A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. U.S. Treasury removed sanctions against the crypto mixer service Tornado Cash Zero-day broker Operation Zero offers up to […

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box.

Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

U.S. Treasury removed sanctions against the crypto mixer service Tornado Cash

Zero-day broker Operation Zero offers up to $4 million for Telegram exploits

RansomHub affiliate uses custom backdoor Betruger

Cisco Smart Licensing Utility flaws actively exploited in the wild

Pennsylvania State Education Association data breach impacts 500,000 individuals

Veeam fixed critical Backup & Replication flaw CVE-2025-23120

U.S. CISA adds Edimax IC-7100 IP Camera, NAKIVO, and SAP NetWeaver AS Java flaws to its Known Exploited Vulnerabilities catalog

CERT-UA warns of cyber espionage against the Ukrainian defense industry using Dark Crystal RAT

WhatsApp fixed zero-day flaw used to deploy Paragon Graphite spyware

California Cryobank, the largest US sperm bank, disclosed a data breach

Rules File Backdoor: AI Code Editors exploited for silent supply chain attacks

U.S. CISA adds Fortinet FortiOS/FortiProxy and GitHub Action flaws to its Known Exploited Vulnerabilities catalog

Nation-state actors and cybercrime gangs abuse malicious .lnk files for espionage and data theft

ChatGPT SSRF bug quickly becomes a favorite attack vector

GitHub Action tj-actions/changed-files was compromised in supply chain attack

New StilachiRAT uses sophisticated techniques to avoid detection

Threat actors rapidly exploit new Apache Tomcat flaw following PoC release

Attackers use CSS to create evasive phishing messages

Researcher releases free GPU-Based decryptor for Linux Akira ransomware

Denmark warns of increased state-sponsored campaigns targeting the European telcos

A ransomware attack hit the Micronesian state of Yap, causing the health system network to go down.

International Press – Newsletter

Cybercrime

Blockchain gaming platform WEMIX hacked to steal $6.1 million

Babuk2 Ransomware: Extortion Attempts Based on False Claims 

Western Alliance Bank notifies 21,899 customers of data breach

Cybercriminals Exploit Checkpoint’s Driver in a BYOVD Attack! 

Tornado Cash Delisting

LayerX Labs Identifies New Phishing Campaign Targeted at Mac Users      

Malware

Jaguar Land Rover Breached by HELLCAT Ransomware Group Using Its Infostealer Playbook—Then a Second Hacker Strikes 

ClearFake’s New Widespread Variant: Increased Web3 Exploitation for Malware Delivery  

StilachiRAT analysis: From system reconnaissance to cryptocurrency theft  

Arcane stealer: We want all your data  

Shedding light on the ABYSSWORKER driver 

RansomHub: Attackers Leverage New Custom Backdoor 

Hacking

Decrypting Encrypted files from Akira Ransomware (Linux/ESXI variant 2024) using a bunch of GPUs 

Abusing with style: Leveraging cascading style sheets for evasion and tracking

One PUT Request to Own Tomcat: CVE-2025-24813 RCE is in the Wild     

Harden-Runner detection: tj-actions/changed-files action is compromised 

ZDI-CAN-25373: Windows Shortcut Exploit Abused as Zero-Day in Widespread APT Campaigns  

New Vulnerability in GitHub Copilot and Cursor: How Hackers Can Weaponize Code Agents  

By Executive Order, We Are Banning Blacklists – Domain-Level RCE in Veeam Backup & Replication (CVE-2025-23120)  

Technical Advisory: Mass Exploitation of CVE-2024-4577

Exploit Attempts for Cisco Smart Licensing Utility CVE-2024-20439 and CVE-2024-20440

Intelligence and Information Warfare

The cyber threat to the telecommunications sector

Ukraine seeks to bolster offensive cyber capabilities amid rising threats from Russia

Russia, China Hitting West With ‘Massive Digital Arsenals’: EU      

UAC-0200: Espionage against the defense-industrial complex using DarkCrystal RAT (CERT-UA#14045)  

Head Mare and Twelve join forces to attack Russian entities 

Operation FishMedley 

UAT-5918 targets critical infrastructure entities in Taiwan 

Canadian provincial police appear to be using advanced commercial spyware

Ukraine’s IT Army keeps up attacks on Russia despite waning media hype     

North Korea launches new unit with a focus on AI hacking, per report    

Musk’s X suspends opposition accounts in Turkey amid civil unrest

UAT-5918 targets critical infrastructure entities in Taiwan     

Cybersecurity

The Rise and Fall of Terrorgram: Inside a Global Online Hate Network 

OpenAI Says It’s “Over” If It Can’t Steal All Your Copyrighted Work

NIST Announces HQC as Fifth Standardized Post Quantum Algorithm

 WhatsApp patched zero-click flaw exploited in Paragon spyware attacks 

Russian zero-day seller is offering up to $4 million for Telegram exploits  

Federal judge blocks DOGE’s access to Social Security Administration’s banks of personal information 

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, newsletter)

Source: SecurityAffairs
Source Link: https://securityaffairs.com/175740/breaking-news/security-affairs-newsletter-round-516-by-pierluigi-paganini-international-edition.html