A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Attackers exploited SonicWall SMA appliances since January 2025 ASUS routers with AiCloud vulnerable to auth bypass exploit U.S. […

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box.

Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Attackers exploited SonicWall SMA appliances since January 2025

ASUS routers with AiCloud vulnerable to auth bypass exploit

U.S. CISA adds Apple products and Microsoft Windows NTLM flaws to its Known Exploited Vulnerabilities catalog

Entertainment venue management firm Legends International disclosed a data breach

China-linked APT Mustang Panda upgrades tools in its arsenal

Node.js malvertising campaign targets crypto users

Apple released emergency updates for actively exploited flaws

U.S. CISA adds SonicWall SMA100 Appliance flaw to its Known Exploited Vulnerabilities catalog

CISA’s 11-Month extension ensures continuity of MITRE’s CVE Program

Chinese Android phones shipped with malware-laced WhatsApp, Telegram apps

Cyber Threats Against Energy Sector Surge as Global Tensions Mount

Government contractor Conduent disclosed a data breach

Critical Apache Roller flaw allows to retain unauthorized access even after a password change

Meta will use public EU user data to train its AI models

Hertz disclosed a data breach following 2024 Cleo zero-day attack

Gladinet flaw CVE-2025-30406 actively exploited in the wild

New malware ‘ResolverRAT’ targets healthcare, pharmaceutical firms

Security

Malicious NPM packages target PayPal users

Tycoon2FA phishing kit rolled out significant updates

South African telecom provider Cell C disclosed a data breach following a cyberattack

China admitted its role in Volt Typhoon cyberattacks on U.S. infrastructure

International Press – Newsletter

Cybercrime

Pixel-Perfect Trap: The Surge of SVG-Borne Phishing Attacks  

Threat actors misuse Node.js to deliver malware and other malicious payloads  

Byte Bandits: How Fake PDF Converters Are Stealing More Than Just Your Documents  

Man Helped Chinese Nationals Get Jobs Involving Sensitive US Government Projects  

Unmasking the new XorDDoS controller and infrastructure

Malware

Malicious NPM Packages Targeting PayPal Users

New Malware Variant Identified: ResolverRAT Enters the Maze      

Nice chatting with you: what connects cheap Android smartphones, WhatsApp and cryptocurrency theft?  

BPFDoor’s Hidden Controller Used Against Asia, Middle East Targets  

Gorilla, a newly discovered Android malware

Cascading Shadows: An Attack Chain Approach to Avoid Detection and Complicate Analysis

IronHusky updates the forgotten MysterySnail RAT to target Russia and Mongolia 

**** Unmasking the new XorDDoS controller and infrastructure      

***** Byte Bandits: How Fake PDF Converters Are Stealing More Than Just Your Documents

******Renewed APT29 Phishing Campaign Against European Diplomats  

**** Goodbye HTA, Hello MSI: New TTPs and Clusters of an APT driven by Multi-Platform Attacks  

******Slow Pisces Targets Developers With Coding Challenges and Introduces New Customized Python Malware 

***** Threat actors misuse Node.js to deliver malware and other malicious payloads

**** Latest Mustang Panda Arsenal: ToneShell and StarProxy | P1

**** Latest Mustang Panda Arsenal: PAKLOG, CorKLOG, and SplatCloak | P2       

***** Around the World in 90 Days: State-Sponsored Actors Try ClickFix

Large Language Model (LLM) for Software Security: Code Analysis, Malware Analysis, Reverse Engineering

Malware analysis assisted by AI with R2AI

A Machine Learning-Based Ransomware Detection Method for Attackers’ Neutralization Techniques Using Format-Preserving Encryption

AOAFS: A Malware Detection System Using an Improved Arithmetic Optimization Algorithm

Hacking

Tycoon2FA New Evasion Technique for 2025  

CVE-2025-30406 – Critical Gladinet CentreStack & Triofox Vulnerability Exploited In The Wild

Aiding reverse engineering with Rust and a local LLM  

Apple fixes two zero-days exploited in targeted iPhone attacks

Task Scheduler– New Vulnerabilities for schtasks.exe  

Over 16,000 Fortinet devices compromised with symlink backdoor 

Notorious image board 4chan hacked and internal data leaked

Around the World in 90 Days: State-Sponsored Actors Try ClickFix     

CVE-2025-24054, NTLM Exploit in the Wild 

Credential Access Campaign Targeting SonicWall SMA Devices Potentially Linked to Exploitation of CVE-2021-20035  

Intelligence and Information Warfare

Goodbye HTA, Hello MSI: New TTPs and Clusters of an APT driven by Multi-Platform Attacks  

Taiwan charges Chinese ship captain with breaking subsea cables 

Slow Pisces Targets Developers With Coding Challenges and Introduces New Customized Python Malware

Renewed APT29 Phishing Campaign Against European Diplomats

NSO lawyer names Mexico, Saudi Arabia, and Uzbekistan as spyware customers accused of 2019 WhatsApp hacks  

Gamaredon: The Turncoat Spies Relentlessly Hacking Ukraine 

Latest Mustang Panda Arsenal: ToneShell and StarProxy | P1

Latest Mustang Panda Arsenal: PAKLOG, CorKLOG, and SplatCloak | P2       

Cybersecurity

Making AI Work Harder for Europeans 

Govtech giant Conduent confirms client data stolen in January cyberattack  

CISA extends CVE program contract with MITRE for 11 months amid alarm over potential lapse

Google adds Android auto-reboot to block forensic data extractions    

Pentagon’s ‘SWAT team of nerds’ resigns en masse  

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, newsletter)

Source: SecurityAffairs
Source Link: https://securityaffairs.com/176716/breaking-news/security-affairs-newsletter-round-520-by-pierluigi-paganini-international-edition.html