Pierluigi Paganini April 20, 2025

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box.

Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

International Press – Newsletter

Cybercrime

Pixel-Perfect Trap: The Surge of SVG-Borne Phishing Attacks  

Threat actors misuse Node.js to deliver malware and other malicious payloads  

Byte Bandits: How Fake PDF Converters Are Stealing More Than Just Your Documents  

Man Helped Chinese Nationals Get Jobs Involving Sensitive US Government Projects  

Unmasking the new XorDDoS controller and infrastructure

Malware

Malicious NPM Packages Targeting PayPal Users

New Malware Variant Identified: ResolverRAT Enters the Maze      

Nice chatting with you: what connects cheap Android smartphones, WhatsApp and cryptocurrency theft?  

BPFDoor’s Hidden Controller Used Against Asia, Middle East Targets  

Gorilla, a newly discovered Android malware

Cascading Shadows: An Attack Chain Approach to Avoid Detection and Complicate Analysis

Hacking

Tycoon2FA New Evasion Technique for 2025  

CVE-2025-30406 – Critical Gladinet CentreStack & Triofox Vulnerability Exploited In The Wild

Aiding reverse engineering with Rust and a local LLM  

Apple fixes two zero-days exploited in targeted iPhone attacks

Task Scheduler– New Vulnerabilities for schtasks.exe  

Over 16,000 Fortinet devices compromised with symlink backdoor 

Notorious image board 4chan hacked and internal data leaked

Around the World in 90 Days: State-Sponsored Actors Try ClickFix     

CVE-2025-24054, NTLM Exploit in the Wild 

Credential Access Campaign Targeting SonicWall SMA Devices Potentially Linked to Exploitation of CVE-2021-20035  

Intelligence and Information Warfare

Goodbye HTA, Hello MSI: New TTPs and Clusters of an APT driven by Multi-Platform Attacks  

Taiwan charges Chinese ship captain with breaking subsea cables 

Slow Pisces Targets Developers With Coding Challenges and Introduces New Customized Python Malware

Renewed APT29 Phishing Campaign Against European Diplomats

NSO lawyer names Mexico, Saudi Arabia, and Uzbekistan as spyware customers accused of 2019 WhatsApp hacks  

Gamaredon: The Turncoat Spies Relentlessly Hacking Ukraine 

Latest Mustang Panda Arsenal: ToneShell and StarProxy | P1

Latest Mustang Panda Arsenal: PAKLOG, CorKLOG, and SplatCloak | P2       

Cybersecurity

Making AI Work Harder for Europeans 

Govtech giant Conduent confirms client data stolen in January cyberattack  

CISA extends CVE program contract with MITRE for 11 months amid alarm over potential lapse

Google adds Android auto-reboot to block forensic data extractions    

Pentagon’s ‘SWAT team of nerds’ resigns en masse  

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, newsletter)