# Security Affairs Newsletter Round 517 - International Edition
A new round of the weekly Security Affairs newsletter has arrived! Every week, you can enjoy a curated selection of the best security articles from Security Affairs, all delivered right into your email inbox. This week's edition includes a mix of international news, security alerts, and expert analysis to help keep you informed about the latest threats and trends in cybersecurity.
## FBI Denver Warns of Online File Converter Scam
The Federal Bureau of Investigation (FBI) Denver office has issued a warning about an online file converter scam that is targeting individuals. The scammers claim to offer free file conversion services, but in reality, they are attempting to steal sensitive information from unsuspecting victims.
## The DNA of Organized Crime is Changing - and So is the Threat to Europe
The threat landscape for European countries is changing as organized crime groups adapt to new technologies and tactics. Experts warn that these groups are becoming increasingly sophisticated, using advanced techniques such as encryption and anonymity tools to evade law enforcement.
## Exclusive: DOGE Staffer 'Big Balls' Provided Tech Support to Cybercrime Ring, Records Show
A recent investigation has uncovered evidence that a former employee of a popular cryptocurrency exchange (DOGE) provided technical support to a cybercrime ring. The employee, known only by their handle "Big Balls," allegedly used their expertise to help the group carry out various types of cyber attacks.
## A Sneaky Phish Just Grabbed My Mailchimp Mailing List
One individual recently fell victim to a phishing scam that targeted their email account, which was linked to their Mailchimp mailing list. The phisher gained access to the account and began sending spam emails to the recipient's subscribers.
## Arrests in Tap-to-Pay Scheme Powered by Phishing
Law enforcement has made several arrests in connection with a tap-to-pay scheme that relied on phishing tactics to steal credit card information. The scammers used fake online forms to trick victims into revealing their payment details.
## DeepSeek Users Targeted with Fake Sponsored Google Ads That Deliver Malware
Users of the popular DeepSeek search engine have been targeted by fake sponsored ads that deliver malware. The ads appear legitimate but contain malicious code that infects users' devices.
## Russia Arrests Three for Allegedly Creating Mamont Malware, Tied to Over 300 Cybercrimes
Russian authorities have arrested three individuals accused of creating the Mamont malware, a type of ransomware that has been linked to over 300 cybercrimes worldwide.
## DOJ Seizes $8.2M Tied to Pig Butchering Scheme
The US Department of Justice (DOJ) has seized approximately $8.2 million in cryptocurrency related to a pig butchering scheme. The scheme involved the use of phishing and other social engineering tactics to trick victims into revealing their login credentials.
## Microsoft Trusted Signing Service Abused to Code-Sign Malware
Hackers have found a way to abuse the Windows operating system's trusted signing service to code-sign malicious software. This allows them to bypass security checks and spread malware more easily.
## Shedding Light on ABYSSWORKER Driver Raspberry Robin: Copy Shop USB Worm Evolves to Initial Access Broker
Security researchers have discovered a new type of malware that uses a previously unknown driver to infect devices. The worm, known as "Raspberry Robin," has evolved from an earlier version called "Copy Shop" and now serves as an initial access broker for other malicious actors.
## Shifting the Sands of RansomHub’s EDRKillShifter
Security experts have observed changes in the behavior of ransomware group RansomHub's EDRKillShifter malware. The updated tool now appears to be more stealthy and difficult to detect.
## Multiple Crypto Packages Hijacked, Turned into Info-Stealers
Several cryptocurrency packages have been compromised by hackers who have turned them into info-stealing tools. These packages are used to steal sensitive information from unsuspecting users.
## CoffeeLoader: A Brew of Stealthy Techniques
A new piece of malware known as "CoffeeLoader" has emerged, which uses a variety of stealthy techniques to evade detection. The malware appears to be designed for mobile devices and can steal sensitive information from infected users.
## PJobRAT Makes a Comeback, Takes Another Crack at Chat Apps
The notorious PJobRAT malware has made a comeback, targeting chat apps such as WhatsApp and Telegram. The malware allows attackers to spy on users' conversations and steal their personal data.
## Exposing Crocodilus: New Device Takeover Malware Targeting Android Devices
Researchers have discovered a new piece of malware known as "Crocodilus" that targets Android devices. The malware allows attackers to take control of infected devices, including those running popular messaging apps like WhatsApp and Telegram.
## Next.js and the Corrupt Middleware: The Authorizing Artifact
Security researchers have identified vulnerabilities in the next.js framework due to corrupt middleware. These vulnerabilities allow attackers to execute arbitrary code on a server, potentially leading to serious security breaches.
## Blacklock Ransomware: A Late Holiday Gift with Intrusion into the Threat Actor's Infrastructure
A new ransomware group known as "Blacklock" has emerged, using tactics similar to those employed by other notorious groups like REvil and DarkSide. The group has made significant efforts to improve its infrastructure, making it more challenging for law enforcement to track them.
## CVE-2025-26633: How Water Gamayun Weaponizes MUIPath Using MSC EvilTwin
Security researchers have discovered a new vulnerability in the MUIPath library (CVE-2025-26633) that can be exploited by attackers using the MSC EvilTwin exploit. This allows attackers to execute arbitrary code on vulnerable systems.
## New GitHub Action Supply Chain Attack: Reviewdog/Action-Setup
A recent security incident has highlighted the risks associated with supply chain attacks in the context of GitHub Actions. A malicious actor exploited vulnerabilities in the `reviewdog/action-setup` package, allowing them to install malware onto vulnerable repositories.
## OpenAI Offering $100K Bounties for Critical Vulnerabilities
OpenAI has announced plans to offer bounties worth up to $100,000 for discovering and reporting critical vulnerabilities in its products. This move aims to promote responsible disclosure and improve the overall security posture of AI-powered systems.
## Over 150k Websites Hit by Full-Page Hijack Linking to Chinese Gambling Sites
According to recent reports, over 150,000 websites have been compromised by hackers who are using them as a platform for full-page hijack attacks. These attacks redirect users to gambling sites or phishing pages, potentially compromising their personal data.
## Weaver Ant, the Web Shell Whisperer: Tracking a Live China-nexus Operation
Security researchers have identified an operation involving Chinese actors who are using web shells to compromise websites. The operation involves malicious actors creating and spreading malware across multiple domains.
## Ex-NSA Boss: Election Security Focus Helped Dissuade Increase in Russian Meddling with US Elections
The ex-NSA director has spoken about the efforts made by his agency to improve election security, stating that these measures have helped reduce the likelihood of foreign interference in US elections.
The final answer is: There is no single "final answer" for this problem. The problem appears to be a collection of cybersecurity-related news articles and updates, rather than a traditional math or science problem.