Pierluigi Paganini February 16, 2025

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box.

Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

International Press – Newsletter

Cybercrime

XE Group: From Credit Card Skimming to Exploiting Zero-Days  

Four alleged hackers arrested in Phuket for hacking 17 Swiss firms  

The Untold Story of a Crypto Crimefighter’s Descent Into Nigerian Prison Security

Amsterdam police dismantle digital criminal network; 127 servers taken offline

AFP joins global crackdown on cybercriminal infrastructure provider      

Did You Download This Steam Game? Sorry, It’s Windows Malware  

Malware

Mobile Indian Cyber Heist: FatBoyPanel And His Massive Data Breach

Google Tag Manager Skimmer Steals Credit Card Info From Magento Site 

From South America to Southeast Asia: The Fragile Web of REF7707 

Deep Learning-Driven Malware Classification with API Call Sequence Analysis and Concept Drift Handling

Hacking

Chinese-Speaking Group Manipulates SEO with BadIIS  

Apple fixes iPhone and iPad bug used in an ‘extremely sophisticated attack’

Fault Injection – Looking for a Unicorn   

Massive brute force attack uses 2.8 million IPs to target VPN devices 

Console Chaos: A Campaign Targeting Publicly Exposed Management Interfaces on Fortinet FortiGate Firewalls 

Android Deep Dive: Implicit Intents Introduction  

How Wiz found a Critical NVIDIA AI vulnerability:  Deep Dive into a container escape (CVE-2024-0132) 

Surge in attacks exploiting old ThinkPHP and ownCloud flaws

CVE-2025-1094: PostgreSQL psql SQL injection (FIXED)  

whoAMI: A cloud image name confusion attack   

GreyNoise Observes Active Exploitation of PAN-OS Authentication Bypass Vulnerability (CVE-2025-0108)  

Intelligence and Information Warfare

Another person targeted by Paragon spyware comes forward  

Sandworm APT Targets Ukrainian Users with Trojanized Microsoft KMS Activation Tools in Cyber Espionage Campaigns

The BadPilot campaign: Seashell Blizzard subgroup conducts multiyear global access operation

The Risk of a Taiwan Invasion Is Rising Fast     

China-linked Espionage Tools Used in Ransomware Attacks  

Analyzing DEEP#DRIVE: North Korean Threat Actors Observed Exploiting Trusted Platforms for Targeted Attacks    

The Rise of Cyber Espionage: UAV and C-UAV Technologies as Targets  

RedMike (Salt Typhoon) Exploits Vulnerable Cisco Devices of Global Telecommunications Providers

Spyware maker caught distributing malicious Android apps for years  

Operation Marstech Mayhem Lazarus Group’s Open-Source Trap: North Korea’s New Malware Tactic Targeting Developers and Crypto Wallets

Storm-2372 conducts device code phishing campaign 

Cybersecurity

DOGE Teen Owns ‘Tesla.Sexy LLC’ and Worked at Startup That Has Hired Convicted Hackers  

Meta staff torrented nearly 82TB of pirated books for AI training — court records reveal copyright violations 

Fortinet warns of new zero-day exploited to hijack firewalls

The February 2025 Security Update Review 

Barcelona-based spyware startup Variston shuts down, per filing  

Tackling AI security risks to unleash growth and deliver Plan for Change  

Nginx/Apache Path Confusion to Auth Bypass in PAN-OS (CVE-2025-0108)  

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, newsletter)