# Security Affairs Newsletter Round 524 - International Edition

A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy this latest installment, featuring a curated selection of the most significant security news from around the world.

### Crypto Swapping Service Shut Down

The crypto swapping service "eXch" has been shut down by Moldovan authorities following a massive ransomware attack on Dutch research agency, DANS (Data Archiving and Network Services). The attackers demanded a ransom of €100,000 in exchange for the safe return of sensitive data.

### Interlock Ransomware: A Threat to the Defense Industrial Base

Interlock ransomware has been making waves in recent months, with its impact extending beyond individual organizations to supply chains. This type of attack can have severe consequences for the defense industrial base, where even a single breach could compromise national security.

### Administrator Extradited From Kosovo to The United States

An administrator of an online criminal marketplace has been extradited from Kosovo to the United States. The suspect, identified as 32-year-old Samir T. of Tirana, was accused of facilitating money laundering and cryptocurrency thefts worth over $263 million.

### Coinbase Rejects $20M Ransom After Rogue Contractors Bribed

Coinbase has rejected a ransom demand of $20 million after discovering that rogue contractors had bribed employees to leak sensitive customer data. The incident highlights the ongoing threat of insider attacks in the cybersecurity space.

### Defending Against UNC3944: Cybercrime Hardening Guidance from the Frontlines

The latest guidance on how to defend against UNC3944, a variant of ransomware that has been gaining traction, comes from the frontlines of cybercrime hardening. Experts are sharing their knowledge and best practices for mitigating this threat.

### High Risk Warning for Windows Ecosystem: New Botnet Family HTTPBot is Expanding

A new botnet family, HTTPBot, has emerged in the Windows ecosystem, posing a significant risk to users worldwide. This malware-laced network is expanding rapidly, making it essential to take immediate action to protect your devices and data.

### One-Click RCE in ASUS's Preinstalled Driver Software Revealed

Researchers have discovered a critical vulnerability in ASUS's preinstalled driver software, allowing for one-click Remote Code Execution (RCE). This exploit has significant implications for the manufacturer and its customers.

### SAP Zero – Frostbite: How Russian RaaS Actor Qilin Exploited CVE-2025-31324 Weeks Before Public Disclosure

A sophisticated threat actor, identified as Qilin, exploited a previously undisclosed vulnerability in SAP Zero – Frostbite before it was publicly disclosed. This attack highlights the importance of staying informed about the latest security patches and vulnerability disclosures.

### Marbled Dust leverages zero-day in Output Messenger for regional espionage

Marbled Dust, a nation-state actor, has been leveraging a zero-day exploit in Microsoft's Output Messenger to conduct regional espionage operations. This incident underscores the ongoing threat of state-sponsored cyberattacks and the need for robust security measures.

### China-Nexus Nation State Actors Exploit SAP NetWeaver (CVE-2025-31324) to Target Critical Infrastructures

China-Nexus, a nation-state actor, has been exploiting a critical vulnerability in SAP NetWeaver (CVE-2025-31324) to target critical infrastructure. This incident highlights the ongoing threat of cyberattacks against critical national assets.

### ReliaQuest Uncovers New Critical Vulnerability in SAP NetWeaver

ReliaQuest has discovered a new critical vulnerability in SAP NetWeaver, which could be exploited by attackers to gain unauthorized access to sensitive data. This finding emphasizes the importance of regular vulnerability assessments and patch management.

### Robot Soldiers, Neural Networks: How Machine Vision Is Changing Warfare

The intersection of machine vision and warfare is transforming the nature of conflict. With advancements in AI-powered systems, military organizations are adopting more sophisticated tactics to stay ahead of adversaries.

### Chinese 'Kill Switches' Found Hidden in US Solar Farms

Researchers have discovered "kill switches" hidden in solar farms across the United States. These malicious devices could potentially be used to disrupt or sabotage critical infrastructure, highlighting the ongoing threat of industrial espionage and sabotage.

### Google to Pay Texas $1.4 billion in Data Privacy Settlement

Google has agreed to pay the state of Texas $1.4 billion as part of a data privacy settlement. This incident underscores the growing importance of protecting personal data in the digital age.

### Protecting Our Customers – Standing Up to Extortionists

The security community is coming together to combat extortionists and protect vulnerable customers. This collaborative effort highlights the ongoing need for robust security measures and awareness campaigns to prevent and respond to these types of attacks.

### Nova Scotia Power confirms hackers stole customer data in cyberattack

Nova Scotia Power has confirmed that a cyberattack resulted in the theft of sensitive customer data. The incident underscores the importance of securing critical infrastructure against cyber threats.

### 'They Yanked Their Own Plug': How Co-op Averted an Even Worse Cyber Attack

A Canadian energy cooperative, Co-op Energy Services, narrowly avoided a devastating cyberattack by recognizing and responding to the threat quickly. This near-miss highlights the importance of staying vigilant in the face of emerging cybersecurity risks.

### noyb sends Meta ‘cease and desist’ letter over AI training

noyb has issued a cease and desist letter to Meta over its use of AI-powered facial recognition technology. The incident underscores the growing scrutiny surrounding the development and deployment of AI-powered technologies in sensitive areas.

### European Class Action as Potential Next Step for Meta

A potential class action lawsuit against Meta is underway, focusing on the company's alleged misuse of user data for AI training purposes. This incident highlights the ongoing debate around data privacy and responsible AI development.

### Cofense Reveals Rapid Rise in AI-Powered Phishing: New Threat Every 42 Seconds

Cofense has reported a rapid increase in AI-powered phishing attacks, with new threats emerging every 42 seconds. This finding emphasizes the need for organizations to stay vigilant and proactive in responding to these types of threats.

### Japan Enacts New Active Cyberdefense Law Allowing for Offensive Cyber Operations

Japan has enacted a new law allowing for offensive cyber operations against cyber threats. This development marks an important shift in the country's approach to cybersecurity, highlighting the ongoing trend towards adopting more aggressive countermeasures against malicious actors.

Stay informed about the latest security news and trends by following me on Twitter (@securityaffairs)