Pierluigi Paganini February 02, 2025

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box.

Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

International Press – Newsletter

Cybercrime

UnitedHealth Estimates Change Healthcare Hack Impacted About 190 Million People  

TalkTalk investigating data breach after hacker claims theft of customer data  

Law enforcement takes down two largest cybercrime forums in the world  

New York Blood Center Enterprises Cybersecurity Incident Update 

Cybercrime websites selling hacking tools to transnational organized crime groups seized  

Indian tech giant Tata Technologies hit by ransomware attack

Malware

ESXi Ransomware Attacks: Stealthy Persistence through SSH Tunneling 

MintsLoader: StealC and BOINC Delivery  

Active Exploitation: New Aquabot Variant Phones Home 

How we kept the Google Play & Android app ecosystems safe in 2024

Hacking

RANsacked Cellular Security

CVE-2024-50050: Critical Vulnerability in meta-llama/llama-stack  

Clone2Leak: Your Git Credentials Belong To Us  

Apple fixes this year’s first actively exploited zero-day bug  

DeepSeek R1 Exposed: Security Flaws in China’s AI Model

Arctic Wolf Observes Campaign Exploiting SimpleHelp RMM Software for Initial Access  

Active Exploitation of Zero-day Zyxel CPE Vulnerability (CVE-2024-40891)  

CVE-2024-49138 Windows CLFS heap-based buffer overflow analysis – Part 1  

The Tainted Voyage: Uncovering Voyager’s Vulnerabilities 

Browser Syncjacking: How Any Browser Extension can Be Used to Takeover Your Device  

Intelligence and Information Warfare 

Love and hate under war: The GamaCopy organization, which imitates the Russian Gamaredon, uses military — related bait to launch attacks on Russia  

Climate Misinformation Is Social Media’s Biggest Issue — And It’s About to Get Way Worse  

Cyber-attacks: three individuals added to EU sanctions list for malicious cyber activities against Estonia  

AI and security: Safeguarding users and strengthening national security

Operation Phantom Circuit  

WhatsApp says journalists and civil society members were targets of Israeli spyware  

Cybersecurity

OpenAI ‘reviewing’ allegations that its AI models were used to make DeepSeek  

MGM Resorts settles lawsuits after millions of customer records stolen in data breaches

Google to kill Chrome Sync on older Chrome browser versions

Italian regulator asks DeepSeek for information about data collection     

US Cyber Agency’s Future Role in Elections Remains Murky Under the Trump Administration

Time Bandit ChatGPT jailbreak bypasses safeguards on sensitive topics 

Wiz Research Uncovers Exposed DeepSeek Database Leaking Sensitive Information, Including Chat History  

Cybersecurity Vulnerabilities with Certain Patient Monitors from Contec and Epsimed: FDA Safety Communication  

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, newsletter)