Security Affairs Newsletter Round 519: Comprehensive Global Cybersecurity Updates

TL;DR

The latest Security Affairs newsletter, Round 519, offers a comprehensive overview of recent cybersecurity threats, vulnerabilities, and data breaches. This edition covers critical topics such as the exploitation of WordPress plugins, significant data breaches, and emerging cyber threats.

Main Content

---

layout: post title: “Security Affairs newsletter Round 519 by Pierluigi Paganini – INTERNATIONAL EDITION” date: 2025-04-13 categories: [Breaking News, Cybercrime, data breach, Hacking, hacking news, information security news, IT Information Security, Newsletter, Security Affairs, Security News] tags: [cybersecurity, threat-intelligence] author: “Vitus” —

TL;DR

The latest Security Affairs newsletter, Round 519, offers a comprehensive overview of recent cybersecurity threats, vulnerabilities, and data breaches. This edition covers critical topics such as the exploitation of WordPress plugins, significant data breaches, and emerging cyber threats.

Main Content

Weekly SecurityAffairs Newsletter

A new round of the weekly SecurityAffairs newsletter has arrived! Every week, the best security articles from Security Affairs are delivered straight to your email inbox.

Enjoy the latest round of the weekly SecurityAffairs newsletter, featuring top stories from the international press.

Top Stories This Week

Symbolic Link trick lets attackers bypass FortiGate patches, Fortinet warns

Attackers are exploiting recently disclosed OttoKit WordPress plugin flaw

Laboratory Services Cooperative data breach impacts 1.6 Million People

Palo Alto warns of brute-force login attempts on PAN-OS GlobalProtect gateways indicating possible upcoming attacks

Gamaredon targeted the military mission of a Western country based in Ukraine

U.S. CISA adds Linux Kernel flaws to its Known Exploited Vulnerabilities catalog

AkiraBot: AI-Powered spam bot evades CAPTCHA to target 80,000+ websites

An APT group exploited ESET flaw to execute malware

Oracle confirms the hack of two obsolete servers hacked. No Oracle Cloud systems or customer data were affected

National Social Security Fund of Morocco Suffers Data Breach

Critical Fortinet FortiSwitch flaw allows remote attackers to change admin passwords

The US Treasury’s OCC disclosed an undetected major email breach for over a year

U.S. CISA adds Gladinet CentreStack and ZTA Microsoft Windows Common Log File System (CLFS) Driver flaws to its Known Exploited Vulnerabilities catalog

WhatsApp fixed a spoofing flaw that could enable Remote Code Execution

Everest ransomware group’s Tor leak site offline after a defacement

Google fixed two actively exploited Android zero-days

U.S. CISA adds Ivanti Connect Secure, Policy Secure and ZTA Gateways flaw to its Known Exploited Vulnerabilities catalog

A member of the Scattered Spider cybercrime group pleads guilty

The controversial case of the threat actor EncryptHub

PoisonSeed Campaign uses stolen email credentials to spread crypto seed scams and and empty wallets

EDR-as-a-Service makes the headlines in the cybercrime landscape

Oracle privately notifies Cloud data breach to customers

Expert used ChatGPT-4o to create a replica of his passport in just 5 minutes bypassing KYC

International Press – Newsletter

Cybercrime

• Unmasking EncryptHub: Help from ChatGPT & OPSEC blunders
• PoisonSeed Campaign Targets CRM and Bulk Email Providers in Supply Chain Spam Operation
• Palm Coast man linked to ‘Scattered Spider’ cybercrime gang pleads guilty to charges related to cryptocurrency theft
• Everest ransomware group’s darknet site offline following defacement
• Food giant WK Kellogg discloses data breach linked to Clop ransomware
• Cybercriminals Attacked National Social Security Fund of Morocco – Millions of Digital Identities at Risk of Data Breach
• Operation Endgame follow-up leads to five detentions and interrogations as well as server takedowns
• South African telecom provider serving 7.7 million confirms data leak following cyberattack

Malware

• Lazarus Expands Malicious npm Campaign: 11 New Packages Add Malware Loaders and Bitbucket Payloads
• BadBazaar: iOS and Android Surveillanceware by China’s APT15 Used to Target Tibetans and Uyghurs
• Attackers distributing a miner and the ClipBanker Trojan via SourceForge

• [AkiraBot

  AI-Powered Bot Bypasses CAPTCHAs, Spams Websites At Scale](https://www.sentinelone.com/labs/akirabot-ai-powered-bot-bypasses-captchas-spams-websites-at-scale/)

• Lookout Mobile Threat Landscape Report – 2024 in Review
• Newly Registered Domains Distributing SpyNote Malware

Hacking

• NSA, CISA, FBI, and International Partners Release Cybersecurity Advisory on “Fast Flux,” a National Security Threat
• Surge in Palo Alto Networks Scanner Activity Indicates Possible Upcoming Threats
• Critical SureTriggers Plugin Vulnerability Exploited within 4 hours
• Exploitation of CLFS zero-day leads to ransomware activity
• Fortinet – Analysis of Threat Actor Activity

Intelligence and Information Warfare

• BeaverTail and Tropidoor Malware Distributed via Recruitment Emails
• Hackers Spied on 100 US Bank Regulators’ Emails for Over a Year
• How ToddyCat tried to hide behind AV software
• Court document reveals locations of WhatsApp victims targeted by NSO spyware
• Shuckworm Targets Foreign Military Mission Based in Ukraine
• Targeted espionage activity UAC-0226 against innovation centers, government and law enforcement agencies using the GIFTEDCROOK stealer
• China Admitted to Volt Typhoon Cyberattacks on US Critical Infrastructure: Report

Cybersecurity

• Alan Turing Institute: UK can’t handle a fight against AI-enabled crims
• EU answer to Trump may involve data use by Big Tech, France says
• Google fixes Android zero-days exploited in attacks, 60 other flaws
• WhatsApp Vulnerability Could Facilitate Remote Code Execution
• Trump orders probe of former cybersecurity chief for declaring 2020 election secure
• Cybersecurity industry falls silent as Trump turns ire on SentinelOne
• Cybersecurity Community Must Not Remain Silent On Executive Order Attacking Former CISA Director
• Ransomware attack cost IKEA operator in Eastern Europe $23 million
• Ex-Meta exec tells Senate Zuck dangled US citizen data in bid to enter China

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

SecurityAffairs – hacking, newsletter

Conclusion

The latest Security Affairs newsletter highlights the ongoing challenges in the cybersecurity landscape. From critical vulnerabilities in popular plugins to significant data breaches, the newsletter underscores the importance of staying vigilant and proactive in defending against cyber threats.

References