Security Affairs Newsletter Round 515: Global Cybersecurity Insights

TL;DR

This edition of the Security Affairs newsletter covers critical cybersecurity updates, including new malware threats, significant data breaches, and vulnerabilities in widely-used software. Key highlights include the extradition of a LockBit ransomware developer, exploits targeting Fortinet firewalls, and new spyware linked to North Korea.

Main Content

Enjoy the latest round of the weekly Security Affairs newsletter, featuring top security articles and international press coverage.

Featured Articles

• New MassJacker Clipper Targets Pirated Software Seekers
• Cisco IOS XR Flaw Allows Attackers to Crash BGP Process on Routers
• LockBit Ransomware Developer Extradited to the U.S.
• SuperBlack Ransomware Exploits Fortinet Firewall Flaws
• U.S. CISA Adds Apple and Juniper Junos OS Flaws to Known Exploited Vulnerabilities Catalog
• GitLab Addresses Critical Auth Bypass Flaws
• North Korea-Linked APT Group ScarCruft Uses New Android Spyware KoSpy
• Experts Warn of Coordinated Surge in SSRF Vulnerability Exploitation
• Meta Warns of Actively Exploited Flaw in FreeType Library
• Medusa Ransomware Hits Over 300 Critical Infrastructure Organizations
• China-Linked APT UNC3886 Targets EoL Juniper Routers
• U.S. CISA Adds Six Microsoft Windows Flaws to Known Exploited Vulnerabilities Catalog
• Microsoft Patch Tuesday Fixes Six Actively Exploited Zero-Days
• New Ballista Botnet Exploits Unpatched TP-Link Flaw
• Apple Fixes Third Actively Exploited Zero-Day of 2025
• Switzerland Requires Cyberattack Reporting for Critical Infrastructure Within 24 Hours
• SideWinder APT Targets Maritime and Nuclear Sectors
• U.S. CISA Adds Advantive VeraCore and Ivanti EPM Flaws to Known Exploited Vulnerabilities Catalog
• Cybersecurity Challenges in Cross-Border Data Transfers and Regulatory Compliance Strategies
• Elon Musk Blames Massive Cyberattack for X Outages
• Experts Warn of Mass Exploitation of Critical PHP Flaw CVE-2024-4577
• RansomHouse Gang Claims Hack of Loretto Hospital in Chicago
• North Korea-Linked APT Moonstone Uses Qilin Ransomware
• Large-Scale Cryptocurrency Miner Campaign Targets Russian Users with SilentCryptoMiner
• Feds Seize $23 Million in Crypto Stolen Using Keys from LastPass Breaches
• Undocumented Hidden Feature Found in Espressif ESP32 Microchip

International Press – Newsletter

Cybercrime

• Texas Man Convicted of Sabotaging Employer’s Computer Systems and Deleting Data
• Cybercrime Crew Charged with Stealing and Reselling Concert Tickets, Including for Taylor Swift’s Eras Tour
• Feds Link $150M Cyberheist to 2022 LastPass Hacks
• Garantex Administrator Arrested in India at Request of US Authorities
• Phishing Campaign Impersonates Booking.com, Delivers Credential-Stealing Malware
• Dual Russian and Israeli National Extradited to the U.S. for Role in LockBit Ransomware Conspiracy
• Coinbase Phishing Email Tricks Users with Fake Wallet Migration
• Ransomware Attack Takes Down Health System Network in Micronesia

Malware

• Undercover Miner: YouTubers Distributing SilentCryptoMiner
• Ragnar Loader Analysis
• Desert Dexter: Attacks on Middle Eastern Countries
• Ballista – New IoT Botnet Targeting TP-Link Archer Routers
• Captain MassJacker Sparrow: Uncovering the Malware’s Buried Treasure
• Enhancing Malware Fingerprinting through Analysis of Evasive Techniques

Hacking

• Hidden Feature in ESP32 Chip Could Infect IoT Devices
• Mass Exploitation of Critical PHP-CGI Vulnerability (CVE-2024-4577)
• Unmasking New Persistent Attacks on Japan
• Musk Blames X Outages on Alleged ‘Massive’ Cyberattack
• Apple Fixes WebKit Zero-Day Exploited in Sophisticated Attacks
• Android Deserialization Deep Dive
• Meta Warns of FreeType Vulnerability with Active Exploitation Risk
• New Evidence Suggests Attackers Are Mapping Infrastructure Before Exploitation
• Jailbreaking Simpler Than You Think
• Eavesdropping on Black-Box Mobile Devices via Audio Amplifier’s EMR

Intelligence and Information Warfare

• Canadian Intelligence Agency Warns of Threat AI Poses to Upcoming Elections
• SideWinder Targets Maritime and Nuclear Sectors with Updated Toolset
• Ghost in the Router: China-Nexus Espionage Actor Targets Juniper Routers
• Lazarus Strikes npm Again with New Wave of Malicious Packages
• Blind Eagle: And Justice for All
• Lookout Discovers New Spyware by North Korean APT37
• Former Top NSA Cyber Official: Probationary Firings ‘Devastating’ to Cyber, National Security
• Hunting Active Threats in Littleton’s Grid with the Dragos Platform and OT Watch

Cybersecurity

• Accelerated Takedowns: Limiting Dwell Time and Damage
• ESP32 Undocumented Bluetooth Commands: Clearing the Air
• Reducing the Cybersecurity Risks of Connected BMS
• Reporting Cyberattacks on Critical Infrastructure Mandatory from April 2025
• March 2025 Security Update Review
• Apple’s Lockdown Mode: Good for Security, but Baffling Notifications
• Sign in as Anyone: Bypassing SAML SSO Authentication with Parser Differentials
• Saudi Arabia Buys Pokémon Go and All of Your Location Data

Additional Resources

For further insights, check:

• Cybersecurity & Infrastructure Security Agency (CISA)
• National Cyber Security Centre (NCSC)
• European Union Agency for Cybersecurity (ENISA)

Conclusion

The Security Affairs newsletter continues to provide critical insights into the evolving landscape of cybersecurity. Stay informed to protect against emerging threats and vulnerabilities. For the latest updates, follow @securityaffairs on Twitter, Facebook, and Mastodon. Connect with Pierluigi Paganini for more expert insights.

For more details, visit the full article: source

References