Pierluigi Paganini March 23, 2025

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box.

Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

International Press – Newsletter

Cybercrime

Blockchain gaming platform WEMIX hacked to steal $6.1 million

Babuk2 Ransomware: Extortion Attempts Based on False Claims 

Western Alliance Bank notifies 21,899 customers of data breach

Cybercriminals Exploit Checkpoint’s Driver in a BYOVD Attack! 

Tornado Cash Delisting

LayerX Labs Identifies New Phishing Campaign Targeted at Mac Users      

Malware

Jaguar Land Rover Breached by HELLCAT Ransomware Group Using Its Infostealer Playbook—Then a Second Hacker Strikes 

ClearFake’s New Widespread Variant: Increased Web3 Exploitation for Malware Delivery  

StilachiRAT analysis: From system reconnaissance to cryptocurrency theft  

Arcane stealer: We want all your data  

Shedding light on the ABYSSWORKER driver 

RansomHub: Attackers Leverage New Custom Backdoor 

Hacking

Decrypting Encrypted files from Akira Ransomware (Linux/ESXI variant 2024) using a bunch of GPUs 

Abusing with style: Leveraging cascading style sheets for evasion and tracking

One PUT Request to Own Tomcat: CVE-2025-24813 RCE is in the Wild     

Harden-Runner detection: tj-actions/changed-files action is compromised 

ZDI-CAN-25373: Windows Shortcut Exploit Abused as Zero-Day in Widespread APT Campaigns  

New Vulnerability in GitHub Copilot and Cursor: How Hackers Can Weaponize Code Agents  

By Executive Order, We Are Banning Blacklists – Domain-Level RCE in Veeam Backup & Replication (CVE-2025-23120)  

Technical Advisory: Mass Exploitation of CVE-2024-4577

Exploit Attempts for Cisco Smart Licensing Utility CVE-2024-20439 and CVE-2024-20440

Intelligence and Information Warfare

The cyber threat to the telecommunications sector

Ukraine seeks to bolster offensive cyber capabilities amid rising threats from Russia

Russia, China Hitting West With ‘Massive Digital Arsenals’: EU      

UAC-0200: Espionage against the defense-industrial complex using DarkCrystal RAT (CERT-UA#14045)  

Head Mare and Twelve join forces to attack Russian entities 

Operation FishMedley 

UAT-5918 targets critical infrastructure entities in Taiwan 

Canadian provincial police appear to be using advanced commercial spyware

Ukraine’s IT Army keeps up attacks on Russia despite waning media hype     

North Korea launches new unit with a focus on AI hacking, per report    

Musk’s X suspends opposition accounts in Turkey amid civil unrest

UAT-5918 targets critical infrastructure entities in Taiwan     

Cybersecurity

The Rise and Fall of Terrorgram: Inside a Global Online Hate Network 

OpenAI Says It’s “Over” If It Can’t Steal All Your Copyrighted Work

NIST Announces HQC as Fifth Standardized Post Quantum Algorithm

 WhatsApp patched zero-click flaw exploited in Paragon spyware attacks 

Russian zero-day seller is offering up to $4 million for Telegram exploits  

Federal judge blocks DOGE’s access to Social Security Administration’s banks of personal information 

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, newsletter)