress sites to attacks

U.S. Treasury Sanctions Chinese cybersecurity firm and actor over federal agency breach tied to Salt Typhoon

EU privacy non-profit group filed complaints against TikTok, SHEIN, AliExpress, and other Chinese companies

ESET detailed a flaw that could allow a bypass of the Secure Boot in UEFI systems

Russia-linked APT Star Blizzard targets WhatsApp accounts

Prominent US law firm Wolf Haldenstein disclosed a data breach

Clop Ransomware exploits Cleo File Transfer flaw: dozens of claims, disputed breaches

MikroTik botnet relies on DNS misconfiguration to spread malware

Threat actor leaked config files and VPN passwords for over Fortinet Fortigate devices

Microsoft Patch Tuesday updates for January 2025 fixed three actively exploited flaws

U.S. CISA adds Fortinet FortiOS flaw to its Known Exploited Vulnerabilities catalog

Codefinger ransomware gang uses compromised AWS keys to encrypt S3 bucket

CVE-2024-44243 macOS flaw allows persistent malware installation

FBI deleted China-linked PlugX malware from over 4,200 US computers

Russia-linked APT UAC-0063 target Kazakhstan in with HATVIBE malware

A new campaign is likely targeting a zero-day in Fortinet FortiGate firewalls

Threat actors exploit Aviatrix Controller flaw to deploy backdoors and cryptocurrency miners

U.S. CISA adds BeyondTrust PRA and RS and Qlik Sense flaws to its Known Exploited Vulnerabilities catalog

Inexperienced actors developed the FunkSec ransomware using AI tools

Credit Card Skimmer campaign targets WordPress via database injection

Microsoft took legal action against crooks who developed a tool to abuse its AI-based services

Pro-Russia hackers NoName057 targets Italy again after Zelensky's visit to the country

Security Affairs newsletter Round 506 by Pierluigi Paganini – INTERNATIONAL EDITION

How a researcher earned $100,000 hacking a Facebook server

DoJ charged three Russian citizens with operating crypto-mixing services

U.S. cannabis dispensary STIIIZY disclosed a data breach

A novel PayPal phishing campaign hijacks accounts

Banshee macOS stealer supports new evasion mechanisms

Researchers disclosed details of a now-patched Samsung zero-click flaw

Phishers abuse CrowdStrike brand targeting job seekers with cryptominer

China-linked APT group MirrorFace targets Japan

U.S. Medical billing provider Medusind suffered a sata breach

U.S. CISA adds Ivanti Connect Secure, Policy Secure, and ZTA Gateways flaw to its Known Exploited Vulnerabilities catalog

SOC Scalability: How AI Supports Growth Without Overloading Analysts

SonicWall warns of an exploitable SonicOS vulnerability

Gayfemboy Botnet targets Four-Faith router vulnerability

Meta replaces fact-checking with community notes post 'Cultural Tipping Point'

U.S. CISA adds Oracle WebLogic Server and Mitel MiCollab flaws to its Known Exploited Vulnerabilities catalog

Threat actors breached the Argentina’s airport security police (PSA) payroll

US adds Tencent to the list of companies supporting Chinese military

Nessus scanner agents went offline due to a faulty plugin update

China-linked Salt Typhoon APT compromised more US telecoms than previously known

PLAYFULGHOST backdoor supports multiple information stealing features

Nuclei flaw allows signature bypass and code execution

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 27

Security Affairs newsletter Round 505 by Pierluigi Paganini – INTERNATIONAL EDITION

Malicious npm packages target Ethereum developers

US Treasury Department sanctioned Chinese cybersecurity firm linked to Flax Typhoon APT

FireScam Android info-stealing malware supports spyware capabilities

Richmond University Medical Center data breach impacted 674,033 individuals

Apple will pay $95 Million to settle lawsuit over Siri's alleged eavesdropping

LDAPNightmare, a PoC exploit targets Windows LDAP flaw CVE-2024-49113

Around 3.3 million POP3 and IMAP mail servers lack TLS encryption

A US soldier was arrested for leaking presidential call logs

DoubleClickjacking allows clickjacking on major websites

Russian media outlets Telegram channels blocked in European countries

Three Russian-German nationals charged with suspicion of secret service agent activity

Lumen reports that it has locked out the Salt Typhoon group from its network

Proposed updates to HIPAA Security Rule mandate to restore the loss of certain relevant electronic information systems and data within 72 hours

U.S. Treasury sanctions Russian and Iranian entities for interfering in the presidential election

Rhode Island ’s data from health benefits system leaked on the dark web

Hacking campaign compromised at least 16 Chrome browser extensions

An X user claimed a 7-Zip zero-day vulnerability, but 7-Zip's creator says is a fake

Cisco states that the second data leak is linked to the one from October

Threat actors attempt to exploit a flaw in Four-Faith routers

ZAGG disclosed a data breach that exposed its customers' credit card data

China-linked APT Salt Typhoon breached a ninth U.S. telecommunications firm

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 26

Security Affairs newsletter Round 504 by Pierluigi Paganini – INTERNATIONAL EDITION

Pro-Russia group NoName targeted the websites of Italian airports

North Korea actors use OtterCookie malware in Contagious Interview campaign

Experts warn of a surge in activity associated FICORA and Kaiten botnets

Brazilian citizen charged for threatening to release data stolen from a company in 2020

A new Mirai botnet variant targets DigiEver DS-2105 Pro DVRs

A ransomware attack disrupted services at Pittsburgh Regional Transit

A cyber attack hit Japan Airlines delaying ticket sales for flights

Apache fixed a critical SQL Injection in Apache Traffic Control

BellaCPP, Charming Kitten's BellaCiao variant written in C++

DMM Bitcoin $308M Bitcoin heist linked to North Korea

Adobe is aware that ColdFusion bug CVE-2024-53961 has a known PoC exploit code

Apache Foundation fixed a severe Tomcat vulnerability

Italy's data protection watchdog fined OpenAI €15 million over ChatGPT’s data management violations

U.S. CISA adds Acclaim Systems USAHERDS flaw to its Known Exploited Vulnerabilities catalog

U.S. Court rules against NSO Group in WhatsApp spyware Lawsuit

Lazarus APT targeted employees at an unnamed nuclear-related organization

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 25

Security Affairs newsletter Round 503 by Pierluigi Paganini – INTERNATIONAL EDITION

US charged Dual Russian and Israeli National as LockBit Ransomware developer

BadBox rapidly grows, 190,000 Android devices infected

Romanian national was sentenced to 20 years in prison for his role in NetWalker ransomware attacks

Sophos fixed critical vulnerabilities in its Firewall product

U.S. CISA adds BeyondTrust software flaw to its Known Exploited Vulnerabilities catalog

Raccoon Infostealer operator sentenced to 60 months in prison

Mirai botnet targets SSR devices, Juniper Networks warns

Fortinet warns about Critical flaw in Wireless LAN Manager FortiWLM

CERT-UA: Russia-linked UAC-0125 abuses Cloudflare Workers to target Ukrainian army

US considers banning TP-Link routers over cybersecurity concerns

Russia-linked APT29 group used red team tools in rogue RDP attacks

Threat actors are attempting to exploit Apache Struts vulnerability CVE-2024-53677

Irish Data Protection Commission (DPC) fined Meta €251 million for a 2018 data breach

Texas Tech University data breach impacted 1.4 million individuals

The FBI warns of HiatusRAT scanning campaigns against Chinese-branded web cameras and DVRs

Russia FSB relies on Ukrainian minors for criminal activities disguised as "quest games"

U.S. CISA adds Microsoft Windows Kernel-Mode Driver and Adobe ColdFusion flaws to its Known Exploited Vulnerabilities catalog

ConnectOnCall data breach impacted over 900,000 individuals

Report claims that Serbian authorities abused Cellebrite tool to install NoviSpy spyware

Multiple flaws in Volkswagen Group's infotainment unit allow for vehicle compromise

PUMAKIT, a sophisticated rootkit that uses advanced stealth mechanisms

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 24

Security Affairs newsletter Round 502 by Pierluigi Paganini – INTERNATIONAL EDITION

IOCONTROL cyberweapon used to target infrastructure in the US and Isreael

U.S. CISA adds Cleo Harmony, VLTrader, and LexiCom flaw to its Known Exploited Vulnerabilities catalog

German agency BSI sinkholed a botnet of 30,000 devices infected with BadBox

U.S. authorities seized cybercrime marketplace Rydox

Experts discovered the first mobile malware families linked to Russia's Gamaredon

US Bitcoin ATM operator Byte Federal suffered a data breach

Experts discovered surveillance tool EagleMsgSpy used by Chinese law enforcement

Operation PowerOFF took down 27 DDoS platforms across 15 countries

Russia's Secret Blizzard APT targets Ukraine with Kazuar backdoor

Ivanti fixed a maximum severity vulnerability in its CSA solution

Operation Digital Eye: China-linked relies on Visual Studio Code Remote Tunnels to spy on Europen entities

Chinese national charged for hacking thousands of Sophos firewalls

Cybercriminals Impersonate Dubai Police to Defraud Consumers in the UAE - Smishing Triad in Action

U.S. CISA adds Microsoft Windows CLFS driver flaw to its Known Exploited Vulnerabilities catalog

Microsoft December 2024 Patch Tuesday addressed actively exploited zero-day

SAP fixed critical SSRF flaw in NetWeaver's Adobe Document Services

Romanian energy supplier Electrica Group is facing a ransomware attack

Deloitte denied its systems were hacked by Brain Cipher ransomware group

Mandiant devised a technique to bypass browser isolation using QR codes

2023 Anna Jaques Hospital data breach impacted over 310,000 people

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 23

Security Affairs newsletter Round 501 by Pierluigi Paganini – INTERNATIONAL EDITION

RedLine info-stealer campaign targets Russian businesses through pirated corporate software

8Base ransomware group hacked Croatia's Port of Rijeka

Romania ’s election systems hit by 85,000 attacks ahead of presidential vote

New Atrium Health data breach impacts 585,000 individuals

U.S. CISA adds CyberPanel flaw to its Known Exploited Vulnerabilities catalog

Hundred of CISCO switches impacted by bootloader flaw

Operation Destabilise dismantled Russian money laundering networks

Russia-linked APT Secret Blizzard spotted using infrastructure of other threat actors

China-linked APT Salt Typhoon has breached telcos in dozens of countries

Black Basta ransomware gang hit BT Group

Authorities shut down Crimenetwork, the Germany's largest crime marketplace

Veeam addressed critical Service Provider Console (VSPC) bug

Australia, Canada, New Zealand, and the U.S. warn of PRC-linked cyber espionage targeting telecom networks

U.S. CISA adds ProjectSend, North Grid Proself, and Zyxel firewalls bugs to its Known Exploited Vulnerabilities catalog

The ASA flaw CVE-2014-2120 is being actively exploited in the wild

DMM Bitcoin halts operations six months after a $300 million cyber heist

Energy industry contractor ENGlobal Corporation discloses a ransomware attack

Poland probes Pegasus spyware abuse under the PiS government

Tor Project needs 200 WebTunnel bridges more to bypass Russia' censorship

Interpol: Operation HAECHI-V led to more than 5,500 suspects arrested

How threat actors can use generative artificial intelligence?

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 22

Security Affairs newsletter Round 500 by Pierluigi Paganini – INTERNATIONAL EDITION

Hackers stole millions of dollars from Uganda Central Bank

Notorious ransomware programmer Mikhail Pavlovich Matveev arrested in Russia

Phishing-as-a-Service Rockstar 2FA continues to be prevalent

Zello urges users to reset passwords following a cyber attack

A cyberattack impacted operations at UK Wirral University Teaching Hospital

T-Mobile detected network intrusion attempts and blocked them

ProjectSend critical flaw actively exploited in the wild, experts warn

Bootkitty is the first UEFI Bootkit designed for Linux systems

VMware fixed five vulnerabilities in Aria Operations product

Operation Serengeti: INTERPOL arrested 1,006 suspects in 19 African countries

Russian group RomCom exploited Firefox and Tor Browser zero-days to target attacks Europe and North America

The source code of Banshee Stealer leaked online

U.S. CISA adds Array Networks AG and vxAG ArrayOS flaw to its Known Exploited Vulnerabilities catalog

Thai police arrested Chinese hackers involved in SMS blaster attacks

Zyxel firewalls targeted in recent ransomware attacks

Malware campaign abused flawed Avast Anti-Rootkit driver

Russia-linked APT TAG-110 uses targets Europe and Asia

Russia-linked threat actors threaten the UK and its allies, minister to say

Security Affairs newsletter Round 499 by Pierluigi Paganini – INTERNATIONAL EDITION

DoJ seized credit card marketplace PopeyeTools and charges its administrators

A cyberattack on gambling giant IGT disrupted portions of its IT systems

China-linked APT Gelsemium uses a new Linux backdoor dubbed WolfsBane

Microsoft seized 240 sites used by the ONNX phishing service

U.S. CISA adds Apple, Oracle Agile PLM bugs to its Known Exploited Vulnerabilities catalog

More than 2,000 Palo Alto Networks firewalls hacked exploiting recently patched zero-days

Ransomhub ransomware gang claims the hack of Mexican government Legal Affairs Office

US DoJ charges five alleged members of the Scattered Spider cybercrime gang

Threat actor sells data of over 750,000 patients from a French hospital

Decade-old local privilege escalation bugs impacts Ubuntu needrestart package

Ford data breach involved a third-party supplier

Hacker obtained documents tied to lawsuit over Matt Gaetz's sexual misconduct allegations

Apple addressed two actively exploited zero-day vulnerabilities

Unsecured JupyterLab and Jupyter Notebooks servers abused for illegal streaming of Sports events

Russian Phobos ransomware operator faces cybercrime charges

Great Plains Regional Medical Center ransomware attack impacted 133,000 individuals

Recently disclosed VMware vCenter Server bugs are actively exploited in attacks

Foreign adversary hacked email communications of the Library of Congress says

T-Mobile is one of the victims of the massive Chinese breach of telecom firms

Increased GDPR Enforcement Highlights the Need for Data Security

Critical Really Simple Security plugin flaw impacts 4M+ WordPress sites

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 20

A botnet exploits e GeoVision zero-day to compromise EoL devices

Palo Alto Networks confirmed active exploitation of recently disclosed zero-day

Glove Stealer bypasses Chrome’s App-Bound Encryption to steal cookies

Bitfinex hacker Ilya Lichtenstein was sentenced to 5 years in prison

U.S. CISA adds Palo Alto Networks Expedition bugs to its Known Exploited Vulnerabilities catalog

China-linked threat actors compromised multiple telecos and spied on a limited number of U.S. government officials

Bitdefender released a decryptor for the ShrinkLocker ransomware

China's Volt Typhoon botnet has re-emerged

Zoom addressed two high-severity issues in its platform

Microsoft Patch Tuesday security updates for November 2024 fix two actively exploited zero-days

Ahold Delhaize experienced a cyber incident affecting several of its U.S. brands

A cyberattack on payment systems blocked cards readers across stores and gas stations in Israel

Apple indeed added a feature called "inactivity reboot" in iOS 18.1 that reboots locked devices

Ymir ransomware, a new stealthy ransomware grow in the wild

Amazon discloses employee data breach after May 2023 MOVEit attacks

A new fileless variant of Remcos RAT observed in the wild

A surge in Pro-Russia cyberattacks after decision to monitor North Korean Troops in Ukraine

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 19

Security Affairs newsletter Round 497 by Pierluigi Paganini – INTERNATIONAL EDITION

U.S. agency cautions employees to limit phone use due to Salt Typhoon hack of telco providers

Mazda Connect flaws allow to hack some Mazda vehicles

Veeam Backup & Replication exploit reused in new Frag ransomware attack

Texas oilfield supplier Newpark Resources suffered a ransomware attack

Palo Alto Networks warns of potential RCE in PAN-OS management interface

iPhones in a law enforcement forensics lab mysteriously rebooted losing their After First Unlock (AFU) state

U.S. CISA adds Palo Alto Expedition, Android, CyberPanel and Nostromo nhttpd bugs to its Known Exploited Vulnerabilities catalog

DPRK-linked BlueNoroff used macOS malware with novel persistence

Canada ordered ByteDance to shut down TikTok operations in the country over security concerns

Critical bug in Cisco UWRB access points allows attackers to run commands as root

INTERPOL: Operation Synergia II disrupted +22,000 malicious IPs

Memorial Hospital and Manor suffered a ransomware attack

South Korea fined Meta $15.67M for illegally collecting and sharing Facebook users

Synology fixed critical flaw impacting millions of DiskStation and BeePhotos NAS devices

ToxicPanda Android banking trojan targets Europe and LATAM, with a focus on Italy

U.S. CISA adds PTZOptics camera bugs to its Known Exploited Vulnerabilities catalog

Canadian authorities arrested alleged Snowflake hacker

Android flaw CVE-2024-43093 may be under limited, targeted exploitation

July 2024 ransomware attack on the City of Columbus impacted 500,000 people

Nigerian man Sentenced to 26+ years in real estate phishing scams

Russian disinformation campaign active ahead of 2024 US election

International law enforcement operation shut down DDoS-for-hire platform Dstat.cc

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 18

Security Affairs newsletter Round 496 by Pierluigi Paganini – INTERNATIONAL EDITION

US Election 2024 – FBI warning about fake election videos

Chinese threat actors use Quad7 botnet in password-spray attacks

FBI arrested former Disney World employee for hacking computer menus and mislabeling allergy info

Sophos details five years of China-linked threat actors' activity targeting network devices worldwide

PTZOptics cameras zero-days actively exploited in the wild

New LightSpy spyware version targets iPhones with destructive capabilities

LottieFiles confirmed a supply chain attack on Lottie-Player

Threat actor says Interbank refused to pay the ransom after a two-week negotiation

QNAP fixed second zero-day demonstrated at Pwn2Own Ireland 2024

New version of Android malware FakeCall redirects bank calls to scammers

Russia-linked Midnight Blizzard APT targeted 100+ organizations with a spear-phishing campaign using RDP files

QNAP fixed NAS backup zero-day demonstrated at Pwn2Own Ireland 2024

International law enforcement operation dismantled RedLine and Meta infostealers

Fog and Akira ransomware attacks exploit SonicWall VPN flaw CVE-2024-40766

Russia-linked espionage group UNC5812 targets Ukraine's military with malware

France’s second-largest telecoms provider Free suffered a cyber attack

A crime ring compromised Italian state databases reselling stolen info

Third-Party Identities: The Weakest Link in Your Cybersecurity Supply Chain

Black Basta affiliates used Microsoft Teams in recent attacks

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 17

Four REvil Ransomware members sentenced for hacking and money laundering

Chinese cyber spies targeted phones used by Trump and Vance

Irish Data Protection Commission fined LinkedIn €310M for GDPR infringement

Change Healthcare data breach impacted over 100 million people

OnePoint Patient Care data breach impacted 795916 individuals

From Risk Assessment to Action: Improving Your DLP Response

U.S. CISA adds Cisco ASA and FTD, and RoundCube Webmail bugs to its Known Exploited Vulnerabilities catalog

Pwn2Own Ireland 2024 Day 2: participants demonstrated an exploit against Samsung Galaxy S24

Cisco fixed tens of vulnerabilities, including an actively exploited one

FortiJump flaw CVE-2024-47575 has been exploited in zero-day attacks since June 2024

U.S. CISA adds Fortinet FortiManager flaw to its Known Exploited Vulnerabilities catalog

Digital Echo Chambers and Erosion of Trust - Key Threats to the US Elections

Crooks are targeting Docker API servers to deploy SRBMiner

Why DSPM is Essential for Achieving Data Privacy in 2024

SEC fined 4 companies for misleading disclosures about the impact of the SolarWinds attack

Samsung zero-day flaw actively exploited in the wild

Experts warn of a new wave of Bumblebee malware attacks

U.S. CISA adds ScienceLogic SL1 flaw to its Known Exploited Vulnerabilities catalog

VMware failed to fully address vCenter Server RCE flaw CVE-2024-38812

Cisco states that data published on cybercrime forum was taken from public-facing DevHub environment

Internet Archive was breached twice in a month

Unknown threat actors exploit Roundcube Webmail flaw in phishing campaign

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 16

Security Affairs newsletter Round 494 by Pierluigi Paganini – INTERNATIONAL EDITION

F5 fixed a high-severity elevation of privilege vulnerability in BIG-IP

U.S. CISA adds Veeam Backup and Replication flaw to its Known Exploited Vulnerabilities catalog

North Korea-linked APT37 exploited IE zero-day in a recent attack

Omni Family Health data breach impacts 468,344 individuals

Iran-linked actors target critical infrastructure organizations

macOS HM Surf flaw in TCC allows bypass Safari privacy settings

Two Sudanese nationals indicted for operating the Anonymous Sudan group

Russia-linked RomCom group targeted Ukrainian government agencies since late 2023

A critical flaw in Kubernetes Image Builder could allow attackers to gain root access

VMware fixes high-severity SQL injection flaw CVE-2024-38814 in HCX

Brazil's Polícia Federal arrested the notorious hacker USDoD

Finnish Customs dismantled the dark web drugs market Sipulitie

U.S. CISA adds Microsoft Windows Kernel, Mozilla Firefox and SolarWinds Web Help Desk bugs to its Known Exploited Vulnerabilities catalog

GitHub addressed a critical vulnerability in Enterprise Server

A new Linux variant of FASTCash malware targets financial systems

WordPress Jetpack plugin critical flaw impacts 27 million sites

Pokemon dev Game Freak discloses data breach

U.S. CISA adds Fortinet products and Ivanti CSA bugs to its Known Exploited Vulnerabilities catalog

Nation-state actor exploited three Ivanti CSA zero-days

Dutch police dismantled dual dark web market 'Bohemia/Cannabia'

Fidelity Investments suffered a second data breach this year

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 15

Security Affairs newsletter Round 493 by Pierluigi Paganini – INTERNATIONAL EDITION

Russia-linked group APT29 is targeting Zimbra and JetBrains TeamCity servers on a large scale

A cyber attack hit Iranian government sites and nuclear facilities

Ransomware operators exploited Veeam Backup & Replication flaw CVE-2024-40711 in recent attacks

GitLab fixed a critical flaw that could allow arbitrary CI/CD pipeline execution

Iran and China-linked actors used ChatGPT for preparing attacks

Internet Archive data breach impacted 31M users

E-skimming campaign uses Unicode obfuscation to hide the Mongolian Skimmer

U.S. CISA adds Ivanti CSA and Fortinet bugs to its Known Exploited Vulnerabilities catalog

Mozilla issued an urgent Firefox update to fix an actively exploited flaw

Palo Alto fixed critical flaws in PAN-OS firewalls that allow for full compromise of the devices

Cybercriminals Are Targeting AI Conversational Platforms

Awaken Likho APT group targets Russian government with a new implant

U.S. CISA adds Windows and Qualcomm bugs to its Known Exploited Vulnerabilities catalog

Ukrainian national pleads guilty in U.S. court for operating the Raccoon Infostealer

MoneyGram discloses data breach following September cyberattack

American Water shut down some of its systems following a cyberattack

Universal Music data breach impacted 680 individuals

FBCS data breach impacted 238,000 Comcast customers

Critical Apache Avro SDK RCE flaw impacts Java applications

Man pleads guilty to stealing over $37 Million worth of cryptocurrency

U.S. CISA adds Synacor Zimbra Collaboration flaw to its Known Exploited Vulnerabilities catalog

China-linked group Salt Typhoon hacked US broadband providers and breached wiretap systems

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 14

Security Affairs newsletter Round 492 by Pierluigi Paganini – INTERNATIONAL EDITION

Google Pixel 9 supports new security features to mitigate baseband attacks

WordPress LiteSpeed Cache plugin flaw could allow site takeover

Apple iOS 18.0.1 and iPadOS 18.0.1 fix media session and passwords bugs

Google removed Kaspersky's security apps from the Play Store

New Perfctl Malware targets Linux servers in cryptomining campaign

Microsoft and DOJ seized the attack infrastructure used by Russia-linked Callisto Group

Dutch police breached by a state actor

Thousands of Adobe Commerce e-stores hacked by exploiting the CosmicSting bug

Telegram revealed it shared U.S. user data with law enforcement

U.S. CISA adds Ivanti Endpoint Manager (EPM) flaw to its Known Exploited Vulnerabilities catalog

14 New DrayTek routers' flaws impacts over 700,000 devices in 168 countries

Rhadamanthys information stealer introduces AI-driven capabilities

Critical Zimbra Postjournal flaw CVE-2024-45519 actively exploited in the wild. Patch it now!

Police arrested four new individuals linked to the LockBit ransomware operation

UMC Health System diverted patients following a ransomware attack

U.S. CISA adds D-Link DIR-820 Router, DrayTek Multiple Vigor Router, Motion Spell GPAC, SAP Commerce Cloud bugs to its Known Exploited Vulnerabilities catalog

News agency AFP hit by cyberattack, client services impacted

North Korea-linked APT Kimsuky targeted German defense firm Diehl Defence

Patelco Credit Union data breach impacted over 1 million people

Community Clinic of Maui discloses a data breach following May Lockbit ransomware attack

A British national has been charged for his execution of a hack-to-trade scheme

Critical NVIDIA Container Toolkit flaw could allow access to the underlying host

Israel army hacked the communication network of the Beirut Airport control tower

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 13

Security Affairs newsletter Round 491 by Pierluigi Paganini – INTERNATIONAL EDITION

Irish Data Protection Commission fined Meta €91 million for storing passwords in readable format

A cyberattack on Kuwait Health Ministry impacted hospitals in the country

Cyber vandalism on Wi-Fi networks at UK train stations spread an anti-Islam message

CUPS flaws allow remote code execution on Linux systems under certain conditions

U.S. sanctioned virtual currency exchanges Cryptex and PM2BTC for facilitating illegal activities

Hacking Kia cars made after 2013 using just their license plate

Critical RCE vulnerability found in OpenPLC

China-linked APT group Salt Typhoon compromised some U.S. internet service providers (ISPs)

Privacy non-profit noyb claims that Firefox tracks users with privacy preserving feature

Data of 3,191 congressional staffers leaked in the dark web

New variant of Necro Trojan infected more than 11 million devices

U.S. CISA adds Ivanti Virtual Traffic Manager flaw to its Known Exploited Vulnerabilities catalog

Arkansas City water treatment facility switched to manual operations following a cyberattack

New Android banking trojan Octo2 targets European banks

A generative artificial intelligence malware used in phishing attacks

A cyberattack on MoneyGram caused its service outage

Did Israel infiltrate Lebanese telecoms networks?

Telegram will provide user data to law enforcement in response to legal requests

ESET fixed two privilege escalation flaws in its products

North Korea-linked APT Gleaming Pisces deliver new PondRAT backdoor via malicious Python packages

Chinese APT Earth Baxia target APAC by exploiting GeoServer flaw

Hacktivist group Twelve is back and targets Russian entities

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 12

Security Affairs newsletter Round 490 by Pierluigi Paganini – INTERNATIONAL EDITION

Noise Storms: Mysterious massive waves of spoofed traffic observed since 2020

Hackers stole over $44 million from Asian crypto platform BingX

OP KAERB: Europol dismantled phishing scheme targeting mobile users

Ukraine bans Telegram for government agencies, military, and critical infrastructure

Tor Project responded to claims that law enforcement can de-anonymize Tor users

UNC1860 provides Iran-linked APTs with access to Middle Eastern networks

US DoJ charged two men with stealing and laundering $230 Million worth of cryptocurrency

The Vanilla Tempest cybercrime gang used INC ransomware for the first time in attacks on the healthcare sector

U.S. CISA adds new Ivanti Cloud Services Appliance Vulnerability to its Known Exploited Vulnerabilities catalog

Ivanti warns of a new actively exploited Cloud Services Appliance (CSA) flaw

International law enforcement operation dismantled criminal communication platform Ghost

U.S. CISA adds Microsoft Windows, Apache HugeGraph-Server, Oracle JDeveloper, Oracle WebLogic Server, and Microsoft SQL Server bugs to its Known Exploited Vulnerabilities catalog

SIEM for Small and Medium-Sized Enterprises: What you need to know

Experts warn of China-linked APT's Raptor Train IoT Botnet

Credential Flusher, understanding the threat and how to protect your login data

U.S. Treasury issued fresh sanctions against entities linked to the Intellexa Consortium

Broadcom fixed Critical VMware vCenter Server flaw CVE-2024-38812

Remote attack on pagers used by Hezbollah caused 9 deaths and thousands of injuries

Chinese man charged for spear-phishing against NASA and US Government

U.S. CISA adds Microsoft Windows MSHTML Platform and Progress WhatsUp Gold bugs to its Known Exploited Vulnerabilities catalog

Taking Control Online: Ensuring Awareness of Data Usage and Consent

Qilin ransomware attack on Synnovis impacted over 900,000 patients

D-Link addressed three critical RCE in wireless router models

Recently patched Windows flaw CVE-2024-43461 was actively exploited as a zero-day before July 2024

SolarWinds fixed critical RCE CVE-2024-28991 in Access Rights Manager

Apple dismisses lawsuit against surveillance firm NSO Group due to risk of threat intelligence exposure

Hacker tricked ChatGPT into providing detailed instructions to make a homemade bomb

Port of Seattle confirmed that Rhysida ransomware gang was behind the August attack

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 11

U.S. CISA adds Ivanti Cloud Services Appliance Vulnerability to its Known Exploited Vulnerabilities catalog

Ivanti Cloud Service Appliance flaw is being actively exploited in the wild

GitLab fixed a critical flaw in GitLab CE and GitLab EE

New Linux malware called Hadooken targets Oracle WebLogic servers

Lehigh Valley Health Network hospital network has agreed to a $65 million settlement after data breach

Vo1d malware infected 1.3 Million Android-based TV Boxes in 197 countries

Cybersecurity giant Fortinet discloses a data breach

Singapore Police arrest six men allegedly involved in a cybercrime syndicate

Adobe Patch Tuesday security updates fixed multiple critical issues in the company's products

Highline Public Schools school district suspended its activities following a cyberattack

RansomHub ransomware gang relies on Kaspersky TDSKiller tool to disable EDR

Ivanti fixed a maximum severity flaw in its Endpoint Management software (EPM)

Microsoft Patch Tuesday security updates for September 2024 addressed four actively exploited zero-days

Quad7 botnet evolves to more stealthy tactics to evade detection

Poland thwarted cyberattacks that were carried out by Russia and Belarus

U.S. CISA adds SonicWall SonicOS, ImageMagick and Linux Kernel bugs to its Known Exploited Vulnerabilities catalog

Electronic payment gateway Slim CD disclosed a data breach impacting 1.7M individuals

Predator spyware operation is back with a new infrastructure

TIDRONE APT targets drone manufacturers in Taiwan

Multiple malware families delivered exploiting GeoServer GeoTools flaw CVE-2024-36401

Progress Software fixed a maximum severity flaw in LoadMaster

Feds indicted two alleged administrators of WWH Club dark web marketplace

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 10

Security Affairs newsletter Round 488 by Pierluigi Paganini – INTERNATIONAL EDITION

U.S. CISA adds Draytek VigorConnect and Kingsoft WPS Office bugs to its Known Exploited Vulnerabilities catalog

A flaw in WordPress LiteSpeed Cache Plugin allows account takeover

Car rental company Avis discloses a data breach

SonicWall warns that SonicOS bug exploited in attacks

Apache fixed a new remote code execution flaw in Apache OFBiz

Russia-linked GRU Unit 29155 targeted critical infrastructure globally

Veeam fixed a critical flaw in Veeam Backup & Replication software

Earth Lusca adds multiplatform malware KTLVdoor to its arsenal

Is Russian group APT28 behind the cyber attack on the German air traffic control agency (DFS)?

Quishing, an insidious threat to electric car owners

Discontinued D-Link DIR-846 routers are affected by code execution flaws. Replace them!

Head Mare hacktivist group targets Russia and Belarus

Zyxel fixed critical OS command injection flaw in multiple routers

VMware fixed a code execution flaw in Fusion hypervisor

Vulnerabilities in Microsoft apps for macOS allow stealing permissions

Three men plead guilty to running MFA bypass service OTP.Agency

Transport for London (TfL) is dealing with an ongoing cyberattack

Lockbit gang claims the attack on the Toronto District School Board (TDSB)

A new variant of Cicada ransomware targets VMware ESXi systems

An air transport security system flaw allowed to bypass airport security screenings

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 9

Security Affairs newsletter Round 487 by Pierluigi Paganini – INTERNATIONAL EDITION

Fortra fixed two severe issues in FileCatalyst Workflow, including a critical flaw

South Korea-linked group APT-C-60 exploited a WPS Office zero-day

Threat actors exploit Atlassian Confluence bug in cryptomining campaigns

Russia-linked APT29 reused iOS and Chrome exploits previously developed by NSO Group and Intellexa

Cisco addressed a high-severity flaw in NX-OS software

Corona Mirai botnet spreads via AVTECH CCTV zero-day

Telegram CEO Pavel Durov charged in France for facilitating criminal activities

Iran-linked group APT33 adds new Tickler malware to its arsenal

U.S. CISA adds Google Chromium V8 bug to its Known Exploited Vulnerabilities catalog

Young Consulting data breach impacts 954,177 individuals

BlackByte Ransomware group targets recently patched VMware ESXi flaw CVE-2024-37085

US offers $2.5M reward for Belarusian man involved in mass malware distribution

U.S. CISA adds Apache OFBiz bug to its Known Exploited Vulnerabilities catalog

China-linked APT Volt Typhoon exploited a zero-day in Versa Director

Researchers unmasked the notorious threat actor USDoD

The Dutch Data Protection Authority (DPA) has fined Uber a record €290M

Google addressed the tenth actively exploited Chrome zero-day this year

SonicWall addressed an improper access control issue in its firewalls

A cyberattack impacted operations at the Port of Seattle and Sea-Tac Airport

Linux malware sedexp uses udev rules for persistence and evasion

France police arrested Telegram CEO Pavel Durov

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 8

Security Affairs newsletter Round 486 by Pierluigi Paganini – INTERNATIONAL EDITION

U.S. CISA adds Versa Director bug to its Known Exploited Vulnerabilities catalog

Hackers can take over Ecovacs home robots to spy on their owners

Russian national arrested in Argentina for laundering money of crooks and Lazarus APT

Qilin ransomware steals credentials stored in Google Chrome

Phishing attacks target mobile users via progressive web applications (PWA)

Member of cybercrime group Karakurt charged in the US

New malware Cthulhu Stealer targets Apple macOS users

China-linked APT Velvet Ant exploited zero-day to compromise Cisco switches

A cyberattack hit US oil giant Halliburton

SolarWinds fixed a hardcoded credential issue in Web Help Desk

A cyberattack disrupted operations of US chipmaker Microchip Technology

Google addressed the ninth actively exploited Chrome zero-day this year

GitHub fixed a new critical flaw in the GitHub Enterprise Server

Experts disclosed a critical information-disclosure flaw in Microsoft Copilot Studio

North Korea-linked APT used a new RAT called MoonPeak

Pro-Russia group Vermin targets Ukraine with a new malware family

A backdoor in millions of Shanghai Fudan Microelectronics RFID cards allows cloning

Ransomware payments rose from $449.1 million to $459.8 million

Previously unseen Msupedge backdoor targeted a university in Taiwan

Oracle NetSuite misconfiguration could lead to data exposure

Toyota disclosed a data breach after ZeroSevenGroup leaked stolen data on a cybercrime forum

CISA adds Jenkins Command Line Interface (CLI) bug to its Known Exploited Vulnerabilities catalog

Researchers uncovered new infrastructure linked to the cybercrime group FIN7

Experts warn of exploit attempt for Ivanti vTM bug

Microsoft Zero-Day CVE-2024-38193 was exploited by North Korea-linked Lazarus APT

The Mad Liberator ransomware group uses social-engineering techniques

From 2018: DeepMasterPrints: deceive fingerprint recognition systems with MasterPrints generated with GANs

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 7

Security Affairs newsletter Round 485 by Pierluigi Paganini – INTERNATIONAL EDITION

Large-scale extortion campaign targets publicly accessible environment variable files (.env)

OpenAI dismantled an Iranian influence operation targeting the U.S. presidential election

National Public Data confirms a data breach

CISA adds SolarWinds Web Help Desk bug to its Known Exploited Vulnerabilities catalog

Russian national sentenced to 40 months for selling stolen data on the dark web

Banshee Stealer, a new macOS malware with a monthly subscription price of $3,000

Millions of Pixel devices can be hacked due to a pre-installed vulnerable app

Microsoft urges customers to fix zero-click Windows RCE in the TCP/IP stack

A group linked to RansomHub operation employs EDR-killing tool EDRKillShifter

Google disrupted hacking campaigns carried out by Iran-linked APT42

Black Basta ransomware gang linked to a SystemBC malware campaign

A massive cyber attack hit Central Bank of Iran and other Iranian banks

China-linked APT Earth Baku targets Europe, the Middle East, and Africa

SolarWinds addressed a critical RCE in all Web Help Desk versions

Kootenai Health data breach impacted 464,000 patients

Microsoft Patch Tuesday security updates for August 2024 addressed six actively exploited bugs

A PoC exploit code is available for critical Ivanti vTM bug

Elon Musk claims that a DDoS attack caused problems with the livestream interview with Donald Trump

CERT-UA warns of a phishing campaign targeting government entities

US DoJ dismantled remote IT worker fraud schemes run by North Korea

A FreeBSD flaw could allow remote code execution, patch it now!

EastWind campaign targets Russian organizations with sophisticated backdoors

Microsoft found OpenVPN bugs that can be chained to achieve RCE and LPE

Foreign nation-state actors hacked Donald Trump’s campaign

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 6

Security Affairs newsletter Round 484 by Pierluigi Paganini – INTERNATIONAL EDITION

ADT disclosed a data breach that impacted more than 30,000 customers

Is the INC ransomware gang behind the attack on McLaren hospitals?

Crooks took control of a cow milking robot causing the death of a cow

Sonos smart speakers flaw allowed to eavesdrop on users

Five zero-days impacts EoL Cisco Small Business IP Phones. Replace them with newer models asap!

CISA adds Apache OFBiz and Android kernel bugs to its Known Exploited Vulnerabilities catalog

Russian cyber spies stole data and emails from UK government systems

0.0.0.0 Day flaw allows malicious websites to bypass security in major browsers

FBI and CISA update a joint advisory on the BlackSuit Ransomware group

Rhysida Ransomware group claims to have breached Bayhealth Hospital in Delaware

Critical XSS bug in Roundcube Webmail allows attackers to steal emails and sensitive data

New Android spyware LianSpy relies on Yandex Cloud to avoid detection

Hackers breached MDM firm Mobile Guardian and wiped thousands of devices

A ransomware attack hit French museum network

CISA adds Microsoft COM for Windows bug to its Known Exploited Vulnerabilities catalog

Google warns of an actively exploited Android kernel flaw

Should Organizations Pay Ransom Demands?

North Korea-linked hackers target construction and machinery sectors with watering hole and supply chain attacks

Researchers warn of a new critical Apache OFBiz flaw

Keytronic incurred approximately $17 million of expenses following ransomware attack

A flaw in Rockwell Automation ControlLogix 1756 could expose critical control systems to unauthorized access

China-linked APT41 breached Taiwanese research institute

Chinese StormBamboo APT compromised ISP to deliver malware

Hackers attempt to sell the personal data of 3 billion people resulting from an April data breach

Security Affairs Malware Newsletter - Round 5

Security Affairs newsletter Round 483 by Pierluigi Paganini – INTERNATIONAL EDITION

US sued TikTok and ByteDance for violating children’s privacy laws

Russia-linked APT used a car for sale as a phishing lure to target diplomats with HeadLace malware

Investors sued CrowdStrike over false claims about its Falcon platform

Avtech camera vulnerability actively exploited in the wild, CISA warns

U.S. released Russian cybercriminals in diplomatic prisoner exchange

Sitting Ducks attack technique exposes over a million domains to hijacking

Over 20,000 internet-exposed VMware ESXi instances vulnerable to CVE-2024-37085

BingoMod Android RAT steals money from victims' bank accounts and wipes data

A ransomware attack disrupted operations at OneBlood blood bank

Apple fixed dozens of vulnerabilities in iOS and macOS

Phishing campaigns target SMBs in Poland, Romania, and Italy with multiple malware families

A Fortune 50 company paid a record-breaking $75 million ransom

CISA adds VMware ESXi bug to its Known Exploited Vulnerabilities catalog

Mandrake Android spyware found in five apps in Google Play with over 32,000 downloads since 2022

SideWinder phishing campaign targets maritime facilities in multiple countries

A crafty phishing campaign targets Microsoft OneDrive users

Ransomware gangs exploit recently patched VMware ESXi bug CVE-2024-37085

Acronis Cyber Infrastructure bug actively exploited in the wild

Fake Falcon crash reporter installer used to target German Crowdstrike users

Belarus-linked APT Ghostwriter targeted Ukraine with PicassoLoader malware

French authorities launch disinfection operation to eradicate PlugX malware from infected hosts

Security Affairs Malware Newsletter - Round 4

Security Affairs newsletter Round 482 by Pierluigi Paganini – INTERNATIONAL EDITION

Ukraine's cyber operation shut down the ATM services of major Russian banks

A bug in Chrome Password Manager caused user credentials to disappear

BIND updates fix four high-severity DoS bugs in the DNS software suite

Terrorist Activity is Accelerating in Cyberspace - Risk Precursor to Summer Olympics and Elections

Progress Software fixed critical RCE CVE-2024-6327 in the Telerik Report Server

Critical bug in Docker Engine allowed attackers to bypass authorization plugins

Hackers exploit Microsoft Defender SmartScreen bug CVE-2024-21412 to deliver ACR, Lumma, and Meduza Stealers

Michigan Medicine data breach impacted 56953 patients

U.S. CISA adds Microsoft Internet Explorer and Twilio Authy bugs to its Known Exploited Vulnerabilities catalog

China-linked APT group uses new Macma macOS backdoor version

FrostyGoop ICS malware targets Ukraine

Hackers abused swap files in e-skimming attacks on Magento sites

US Gov sanctioned key members of the Cyber Army of Russia Reborn hacktivists group

EvilVideo, a Telegram Android zero-day allowed sending malicious APKs disguised as videos

SocGholish malware used to spread AsyncRAT malware

UK police arrested a 17-year-old linked to the Scattered Spider gang

Security Affairs Malware Newsletter - Round 3

Security Affairs newsletter Round 481 by Pierluigi Paganini – INTERNATIONAL EDITION

U.S. CISA adds Adobe Commerce and Magento, SolarWinds Serv-U, and VMware vCenter Server bugs to its Known Exploited Vulnerabilities catalog

Threat actors attempted to capitalize CrowdStrike incident

Russian nationals plead guilty to participating in the LockBit ransomware group

MediSecure data breach impacted 12.9 million individuals

CrowdStrike update epic fail crashed Windows systems worldwide

Cisco fixed a critical flaw in Security Email Gateway that could allow attackers to add root users

SAPwned flaws in SAP AI core could expose customers' data

Cybercrime group FIN7 advertises new EDR bypass tool on hacking forums

How to Protect Privacy and Build Secure AI Products

A critical flaw in Cisco SSM On-Prem allows attackers to change any user's password

MarineMax data breach impacted over 123,000 individuals

Void Banshee exploits CVE-2024-38112 zero-day to spread malware

The Octo Tempest group adds RansomHub and Qilin ransomware to its arsenal

CISA adds OSGeo GeoServer GeoTools bug to its Known Exploited Vulnerabilities catalog

Kaspersky leaves U.S. market following the ban on the sale of its software in the country

FBI unlocked the phone of the suspect in the assassination attempt on Donald Trump

Ransomware groups target Veeam Backup & Replication bug

AT&T paid a $370,000 ransom to prevent stolen data from being leaked

HardBit ransomware version 4.0 supports new obfuscation techniques

Dark Gate malware campaign uses Samba file shares

Security Affairs Malware Newsletter - Round 2

Security Affairs newsletter Round 480 by Pierluigi Paganini – INTERNATIONAL EDITION

Vyacheslav Igorevich Penchukov was sentenced to prison for his role in Zeus and IcedID operations

Rite Aid disclosed data breach following RansomHub ransomware attack

New AT&T data breach exposed call logs of almost all customers

Critical flaw in Exim MTA could allow to deliver malware to users' inboxes

Palo Alto Networks fixed a critical bug in the Expedition tool

Smishing Triad Is Targeting India To Steal Personal and Payment Data at Scale

October ransomware attack on Dallas County impacted over 200,000 people

CrystalRay operations have scaled 10x to over 1,500 victims

Multiple threat actors exploit PHP flaw CVE-2024-4577 to deliver malware

AI-Powered Russia's bot farm operates on X, US and its allies warn

VMware fixed critical SQL-Injection in Aria Automation product

Citrix fixed critical and high-severity bugs in NetScaler product

A new flaw in OpenSSH can lead to remote code execution

Microsoft Patch Tuesday for July 2024 fixed 2 actively exploited zero-days

U.S. CISA adds Microsoft Windows and Rejetto HTTP File Server bugs to its Known Exploited Vulnerabilities catalog

Evolve Bank data breach impacted over 7.6 million individuals

More than 31 million customer email addresses exposed following Neiman Marcus data breach

Avast released a decryptor for DoNex Ransomware and its predecessors

RockYou2024 compilation containing 10 billion passwords was leaked online

Critical Ghostscript flaw exploited in the wild. Patch it now!

Apple removed 25 VPN apps from the App Store in Russia following Moscow's requests

CISA adds Cisco NX-OS Command Injection bug to its Known Exploited Vulnerabilities catalog

Apache fixed a source code disclosure flaw in Apache HTTP Server

Security Affairs Malware Newsletter - Round 1

Security Affairs newsletter Round 479 by Pierluigi Paganini – INTERNATIONAL EDITION

Alabama State Department of Education suffered a data breach following a blocked attack

GootLoader is still active and efficient

Hackers stole OpenAI secrets in a 2023 security breach

Hackers leak 170k Taylor Swift’s ERAS Tour Barcodes

Polyfill.io Supply Chain Attack: 384,773 hosts still embedding a polyfill JS script linking to the malicious domain

New Golang-based Zergeca Botnet appeared in the threat landscape

Microsoft discloses 2 flaws in Rockwell Automation PanelView Plus

Hackers compromised Ethereum mailing list and launched a crypto draining attack

OVHcloud mitigated a record-breaking DDoS attack in April 2024

Healthcare fintech firm HealthEquity disclosed a data breach

Brazil data protection authority bans Meta from training AI models with data originating in the country

Splunk fixed tens of flaws in Splunk Enterprise and Cloud Platform

Operation Morpheus took down 593 Cobalt Strike servers used by threat actors

LockBit group claims the hack of the Fairfield Memorial Hospital in the US

American Patelco Credit Union suffered a ransomware attack

Polish government investigates Russia-linked cyberattack on state news agency

Evolve Bank data breach impacted fintech firms Wise and Affirm

Prudential Financial data breach impacted over 2.5 million individuals

Australian man charged for Evil Twin Wi-Fi attacks on domestic flights

China-linked APT exploited Cisco NX-OS zero-day to deploy custom malware

Critical unauthenticated remote code execution flaw in OpenSSH server

Monti gang claims the hack of the Wayne Memorial Hospital in Pennsylvania

Threat actors actively exploit D-Link DIR-859 router flaw CVE-2024-0769

Russia-linked Midnight Blizzard stole email of more Microsoft customers

Russia-linked group APT29 likely breached TeamViewer's corporate network

Security Affairs newsletter Round 478 by Pierluigi Paganini – INTERNATIONAL EDITION

Infosys McCamish Systems data breach impacted over 6 million people

A cyberattack shut down the University Hospital Centre Zagreb in Croatia

US announces a $10M reward for Russia's GRU hacker behind attacks on Ukraine

LockBit group falsely claimed the hack of the Federal Reserve

CISA adds GeoSolutionsGroup JAI-EXT, Linux Kernel, and Roundcube Webmail bugs to its Known Exploited Vulnerabilities catalog

New P2Pinfect version delivers miners and ransomware on Redis servers

New MOVEit Transfer critical bug is actively exploited

New Caesar Cipher Skimmer targets popular CMS used by e-stores

Mirai-like botnet is exploiting recently disclosed Zyxel NAS flaw

Wikileaks founder Julian Assange is free

CISA confirmed that its CSAT environment was breached in January.

Threat actors compromised 1,590 CoinStats crypto wallets

Experts observed approximately 120 malicious campaigns using the Rafel RAT

LockBit claims the hack of the US Federal Reserve

Ransomware threat landscape Jan-Apr 2024: insights and challenges

ExCobalt Cybercrime group targets Russian organizations in multiple sectors

Threat actor attempts to sell 30 million customer records allegedly stolen from TEG

Security Affairs newsletter Round 477 by Pierluigi Paganini – INTERNATIONAL EDITION

Threat actors are actively exploiting SolarWinds Serv-U bug CVE-2024-28995

US government sanctions twelve Kaspersky Lab executives

Experts found a bug in the Linux version of RansomHub ransomware

UEFICANHAZBUFFEROVERFLOW flaw in Phoenix SecureCore UEFI firmware potentially impacts hundreds of PC and server models

Russia-linked APT Nobelium targets French diplomatic entities

US bans sale of Kaspersky products due to risks to national security

Atlassian fixed six high-severity bugs in Confluence Data Center and Server

China-linked spies target Asian Telcos since at least 2021

New Rust infostealer Fickle Stealer spreads through various attack methods

An unpatched bug allows anyone to impersonate Microsoft corporate email accounts

Smishing Triad Is Targeting Pakistan To Defraud Banking Customers At Scale

Alleged researchers stole $3 million from Kraken exchange

Google Chrome 126 update addresses multiple high-severity flaws

Chip maker giant AMD investigates a data breach

Cryptojacking campaign targets exposed Docker APIs

VMware fixed RCE and privilege escalation bugs in vCenter Server

Meta delays training its AI using public content shared by EU users

Keytronic confirms data breach after ransomware attack

The Financial Dynamics Behind Ransomware Attacks

Empire Market owners charged with operating $430M dark web marketplace

China-linked Velvet Ant uses F5 BIG-IP malware in cyber espionage campaign

LA County’s Department of Public Health (DPH) data breach impacted over 200,000 individuals

Spanish police arrested an alleged member of the Scattered Spider group

Online job offers, the reshipping and money mule scams

Security Affairs newsletter Round 476 by Pierluigi Paganini – INTERNATIONAL EDITION

ASUS fixed critical remote authentication bypass bug in several routers

London hospitals canceled over 800 operations in the week after Synnovis ransomware attack

DORA Compliance Strategy for Business Leaders

CISA adds Android Pixel, Microsoft Windows, Progress Telerik Report Server bugs to its Known Exploited Vulnerabilities catalog

City of Cleveland still working to fully restore systems impacted by a cyber attack

Google fixed an actively exploited zero-day in the Pixel Firmware

Multiple flaws in Fortinet FortiOS fixed

CISA adds Arm Mali GPU Kernel Driver, PHP bugs to its Known Exploited Vulnerabilities catalog

Ukraine Police arrested a hacker who developed a crypter used by Conti and LockBit ransomware operation

JetBrains fixed IntelliJ IDE flaw exposing GitHub access tokens

Microsoft Patch Tuesday security updates for June 2024 fixed only one critical issue

Cylance confirms the legitimacy of data offered for sale in the dark web

Arm zero-day in Mali GPU Drivers actively exploited in the wild

Expert released PoC exploit code for Veeam Backup Enterprise Manager flaw CVE-2024-29849. Patch it now!

Japanese video-sharing platform Niconico was victim of a cyber attack

UK NHS call for O-type blood donations following ransomware attack on London hospitals

Christie’s data breach impacted 45,798 individuals

Sticky Werewolf targets the aviation industry in Russia and Belarus

Frontier Communications data breach impacted over 750,000 individuals

PHP addressed critical RCE flaw potentially impacting millions of servers

Security Affairs newsletter Round 475 by Pierluigi Paganini – INTERNATIONAL EDITION

SolarWinds fixed multiple flaws in Serv-U and SolarWinds Platform

Pandabuy was extorted twice by the same threat actor

UAC-0020 threat actor used the SPECTR Malware to target Ukraine's defense forces

A new Linux version of TargetCompany ransomware targets VMware ESXi environments

FBI obtained 7,000 LockBit decryption keys, victims should contact the feds to get support

RansomHub operation is a rebranded version of the Knight RaaS

Malware can steal data collected by the Windows Recall tool, experts warn

Cisco addressed Webex flaws used to compromise German government meetings

CNN, Paris Hilton, and Sony TikTok accounts hacked via DMs

Zyxel addressed three RCEs in end-of-life NAS devices

A ransomware attack on Synnovis impacted several London hospitals

RansomHub gang claims the hack of the telecommunications giant Frontier Communications

Cybercriminals attack banking customers in EU with V3B phishing kit - PhotoTAN and SmartID supported.

Experts released PoC exploit code for a critical bug in Progress Telerik Report Servers

Multiple flaws in Cox modems could have impacted millions of devices

CISA adds Oracle WebLogic Server flaw to its Known Exploited Vulnerabilities catalog

Spanish police shut down illegal TV streaming network

APT28 targets key networks in Europe with HeadLace malware

Experts found information of European politicians on the dark web

FlyingYeti targets Ukraine using WinRAR exploit to deliver COOKBOX Malware

Security Affairs newsletter Round 474 by Pierluigi Paganini – INTERNATIONAL EDITION

Ticketmaster confirms data breach impacting 560 million customers

Critical Apache Log4j2 flaw still threatens global finance

Crooks stole more than $300M worth of Bitcoin from the exchange DMM Bitcoin

ShinyHunters is selling data of 30 million Santander customers

Over 600,000 SOHO routers were destroyed by Chalubo malware in 72 hours

LilacSquid APT targeted organizations in the U.S., Europe, and Asia since at least 2021

BBC disclosed a data breach impacting its Pension Scheme members

CISA adds Check Point Quantum Security Gateways and Linux Kernel flaws to its Known Exploited Vulnerabilities catalog

Experts found a macOS version of the sophisticated LightSpy spyware

Operation Endgame, the largest law enforcement operation ever against botnets

Law enforcement operation dismantled 911 S5 botnet

Okta warns of credential stuffing attacks targeting its Cross-Origin Authentication feature

Check Point released hotfix for actively exploited VPN zero-day

ABN Amro discloses data breach following an attack on a third-party provider

Christie disclosed a data breach after a RansomHub attack

Experts released PoC exploit code for RCE in Fortinet SIEM

WordPress Plugin abused to install e-skimmers in e-commerce sites

TP-Link Archer C5400X gaming router is affected by a critical flaw

Sav-Rx data breach impacted over 2.8 million individuals

The Impact of Remote Work and Cloud Migrations on Security Perimeters

New ATM Malware family emerged in the threat landscape

A high-severity vulnerability affects Cisco Firepower Management Center

CERT-UA warns of malware campaign conducted by threat actor UAC-0006

Security Affairs newsletter Round 473 by Pierluigi Paganini – INTERNATIONAL EDITION

Malware-laced JAVS Viewer deploys RustDoor implant in supply chain attack

Fake AV websites used to distribute info-stealer malware

MITRE December 2023 attack: Threat actors created rogue VMs to evade detection

An XSS flaw in GitLab allows attackers to take over accounts

Google fixes eighth actively exploited Chrome zero-day this year, the third in a month

CISA adds Apache Flink flaw to its Known Exploited Vulnerabilities catalog

Usage of TLS in DDNS Services leads to Information Disclosure in Multiple Vendors

Recall feature in Microsoft Copilot+ PCs raises privacy and security concerns

APT41: The threat of KeyPlug against Italian industries

Critical SQL Injection flaws impact Ivanti Endpoint Manager (EPM)

Chinese actor 'Unfading Sea Haze' remained undetected for five years

A consumer-grade spyware app found in check-in systems of 3 US hotels

Critical Veeam Backup Enterprise Manager authentication bypass bug

Cybercriminals are targeting elections in India with influence campaigns

Critical GitHub Enterprise Server Authentication Bypass bug. Fix it now!

OmniVision disclosed a data breach after the 2023 Cactus ransomware attack

CISA adds NextGen Healthcare Mirth Connect flaw to its Known Exploited Vulnerabilities catalog

Blackbasta group claims to have hacked Atlas, one of the largest US oil distributors

Experts warn of a flaw in Fluent Bit utility that is used by major cloud platforms and firms

Experts released PoC exploit code for RCE in QNAP QTS

GitCaught campaign relies on Github and Filezilla to deliver multiple malware

Two students uncovered a flaw that allows to use laundry machines for free

Grandoreiro Banking Trojan is back and targets banks worldwide

Healthcare firm WebTPA data breach impacted 2.5 million individuals

Security Affairs newsletter Round 472 by Pierluigi Paganini – INTERNATIONAL EDITION

North Korea-linked Kimsuky used a new Linux backdoor in recent attacks

North Korea-linked IT workers infiltrated hundreds of US firms

Turla APT used two new backdoors to infiltrate a European ministry of foreign affairs

City of Wichita disclosed a data breach after the recent ransomware attack

CISA adds D-Link DIR router flaws to its Known Exploited Vulnerabilities catalog

CISA adds Google Chrome zero-days to its Known Exploited Vulnerabilities catalog

North Korea-linked Kimsuky APT attack targets victims via Messenger

Electronic prescription provider MediSecure impacted by a ransomware attack

Google fixes seventh actively exploited Chrome zero-day this year, the third in a week

Santander: a data breach at a third-party provider impacted customers and employees

FBI seized the notorious BreachForums hacking forum

A Tornado Cash developer has been sentenced to 64 months in prison

Adobe fixed multiple critical flaws in Acrobat and Reader

Ransomware attack on Singing River Health System impacted 895,000 people

Microsoft Patch Tuesday security updates for May 2024 fixes 2 actively exploited zero-days

VMware fixed zero-day flaws demonstrated at Pwn2Own Vancouver 2024

MITRE released EMB3D Threat Model for embedded devices

Google fixes sixth actively exploited Chrome zero-day this year

Phorpiex botnet sent millions of phishing emails to deliver LockBit Black ransomware

Threat actors may have exploited a zero-day in older iPhones, Apple warns

City of Helsinki suffered a data breach

Russian hackers defaced local British news sites

Australian Firstmac Limited disclosed a data breach after cyber attack

Pro-Russia hackers targeted Kosovo’s government websites

Security Affairs newsletter Round 471 by Pierluigi Paganini – INTERNATIONAL EDITION

As of May 2024, Black Basta ransomware affiliates hacked over 500 organizations worldwide

Ohio Lottery data breach impacted over 538,000 individuals

Notorius threat actor IntelBroker claims the hack of the Europol

A cyberattack hit the US healthcare giant Ascension

Google fixes fifth actively exploited Chrome zero-day this year

Russia-linked APT28 targets government Polish institutions

Citrix warns customers to update PuTTY version installed on their XenCenter system manually

Dell discloses data breach impacting millions of customers

Mirai botnet also spreads through the exploitation of Ivanti Connect Secure bugs

Zscaler is investigating data breach claims

Experts warn of two BIG-IP Next Central Manager flaws that allow device takeover

LockBit gang claimed responsibility for the attack on City of Wichita

New TunnelVision technique can bypass the VPN encapsulation

LiteSpeed Cache WordPress plugin actively exploited in the wild

Most Tinyproxy Instances are potentially vulnerable to flaw CVE-2023-49606

UK Ministry of Defense disclosed a third-party data breach exposing military personnel data

Law enforcement agencies identified LockBit ransomware admin and sanctioned him

MITRE attributes the recent attack to China-linked UNC5221

Alexander Vinnik, the operator of BTC-e exchange, pleaded guilty to money laundering

City of Wichita hit by a ransomware attack

El Salvador suffered a massive leak of biometric data

Finland authorities warn of Android malware campaign targeting bank users

NATO and the EU formally condemned Russia-linked APT28 cyber espionage

Security Affairs newsletter Round 470 by Pierluigi Paganini – INTERNATIONAL EDITION

Blackbasta gang claimed responsibility for Synlab Italia attack

LockBit published data stolen from Simone Veil hospital in Cannes

Russia-linked APT28 and crooks are still using the Moobot botnet

Dirty stream attack poses billions of Android installs at risk

ZLoader Malware adds Zeus's anti-analysis feature

Ukrainian REvil gang member sentenced to 13 years in prison

HPE Aruba Networking addressed four critical ArubaOS RCE flaws

Threat actors hacked the Dropbox Sign production environment

CISA adds GitLab flaw to its Known Exploited Vulnerabilities catalog

Panda Restaurant Group disclosed a data breach

Ex-NSA employee sentenced to 262 months in prison for attempting to transfer classified documents to Russia

Cuttlefish malware targets enterprise-grade SOHO routers

A flaw in the R programming language could allow code execution

Muddling Meerkat, a mysterious DNS Operation involving China's Great Firewall

Notorious Finnish Hacker sentenced to more than six years in prison

CISA guidelines to protect critical infrastructure against AI-based threats

NCSC: New UK law bans default passwords on smart devices

The FCC imposes $200 million in fines on four US carriers for unlawfully sharing user location data

Google prevented 2.28 million policy-violating apps from being published on Google Play in 2023

Financial Business and Consumer Solutions (FBCS) data breach impacted 2M individuals

Cyber-Partisans hacktivists claim to have breached Belarus KGB

The Los Angeles County Department of Health Services disclosed a data breach

Multiple Brocade SANnav SAN Management SW flaws allow device compromise

ICICI Bank exposed credit card data of 17000 customers

Okta warns of unprecedented scale in credential stuffing attacks on online services

Security Affairs newsletter Round 469 by Pierluigi Paganini – INTERNATIONAL EDITION

Targeted operation against Ukraine exploited 7-year-old MS Office bug

Hackers may have accessed thousands of accounts on the California state welfare platform

Brokewell Android malware supports an extensive set of Device Takeover capabilities

Experts warn of an ongoing malware campaign targeting WP-Automatic plugin

Cryptocurrencies and cybercrime: A critical intermingling

Kaiser Permanente data breach may have impacted 13.4 million patients

Over 1,400 CrushFTP internet-facing servers vulnerable to CVE-2024-4040 bug

Sweden’s liquor supply severely impacted by ransomware attack on logistics company

CISA adds Cisco ASA and FTD and CrushFTP VFS flaws to its Known Exploited Vulnerabilities catalog

CISA adds Microsoft Windows Print Spooler flaw to its Known Exploited Vulnerabilities catalog

DOJ arrested the founders of crypto mixer Samourai for facilitating $2 Billion in illegal transactions

Google fixed critical Chrome vulnerability CVE-2024-4058

Nation-state actors exploited two zero-days in ASA and FTD firewalls to breach government networks

Hackers hijacked the eScan Antivirus update mechanism in malware campaign

US offers a $10 million reward for information on four Iranian nationals

The street lights in Leicester City cannot be turned off due to a cyber attack

North Korea-linked APT groups target South Korean defense contractors

U.S. Gov imposed Visa restrictions on 13 individuals linked to commercial spyware activity

A cyber attack paralyzed operations at Synlab Italia

Russia-linked APT28 used post-compromise tool GooseEgg to exploit CVE-2022-38028 Windows flaw

Hackers threaten to leak a copy of the World-Check database used to assess potential risks associated with entities

A flaw in the Forminator plugin impacts hundreds of thousands of WordPress sites

Akira ransomware received $42M in ransom payments from over 250 victims

DuneQuixote campaign targets the Middle East with a complex backdoor

Security Affairs newsletter Round 468 by Pierluigi Paganini – INTERNATIONAL EDITION

Critical CrushFTP zero-day exploited in attacks in the wild

A French hospital was forced to reschedule procedures after cyberattack

MITRE revealed that nation-state actors breached its systems via Ivanti zero-days

FBI chief says China is preparing to attack US critical infrastructure

United Nations Development Programme (UNDP) investigates data breach

FIN7 targeted a large U.S. carmaker with phishing attacks

Law enforcement operation dismantled phishing-as-a-service platform LabHost

Previously unknown Kapeka backdoor linked to Russian Sandworm APT

Cisco warns of a command injection escalation flaw in its IMC. PoC publicly available

Linux variant of Cerber ransomware targets Atlassian servers

Ivanti fixed two critical flaws in its Avalanche MDM

Researchers released exploit code for actively exploited Palo Alto PAN-OS bug

Cisco warns of large-scale brute-force attacks against VPN and SSH services

PuTTY SSH Client flaw allows of private keys recovery

A renewed espionage campaign targets South Asia with iOS spyware LightSpy

Misinformation and hacktivist campaigns targeting the Philippines skyrocket

Russia is trying to sabotage European railways, Czech minister said

Ransomware group Dark Angels claims the theft of 1TB of data from chipmaker Nexperia

Cisco Duo warns telephony supplier data breach exposed MFA SMS logs

Ukrainian Blackjack group used ICS malware Fuxnet against Russian targets

CISA adds Palo Alto Networks PAN-OS Command Injection flaw to its Known Exploited Vulnerabilities catalog

Threat actors exploited Palo Alto Pan-OS issue to deploy a Python Backdoor

U.S. and Australian police arrested Firebird RAT author and operator

Canadian retail chain Giant Tiger data breach may have impacted millions of customers

Security Affairs newsletter Round 467 by Pierluigi Paganini – INTERNATIONAL EDITION

Crooks manipulate GitHub's search results to distribute malware

BatBadBut flaw allowed an attacker to perform command injection on Windows

Roku disclosed a new security breach impacting 576,000 accounts

LastPass employee targeted via an audio deepfake call

TA547 targets German organizations with Rhadamanthys malware

CISA adds D-Link multiple NAS devices bugs to its Known Exploited Vulnerabilities catalog

US CISA published an alert on the Sisense data breach

Palo Alto Networks fixed multiple DoS bugs in its firewalls

Apple warns of mercenary spyware attacks on iPhone users in 92 countries

Microsoft fixed two zero-day bugs exploited in malware attacks

Group Health Cooperative data breach impacted 530,000 individuals

AT&T states that the data breach impacted 51 million former and current customers

Fortinet fixed a critical remote code execution bug in FortiClientLinux

Microsoft Patches Tuesday security updates for April 2024 fixed hundreds of issues

Cybersecurity in the Evolving Threat Landscape

Over 91,000 LG smart TVs running webOS are vulnerable to hacking

ScrubCrypt used to drop VenomRAT along with many malicious plugins

Google announces V8 Sandbox to protect Chrome users

China is using generative AI to carry out influence operations

Greylock McKinnon Associates data breach exposed DOJ data of 341650 people

Crowdfense is offering a larger 30M USD exploit acquisition program

U.S. Department of Health warns of attacks against IT help desks

Security Affairs newsletter Round 466 by Pierluigi Paganini – INTERNATIONAL EDITION

Over 92,000 Internet-facing D-Link NAS devices can be easily hacked

More than 16,000 Ivanti VPN gateways still vulnerable to RCE CVE-2024-21894

Cisco warns of XSS flaw in end-of-life small business routers

Magento flaw exploited to deploy persistent backdoor hidden in XML

Cyberattack disrupted services at Omni Hotels & Resorts

HTTP/2 CONTINUATION Flood technique can be exploited in DoS attacks

US cancer center City of Hope: data breach impacted 827149 individuals

Ivanti fixed for 4 new issues in Connect Secure and Policy Secure

Jackson County, Missouri, discloses a ransomware attack

Google addressed another Chrome zero-day exploited at Pwn2Own in March

The New Version of JsOutProx is Attacking Financial Institutions in APAC and MENA via Gitlab Abuse

Google fixed two actively exploited Pixel vulnerabilities

Highly sensitive files mysteriously disappeared from EUROPOL headquarters

XSS flaw in WordPress WP-Members Plugin can lead to script injection

Binarly released the free online scanner to detect the CVE-2024-3094 Backdoor

Google agreed to erase billions of browser records to settle a class action lawsuit

PandaBuy data breach allegedly impacted over 1.3 million customers

OWASP discloses a data breach

New Vultur malware version includes enhanced remote control and evasion capabilities

Pentagon established the Office of the Assistant Secretary of Defense for Cyber Policy

Info stealer attacks target macOS users

Security Affairs newsletter Round 465 by Pierluigi Paganini – INTERNATIONAL EDITION

DinodasRAT Linux variant targets users worldwide

AT&T confirmed that a data breach impacted 73 million customers

Expert found a backdoor in XZ tools used many Linux distributions

German BSI warns of 17,000 unpatched Microsoft Exchange servers

Cisco warns of password-spraying attacks targeting Secure Firewall devices

American fast-fashion firm Hot Topic hit by credential stuffing attacks

Cisco addressed high-severity flaws in IOS and IOS XE software

Google: China dominates government exploitation of zero-day vulnerabilities in 2023

Google addressed 2 Chrome zero-days demonstrated at Pwn2Own 2024

CISA adds Microsoft SharePoint bug disclosed at Pwn2Own to its Known Exploited Vulnerabilities catalog

The DDR Advantage: Real-Time Data Defense

Finnish police linked APT31 to the 2021 parliament attack

TheMoon bot infected 40,000 devices in January and February

UK, New Zealand against China-linked cyber operations

US Treasury Dep announced sanctions against members of China-linked APT31

CISA adds FortiClient EMS, Ivanti EPM CSA, Nice Linear eMerge E3-Series bugs to its Known Exploited Vulnerabilities catalog

Iran-Linked APT TA450 embeds malicious links in PDF attachments

StrelaStealer targeted over 100 organizations across the EU and US

GoFetch side-channel attack against Apple systems allows secret keys extraction

Security Affairs newsletter Round 464 by Pierluigi Paganini – INTERNATIONAL EDITION

Cybercriminals Accelerate Online Scams During Ramadan and Eid Fitr

Russia-linked APT29 targeted German political parties with WINELOADER backdoor

Mozilla fixed Firefox zero-days exploited at Pwn2Own Vancouver 2024

Large-scale Sign1 malware campaign already infected 39,000+ WordPress sites

German police seized the darknet marketplace Nemesis Market

Unsaflok flaws allow to open millions of doors using Dormakaba Saflok electronic locks

Pwn2Own Vancouver 2024: participants earned $1,132,500 for 29 unique 0-days

Critical Fortinet's FortiClient EMS flaw actively exploited in the wild

Pwn2Own Vancouver 2024 Day 1 - team Synacktiv hacked a Tesla

New Loop DoS attack may target 300,000 vulnerable hosts

Critical flaw in Atlassian Bamboo Data Center and Server must be fixed immediately

Threat actors actively exploit JetBrains TeamCity flaws to deliver malware

BunnyLoader 3.0 surfaces in the threat landscape

Pokemon Company resets some users' passwords

Ukraine cyber police arrested crooks selling 100 million compromised accounts

New AcidPour wiper targets Linux x86 devices. Is it a Russia's weapon?

Players hacked during the matches of Apex Legends Global Series. Tournament suspended

Earth Krahang APT breached tens of government organizations worldwide

PoC exploit for critical RCE flaw in Fortra FileCatalyst transfer tool released

Fujitsu suffered a malware attack and probably a data breach

Remove WordPress miniOrange plugins, a critical flaw can allow site takeover

The Aviation and Aerospace Sectors Face Skyrocketing Cyber Threats

Email accounts of the International Monetary Fund compromised

Threat actors leaked 70,000,000+ records allegedly stolen from AT&T

“gitgub” malware campaign targets Github users with RisePro info-stealer

Security Affairs newsletter Round 463 by Pierluigi Paganini – INTERNATIONAL EDITION

France Travail data breach impacted 43 Million people

Scranton School District in Pennsylvania suffered a ransomware attack

Lazarus APT group returned to Tornado Cash to launder stolen funds

Moldovan citizen sentenced in connection with the E-Root cybercrime marketplace case

UK Defence Secretary jet hit by an electronic warfare attack in Poland

Cisco fixed high-severity elevation of privilege and DoS bugs

Recent DarkGate campaign exploited Microsoft Windows zero-day

Nissan Oceania data breach impacted roughly 100,000 people

Researchers found multiple flaws in ChatGPT plugins

Fortinet fixes critical bugs in FortiOS, FortiProxy, and FortiClientEMS

Acer Philippines disclosed a data breach after a third-party vendor hack

Stanford University announced that 27,000 individuals were impacted in the 2023 ransomware attack

Microsoft Patch Tuesday security updates for March 2024 fixed 59 flaws

Russia's Foreign Intelligence Service (SVR) alleges US is plotting to interfere in presidential election

First-ever South Korean national detained for espionage in Russia

Insurance scams via QR codes: how to recognise and defend yourself

Massive cyberattacks hit French government agencies

BianLian group exploits JetBrains TeamCity bugs in ransomware attacks

Experts released PoC exploit for critical Progress Software OpenEdge bug

Magnet Goblin group used a new Linux variant of NerbianRAT malware

Hackers exploited WordPress Popup Builder plugin flaw to compromise 3,300 sites

Lithuania security services warn of China's espionage against the country

Security Affairs newsletter Round 462 by Pierluigi Paganini – INTERNATIONAL EDITION

Threat actors breached two crucial systems of the US CISA

CISA adds JetBrains TeamCity bug to its Known Exploited Vulnerabilities catalog

Critical Fortinet FortiOS bug CVE-2024-21762 potentially impacts 150,000 internet-facing devices

QNAP fixed three flaws in its NAS devices, including an authentication bypass

Russia-linked Midnight Blizzard breached Microsoft systems again

Cisco addressed severe flaws in its Secure Client

Play ransomware attack on Xplain exposed 65,000 files containing data relevant to the Swiss Federal Administration.

2023 FBI Internet Crime Report reported cybercrime losses reached $12.5 billion in 2023

National intelligence agency of Moldova warns of Russia attacks ahead of the presidential election

CISA adds Apple iOS and iPadOS memory corruption bugs to its Known Exploited Vulnerabilities Catalog

Linux Malware targets misconfigured misconfigured Apache Hadoop, Confluence, Docker, and Redis servers

CISA ADDS ANDROID PIXEL AND SUNHILLO SURELINE BUGS TO ITS KNOWN EXPLOITED VULNERABILITIES CATALOG

Watch out, GhostSec and Stourmous groups jointly conducting ransomware attacks

LockBit 3.0’s Bungled Comeback Highlights the Undying Risk of Torrent-Based (P2P) Data Leakage

Apple emergency security updates fix two new iOS zero-days

VMware urgent updates addressed Critical ESXi Sandbox Escape bugs

US Gov sanctioned Intellexa Consortium individuals and entities behind Predator spyware attacks

CISA ADDS MICROSOFT WINDOWS KERNEL BUG USED BY LAZARUS APT TO ITS KNOWN EXPLOITED VULNERABILITIES CATALOG

Experts disclosed two severe flaws in JetBrains TeamCity On-Premises software

Ukraine's GUR hacked the Russian Ministry of Defense

Some American Express customers' data exposed in a third-party data breach

META hit with privacy complaints by EU consumer groups

New GTPDOOR backdoor is designed to target telecom carrier networks

Threat actors hacked Taiwan-based Chunghwa Telecom

New Linux variant of BIFROSE RAT uses deceptive domain strategies

Eken camera doorbells allow ill-intentioned individuals to spy on you

Security Affairs newsletter Round 461 by Pierluigi Paganini – INTERNATIONAL EDITION

U.S. Judge ordered NSO Group to hand over the Pegasus spyware code to WhatsApp

U.S. authorities charged an Iranian national for long-running hacking campaign

US cyber and law enforcement agencies warn of Phobos ransomware attacks

Police seized Crimemarket, the largest German-speaking cybercrime marketplace

Five Eyes alliance warns of attacks exploiting known Ivanti Gateway flaws

Crooks stole €15 Million from European retail company Pepco

CISA adds Microsoft Streaming Service bug to its Known Exploited Vulnerabilities catalog

Researchers found a zero-click Facebook account takeover

New SPIKEDWINE APT group is targeting officials in Europe

Is the LockBit gang resuming its operation?

Lazarus APT exploited zero-day in Windows driver to gain kernel privileges

Pharmaceutical giant Cencora discloses a data breach

Unmasking 2024's Email Security Landscape

FBI, CISA, HHS warn of targeted ALPHV/Blackcat ransomware attacks against the healthcare sector

Russia-linked APT28 compromised Ubiquiti EdgeRouters to facilitate cyber operations

Black Basta and Bl00dy ransomware gangs exploit recent ConnectWise ScreenConnect bugs

XSS flaw in LiteSpeed Cache plugin exposes millions of WordPress sites at risk

Security Affairs newsletter Round 460 by Pierluigi Paganini – INTERNATIONAL EDITION

US GOV OFFERS A REWARD OF UP TO $15M FOR INFO ON LOCKBIT GANG MEMBERS AND AFFILIATES

New Redis miner Migo uses novel system weakening techniques

Critical flaw found in deprecated VMware EAP. Uninstall it immediately

Microsoft Exchange flaw CVE-2024-21410 could impact up to 97,000 servers

ConnectWise fixed critical flaws in ScreenConnect remote access tool

More details about Operation Cronos that disrupted Lockbit operation

Cactus ransomware gang claims the theft of 1.5TB of data from Energy management and industrial automation firm Schneider Electric

Operation Cronos: law enforcement disrupted the LockBit operation

A Ukrainian Raccoon Infostealer operator is awaiting trial in the US

Russia-linked APT TAG-70 targets European government and military mail servers exploiting Roundcube XSS

How BRICS Got "Rug Pulled" – Cryptocurrency Counterfeiting is on the Rise

SolarWinds addressed critical RCEs in Access Rights Manager (ARM)

ESET fixed high-severity local privilege escalation bug in Windows products

Security Affairs newsletter Round 459 by Pierluigi Paganini – INTERNATIONAL EDITION

Ukrainian national faces up to 20 years in prison for his role in Zeus, IcedID malware schemes

CISA: Cisco ASA/FTD bug CVE-2020-3259 exploited in ransomware attacks

CISA adds Microsoft Exchange and Cisco ASA and FTD bugs to its Known Exploited Vulnerabilities catalog

US gov offers a reward of up to $10M for info on ALPHV/Blackcat gang leaders

U.S. CISA: hackers breached a state government organization

Russia-linked Turla APT uses new TinyTurla-NG backdoor to spy on Polish NGOs

US Gov dismantled the Moobot botnet controlled by Russia-linked APT28

A cyberattack halted operations at Varta production plants

North Korea-linked actors breached the emails of a Presidential Office member

CISA adds Microsoft Windows bugs to its Known Exploited Vulnerabilities catalog

Nation-state actors are using AI services and LLMs for cyberattacks

Abusing the Ubuntu 'command-not-found' utility to install malicious packages

Zoom fixed critical flaw CVE-2024-24691 in Windows software

Adobe Patch Tuesday fixed critical vulnerabilities in Magento, Acrobat and Reader

Microsoft Patch Tuesday for February 2024 fixed 2 actively exploited 0-days

A ransomware attack took 100 Romanian hospitals down

Bank of America customer data compromised after a third-party services provider data breach

Ransomfeed - Third Quarter Report 2023 is out!

Global Malicious Activity Targeting Elections is Skyrocketing

Researchers released a free decryption tool for the Rhysida Ransomware

Residential Proxies vs. Datacenter Proxies: Choosing the Right Option

CISA adds Roundcube Webmail Persistent XSS bug to its Known Exploited Vulnerabilities catalog

Canada Gov plans to ban the Flipper Zero to curb car thefts

9 Possible Ways Hackers Can Use Public Wi-Fi to Steal Your Sensitive Data

US Feds arrested two men involved in the Warzone RAT operation

Raspberry Robin spotted using two new 1-day LPE exploits

Security Affairs newsletter Round 458 by Pierluigi Paganini – INTERNATIONAL EDITION

CISA adds Fortinet FortiOS bug to its Known Exploited Vulnerabilities catalog

macOS Backdoor RustDoor likely linked to Alphv/BlackCat ransomware operations

Exploiting a vulnerable Minifilter Driver to create a process killer

Black Basta ransomware gang hacked Hyundai Motor Europe

Fortinet warns of a new actively exploited RCE flaw in FortiOS SSL VPN

Ivanti warns of a new auth bypass flaw in its Connect Secure, Policy Secure, and ZTA gateway devices

26 Cyber Security Stats Every User Should Be Aware Of in 2024

US offers $10 million reward for info on Hive ransomware group leaders

Unraveling the truth behind the DDoS attack from electric toothbrushes

China-linked APT Volt Typhoon remained undetected for years in US infrastructure

Cisco fixes critical Expressway Series CSRF vulnerabilities

CISA adds Google Chromium V8 Type Confusion bug to its Known Exploited Vulnerabilities catalog

Fortinet addressed two critical FortiSIEM vulnerabilities

Experts warn of a critical bug in JetBrains TeamCity On-Premises

Critical shim bug impacts every Linux boot loader signed in the past decade

China-linked APT deployed malware in a network of the Dutch Ministry of Defence

Commercial spyware vendors are behind most zero-day exploits discovered by Google TAG

Google fixed an Android critical remote code execution flaw

A man faces up to 25 years in prison for his role in operating unlicensed crypto exchange BTC-e

U.S. Gov imposes visa restrictions on individuals misusing Commercial Spyware

HPE is investigating claims of a new security breach

Experts warn of a surge of attacks targeting Ivanti SSRF flaw

How to hack the Airbus NAVBLUE Flysmart+ Manager

Crooks stole $25.5 million from a multinational firm using a 'deepfake' video call

Software firm AnyDesk disclosed a security breach

The 'Mother of all Breaches': Navigating the Aftermath and Fortifying Your Data with DSPM

US government imposed sanctions on six Iranian intel officials

A cyberattack impacted operations at Lurie Children's Hospital

AnyDesk Incident: Customer Credentials Leaked and Published for Sale on the Dark Web

Security Affairs newsletter Round 457 by Pierluigi Paganini – INTERNATIONAL EDITION

Clorox estimates the costs of the August cyberattack will exceed $49 Million

Mastodon fixed a flaw that can allow the takeover of any account

Iranian hackers breached Albania’s Institute of Statistics (INSTAT)

Operation Synergia led to the arrest of 31 individuals

Ex CIA employee Joshua Adam Schulte sentenced to 40 years in prison

Cloudflare breached on Thanksgiving Day, but the attack was promptly contained

PurpleFox malware infected at least 2,000 computers in Ukraine

Man sentenced to six years in prison for stealing millions in cryptocurrency via SIM swapping

CISA orders federal agencies to disconnect Ivanti VPN instances by February 2

Multiple malware used in attacks exploiting Ivanti VPN flaws

Police seized 50,000 Bitcoin from operator of the now-defunct piracy site movie2k

Crooks stole around $112 million worth of XRP from Ripple’s co-founder

CISA adds Apple improper authentication bug to its Known Exploited Vulnerabilities catalog

Ivanti warns of a new actively exploited zero-day

Threat actors exploit Ivanti VPN bugs to deploy KrustyLoader Malware

Data leak at fintech giant Direct Trading Technologies

Root access vulnerability in GNU Library C (glibc) impacts many Linux distros

Italian data protection authority said that ChatGPT violated EU privacy laws

750 million Indian mobile subscribers' data offered for sale on dark web

Juniper Networks released out-of-band updates to fix high-severity flaws

Hundreds of network operators’ credentials found circulating in Dark Web

Cactus ransomware gang claims the Schneider Electric hack

Mercedes-Benz accidentally exposed sensitive data, including source code

Experts detailed Microsoft Outlook flaw that can leak NTLM v2 hashed passwords

NSA buys internet browsing records from data brokers without a warrant

Ukraine’s SBU arrested a member of Pro-Russia hackers group 'Cyber Army of Russia'

Multiple PoC exploits released for Jenkins flaw CVE-2024-23897

Medusa ransomware attack hit Kansas City Area Transportation Authority

Security Affairs newsletter Round 456 by Pierluigi Paganini – INTERNATIONAL EDITION

Pro-Ukraine hackers wiped 2 petabytes of data from Russian research center

Participants earned more than $1.3M at the Pwn2Own Automotive competition

A TrickBot malware developer sentenced to 64 months in prison

Russian Midnight Blizzard APT is targeting orgs worldwide, Microsoft warns

Watch out, experts warn of a critical flaw in Jenkins

Pwn2Own Automotive 2024 Day 2 - Tesla hacked again

Yearly Intel Trend Review: The 2023 RedSense report

Cisco warns of a critical bug in Unified Communications products, patch it now!

Russia-linked APT group Midnight Blizzard hacked Hewlett Packard Enterprise (HPE)

CISA adds Atlassian Confluence Data Center bug to its Known Exploited Vulnerabilities catalog

5379 GitLab servers vulnerable to zero-click account takeover attacks

Experts released PoC exploit for Fortra GoAnywhere MFT flaw CVE-2024-0204

Splunk fixed high-severity flaw impacting Windows versions

Watch out, a new critical flaw affects Fortra GoAnywhere MFT

Australian government announced sanctions for Medibank hacker

LoanDepot data breach impacted roughly 16.6 individuals

Black Basta gang claims the hack of the UK water utility Southern Water

CISA adds VMware vCenter Server bug to its Known Exploited Vulnerabilities catalog

Mother of all breaches - a historic data leak reveals 26 billion records: check what's exposed

Apple fixed actively exploited zero-day CVE-2024-23222

“My Slice”, an Italian adaptive phishing campaign

Threat actors exploit Apache ActiveMQ flaw to deliver the Godzilla Web Shell

Cybercriminals leaked massive volumes of stolen PII data from Thailand in Dark Web

Backdoored pirated applications targets Apple macOS users

LockBit ransomware gang claims the attack on the sandwich chain Subway

Security Affairs newsletter Round 455 by Pierluigi Paganini – INTERNATIONAL EDITION

Admin of the BreachForums hacking forum sentenced to 20 years supervised release

VF Corp December data breach impacts 35 million customers

China-linked APT UNC3886 exploits VMware zero-day since 2021

Ransomware attacks break records in 2023: the number of victims rose by 128%

U.S. CISA warns of actively exploited Ivanti EPMM flaw CVE-2023-35082

The Quantum Computing Cryptopocalypse – I’ll Know It When I See It

Kansas State University suffered a serious cybersecurity incident

CISA adds Chrome and Citrix NetScaler to its Known Exploited Vulnerabilities catalog

Google TAG warns that Russian COLDRIVER APT is using a custom backdoor

PixieFail: Nine flaws in UEFI open-source reference implementation could have severe impacts

iShutdown lightweight method allows to discover spyware infections on iPhones

Pro-Russia group hit Swiss govt sites after Zelensky visit in Davos

Github rotated credentials after the discovery of a vulnerability

FBI, CISA warn of AndroxGh0st botnet for victim identification and exploitation

Citrix warns admins to immediately patch NetScaler for actively exploited zero-days

Google fixed the first actively exploited Chrome zero-day of 2024

Atlassian fixed critical RCE in older Confluence versions

VMware fixed a critical flaw in Aria Automation. Patch it now!

Experts warn of mass exploitation of Ivanti Connect Secure VPN flaws

Experts warn of a vulnerability affecting Bosch BCC100 Thermostat

Over 178,000 SonicWall next-generation firewalls (NGFW) online exposed to hack

Phemedrone info stealer campaign exploits Windows smartScreen bypass

Balada Injector continues to infect thousands of WordPress sites

Attackers target Apache Hadoop and Flink to deliver cryptominers

Apple fixed a bug in Magic Keyboard that allows to monitor Bluetooth traffic

Security Affairs newsletter Round 454 by Pierluigi Paganini – INTERNATIONAL EDITION

GitLab fixed a critical zero-click account hijacking flaw

Juniper Networks fixed a critical RCE bug in its firewalls and switches

Vast Voter Data Leaks Cast Shadow Over Indonesia ’s 2024 Presidential Election

Researchers created a PoC for Apache OFBiz flaw CVE-2023-51467

Team Liquid’s wiki leak exposes 118K users

CISA adds Ivanti and Microsoft SharePoint bugs to its Known Exploited Vulnerabilities catalog

Two zero-day bugs in Ivanti Connect Secure actively exploited

X Account of leading cybersecurity firm Mandiant was hacked because not adequately protected

Cisco fixed critical Unity Connection vulnerability CVE-2024-20272

ShinyHunters member sentenced to three years in prison

HMG Healthcare disclosed a data breach

Threat actors hacked the X account of the Securities and Exchange Commission (SEC) and announced fake Bitcoin ETF approval

Decryptor for Tortilla variant of Babuk ransomware released

Microsoft Patch Tuesday for January 2024 fixed 2 critical flaws

CISA adds Apache Superset bug to its Known Exploited Vulnerabilities catalog

Syrian group Anonymous Arabic distributes stealthy malware Silver RAT

Swiss Air Force sensitive files stolen in the hack of Ultra Intelligence & Communications

DoJ charged 19 individuals in a transnational cybercrime investigation xDedic Marketplace

Long-existing Bandook RAT targets Windows machines

A cyber attack hit the Beirut International Airport

Iranian crypto exchange Bit24.cash leaks user passports and IDs

Security Affairs newsletter Round 453 by Pierluigi Paganini – INTERNATIONAL EDITION

Turkish Sea Turtle APT targets Dutch IT and Telecom firms

Experts spotted a new macOS Backdoor named SpectralBlur linked to North Korea

Merck settles with insurers regarding a $1.4 billion claim over NotPetya damages

The source code of Zeppelin Ransomware sold on a hacking forum

Russia-linked APT Sandworm was inside Ukraine telecoms giant Kyivstar for months

Ivanti fixed a critical EPM flaw that can result in remote code execution

MyEstatePoint Property Search Android app leaks user passwords

Hacker hijacked Orange Spain RIPE account causing internet outage to company customers

HealthEC data breach impacted more than 4.5 Million people

Experts found 3 malicious packages hiding crypto miners in PyPi repository

Crooks hacked Mandiant X account to push cryptocurrency scam

Cybercriminals Implemented Artificial Intelligence (AI) for Invoice Fraud

CISA ADDS CHROME AND PERL LIBRARY FLAWS TO ITS KNOWN EXPLOITED VULNERABILITIES CATALOG

Don’t trust links with known domains: BMW affected by redirect vulnerability

Hackers stole more than $81 million worth of crypto assets from Orbit Chain

Ukraine’s SBU said that Russia's intelligence hacked surveillance cameras to direct a missile strike on Kyiv

Experts warn of JinxLoader loader used to spread Formbook and XLoader

Terrapin attack allows to downgrade SSH protocol security

Multiple organizations in Iran were breached by a mysterious hacker

Top 2023 Security Affairs cybersecurity stories

Malware exploits undocumented Google OAuth endpoint to regenerate Google cookies

Cactus RANSOMWARE gang hit the Swedish retail and grocery provider Coop

Google agreed to settle a $5 billion privacy lawsuit

Security Affairs newsletter Round 452 by Pierluigi Paganini – INTERNATIONAL EDITION

INC RANSOM ransomware gang claims to have breached Xerox Corp

Spotify music converter TuneFab puts users at risk

Cyber attacks hit the Assembly of the Republic of Albania and telecom company One Albania

Russia-linked APT28 used new malware in a recent phishing campaign

Clash of Clans gamers at risk while using third-party app

New Version of Meduza Stealer Released in Dark Web

Operation Triangulation attacks relied on an undocumented hardware feature

Cybercriminals launched “Leaksmas” event in the Dark Web exposing massive volumes of leaked PII and compromised data

Lockbit ransomware attack interrupted medical emergencies gang at a German hospital network

Experts warn of critical Zero-Day in Apache OfBiz

Xamalicious Android malware distributed through the Play Store

Barracuda fixed a new ESG zero-day exploited by Chinese group UNC4841

Elections 2024, artificial intelligence could upset world balances

Experts analyzed attacks against poorly managed Linux SSH servers

A cyberattack hit Australian healthcare provider St Vincent’s Health Australia

Rhysida ransomware group hacked Abdali Hospital in Jordan

Carbanak malware returned in ransomware attacks

Resecurity Released a 2024 Cyber Threat Landscape Forecast

APT group UAC-0099 targets Ukraine exploiting a WinRAR flaw

Iran-linked APT33 targets Defense Industrial Base sector with FalseFont backdoor

Security Affairs newsletter Round 451 by Pierluigi Paganini – INTERNATIONAL EDITION

Europol and ENISA spotted 443 e-stores compromised with digital skimming

Video game giant Ubisoft investigates reports of a data breach

LockBit ransomware gang claims to have breached accountancy firm Xeinadin

Mobile virtual network operator Mint Mobile discloses a data breach

Akira ransomware gang claims the theft of sensitive data from Nissan Australia

Member of Lapsus$ gang sentenced to an indefinite hospital order

Real estate agency exposes details of 690k customers

ESET fixed a high-severity bug in the Secure Traffic Scanning Feature of several products

Phishing attacks use an old Microsoft Office flaw to spread Agent Tesla malware

Data leak exposes users of car-sharing service Blink Mobility

Google addressed a new actively exploited Chrome zero-day

German police seized the dark web marketplace Kingdom Market

Law enforcement Operation HAECHI IV led to the seizure of $300 Million

Sophisticated JaskaGO info stealer targets macOS and Windows

BMW dealer at risk of takeover by cybercriminals

Comcast’s Xfinity customer data exposed after CitrixBleed attack

FBI claims to have dismantled AlphV/Blackcat ransomware operation, but the group denies it

Smishing Triad: Cybercriminals Impersonate UAE Federal Authority for Identity and Citizenship on the Peak of Holidays Season

The ransomware attack on Westpole is disrupting digital services for Italian public administration

Info stealers and how to protect against them

Pro-Israel Predatory Sparrow hacker group disrupted services at around 70% of Iran’s fuel stations

Qakbot is back and targets the Hospitality industry

A supply chain attack on crypto hardware wallet Ledger led to the theft of $600K

MongoDB investigates a cyberattack, customer data exposed

InfectedSlurs botnet targets QNAP VioStor NVR vulnerability

Security Affairs newsletter Round 450 by Pierluigi Paganini – INTERNATIONAL EDITION

New NKAbuse malware abuses NKN decentralized P2P network protocol

Snatch ransomware gang claims the hack of the food giant Kraft Heinz

Multiple flaws in pfSense firewall can lead to arbitrary code execution

BianLian, White Rabbit, and Mario Ransomware Gangs Spotted in a Joint Campaign

Data of over a million users of the crypto exchange GokuMarket exposed

Idaho National Laboratory data breach impacted 45,047 individuals

Ubiquiti users claim to have access to other people’s devices

Russia-linked APT29 spotted targeting JetBrains TeamCity servers

Microsoft seized the US infrastructure of the Storm-1152 cybercrime group

French authorities arrested a Russian national for his role in the Hive ransomware operation

China-linked APT Volt Typhoon linked to KV-Botnet

UK Home Office is ignoring the risk of 'catastrophic ransomware attacks,' report warns

OAuth apps used in cryptocurrency mining, phishing campaigns, and BEC attacks

Sophos backports fix for CVE-2022-3236 for EOL firewall firmware versions due to ongoing attacks

December 2023 Microsoft Patch Tuesday fixed 4 critical flaws

Ukrainian military intelligence service hacked the Russian Federal Taxation Service

Kyivstar, Ukraine's largest mobile carrier brought down by a cyber attack

Dubai’s largest taxi app exposes 220K+ users

Operation Blacksmith: Lazarus exploits Log4j flaws to deploy DLang malware

Apple released iOS 17.2 to address a dozen of security flaws

Toyota Financial Services discloses a data breach

Apache fixed Critical RCE flaw CVE-2023-50164 in Struts 2

CISA adds Qlik Sense flaws to its Known Exploited Vulnerabilities catalog

CISA and ENISA signed a Working Arrangement to enhance cooperation

Researcher discovered a new lock screen bypass bug for Android 14 and 13

WordPress 6.4.2 fixed a Remote Code Execution (RCE) flaw

Security Affairs newsletter Round 449 by Pierluigi Paganini – INTERNATIONAL EDITION

Hacktivists hacked an Irish water utility and interrupted the water supply

5Ghoul flaws impact hundreds of 5G devices with Qualcomm, MediaTek chips

Norton Healthcare disclosed a data breach after a ransomware attack

Bypassing major EDRs using Pool Party process injection techniques

Founder of Bitzlato exchange has pleaded for unlicensed money transmitting

Android barcode scanner app exposes user passwords

UK and US expose Russia Callisto Group's activity and sanction members

A cyber attack hit Nissan Oceania

New Krasue Linux RAT targets telecom companies in Thailand

Atlassian addressed four new RCE flaws in its products

CISA adds Qualcomm flaws to its Known Exploited Vulnerabilities catalog

Experts demonstrate a post-exploitation tampering technique to display Fake Lockdown mode

GST Invoice Billing Inventory exposes sensitive data to threat actors

Threat actors breached US govt systems by exploiting Adobe ColdFusion flaw

ENISA published the ENISA Threat Landscape for DoS Attacks Report

Russia-linked APT28 group spotted exploiting Outlook flaw to hijack MS Exchange accounts

Google fixed critical zero-click RCE in Android

New P2PInfect bot targets routers and IoT devices

Malvertising attacks rely on DanaBot Trojan to spread CACTUS Ransomware

LockBit on a Roll - ICBC Ransomware Attack Strikes at the Heart of the Global Financial Order

Zyxel fixed tens of flaws in Firewalls, Access Points, and NAS devices

New Agent Raccoon malware targets the Middle East, Africa and the US

Security Affairs newsletter Round 448 by Pierluigi Paganini – INTERNATIONAL EDITION

Researchers devised an attack technique to extract ChatGPT training data

Fortune-telling website WeMystic exposes 13M+ user records

Expert warns of Turtle macOS ransomware

Black Basta Ransomware gang accumulated at least $107 million in Bitcoin ransom payments since early 2022

CISA adds ownCloud and Google Chrome bugs to its Known Exploited Vulnerabilities catalog

Apple addressed 2 new iOS zero-day vulnerabilities

Critical Zoom Room bug allowed to gain access to Zoom Tenants

Rhysida ransomware group hacked King Edward VII’s Hospital in London

Google addressed the sixth Chrome Zero-Day vulnerability in 2023

Okta reveals additional attackers' activities in October 2023 Breach

Thousands of secrets lurk in app images on Docker Hub

Threat actors started exploiting critical ownCloud flaw CVE-2023-49103

International police operation dismantled a prominent Ukraine-based Ransomware group

Daixin Team group claimed the hack of North Texas Municipal Water District

Healthcare provider Ardent Health Services disclosed a ransomware attack

Ukraine's intelligence service hacked Russia's Federal Air Transport Agency, Rosaviatsia

Iranian hacker group Cyber Av3ngers hacked the Municipal Water Authority of Aliquippa in Pennsylvania

The hack of MSP provider CTS potentially impacted hundreds of UK law firms

Security Affairs newsletter Round 447 by Pierluigi Paganini – INTERNATIONAL EDITION

Rhysida ransomware gang claimed China Energy hack

North Korea-linked APT Lazarus is using a MagicLine4NX zero-day flaw in supply chain attack

Hamas-linked APT uses Rust-based SysJoker backdoor against Israel

App used by hundreds of schools leaking children's data

Microsoft launched its new Microsoft Defender Bounty Program

Exposed Kubernetes configuration secrets can fuel supply chain attacks

North Korea-linked Konni APT uses Russian-language weaponized documents

ClearFake campaign spreads macOS AMOS information stealer

Welltok data breach impacted 8.5 million patients in the U.S.

North Korea-linked APT Diamond Sleet supply chain attack relies on CyberLink software

Automotive parts giant AutoZone disclosed data breach after MOVEit hack

New InfectedSlurs Mirai-based botnet exploits two zero-days

SiegedSec hacktivist group hacked Idaho National Laboratory (INL)

CISA adds Looney Tunables Linux bug to its Known Exploited Vulnerabilities catalog

Citrix provides additional measures to address Citrix Bleed

Tor Project removed several relays associated with a suspicious cryptocurrency scheme

Experts warn of a surge in NetSupport RAT attacks against education and government sectors

The Top 5 Reasons to Use an API Management Platform

Canadian government impacted by data breaches of two of its contractors

Rhysida ransomware gang is auctioning data stolen from the British Library

Russia-linked APT29 group exploited WinRAR 0day in attacks against embassies

DarkCasino joins the list of APT groups exploiting WinRAR zero-day

US teenager pleads guilty to his role in credential stuffing attack on a betting site

Security Affairs newsletter Round 446 by Pierluigi Paganini – INTERNATIONAL EDITION

8Base ransomware operators use a new variant of the Phobos ransomware

Russian APT Gamaredon uses USB worm LitterDrifter against Ukraine

The board of directors of OpenAI fired Sam Altman

Medusa ransomware gang claims the hack of Toyota Financial Services

CISA adds Sophos Web Appliance bug to its Known Exploited Vulnerabilities catalog

Zimbra zero-day exploited to steal government emails by four groups

Vietnam Post exposes 1.2TB of data, including email addresses

Samsung suffered a new data breach

FBI and CISA warn of attacks by Rhysida ransomware gang

Critical flaw fixed in SAP Business One product

Law enforcement agencies dismantled the illegal botnet proxy service IPStorm

Gamblers’ data compromised after casino giant Strendus fails to set password

VMware disclosed a critical and unpatched authentication bypass flaw in VMware Cloud Director Appliance

Danish critical infrastructure hit by the largest cyber attack in Denmark's history

Major Australian ports blocked after a cyber attack on DP World

Nuclear and Oil & Gas are Major Targets of Ransomware Groups in 2024

CISA adds five vulnerabilities in Juniper devices to its Known Exploited Vulnerabilities catalog

LockBit ransomware gang leaked data stolen from Boeing

North Korea-linked APT Sapphire Sleet targets IT job seekers with bogus skills assessment portals

The Lorenz ransomware group hit Texas-based Cogdell Memorial Hospital

The State of Maine disclosed a data breach that impacted 1.3M people

Security Affairs newsletter Round 445 by Pierluigi Paganini – INTERNATIONAL EDITION

Police seized BulletProftLink phishing-as-a-service (PhaaS) platform

Serbian pleads guilty to running ‘Monopoly’ dark web drug market

McLaren Health Care revealed that a data breach impacted 2.2 million people

After ChatGPT, Anonymous Sudan took down the Cloudflare website

Industrial and Commercial Bank of China (ICBC) suffered a ransomware attack

SysAid zero-day exploited by Clop ransomware group

Dolly.com pays ransom, attackers release data anyway

DDoS attack leads to significant disruption in ChatGPT services

Russian Sandworm disrupts power in Ukraine with a new OT attack

Veeam fixed multiple flaws in Veeam ONE, including critical issues

Pro-Palestinian hackers group 'Soldiers of Solomon' disrupted the production cycle of the biggest flour production plant in Israel

Iranian Agonizing Serpens APT is targeting Israeli entities with destructive cyber attacks

Critical Confluence flaw exploited in ransomware attacks

QNAP fixed two critical vulnerabilities in QTS OS and apps

Attackers use Google Calendar RAT to abuse Calendar service as C2 infrastructure

Socks5Systemz proxy service delivered via PrivateLoader and Amadey

US govt sanctioned a Russian woman for laundering virtual currency on behalf of threat actors

Security Affairs newsletter Round 444 by Pierluigi Paganini – INTERNATIONAL EDITION

Lazarus targets blockchain engineers with new KandyKorn macOS Malware

Kinsing threat actors probed the Looney Tunables flaws in recent attacks

ZDI discloses four zero-day flaws in Microsoft Exchange

Okta customer support system breach impacted 134 customers

Multiple WhatsApp mods spotted containing the CanesSpy Spyware

Russian FSB arrested Russian hackers who supported Ukrainian cyber operations

MuddyWater has been spotted targeting two Israeli entities

Clop group obtained access to the email addresses of about 632,000 US federal employees

Okta discloses a new data breach after a third-party vendor was hacked

Suspected exploitation of Apache ActiveMQ flaw CVE-2023-46604 to install HelloKitty ransomware

Boeing confirmed its services division suffered a cyberattack

Resecurity: Insecurity of 3rd-parties leads to Aadhaar data leaks in India

Who is behind the Mozi Botnet kill switch?

CISA adds two F5 BIG-IP flaws to its Known Exploited Vulnerabilities catalog

Threat actors actively exploit F5 BIG-IP flaws CVE-2023-46747 and CVE-2023-46748

Pro-Hamas hacktivist group targets Israel with BiBi-Linux wiper

British Library suffers major outage due to cyberattack

Critical Atlassian Confluence flaw can lead to significant data loss

WiHD leak exposes details of all torrent users

Experts released PoC exploit code for Cisco IOS XE flaw CVE-2023-20198

Canada bans WeChat and Kaspersky apps on government-issued mobile devices

Florida man sentenced to prison for SIM Swapping conspiracy that led to theft of $1M in cryptocurrency

Wiki-Slack attack allows redirecting business professionals to malicious websites

HackerOne awarded over $300 million bug hunters

StripedFly, a complex malware that infected one million devices without being noticed

IT Army of Ukraine disrupted internet providers in territories occupied by Russia

Security Affairs newsletter Round 443 by Pierluigi Paganini – INTERNATIONAL EDITION

Bug hunters earned $1,038,250 for 58 unique 0-days at Pwn2Own Toronto 2023

Lockbit ransomware gang claims to have stolen data from Boeing

How to Collect Market Intelligence with Residential Proxies?

F5 urges to address a critical flaw in BIG-IP

Hello Alfred app exposes user data

iLeakage attack exploits Safari to steal data from Apple devices

Cloudflare mitigated 89 hyper-volumetric HTTP distributed DDoS attacks exceeding 100 million rps

Seiko confirmed a data breach after BlackCat attack

Winter Vivern APT exploited zero-day in Roundcube webmail software in recent attacks

Pwn2Own Toronto 2023 Day 1 - organizers awarded $438,750 in prizes

VMware addressed critical vCenter flaw also for End-of-Life products

Citrix warns admins to patch NetScaler CVE-2023-4966 bug immediately

New England Biolabs leak sensitive data

Former NSA employee pleads guilty to attempted selling classified documents to Russia

Experts released PoC exploit code for VMware Aria Operations for Logs flaw. Patch it now!

How did the Okta Support breach impact 1Password?

PII Belonging to Indian Citizens, Including their Aadhaar IDs, Offered for Sale on the Dark Web

Spain police dismantled a cybercriminal group who stole the data of 4 million individuals

CISA adds second Cisco IOS XE flaw to its Known Exploited Vulnerabilities catalog

Cisco warns of a second IOS XE zero-day used to infect devices worldwide

City of Philadelphia suffers a data breach

SolarWinds fixed three critical RCE flaws in its Access Rights Manager product

Don't use AI-based apps, Philippine defense ordered its personnel

Vietnamese threat actors linked to DarkGate malware campaign

MI5 chief warns of Chinese cyber espionage reached an unprecedented scale

The attack on the International Criminal Court was targeted and sophisticated

Security Affairs newsletter Round 442 by Pierluigi Paganini – INTERNATIONAL EDITION

A threat actor is selling access to Facebook and Instagram's Police Portal

Threat actors breached Okta support system and stole customers' data

US DoJ seized domains used by North Korean IT workers to defraud businesses worldwide

Alleged developer of the Ragnar Locker ransomware was arrested

CISA adds Cisco IOS XE flaw to its Known Exploited Vulnerabilities catalog

Tens of thousands Cisco IOS XE devices were hacked by exploiting CVE-2023-20198

Law enforcement operation seized Ragnar Locker group's infrastructure

THE 11TH EDITION OF THE ENISA THREAT LANDSCAPE REPORT IS OUT!

North Korea-linked APT groups actively exploit JetBrains TeamCity flaw

Multiple APT groups exploited WinRAR flaw CVE-2023-38831

Californian IT company DNA Micro leaks private mobile phone data

Threat actors have been exploiting CVE-2023-4966 in Citrix NetScaler ADC/Gateway devices since August

A flaw in Synology DiskStation Manager allows admin account takeover

D-Link confirms data breach, but downplayed the impact

CVE-2023-20198 zero-day widely exploited to install implants on Cisco IOS XE systems

Russia-linked Sandworm APT compromised 11 Ukrainian telecommunications providers

Ransomware realities in 2023: one employee mistake can cost a company millions

Malware-laced 'RedAlert - Rocket Alerts' app targets Israeli users

Cisco warns of active exploitation of IOS XE zero-day

Signal denies claims of an alleged zero-day flaw in its platform

Microsoft Defender thwarted Akira ransomware attack on an industrial engineering firm

DarkGate malware campaign abuses Skype and Teams

The Alphv ransomware gang stole 5TB of data from the Morrison Community Hospital

Security Affairs newsletter Round 441 by Pierluigi Paganini – INTERNATIONAL EDITION

Lockbit ransomware gang demanded an 80 million ransom to CDW

CISA warns of vulnerabilities and misconfigurations exploited in ransomware attacks

Stayin' Alive campaign targets high-profile Asian government and telecom entities. Is it linked to ToddyCat APT?

FBI and CISA published a new advisory on AvosLocker ransomware

More than 17,000 WordPress websites infected with the Balada Injector in September

Ransomlooker, a new tool to track and analyze ransomware groups' activities

Phishing, the campaigns that are targeting Italy

A new Magecart campaign hides the malicious code in 404 error page

CISA adds Adobe Acrobat Reader flaw to its Known Exploited Vulnerabilities catalog

Mirai-based DDoS botnet IZ1H9 added 13 payloads to target routers

Air Europa data breach exposed customers' credit cards

#OpIsrael, #FreePalestine & #OpSaudiArabia - How Cyber Actors Capitalize On War Actions Via Psy-Ops

Microsoft Patch Tuesday updates for October 2023 fixed three actively exploited zero-day flaws

New 'HTTP/2 Rapid Reset' technique behind record-breaking DDoS attacks

Exposed security cameras in Israel and Palestine pose significant risks

A flaw in libcue library impacts GNOME Linux systems

Hacktivists in Palestine and Israel after SCADA and other industrial control systems

Large-scale Citrix NetScaler Gateway credential harvesting campaign exploits CVE-2023-3519

The source code of the 2020 variant of HelloKitty ransomware was leaked on a cybercrime forum

Gaza-linked hackers and Pro-Russia groups are targeting Israel

Flagstar Bank suffered a data breach once again

Android devices shipped with backdoored firmware as part of the BADBOX network

Security Affairs newsletter Round 440 by Pierluigi Paganini – International edition

North Korea-linked Lazarus APT laundered over $900 million through cross-chain crime

QakBot threat actors are still operational after the August takedown

Ransomware attack on MGM Resorts costs $110 Million

Cybersecurity, why a hotline number could be important?

Multiple experts released exploits for Linux local privilege escalation flaw Looney Tunables

Cisco Emergency Responder is affected by a critical Static Credentials bug. Fix it immediately!

Belgian intelligence service VSSE accused Alibaba of ‘possible espionage’ at European hub in Liege

CISA adds JetBrains TeamCity and Windows flaws to its Known Exploited Vulnerabilities catalog

NATO is investigating a new cyber attack claimed by the SiegedSec group

Global CRM Provider Exposed Millions of Clients’ Files Online

Sony sent data breach notifications to about 6,800 individuals

Apple fixed the 17th zero-day flaw exploited in attacks

Atlassian Confluence zero-day CVE-2023-22515 actively exploited in attacks

A cyberattack disrupted Lyca Mobile services

Chipmaker Qualcomm warns of three actively exploited zero-days

DRM Report Q2 2023 - Ransomware threat landscape

Phishing campaign targeted US executives exploiting a flaw in Indeed job search platform

San Francisco’s transport agency exposes drivers’ parking permits and addresses

BunnyLoader, a new Malware-as-a-Service advertised in cybercrime forums

Exclusive: Lighting the Exfiltration Infrastructure of a LockBit Affiliate (and more)

Two hacker groups are back in the news, LockBit 3.0 Black and BlackCat/AlphV

European Telecommunications Standards Institute (ETSI) suffered a data breach

WS_FTP flaw CVE-2023-40044 actively exploited in the wild

National Logistics Portal (NLP) data leak: seaports in India were left vulnerable to takeover by hackers

North Korea-linked Lazarus targeted a Spanish aerospace company

Ransomware attack on Johnson Controls may have exposed sensitive DHS data

BlackCat gang claims they stole data of 2.5 million patients of McLaren Health Care

Security Affairs newsletter Round 439 by Pierluigi Paganini – International edition

ALPHV/BlackCat ransomware gang hacked the hotel chain Motel One

FBI warns of dual ransomware attacks

Progress Software fixed two critical severity flaws in WS_FTP Server

Child abuse site taken down, organized child exploitation crime suspected – exclusive

A still unpatched zero-day RCE impacts more than 3.5M Exim servers

Chinese threat actors stole around 60,000 emails from US State Department in Microsoft breach

Misconfigured WBSC server leaks thousands of passports

CISA adds JBoss RichFaces Framework flaw to its Known Exploited Vulnerabilities catalog

Cisco urges to patch actively exploited IOS zero-day CVE-2023-20109

Dark Angels Team ransomware group hit Johnson Controls

GOOGLE FIXED THE FIFTH CHROME ZERO-DAY OF 2023

Russian zero-day broker is willing to pay $20M for zero-day exploits for iPhones and Android devices

China-linked APT BlackTech was spotted hiding in Cisco router firmware

Watch out! CVE-2023-5129 in libwebp library affects millions applications

DarkBeam leaks billions of email and password combinations

'Ransomed.vc' in the Spotlight - What is Known About the Ransomware Group Targeting Sony and NTT Docomo

San Francisco’s transport agency exposes drivers’ parking permits and addresses

A misconfiguration in the Metropolitan Transportation Commission (MTC) systems caused a leak of over 26K files, exposing clients’ parking permits and home addresses.

you might also like

New malware ‘ResolverRAT’ targets healthcare, pharmaceutical firms

Malicious NPM packages target PayPal users

leave a comment

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

New malware ‘ResolverRAT’ targets healthcare, pharmaceutical firms

Malicious NPM packages target PayPal users

Tycoon2FA phishing kit rolled out significant updates

South African telecom provider Cell C disclosed a data breach following a cyberattack

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 41

QUICK LINKS

San Francisco’s transport agency exposes drivers’ parking permits and addresses

A misconfiguration in the Metropolitan Transportation Commission (MTC) systems caused a leak of over 26K files, exposing clients’ parking permits and home addresses.

you might also like

New malware ‘ResolverRAT’ targets healthcare, pharmaceutical firms

Malicious NPM packages target PayPal users

leave a comment

newsletter

Subscribe to my email list and stay up-to-date!

recent articles

New malware ‘ResolverRAT’ targets healthcare, pharmaceutical firms

Malicious NPM packages target PayPal users

Tycoon2FA phishing kit rolled out significant updates

South African telecom provider Cell C disclosed a data breach following a cyberattack

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 41

Subscribe to my email list and stay
up-to-date!