Internet Security

Security Affairs newsletter Round 511 by Pierluigi Paganini – INTERNATIONAL EDITION

February 16, 2025 add comment

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box.

Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

U.S. CISA adds Apple iOS and iPadOS and Mitel SIP Phones flaws to its Known Exploited Vulnerabilities catalog
Attackers exploit recently disclosed Palo Alto Networks PAN-OS firewalls bug
U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog
China-linked APT Salt Typhoon breached telecoms by exploiting Cisco router flaws
Experts discovered PostgreSQL flaw chained with BeyondTrust zeroday in targeted attacks
Valve removed the game PirateFi from the Steam video game platform because contained a malware
The Rise of Cyber Espionage: UAV and C-UAV Technologies as Targets
China-linked APTs’ tool employed in RA World Ransomware attack
Russia-linked APT Seashell Blizzard is behind the long running global access operation BadPilot campaign
Sarcoma ransomware gang claims the theft of sensitive data from PCB maker Unimicron
Cyber Crime
Russian cybercriminal Alexander Vinnik is being released from U.S. custody in exchange for Marc Fogel
North Korea-linked APT Emerald Sleet is using a new tactic
U.S. CISA adds Microsoft Windows, Zyxel device flaws to its Known Exploited Vulnerabilities catalog
Microsoft Patch Tuesday security updates for February 2025 ficed 2 actively exploited bugs
Hacking
Attackers exploit a new zero-day to hijack Fortinet firewalls
Security
OpenSSL patched high-severity flaw CVE-2024-12797
Progress Software fixed multiple high-severity LoadMaster flaws
Security
Artificial intelligence (AI) as an Enabler for Enhanced Data Security
Crooks use Google Tag Manager skimmer to steal credit card data from a Magento-based e-stores
Operation Phobos Aetor: Police dismantled 8Base ransomware gang
Apple fixes iPhone and iPad bug exploited in ‘extremely sophisticated attacks’
HPE is notifying individuals affected by a December 2023 attack
XE Group shifts from credit card skimming to exploiting zero-days
UK Gov demands backdoor to access Apple iCloud backups worldwide

International Press – Newsletter

Cybercrime

XE Group: From Credit Card Skimming to Exploiting Zero-Days  

Four alleged hackers arrested in Phuket for hacking 17 Swiss firms  

The Untold Story of a Crypto Crimefighter’s Descent Into Nigerian Prison Security

Amsterdam police dismantle digital criminal network; 127 servers taken offline

AFP joins global crackdown on cybercriminal infrastructure provider      

Did You Download This Steam Game? Sorry, It’s Windows Malware  

Malware

Mobile Indian Cyber Heist: FatBoyPanel And His Massive Data Breach

Google Tag Manager Skimmer Steals Credit Card Info From Magento Site 

From South America to Southeast Asia: The Fragile Web of REF7707 

Deep Learning-Driven Malware Classification with API Call Sequence Analysis and Concept Drift Handling

Hacking

Chinese-Speaking Group Manipulates SEO with BadIIS  

Apple fixes iPhone and iPad bug used in an ‘extremely sophisticated attack’

Fault Injection – Looking for a Unicorn   

Massive brute force attack uses 2.8 million IPs to target VPN devices 

Console Chaos: A Campaign Targeting Publicly Exposed Management Interfaces on Fortinet FortiGate Firewalls 

Android Deep Dive: Implicit Intents Introduction  

How Wiz found a Critical NVIDIA AI vulnerability:  Deep Dive into a container escape (CVE-2024-0132) 

Surge in attacks exploiting old ThinkPHP and ownCloud flaws

CVE-2025-1094: PostgreSQL psql SQL injection (FIXED)  

whoAMI: A cloud image name confusion attack   

GreyNoise Observes Active Exploitation of PAN-OS Authentication Bypass Vulnerability (CVE-2025-0108)  

Intelligence and Information Warfare

Another person targeted by Paragon spyware comes forward  

Sandworm APT Targets Ukrainian Users with Trojanized Microsoft KMS Activation Tools in Cyber Espionage Campaigns

The BadPilot campaign: Seashell Blizzard subgroup conducts multiyear global access operation

The Risk of a Taiwan Invasion Is Rising Fast     

China-linked Espionage Tools Used in Ransomware Attacks  

Analyzing DEEP#DRIVE: North Korean Threat Actors Observed Exploiting Trusted Platforms for Targeted Attacks    

The Rise of Cyber Espionage: UAV and C-UAV Technologies as Targets  

RedMike (Salt Typhoon) Exploits Vulnerable Cisco Devices of Global Telecommunications Providers

Spyware maker caught distributing malicious Android apps for years  

Operation Marstech Mayhem Lazarus Group’s Open-Source Trap: North Korea’s New Malware Tactic Targeting Developers and Crypto Wallets

Storm-2372 conducts device code phishing campaign 

Cybersecurity

DOGE Teen Owns ‘Tesla.Sexy LLC’ and Worked at Startup That Has Hired Convicted Hackers  

Meta staff torrented nearly 82TB of pirated books for AI training — court records reveal copyright violations 

Fortinet warns of new zero-day exploited to hijack firewalls

The February 2025 Security Update Review 

Barcelona-based spyware startup Variston shuts down, per filing  

Tackling AI security risks to unleash growth and deliver Plan for Change  

Nginx/Apache Path Confusion to Auth Bypass in PAN-OS (CVE-2025-0108)  

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, newsletter)

Leave a Reply

Your email address will not be published. Required fields are marked *

Subscribe to our Newsletter