Security Affairs.

"Japan's FSA warns of unauthorized trades via stolen credentials from fake security firms' sites."

Views expressed in this cybersecurity, cyber crime update are those of the reporters and correspondents.  Accessed on 22 April 2025, 1325 UTC.

Content and Source:  Email subscription via https://feedly.com).

Russ Roberts (https://www.hawaiicybersecurityjournal.net).

 Security Affairs

72K followers24 articles per week

#security#tech

46

Most popular

Japan ’s FSA warns of unauthorized trades via stolen credentials from fake security firms’ sites

Valid Accounts (Enterprise T1078)

•

by Pierluigi Paganini / 4h

Japan ’s Financial Services Agency (FSA) warns of hundreds of millions in unauthorized trades linked to hacked brokerage accounts. Japan ’s Financial Services Agency (FSA) reported that the damage caused by unauthorized access to and transactions on internet trading services is increasing. “There has been a sharp increase in the number of cases of unauthorized access and unauthorized trading (tra

CISA’s 11-Month extension ensures continuity of MITRE’s CVE Program

23by Pierluigi Paganini / 5d

MITRE’s U.S.-funded CVE program, a core cybersecurity tool for tracking vulnerabilities, faces funding expiry Wednesday, risking disruption to global security. U.S. government funding for MITRE ’s CVE program , a key global cybersecurity resource for cataloging vulnerabilities, is set to expire Wednesday, risking disruption. The 25-year-old program has assigned over 274,000 CVE IDs for public sec

Apple released emergency updates for actively exploited flaws

by Pierluigi Paganini / 5d

Apple released emergency updates to fix iOS, iPadOS & macOS vulnerabilities actively exploited in sophisticated attacks. Apple released out‑of‑band security updates to address two vulnerabilities, tracked as CVE-2025-31200 and CVE-2025-31201, impacting iOS, iPadOS & macOS. The company confirmed that the flaws have been exploited in a small number of “extremely sophisticated” attacks against iOS t

Yesterday

Abilene city, Texas, takes systems offline following a cyberattack

Abilene city hit by cyberattack

•

by Pierluigi Paganini / 3h

Abilene, Texas, shut down systems after a cyberattack caused server issues. IT staff and experts are investigating the security incident. Abilene, Texas, shut down systems after a cyberattack caused server issues. The incident occurred on April 18, 2025, emergency services remained operational, and no financial irregularities were found. “On April 18, 2025, City officials received reports of unre

Kimsuky APT exploited BlueKeep RDP flaw in attacks against South Korea and Japan

13 TTPs

•

by Pierluigi Paganini / 18h

Researchers spotted a new North Korea-linked group Kimsuky ‘s campaign, exploiting a patched Microsoft Remote Desktop Services flaw to gain initial access. While investigating a security breach, the AhnLab SEcurity intelligence Center (ASEC) researchers discovered a North Korea-linked group Kimsuky ‘s campaign, tracked as Larva-24005. Attackers exploited an RDP vulnerability to gain initial acces

Apr 20, 2025

New sophisticate malware SuperCard X targets Androids via NFC relay attacks

13 TTPs

•

by Pierluigi Paganini / 1d

•

SuperCard X malware targets NFC fraud

‘SuperCard X’ – a new MaaS – targets Androids via NFC relay attacks, enabling fraudulent POS and ATM transactions with stolen card data. Cleafy researchers discovered a new malware-as-a-service (MaaS) called SuperCard X targeting Android devices with NFC relay attacks for fraudulent cash-outs. Attackers promote the MaaS through Telegram channels, analysis shows SuperCard X builds had Telegram lin

Russia-linked APT29 targets European diplomatic entities with GRAPELOADER malware

IoC > 2 domains

•

by Pierluigi Paganini / 1d

•

14 TTPs

•

APT29 targets European diplomats phishing

Russia-linked group APT29 targeted diplomatic entities across Europe with a new malware loader codenamed GRAPELOADER. Check Point Research team reported that Russia-linked cyberespionage group APT29 (aka SVR group , Cozy Bear , Nobelium , BlueBravo , Midnight Blizzard , and The Dukes ) is behind a sophisticated phishing campaign targeting European diplomatic entities, using a new WINELOADER varia

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 42

by Pierluigi Paganini / 1d

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malicious NPM Packages Targeting PayPal Users New Malware Variant Identified: ResolverRAT Enters the Maze Nice chatting with you: what connects cheap Android smartphones, WhatsApp and cryptocurrency theft? BPFDoor’s Hidden Controller Used Against Asia, Middle East

Security Affairs newsletter Round 520 by Pierluigi Paganini – INTERNATIONAL EDITION

by Pierluigi Paganini / 2d

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Attackers exploited SonicWall SMA appliances since January 2025 ASUS routers with AiCloud vulnerable to auth bypass exploit U.S. CISA adds Apple products

Apr 19, 2025

Attackers exploited SonicWall SMA appliances since January 2025

7 TTPs

•

by Pierluigi Paganini / 2d

Threat actors are actively exploiting a remote code execution flaw in SonicWall Secure Mobile Access (SMA) appliances since January 2025. Arctic Wolf researchers warn that threat actors actively exploit a vulnerability, tracked as CVE-2021-20035 (CVSS score of 7.1), in SonicWall Secure Mobile Access (SMA) since at least January 2025. The vulnerability is an OS Command Injection Vulnerability in t

Apr 18, 2025

ASUS routers with AiCloud vulnerable to auth bypass exploit

CVE-2025-2492

•

by Pierluigi Paganini / 3d

ASUS warns of an authentication bypass vulnerability in routers with AiCloud enabled that could allow unauthorized execution of functions on the device. ASUS warns of an authentication bypass vulnerability, tracked as CVE-2025-2492 (CVSS v4 score: 9.2), which impacts routers with AiCloud enabled. A remote attacker can trigger the flaw to perform unauthorized execution of functions on the device.

U.S. CISA adds Apple products and Microsoft Windows NTLM flaws to its Known Exploited Vulnerabilities catalog

CVE-2025-24054

•

by Pierluigi Paganini / 4d

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Apple products and Microsoft Windows NTLM flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Apple products and Microsoft Windows NTLM vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog . Below are the descriptions of the flaws: CVE-2025-312

Apr 17, 2025

Entertainment venue management firm Legends International disclosed a data breach

Impact (Enterprise TA0040)

•

by Pierluigi Paganini / 4d

•

Legends International suffers data breach

Legends International disclosed a data breach from November 2024 that affected employees and visitors to its managed venues. Legends International is a global leader in sports and entertainment venue management, specializing in delivering comprehensive solutions for stadiums, arenas, and attractions. The company offers a 360-degree service platform that includes strategic planning, sales, partner

China-linked APT Mustang Panda upgrades tools in its arsenal

19 TTPs

•

by Pierluigi Paganini / 4d

•

Mustang Panda updates malware tools

China-linked APT group Mustang Panda deployed a new custom backdoor, MQsTTang, in recent attacks targeting Europe, Asia, and Australia. China-linked APT group Mustang Panda (aka Camaro Dragon , RedDelta or Bronze President ). deployed a new custom backdoor, tracked as MQsTTang, in recent attacks targeting entities in Europe, Asia, and Australia. Mustang Panda has been active since at least 2012,

Node.js malvertising campaign targets crypto users

17 TTPs

•

by Pierluigi Paganini / 4d

•

Node.js exploited for malware delivery

Microsoft warns of a malvertising campaign using Node.js to deliver info-stealing malware via fake crypto trading sites like Binance and TradingView. Microsoft has observed Node.js increasingly used in malware campaigns since October 2024, including an ongoing crypto-themed malvertising attack as of April 2025. Threat actors are increasingly using Node.js to deploy malware, shifting from traditio

Apr 16, 2025

U.S. CISA adds SonicWall SMA100 Appliance flaw to its Known Exploited Vulnerabilities catalog

Execution (Enterprise TA0002)

•

by Pierluigi Paganini / 5d

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds SonicWall SMA100 Appliance flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a SonicWall SMA100 Appliance flaw, tracked as CVE-2021-20035 , to its Known Exploited Vulnerabilities (KEV) catalog . The vulnerability is an OS Command Injection Vulnerability in th

Chinese Android phones shipped with malware-laced WhatsApp, Telegram apps

Malware on cheap Android steals crypto

•

200+by Pierluigi Paganini / 6d

Cheap Chinese Android phones ship with trojanized WhatsApp and Telegram clones hiding crypto clippers, active since June 2024. Since June 2024, Doctor Web researchers found cheap Android phones preloaded with fake WhatsApp and Telegram apps designed to steal crypto via clipping. These clippers swap copied wallet addresses with the attackers’ own. The campaign targeted low-end phones mimicking fam

Apr 15, 2025

Cyber Threats Against Energy Sector Surge as Global Tensions Mount

by Pierluigi Paganini / 6d

Resecurity warns of rising cyberattacks on the energy sector, some linked to large-scale campaigns targeting national infrastructure for geopolitical aims. Resecurity warns about the increase in targeted cyberattacks against enterprises in the energy sector worldwide. Some of these attacks represent much larger campaigns designed to target country-level infrastructure, acting as tools for geopoli

Government contractor Conduent disclosed a data breach

3 TTPs

•

by Pierluigi Paganini / 6d

•

Conduent confirms data theft incident

The business services provider Conduent told the SEC a January cyberattack exposed personal data, including names and Social Security numbers. The business services provider Conduent revealed that personal information, including names and Social Security numbers, was stolen in a January cyberattack. In January, Conduent confirmed a cyberattack caused service disruptions after agencies in multiple

Critical Apache Roller flaw allows to retain unauthorized access even after a password change

4 TTPs

•

by Pierluigi Paganini / 6d

A critical flaw (CVE-2025-24859, CVSS 10) in Apache Roller lets attackers keep access even after password changes. All versions ≤6.1.4 are affected. A critical vulnerability, tracked as CVE-2025-24859 (CVSS score of 10.0), affects the Apache Roller open-source, Java-based blogging server software. The flaw is a session management issue that impacts in Apache Roller before version 6.1.5 where acti

Meta will use public EU user data to train its AI models

Meta to train AI in EU

•

by Pierluigi Paganini / 6d

Meta announced that it will use public EU user data to train AI, resuming plans paused last year over Irish data protection concerns. Meta will start training its AI models using public data from adults in the EU, after pausing the plan last year over data protection concerns raised by Irish regulators. In June 2024, the social media giant announced it was delaying the training of its large langu

Apr 14, 2025

Hertz disclosed a data breach following 2024 Cleo zero-day attack

2 TTPs

•

by Pierluigi Paganini / 7d

Hertz Corporation disclosed a data breach after customer data was stolen via Cleo zero-day exploits in late 2024, affecting Hertz, Thrifty, and Dollar brands. Car rental giant Hertz Corporation disclosed a data breach that impacted its Hertz, Thrifty, and Dollar brands. Threat actors gained access to customer data via Cleo zero-day exploits in late 2024. “Cleo is a vendor that provides a file tra

Gladinet flaw CVE-2025-30406 actively exploited in the wild

11 TTPs

•

by Pierluigi Paganini / 7d

Huntress reports active exploitation of Gladinet CVE-2025-30406 in the wild, affecting seven organizations and 120 endpoints. Security researchers at Huntress warn of attacks in the wild exploiting a critical vulnerability, tracked as CVE-2025-30406 , in Gladinet CentreStack and Triofox software. The vulnerability CVE-2025-30406 (CVSS score 9.0) is a deserialization issue due to the CentreStack p

New malware ‘ResolverRAT’ targets healthcare, pharmaceutical firms

20 TTPs

•

by Pierluigi Paganini / 7d

•

ResolverRAT malware targets healthcare sector

New malware ‘ResolverRAT’ is targeting healthcare and pharmaceutical firms, using advanced capabilities to steal sensitive data. Morphisec researchers discovered a new malware dubbed ‘ResolverRAT’ that is targeting healthcare and pharmaceutical firms, using advanced capabilities to steal sensitive data. ResolverRAT spreads via phishing emails using localized languages and legal lures. Victims dow

Malicious NPM packages target PayPal users

8 TTPs

•

by Pierluigi Paganini / 7d

•

Malicious NPM packages target PayPal

Threat actors deploy malicious NPM packages to steal PayPal credentials and hijack cryptocurrency transfers. Fortinet researchers discovered multiple malicious NPM packages that are used to target PayPal users. The packages were uploaded to the repository in early March by a threat actor known as tommyboy_h1 and tommyboy_h2 , and were used to steal PayPal credentials and hijack cryptocurrency tra

Apr 13, 2025

Tycoon2FA phishing kit rolled out significant updates

5 TTPs

•

by Pierluigi Paganini / 8d

The operators of the Phishing-as-a-Service (PhaaS) platform Tycoon2FA have rolled out significant updates to enhance its evasion capabilities. Tycoon2FA, a phishing kit discovered in 2023 by cybersecurity firm Sekoia, was recently updated to improve its evasion capabilities. The phishing kit now uses advanced evasion tactics such as a custom CAPTCHA via HTML5 canvas, invisible Unicode in obfuscat

South African telecom provider Cell C disclosed a data breach following a cyberattack

6 TTPs

•

by Pierluigi Paganini / 8d

•

Cell C data breach exposes user information

Cell C, one of the biggest telecom providers in South Africa confirms a data breach following a 2024 cyberattack. Cell C is the fourth-largest mobile network operator in South Africa, ,after Vodacom, MTN, and Telkom. The company founded in 2001 offers prepaid and postpaid mobile plans, data bundles and internet services, fiber broadband, roaming and international calling, SIM-only plans and devic

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 41

by Pierluigi Paganini / 9d

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Lazarus Expands Malicious npm Campaign: 11 New Packages Add Malware Loaders and Bitbucket Payloads BadBazaar: iOS and Android Surveillanceware by China’s APT15 Used to Target Tibetans and Uyghurs GOFFEE continues to attack organizations in Russia Atomic and Exodus

Security Affairs newsletter Round 519 by Pierluigi Paganini – INTERNATIONAL EDITION

by Pierluigi Paganini / 9d

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Symbolic Link trick