Security Affairs Newsletter Round 538 by Pierluigi Paganini – INTERNATIONAL EDITION

A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Breaking News and Updates

• Justice Department Announces Seizure of Over $2.8 Million in Cryptocurrency, Cash, and other Assets
• Colt Telecom attack claimed by WarLock ransomware, data up for sale
• Serial hacker who defaced official websites is sentenced
• Oregon man charged with administering “Rapper Bot” DDoS-for-hire

The Justice Department has announced the seizure of over $2.8 million in cryptocurrency, cash, and other assets as part of an ongoing investigation into a series of cyber attacks.

Ransomware and Malware

Colt Telecom, a company that provides telecommunications services to businesses, was hit by a WarLock ransomware attack. The attackers demanded payment of $50,000 in exchange for the release of sensitive data.

Serial hacker who defaced official websites is sentenced

A serial hacker who defaced numerous official websites has been sentenced to several years in prison. The hacker, who was identified as a 25-year-old man from Oregon, used social media to promote his malicious activities.

DDoS-for-Hire and Botnets

• Serial hacker who defaced official websites is sentenced
• Oregon man charged with administering “Rapper Bot” DDoS-for-hire

The Rapper Bot, a DDoS-for-hire service, was used to launch targeted attacks against businesses in the United States.

Botnet Fraud-as-a-Service: The Rising Threat to Africa’s Digital Future

Botnet Fraud-as-a-Service (BFA) has become a significant threat to Africa's digital future. BFA is a service that allows attackers to rent botnets, which are networks of compromised devices that can be used to launch DDoS attacks and other malicious activities.

SIM-Swapper, Scattered Spider Hacker Gets 10 Years

A SIM-swap scammer who was caught by law enforcement has been sentenced to 10 years in prison. The hacker, who used a technique known as "scattered spider hacking" to evade detection, targeted businesses and individuals in the United States.

Colt confirms customer data stolen as Warlock ransomware auctions files

Colt Telecom has confirmed that customer data was stolen during the recent WarLock ransomware attack. The company has announced plans to notify affected customers and provide additional support.

African authorities dismantle massive cybercrime and fraud networks, recover millions

African authorities have dismantled a massive cybercrime and fraud network, recovering millions of dollars in stolen funds. The network was operated by a group of hackers who used social engineering tactics to trick victims into sending money.

Europol confirms $50,000 Qilin ransomware reward is fake

Europol has confirmed that the $50,000 Qilin ransomware reward offered for information leading to the capture of the Qilin ransomware group was fake. The reward was announced as part of a larger effort to disrupt the group's operations.

Hunt.io Exposes and Analyzes ERMAC V3.0 Banking Trojan

Hunt.io, a cybersecurity firm, has exposed and analyzed the ERMAC V3.0 banking Trojan. The malware was designed to steal sensitive financial information from victims.

Evolution of the PipeMagic backdoor: from the RansomExx incident to CVE-2025-29824

The PipeMagic backdoor has evolved significantly since its initial discovery in 2019. The backdoor, which was first spotted in the RansomExx malware, has been linked to several high-profile attacks and vulnerabilities.

Noodlophile Stealer Evolves: Targeted Copyright Phishing Hits Enterprises with Social Media Footprints

The Noodlophile Stealer malware has evolved to target enterprises with social media footprints. The malware, which was first spotted in 2020, uses phishing tactics to trick victims into downloading the malicious software.

GodRAT – New RAT targeting financial institutions

A new piece of malware known as GodRAT has been discovered, targeting financial institutions. The malware is designed to steal sensitive financial information from victims.

From Support Ticket to Zero Day New Exploit for Critical SAP Vulnerability CVE-2025-31324 Released in the Wild

A critical vulnerability in SAP software was recently disclosed by security researchers. The vulnerability, known as CVE-2025-31324, allows attackers to execute arbitrary code on affected systems.

Hijacked Satellites and Orbiting Space Weapons: In the 21st Century, Space Is the New Battlefield

The use of hijacked satellites and orbiting space weapons is becoming increasingly common. This trend highlights the evolving nature of warfare in the 21st century.

Google says its AI-based bug hunter found 20 security vulnerabilities

Google has announced that its AI-based bug hunter, known as "AI-powered bug detection," has identified over 20 security vulnerabilities. The AI-powered system uses machine learning algorithms to detect potential security threats in Google's software.

“Scamlexity” We Put Agentic AI Browsers to the Test – They Clicked, They Paid, They Failed

A recent test of agentic AI browsers found that they were vulnerable to clickjacking attacks. The test involved exposing the browsers to a series of malicious websites and tracking their responses.

Brazil: 121,981 files were exposed without security on a server containing health documents

In Brazil, over 121,000 sensitive files related to healthcare were left unsecured, leaving them vulnerable to cyber attacks. The incident highlights the importance of robust cybersecurity measures in the healthcare sector.

DOM-based Extension Clickjacking: Your Password Manager Data at Risk

A recent vulnerability in password managers has been discovered, allowing attackers to steal sensitive information through clickjacking attacks. The vulnerability is related to the way DOM-based extension functionality works.

Apple Patches CVE-2025-43300 Zero-Day in iOS, iPadOS, and macOS

Apple has patched a critical zero-day vulnerability in its mobile operating systems, including iOS and iPadOS, as well as macOS. The vulnerability was discovered by security researchers and is related to memory corruption.

Russian state-sponsored espionage group Static Tundra compromises unpatched end-of-life network devices

A Russian state-sponsored espionage group known as Static Tundra has compromised unpatched end-of-life network devices, including routers and other networking equipment. The group is believed to be linked to the Russian government.

Russian Government Cyber Actors Targeting Networking Devices, Critical Infrastructure

Russian government cyber actors have been targeting networking devices and critical infrastructure, including power plants and transportation systems. The attacks are believed to be part of a larger effort to disrupt national security.

Microsoft reportedly cuts China’s early access to bug disclosures, PoC exploit code

Microsoft has reportedly cut its early access program for bug disclosures and proof-of-concept (PoC) exploit code. The move is believed to be part of a larger effort by Microsoft to improve its security posture.

MURKY PANDA: A Trusted-Relationship Threat in the Cloud

A new type of threat known as MURKY PANDA has been discovered, targeting trusted relationships in the cloud. The malware uses social engineering tactics to trick victims into granting access to sensitive data.

APT36: Targets Indian BOSS Linux Systems with Weaponized AutoStart Files

A Chinese APT group known as APT36 has targeted Indian systems running the BOSS Linux operating system. The attackers used weaponized auto-start files to gain access to sensitive data.

HR giant Workday discloses data breach amid Salesforce attacks

Allianz Life data breach affects 1.1 million customers

Allianz Life, a German insurance company, has disclosed a data breach affecting over 1.1 million customers. The breach was caused by a hacking incident that involved the theft of sensitive customer information.

U.K. Government Drops Apple Encryption Backdoor Order After U.S. Civil Liberties Pushback

The U.K. government has dropped an order requiring Apple to provide law enforcement with a backdoor to encrypted iPhones. The move comes after significant pushback from civil liberties groups in the United States.

Flaws in Software Used by Hundreds of Cities and Towns Exposed

A critical vulnerability in software used by hundreds of cities and towns has been exposed. The flaw allows attackers to manipulate traffic light signals and other critical infrastructure.

Orange Belgium informs its customers about a cyberattack

Orange Belgium has informed its customers about a recent cyberattack that affected the company's systems. The attack is believed to have been carried out by hackers using phishing tactics.

Hackers who exposed North Korean government hacker explain why they did it

The hackers who exposed a North Korean government hacker explained in an interview why they decided to release the stolen data. They claimed that their goal was to expose the hacker's identity and disrupt his operations.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon