# Security Affairs Newsletter Round 516 - International Edition

A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

### WEMIX Blockchain Gaming Platform Hacked to Steal $6.1 Million

A recent hack on the WEMIX blockchain gaming platform has resulted in the theft of $6.1 million worth of cryptocurrency. The hacking group targeted the platform's private keys, allowing them to access and drain the funds from user wallets.

### Babuk2 Ransomware: Extortion Attempts Based on False Claims

A new ransomware variant known as Babuk2 has been making headlines for its use of false claims to extort victims. The group has been using phishing emails and fake promises of data protection to trick users into paying ransoms.

### Western Alliance Bank Notifies 21,899 Customers of Data Breach

Western Alliance Bank has notified over 21,900 customers of a potential data breach affecting their personal and financial information. The bank is urging affected customers to monitor their accounts for suspicious activity.

### Cybercriminals Exploit Checkpoint's Driver in BYOVD Attack

Cybercriminals have been exploiting a vulnerability in Checkpoint's driver as part of a BYOVD (bring your own vulnerability database) attack. This allows attackers to inject malware into systems, potentially leading to widespread compromise.

### LayerX Labs Identifies New Phishing Campaign Targeted at Mac Users

LayerX Labs has identified a new phishing campaign targeting Mac users. The attacks involve malicious emails and attachments designed to trick users into installing malware on their devices.

### Jaguar Land Rover Breached by HELLCAT Ransomware Group

Jaguar Land Rover has fallen victim to an attack by the HELLCAT ransomware group. The attackers used the company's own software against it, exploiting vulnerabilities in their systems to gain access and encrypt data.

### ClearFake’s New Widespread Variant: Increased Web3 Exploitation for Malware Delivery

A new variant of the ClearFake malware has been discovered, with increased capabilities for web3 exploitation. This allows attackers to deliver malware to victims more easily than ever before.

### StilachiRAT Analysis: From System Reconnaissance to Cryptocurrency Theft

StilachiRAT is a sophisticated piece of malware that can be used for system reconnaissance and cryptocurrency theft. The attackers use the malware to gain access to systems, gather sensitive information, and steal cryptocurrencies from infected users.

### Arcane Stealer: We Want All Your Data

Arcane Stealer is a new piece of malware designed to steal all the data on an infected system. This includes sensitive information such as login credentials, personal files, and confidential business data.

### Shedding Light on the ABYSSWORKER Driver Ransomware Attack

The ABYSSWORKER driver ransomware attack has shed light on the vulnerabilities in the latest drivers released by various companies. The attackers exploited these vulnerabilities to gain access to systems and encrypt sensitive data.

### RansomHub: Attackers Leverage New Custom Backdoor Decrypting Encrypted Files from Akira Ransomware

RansomHub is a new piece of malware that allows attackers to decrypt encrypted files from the Akira ransomware variant. This gives the attackers a significant advantage in their attacks, as they can now access sensitive data without needing to pay ransoms.

### One PUT Request to Own Tomcat: CVE-2025-24813 RCE is in the Wild

A new vulnerability known as CVE-2025-24813 has been discovered in Apache Tomcat. The attackers are using this vulnerability to exploit web applications, potentially leading to widespread compromise.

### Harden-Runner Detection: tj-actions/changed-files action is Compromised

The Harden-Runner detection system has identified a compromised action called tj-actions/changed-files. This allows attackers to hide malicious activities from security systems, making it harder to detect and respond to threats.

### ZDI-CAN-25373: Windows Shortcut Exploit Abused as Zero-Day in Widespread APT Campaigns

A new exploit known as ZDI-CAN-25373 has been discovered in Windows shortcuts. This allows attackers to execute malicious code with elevated privileges, making it a significant zero-day vulnerability.

### New Vulnerability in GitHub Copilot and Cursor: How Hackers Can Weaponize Code Agents

A new vulnerability has been discovered in GitHub Copilot and Cursor, allowing hackers to weaponize code agents. This could lead to widespread compromise of sensitive systems and data.

### By Executive Order, We Are Banning Blacklists – Domain-Level RCE in Veeam Backup & Replication (CVE-2025-23120)

The government has announced plans to ban blacklists due to their potential for abuse. In the meantime, a critical vulnerability known as CVE-2025-23120 has been discovered in Veeam Backup & Replication, allowing attackers to execute domain-level remote code execution.

### Technical Advisory: Mass Exploitation of CVE-2024-4577 Exploit Attempts for Cisco Smart Licensing Utility

A technical advisory has been issued regarding the mass exploitation of CVE-2024-4577 exploit attempts against the Cisco Smart Licensing utility. This vulnerability allows attackers to gain access to sensitive data and systems.

### Exploit Attempts for CVE-2024-20439 and CVE-2024-20440

Exploit attempts have been made against CVE-2024-20439 and CVE-2024-20440 vulnerabilities. These vulnerabilities allow attackers to execute arbitrary code on affected systems, potentially leading to widespread compromise.

### Follow Me:

Stay up-to-date with the latest security news and threats by following me on Twitter: [@securityaffairs](https://twitter.com/securityaffairs)