• Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
MUST READ

U.S. CISA adds Microsoft Internet Explorer, Microsoft Office Excel, and WinRAR flaws to its Known Exploited Vulnerabilities catalog

 | 

Critical FortiSIEM flaw under active exploitation, Fortinet warns

 | 

Charon Ransomware targets Middle East with APT attack methods

 | 

Hackers leak 2.8M sensitive records from Allianz Life in Salesforce data breach

 | 

SAP fixed 26 flaws in August 2025 Update, including 4 Critical

 | 

August 2025 Patch Tuesday fixes a Windows Kerberos Zero-Day

 | 

Dutch NCSC: Citrix NetScaler zero-day breaches critical orgs

 | 

Chrome sandbox escape nets security researcher $250,000 reward

 | 

Smart Buses flaws expose vehicles to tracking, control, and spying

 | 

MedusaLocker ransomware group is looking for pentesters

 | 

Google confirms Salesforce CRM breach, faces extortion threat

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 57

 | 

Security Affairs newsletter Round 536 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

Embargo Ransomware nets $34.2M in crypto since April 2024

 | 

Germany limits police spyware use to serious crimes

 | 

Phishing attacks exploit WinRAR flaw CVE-2025-8088 to install RomCom

 | 

French firm Bouygues Telecom suffered a data breach impacting 6.4M customers

 | 

Columbia University data breach impacted 868,969 people

 | 

SonicWall dismisses zero-day fears after Ransomware probe

 | 

Air France and KLM disclosed data breaches following the hack of a third-party platform

 | 
  • Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
  • Home
  • Uncategorized
  • Security Affairs newsletter Round 507 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs newsletter Round 507 by Pierluigi Paganini – INTERNATIONAL EDITION

Pierluigi Paganini January 19, 2025

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box.

Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

U.S. Treasury Sanctions Chinese cybersecurity firm and actor over federal agency breach tied to Salt Typhoon
EU privacy non-profit group filed complaints against TikTok, SHEIN, AliExpress, and other Chinese companies
U.S. CISA adds Aviatrix Controllers vulnerability to its Known Exploited Vulnerabilities catalog
ESET detailed a flaw that could allow a bypass of the Secure Boot in UEFI systems
Russia-linked APT Star Blizzard targets WhatsApp accounts
Prominent US law firm Wolf Haldenstein disclosed a data breach
Clop Ransomware exploits Cleo File Transfer flaw: dozens of claims, disputed breaches
MikroTik botnet relies on DNS misconfiguration to spread malware
Threat actor leaked config files and VPN passwords for over Fortinet Fortigate devices
Microsoft Patch Tuesday updates for January 2025 fixed three actively exploited flaws
U.S. CISA adds Fortinet FortiOS flaw to its Known Exploited Vulnerabilities catalog
Codefinger ransomware gang uses compromised AWS keys to encrypt S3 bucket
CVE-2024-44243 macOS flaw allows persistent malware installation
FBI deleted China-linked PlugX malware from over 4,200 US computers
Russia-linked APT UAC-0063 target Kazakhstan in with HATVIBE malware
A new campaign is likely targeting a zero-day in Fortinet FortiGate firewalls
Threat actors exploit Aviatrix Controller flaw to deploy backdoors and cryptocurrency miners
U.S. CISA adds BeyondTrust PRA and RS and Qlik Sense flaws to its Known Exploited Vulnerabilities catalog
Inexperienced actors developed the FunkSec ransomware using AI tools
Credit Card Skimmer campaign targets WordPress via database injection
Microsoft took legal action against crooks who developed a tool to abuse its AI-based services
Pro-Russia hackers NoName057 targets Italy again after Zelensky’s visit to the country
How a researcher earned $100,000 hacking a Facebook server

International Press – Newsletter

Cybercrime  

Taking legal action to protect the public from abusive AI-generated content 

Justice Department and FBI Conduct International Operation to Delete Malware Used by China-Backed Hackers  

Huione: the company behind the largest ever illicit online marketplace has launched a stablecoin 

Unknown group releases Fortinet config files and VPN passwords to the darknet  

NHS Cyberattack in UK Inflicted Long-Term Harm on Patient Health

Clop ransomware gang names dozens of victims hit by Cleo mass-hack, but several firms dispute breaches  

Sneaky 2FA: exposing a new AiTM Phishing-as-a-Service 

How victims of PowerSchool’s data breach helped each other investigate ‘massive’ hack

Chinese Innovations Spawn Wave of Toll Phishing Via SMS    

Gravy Analytics breached (to be confirmed)

Hackers Claim Massive Breach of Location Data Giant, Threaten to Leak Data      

Malware

Stealthy Credit Card Skimmer Targets WordPress Checkout Pages via Database Injection  

Abusing AWS Native Services: Ransomware Encrypting S3 Buckets with SSE-C

Python-Based Malware Powers RansomHub Ransomware to Exploit Network Flaws

One Mikro Typo: How a simple DNS misconfiguration enables malware delivery by a Russian botnet  

Hacking

Backdooring Your Backdoors – Another $20 Domain, More Governments

Analyzing CVE-2024-44243, a macOS System Integrity Protection bypass through kernel extensions     

Wiz Research Identifies Exploitation in the Wild of Aviatrix Controller RCE (CVE-2024-50603)

Console Chaos: A Campaign Targeting Publicly Exposed Management Interfaces on Fortinet FortiGate Firewalls

From arbitrary pointer dereference to arbitrary read/write in latest Windows 11 

Under the cloak of UEFI Secure Boot: Introducing CVE-2024-7344  

Karmada Security Audit  

Intelligence and Information Warfare 

Double-Tap Campaign: Russia-nexus APT possibly related to APT28 conducts cyber espionage on Central Asia and Kazakhstan diplomatic relations  

How Barcelona became an unlikely hub for spyware startups  

Secret Phone Surveillance Tech Was Likely Deployed at 2024 DNC  

New Star Blizzard spear-phishing campaign targets WhatsApp accounts  

Treasury Sanctions Company Associated with Salt Typhoon and Hacker Associated with Treasury Compromise  

Treasury Targets IT Worker Network Generating Revenue for DPRK Weapons Programs  

FBI Warns iPhone, Android, Windows Users—Do Not Install These Apps  

Cybersecurity

2025 cybersecurity trends: deepfakes, AI and quantum computing  

The State of IT Security in Germany 2024  

Global Cybersecurity Outlook 2025  

Ministers consider ban on all UK public bodies making ransomware payments 

The January 2025 Security Update Review  

Governments call for spyware regulations in UN Security Council meeting 

2024 US Healthcare Data Breaches: 585 Incidents, 180 Million Compromised User Records 

TikTok, AliExpress, SHEIN & Co surrender Europeans’ data to authoritarian China  

Mad at Meta? Don’t Let Them Collect and Monetize Your Personal Data  

CISA unveils ‘Secure by Demand’ guidelines to bolster OT security  

Opening the AI Black Box: Scientists use math to peek inside how artificial intelligence makes decisions

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, newsletter)


facebook linkedin twitter

you might also like

Pierluigi Paganini August 13, 2025
SAP fixed 26 flaws in August 2025 Update, including 4 Critical
Read more
Pierluigi Paganini July 20, 2025
Singapore warns China-linked group UNC3886 targets its critical infrastructure
Read more

leave a comment

newsletter

Subscribe to my email list and stay
up-to-date!

    recent articles

    U.S. CISA adds Microsoft Internet Explorer, Microsoft Office Excel, and WinRAR flaws to its Known Exploited Vulnerabilities catalog

    Hacking / August 14, 2025

    Critical FortiSIEM flaw under active exploitation, Fortinet warns

    Hacking / August 13, 2025

    Charon Ransomware targets Middle East with APT attack methods

    Malware / August 13, 2025

    Hackers leak 2.8M sensitive records from Allianz Life in Salesforce data breach

    Data Breach / August 13, 2025

    SAP fixed 26 flaws in August 2025 Update, including 4 Critical

    Uncategorized / August 13, 2025

    To contact me write an email to:

    Pierluigi Paganini :
    pierluigi.paganini@securityaffairs.co

    LEARN MORE

    QUICK LINKS

    • Home
    • Cyber Crime
    • Cyber warfare
    • APT
    • Data Breach
    • Deep Web
    • Digital ID
    • Hacking
    • Hacktivism
    • Intelligence
    • Internet of Things
    • Laws and regulations
    • Malware
    • Mobile
    • Reports
    • Security
    • Social Networks
    • Terrorism
    • ICS-SCADA
    • POLICIES
    • Contact me

    Copyright@securityaffairs 2024

    We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. However, you may visit "Cookie Settings" to provide a controlled consent.
    Cookie SettingsAccept All
    Manage consent

    Privacy Overview

    This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities...
    Necessary
    Always Enabled
    Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
    Non-necessary
    Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
    SAVE & ACCEPT