Security Affairs newsletter Round 465 by Pierluigi Paganini

Security Affairs newsletter Round 465 by Pierluigi Paganini – INTERNATIONAL EDITION

Pierluigi Paganini March 31, 2024

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box.

Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Expert found a backdoor in XZ tools used many Linux distributions

German BSI warns of 17,000 unpatched Microsoft Exchange servers

Cisco warns of password-spraying attacks targeting Secure Firewall devices

American fast-fashion firm Hot Topic hit by credential stuffing attacks

Cisco addressed high-severity flaws in IOS and IOS XE software

Google: China dominates government exploitation of zero-day vulnerabilities in 2023

Google addressed 2 Chrome zero-days demonstrated at Pwn2Own 2024

INC Ransom stole 3TB of data from the National Health Service (NHS) of Scotland

CISA adds Microsoft SharePoint bug disclosed at Pwn2Own to its Known Exploited Vulnerabilities catalog

The DDR Advantage: Real-Time Data Defense

Finnish police linked APT31 to the 2021 parliament attack

TheMoon bot infected 40,000 devices in January and February UK, New Zealand against China-linked cyber operations

US Treasury Dep announced sanctions against members of China-linked APT31

CISA adds FortiClient EMS, Ivanti EPM CSA, Nice Linear eMerge E3-Series bugs to its Known Exploited Vulnerabilities catalog

Iran-Linked APT TA450 embeds malicious links in PDF attachments

StrelaStealer targeted over 100 organizations across the EU and US

GoFetch side-channel attack against Apple systems allows secret keys extraction

Cybercriminals Accelerate Online Scams During Ramadan and Eid Fitr

Cybercrime

Cybercriminals Accelerate Online Scams During Ramadan And Eid Fitr

Hackers obtain patient data from NHS Dumfries and Galloway

My mom started messaging me… two weeks AFTER her death: Families left traumatized by new ‘ghost hacking’ scam that targets dead people

Malware

Large-Scale StrelaStealer Campaign in Early 2024

Shielding Networks From Androxgh0st

The Darkside Of TheMoon

Urgent security alert for Fedora Linux 40 and Fedora Rawhide users

Hacking

We’re All in this Together A Year in Review of Zero-Days Exploited In-the-Wild in 2023

BlueDucky automates exploitation of Bluetooth pairing vulnerability that leads to 0-click code execution

Password Spray Attacks Impacting Remote Access VPN Services

Thousands of Microsoft Exchange servers vulnerable to critical vulnerabilities

Defending Against Indirect Prompt Injection Attacks With Spotlighting

Intelligence and Information Warfare

Security Brief: TA450 Uses Embedded Links in PDF Attachments in Latest Campaign

Treasury Sanctions China-Linked Hackers for Targeting U.S. Critical Infrastructure

UK calls out China state-affiliated actors for malicious cyber targeting of UK democratic institutions and parliamentarians

Investigation into hacking of Parliament’s information systems has been ongoing

Senators get “shocking” look at TikTok’s spy potential

Cybersecurity

China wants Microsoft and Intel off its computers

Artificial intelligence [What Think Tanks are thinking]

Skills shortage and unpatched systems soar to high-ranking 2030 cyber threats

Threat landscape for industrial automation systems. Statistics for H2 2023

AT&T says personal data from 73 million current and former account holders leaked onto dark web

US critical infrastructure cyberattack reporting rules inch closer to reality

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, newsletter)

Pierluigi Paganini June 27, 2025

Taking over millions of developers exploiting an Open VSX Registry flaw

Pierluigi Paganini June 27, 2025

Security Affairs newsletter Round 465 by Pierluigi Paganini – INTERNATIONAL EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box.

you might also like

Taking over millions of developers exploiting an Open VSX Registry flaw

OneClik APT campaign targets energy sector with stealthy backdoors

leave a comment

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

Taking over millions of developers exploiting an Open VSX Registry flaw

OneClik APT campaign targets energy sector with stealthy backdoors

APT42 impersonates cyber professionals to phish Israeli academics and journalists

Kai West, aka IntelBroker, indicted for cyberattacks causing $25M in damages

Cisco fixed critical ISE flaws allowing Root-level remote code execution

QUICK LINKS

Security Affairs newsletter Round 465 by Pierluigi Paganini – INTERNATIONAL EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box.

you might also like

Taking over millions of developers exploiting an Open VSX Registry flaw

OneClik APT campaign targets energy sector with stealthy backdoors

leave a comment

newsletter

Subscribe to my email list and stay up-to-date!

recent articles

Taking over millions of developers exploiting an Open VSX Registry flaw

OneClik APT campaign targets energy sector with stealthy backdoors

APT42 impersonates cyber professionals to phish Israeli academics and journalists

Kai West, aka IntelBroker, indicted for cyberattacks causing $25M in damages

Cisco fixed critical ISE flaws allowing Root-level remote code execution

Subscribe to my email list and stay
up-to-date!