Security Affairs newsletter Round 512 by Pierluigi Paganini – INTERNATIONAL EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box.

Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Lazarus APT stole $1.5B from Bybit, it is the largest cryptocurrency heist ever

Apple removes iCloud encryption in UK following backdoor demand

B1ack’s Stash released 1 Million credit cards

U.S. CISA adds Craft CMS and Palo Alto Networks PAN-OS flaws to its Known Exploited Vulnerabilities catalog

Atlassian fixed critical flaws in Confluence and Crowd

Salt Typhoon used custom malware JumbledPath to spy U.S. telecom providers

NailaoLocker ransomware targets EU healthcare-related entities

Microsoft fixed actively exploited flaw in Power Pages

Citrix addressed NetScaler console privilege escalation flaw

Palo Alto Networks warns that CVE-2025-0111 flaw is actively exploited in attacks

Russia-linked APTs target Signal messenger

Venture capital firm Insight Partners discloses security breach

OpenSSH bugs allows Man-in-the-Middle and DoS Attacks

U.S. CISA adds SonicWall SonicOS and Palo Alto PAN-OS flaws to its Known Exploited Vulnerabilities catalog

Juniper Networks fixed a critical flaw in Session Smart Routers

China-linked APT group Winnti targets Japanese organizations since March 2024

Xerox VersaLink C7025 Multifunction printer flaws may expose Windows Active Directory credentials to attackers

New XCSSET macOS malware variant used in limited attacks

Dutch Police shut down bulletproof hosting provider Zservers and seized 127 servers

New Golang-based backdoor relies on Telegram for C2 communication

Pro-Russia collective NoName057(16) launched a new wave of DDoS attacks on Italian sites

whoAMI attack could allow remote code execution within AWS account

Storm-2372 used the device code phishing technique since August 2024

International Press – Newsletter

Cybercrime

Amsterdam police dismantle digital criminal network; 127 servers taken offline 

Another Lizard Arrested, Lizard Lair Hacked 

X Phishing | Campaign Targeting High Profile Accounts Returns, Promoting Crypto Scams 

StaryDobry ruins New Year’s Eve, delivering miner instead of presents  

How Phished Data Turns into Apple & Google Wallets  

US Army soldier pleads guilty to AT&T and Verizon hacks  

Thailand ready to welcome 7,000 trafficked scam call center victims back from Myanmar

B1ack’s Stash Releases 1 Million Credit Cards on a Deep Web Forum

Malware

You’ve Got Malware: FINALDRAFT Hides in Your Drafts  

Telegram Abused as C2 Channel for New Golang Backdoor  

Infostealing Malware Infections in the U.S. Military & Defense Sector: A Cybersecurity Disaster in the Making  

Analyzing ELF/Sshdinjector.A!tr with a Human and Artificial Analyst  

Training Approach for Long Short-Term Memory Network Classifier

Hacking

whoAMI: A cloud image name confusion attack

Xerox Versalink C7025 Multifunction Printer: Pass-Back Attack Vulnerabilities (FIXED)

How Hackers Manipulate Agentic AI with Prompt Engineering        

Palo Alto Networks tags new firewall bug as exploited in attacks  

Bybit Confirms Record-Breaking $1.46 Billion Crypto Heist in Sophisticated Cold Wallet Attack

Intelligence and Information Warfare

Multiple Russian Threat Actors Targeting Microsoft Device Code Authentication  

Earth Preta Mixes Legitimate and Malicious Components to Sidestep Detection 

Signals of Trouble: Multiple Russia-Aligned Threat Actors Actively Targeting Signal Messenger

Backdoored Executables for Signal, Line, and Gmail Target Chinese-Speaking Users  

Spanish spyware startup Mollitiam Industries shuts down

DOGE Now Has Access to the Top US Cybersecurity Agency    

Meet NailaoLocker: a ransomware distributed in Europe by ShadowPad and PlugX backdoors  

Weathering the storm: In the midst of a Typhoon  

We need a new doctrine for Cyberdefence  

Cybersecurity

EFF Sues OPM, DOGE and Musk for Endangering the Privacy of Millions  

Protecting Global Data Privacy: The Urgent Need for Encryption Safeguards

X is reportedly blocking links to secure Signal contact pages      

Qualys TRU Discovers Two Vulnerabilities in OpenSSH: CVE-2025-26465 & CVE-2025-26466 

Nearly 10% of employee gen AI prompts include sensitive data 

Signals of Trouble: Multiple Russia-Aligned Threat Actors Actively Targeting Signal Messenger  

Apple Removes Cloud Encryption Feature From UK After Backdoor Order  

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, newsletter)