Security Affairs newsletter Round 513 by Pierluigi Paganini – INTERNATIONAL EDITION

Pierluigi Paganini March 02, 2025

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box.

Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Ransomware gangs exploit a Paragon Partition Manager BioNTdrv.sys driver zero-day

Microsoft disrupted a global cybercrime ring abusing Azure OpenAI Service

Attackers could hack smart solar systems and cause serious damages

Enhanced capabilities sustain the rapid growth of Vo1d botnet

Cisco fixed command injection and DoS flaws in Nexus switches

China-linked threat actors stole 10% of Belgian State Security Service (VSSE)’s staff emails

FBI: North Korea-linked TraderTraitor is responsible for $1.5 Billion Bybit hack

Criminal group UAC-0173 targets the Notary Office of Ukraine

Cellebrite blocked Serbia from using its solution because misuse of the equipment for political reasons

DragonForce Ransomware group is targeting Saudi Arabia

New Ghostwriter campaign targets Ukrainian Government and opposition activists in Belarus

New LightSpy spyware variant comes with enhanced data collection features targeting social media platforms

U.S. CISA adds Microsoft Partner Center and Synacor Zimbra Collaboration Suite flaws to its Known Exploited Vulnerabilities catalog

GitVenom campaign targets gamers and crypto investors by posing as fake GitHub projects

LockBit taunts FBI Director Kash Patel with alleged “Classified” leak threat

EU sanctioned the leader of North Korea-linked APT groups

U.S. CISA adds Adobe ColdFusion and Oracle Agile PLM flaws to its Known Exploited Vulnerabilities catalog

Russia warns financial sector organizations of IT service provider LANIT compromise

A large botnet targets M365 accounts with password spraying attacks

Australia bans Kaspersky over national security concerns

A data leak exposes the operations of the Chinese private firm TopSec, which provides Censorship-as-a-Service

SpyLend Android malware found on Google Play enabled financial cyber crime and extortion

Leaked Black Basta chat logs reveal the gang’s operations

U.S. CISA adds Microsoft Power Pages flaw to its Known Exploited Vulnerabilities catalog

Lazarus APT stole $1.5B from Bybit, it is the largest cryptocurrency heist ever

International Press – Newsletter

Cybercrime

Mining Company NioCorp Loses $500,000 in BEC Hack

Inside Black Basta’s Exposed Internal Chat Logs: A Firsthand Look

The Bleeding Edge of Phishing: darcula-suite 3.0 Enables DIY Phishing of Any Brand

The Largest Theft in History – Following the Money Trail from the Bybit Hack

Silent Killers: Unmasking a Large-Scale Legacy Driver Exploitation Campaign

Russian hackers extend olive branch to new FBI director Kash Patel

Processing 23 Billion Rows of ALIEN TXTBASE Stealer Logs

Streamjacking Scams On YouTube Leverage CS2 Pro Player Championships to Defraud Gamers

ALIEN TXTBASE Data Leak: A Deep Analysis of the Breach

DragonForce Ransomware Group is Targeting Saudi Arabia

U.S. Soldier Charged in AT&T Hack Searched “Can Hacking Be Treason”

Group-IB contributes to joint operation of Royal Thai Police and Singapore Police Force leading to arrest of cybercriminal behind more than 90 data leaks worldwide

UAC-0173 against the Notary Office of Ukraine (CERT-UA#13738)

North Korea Responsible for $1.5 Billion Bybit Hack

Leaked Black Basta Ransomware Chat Logs Reveal Inner Workings and Internal Conflicts

Silent Push Pivots into New Lazarus Group Infrastructure, Acquires Sensitive Intel Related to $1.4B ByBit Hack and Past Attacks

No, you’re not fired – but beware of job termination scams

Disrupting a global cybercrime network abusing generative AI

Malware

DragonForce Ransomware Group is Targeting Saudi Arabia

Massive Botnet Targets M365 with Stealthy Password Spraying Attacks

Notorious Malware, Spam Host “Prospero” Moves to Kaspersky Lab

The GitVenom campaign: cryptocurrency theft using GitHub

LightSpy Expands Command List to Include Social Media Platforms

Auto-Color: An Emerging and Evasive Linux Backdoor

Anubis: A New Ransomware Threat

PolarEdge: Unveiling an uncovered ORB network

GrassCall malware campaign drains crypto wallets via fake job interviews

Hacking

Indiana Jones: There Are Always Some Useful Ancient Relics

Streamlining vulnerability research with IDA Pro and Rust

First analysis of Apple’s USB Restricted Mode bypass (CVE-2025-24200)

360XSS: Mass Website Exploitation via Virtual Tour Framework for SEO Poisoning

Operation SalmonSlalom

A Disney Worker Downloaded an AI Tool. It Led to a Hack That Ruined His Life

How hackers capture your solar panels and cause grid havoc

Paragon Partition Manager contains five memory vulnerabilities within its BioNTdrv.sys driver that allow for privilege escalation and denial-of-service (DoS) attacks

Intelligence and Information Warfare

Censorship as a Service | Leak Reveals Public-Private Collaboration to Monitor Chinese Cyberspace

EU sanctions North Korean tied to Lazarus group over involvement in Ukraine war

Disrupting malicious uses of our models: an update February 2025

Ghostwriter | New Campaign Targets Ukrainian Government and Belarusian Opposition

Squidoor: Suspected Chinese Threat Actor’s Backdoor Targets Global Organizations

Erudite Mogwai Uses Custom Stowaway to Stealthily Advance Online

Winos 4.0 Spreads via Impersonation of Official Email to Target Users in Taiwan

Belgian prosecutor probes alleged Chinese hacking of intelligence service

Exclusive: Hegseth orders Cyber Command to stand down on Russia planning

Cybersecurity

Trump 2.0 Brings Cuts to Cyber, Consumer Protections

Skybox Security shuts down, lays off 300 employees as Tufin acquires assets

CERT-EU’s Annual Threat Landscape Report 2024

Serbia: Cellebrite halts product use in Serbia following Amnesty surveillance report

Geolocation data brokers: What they do and what happens when they leak

ALIEN TXTBASE Data Leak: A Deep Analysis of the Breach

Signal Adopted by Swedish Armed Forces for Secure Communications

Defending America’s Cyber Defenders

Meta is firing about 20 employees for leaking information

Meta’s undersea cable to be longer than the Earth is round

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, newsletter)

Cybercrime data breach Hacking hacking news IT Information Security malware Newsletter Pierluigi Paganini Security Affairs Security News

Pierluigi Paganini July 17, 2025

Stormous Ransomware gang targets North Country HealthCare, claims 600K patient data stolen

Pierluigi Paganini July 17, 2025

Security Affairs newsletter Round 513 by Pierluigi Paganini – INTERNATIONAL EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box.

International Press – Newsletter

you might also like

Stormous Ransomware gang targets North Country HealthCare, claims 600K patient data stolen

United Natural Foods Expects $400M revenue impact from June cyber attack

leave a comment

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

Stormous Ransomware gang targets North Country HealthCare, claims 600K patient data stolen

United Natural Foods Expects $400M revenue impact from June cyber attack

Cisco patches critical CVE-2025-20337 bug in Identity Services Engine with CVSS 10 Severity

UNC6148 deploys Overstep malware on SonicWall devices, possibly for ransomware operations

Operation Eastwood disrupted operations of pro-Russian hacker group NoName057(16)

QUICK LINKS

Security Affairs newsletter Round 513 by Pierluigi Paganini – INTERNATIONAL EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box.

you might also like

leave a comment

newsletter

Subscribe to my email list and stay up-to-date!

recent articles

Subscribe to my email list and stay
up-to-date!