Security Affairs newsletter Round 511 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs newsletter Round 511 by Pierluigi Paganini – INTERNATIONAL EDITION

Pierluigi Paganini Pierluigi Paganini

Pierluigi Paganini

CEO CYBHORUS - Direttore OSSERVATORIO SULLA CYBERSECURITY UNIPEGASO

发布日期: 2025年2月16日
+ 关注

Security Affairs newsletter Round 511 by Pierluigi Paganini – INTERNATIONAL EDITION

U.S. CISA adds Apple iOS and iPadOS and Mitel SIP Phones flaws to its Known Exploited Vulnerabilities catalog

Attackers exploit recently disclosed Palo Alto Networks PAN-OS firewalls bug

U.S. CISA adds SimpleHelp?flaw to its Known Exploited Vulnerabilities catalog

China-linked APT Salt Typhoon breached telecoms by exploiting Cisco router flaws

Experts discovered PostgreSQL flaw chained with BeyondTrust zeroday in targeted attacks

Valve removed the game PirateFi from the Steam video game platform because contained a malware

The Rise of Cyber Espionage: UAV and C-UAV Technologies as Targets

China-linked APTs' tool employed in RA World Ransomware attack

Russia-linked APT Seashell Blizzard is behind the long running global access operation BadPilot campaign

Sarcoma ransomware gang claims the theft of sensitive data from PCB maker Unimicron

Cyber Crime

Russian cybercriminal Alexander Vinnik is being released from U.S. custody in exchange for Marc Fogel

North Korea-linked APT Emerald Sleet is using a new tactic

U.S. CISA adds Microsoft Windows, Zyxel device flaws to its Known Exploited Vulnerabilities catalog

Microsoft Patch Tuesday security updates for February 2025 ficed 2 actively exploited bugs

Hacking

Attackers exploit a new zero-day to hijack Fortinet firewalls

Security

OpenSSL patched high-severity flaw CVE-2024-12797

Progress Software fixed multiple high-severity LoadMaster flaws

Security

Artificial intelligence (AI) as an Enabler for Enhanced Data Security

Crooks use Google Tag Manager skimmer to steal credit card data from a Magento-based e-stores

Operation Phobos Aetor: Police dismantled 8Base ransomware gang

Apple fixes iPhone and iPad bug exploited in ‘extremely sophisticated attacks’

HPE is notifying individuals affected by a December 2023 attack

XE Group shifts from credit card skimming to exploiting zero-days

UK Gov demands backdoor to access Apple iCloud backups worldwide

International Press – Newsletter

?

Cybercrime

XE Group: From Credit Card Skimming to Exploiting Zero-Days??

Four alleged hackers arrested in Phuket for hacking 17 Swiss firms??

The Untold Story of a Crypto Crimefighter’s Descent Into Nigerian Prison Security

Amsterdam police dismantle digital criminal network; 127 servers taken offline

AFP joins global crackdown on cybercriminal infrastructure provider?? ???

Did You Download This Steam Game? Sorry, It's Windows Malware??

?

Malware

Mobile Indian Cyber Heist: FatBoyPanel And His Massive Data Breach

Google Tag Manager Skimmer Steals Credit Card Info From Magento Site?

From South America to Southeast Asia: The Fragile Web of REF7707?

Deep Learning-Driven Malware Classification with API Call Sequence Analysis and Concept Drift Handling


Hacking

Chinese-Speaking Group Manipulates SEO with BadIIS??

Apple fixes iPhone and iPad bug used in an ‘extremely sophisticated attack’

Fault Injection – Looking for a Unicorn???

Massive brute force attack uses 2.8 million IPs to target VPN devices?

Console Chaos: A Campaign Targeting Publicly Exposed Management Interfaces on Fortinet FortiGate Firewalls?

Android Deep Dive: Implicit Intents Introduction??

How Wiz found a Critical NVIDIA AI vulnerability:? Deep Dive into a container escape (CVE-2024-0132)?

Surge in attacks exploiting old ThinkPHP and ownCloud flaws

CVE-2025-1094: PostgreSQL psql SQL injection (FIXED)??

whoAMI: A cloud image name confusion attack???

GreyNoise Observes Active Exploitation of PAN-OS Authentication Bypass Vulnerability (CVE-2025-0108)??

?

Intelligence and Information Warfare

Another person targeted by Paragon spyware comes forward??

Sandworm APT Targets Ukrainian Users with Trojanized Microsoft KMS Activation Tools in Cyber Espionage Campaigns

The BadPilot campaign: Seashell Blizzard subgroup conducts multiyear global access operation

The Risk of a Taiwan Invasion Is Rising Fast?? ??

China-linked Espionage Tools Used in Ransomware Attacks??

Analyzing DEEP#DRIVE: North Korean Threat Actors Observed Exploiting Trusted Platforms for Targeted Attacks ???

The Rise of Cyber Espionage: UAV and C-UAV Technologies as Targets??

RedMike (Salt Typhoon) Exploits Vulnerable Cisco Devices of Global Telecommunications Providers

Spyware maker caught distributing malicious Android apps for years??

Operation Marstech Mayhem Lazarus Group’s Open-Source Trap: North Korea’s New Malware Tactic Targeting Developers and Crypto Wallets

Storm-2372 conducts device code phishing campaign?

?

Cybersecurity

DOGE Teen Owns ‘Tesla.Sexy LLC’ and Worked at Startup That Has Hired Convicted Hackers??

Meta staff torrented nearly 82TB of pirated books for AI training — court records reveal copyright violations?

Fortinet warns of new zero-day exploited to hijack firewalls

The February 2025 Security Update Review?

Barcelona-based spyware startup Variston shuts down, per filing??

Tackling AI security risks to unleash growth and deliver Plan for Change??

Nginx/Apache Path Confusion to Auth Bypass in PAN-OS (CVE-2025-0108)??

?

Follow me on Twitter:?@securityaffairs?and?Facebook?and?Mastodon

Pierluigi?Paganini

(SecurityAffairs?–?hacking,?newsletter)

?


要查看或添加评论,请登录

Pierluigi Paganini的更多文章