Security Affairs Newsletter Round 520 by Pierluigi Paganini – INTERNATIONAL EDITION
Security Affairs Newsletter Round 520 by Pierluigi Paganini – INTERNATIONAL EDITION
TL;DR
The latest Security Affairs newsletter covers critical cybersecurity incidents, including vulnerabilities in SonicWall SMA appliances, ASUS routers, and Apple products. Key highlights include data breaches at Legends International and Hertz, updates on malware campaigns, and significant developments in cyber warfare.
Main Content
Weekly Security Affairs Newsletter
every week, the best security articles from Security Affairs are delivered straight to your inbox.
Enjoy the latest edition of the weekly Security Affairs newsletter, featuring top security articles and international press coverage.
Top Security Articles
| Topic | Link |
|---|---|
| Attackers Exploit SonicWall SMA Appliances Since January 2025 | Read More |
| ASUS Routers Vulnerable to Auth Bypass Exploit | Read More |
| U.S. CISA Adds Apple and Microsoft Windows NTLM Flaws to Known Exploited Vulnerabilities Catalog | Read More |
| Legends International Discloses Data Breach | Read More |
| China-Linked APT Mustang Panda Upgrades Tools | Read More |
| Node.js Malvertising Campaign Targets Crypto Users | Read More |
| Apple Releases Emergency Updates for Actively Exploited Flaws | Read More |
| U.S. CISA Adds SonicWall SMA100 Appliance Flaw to Known Exploited Vulnerabilities Catalog | Read More |
| CISA’s 11-Month Extension Ensures Continuity of MITRE’s CVE Program | Read More |
| Chinese Android Phones Shipped with Malware-Laced WhatsApp, Telegram Apps | Read More |
| Cyber Threats Against Energy Sector Surge as Global Tensions Mount | Read More |
| Government Contractor Conduent Discloses Data Breach | Read More |
| Critical Apache Roller Flaw Allows Unauthorized Access Even After Password Change | Read More |
| Meta to Use Public EU User Data to Train AI Models | Read More |
| Hertz Discloses Data Breach Following 2024 Cleo Zero-Day Attack | Read More |
| Gladinet Flaw CVE-2025-30406 Actively Exploited in the Wild | Read More |
| New Malware ‘ResolverRAT’ Targets Healthcare, Pharmaceutical Firms | Read More |
| Malicious NPM Packages Target PayPal Users | Read More |
| Tycoon2FA Phishing Kit Rolled Out Significant Updates | Read More |
| South African Telecom Provider Cell C Discloses Data Breach Following Cyberattack | Read More |
| China Admits Role in Volt Typhoon Cyberattacks on U.S. Infrastructure | Read More |
International Press – Newsletter
Cybercrime
- Pixel-Perfect Trap: The Surge of SVG-Borne Phishing Attacks
- Threat Actors Misuse Node.js to Deliver Malware and Other Malicious Payloads
- Byte Bandits: How Fake PDF Converters Are Stealing More Than Just Your Documents
- Man Helped Chinese Nationals Get Jobs Involving Sensitive US Government Projects
- Unmasking the New XorDDoS Controller and Infrastructure
Malware
- Malicious NPM Packages Targeting PayPal Users
- New Malware Variant Identified: ResolverRAT Enters the Maze
- Nice Chatting with You: What Connects Cheap Android Smartphones, WhatsApp, and Cryptocurrency Theft?
- BPFDoor’s Hidden Controller Used Against Asia, Middle East Targets
- Gorilla, a Newly Discovered Android Malware
- Cascading Shadows: An Attack Chain Approach to Avoid Detection and Complicate Analysis
- IronHusky Updates the Forgotten MysterySnail RAT to Target Russia and Mongolia
- Unmasking the New XorDDoS Controller and Infrastructure
- Byte Bandits: How Fake PDF Converters Are Stealing More Than Just Your Documents
- Renewed APT29 Phishing Campaign Against European Diplomats
- Goodbye HTA, Hello MSI: New TTPs and Clusters of an APT Driven by Multi-Platform Attacks
- Slow Pisces Targets Developers With Coding Challenges and Introduces New Customized Python Malware
- Threat Actors Misuse Node.js to Deliver Malware and Other Malicious Payloads
-
[Latest Mustang Panda Arsenal: ToneShell and StarProxy P1](https://www.zscaler.com/blogs/security-research/latest-mustang-panda-arsenal-toneshell-and-starproxy-p1) -
[Latest Mustang Panda Arsenal: PAKLOG, CorKLOG, and SplatCloak P2](https://www.zscaler.com/blogs/security-research/latest-mustang-panda-arsenal-paklog-corklog-and-splatcloak-p2) - Around the World in 90 Days: State-Sponsored Actors Try ClickFix
- Large Language Model (LLM) for Software Security: Code Analysis, Malware Analysis, Reverse Engineering
- Malware Analysis Assisted by AI with R2AI
- A Machine Learning-Based Ransomware Detection Method for Attackers’ Neutralization Techniques Using Format-Preserving Encryption
- AOAFS: A Malware Detection System Using an Improved Arithmetic Optimization Algorithm
Hacking
- Tycoon2FA New Evasion Technique for 2025
- CVE-2025-30406 – Critical Gladinet CentreStack & Triofox Vulnerability Exploited In The Wild
- Aiding Reverse Engineering with Rust and a Local LLM
- Apple Fixes Two Zero-Days Exploited in Targeted iPhone Attacks
- Task Scheduler – New Vulnerabilities for schtasks.exe
- Over 16,000 Fortinet Devices Compromised with symlink Backdoor
- Notorious Image Board 4chan Hacked and Internal Data Leaked
- Around the World in 90 Days: State-Sponsored Actors Try ClickFix
- CVE-2025-24054, NTLM Exploit in the Wild
- Credential Access Campaign Targeting SonicWall SMA Devices Potentially Linked to Exploitation of CVE-2021-20035
Intelligence and Information Warfare
- Goodbye HTA, Hello MSI: New TTPs and Clusters of an APT Driven by Multi-Platform Attacks
- Taiwan Charges Chinese Ship Captain with Breaking Subsea Cables
- Slow Pisces Targets Developers With Coding Challenges and Introduces New Customized Python Malware
- Renewed APT29 Phishing Campaign Against European Diplomats
- NSO Lawyer Names Mexico, Saudi Arabia, and Uzbekistan as Spyware Customers Accused of 2019 WhatsApp Hacks
- Gamaredon: The Turncoat Spies Relentlessly Hacking Ukraine
-
[Latest Mustang Panda Arsenal: ToneShell and StarProxy P1](https://www.zscaler.com/blogs/security-research/latest-mustang-panda-arsenal-toneshell-and-starproxy-p1) -
[Latest Mustang Panda Arsenal: PAKLOG, CorKLOG, and SplatCloak P2](https://www.zscaler.com/blogs/security-research/latest-mustang-panda-arsenal-paklog-corklog-and-splatcloak-p2)
Cybersecurity
- Making AI Work Harder for Europeans
- Govtech Giant Conduent Confirms Client Data Stolen in January Cyberattack
- CISA Extends CVE Program Contract with MITRE for 11 Months Amid Alarm Over Potential Lapse
- Google Adds Android Auto-Reboot to Block Forensic Data Extractions
- Pentagon’s ‘SWAT Team of Nerds’ Resigns En Masse
Follow me on:
(Source: Security Affairs)
Additional Resources
For further insights, check:
- Trustwave
- Microsoft Security Blog
- CloudSEK
- SecurityWeek
- Talos Intelligence
- Fortinet
- Morphisec
- Dr.Web
- Trend Micro
- Palo Alto Networks
- Proofpoint
- Check Point Research
- Seqrite
- Zscaler
- BleepingComputer
- TechCrunch
- The Record
- Wired
- Politico
- arXiv
- MDPI
Conclusion
The Security Affairs newsletter provides a comprehensive overview of the latest cybersecurity threats and developments. Staying informed about these issues is crucial for individuals and organizations to protect themselves against emerging threats.
References
This post is licensed under
CC BY 4.0
by the author.