A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box.—————————————————————————————————————————————————–Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.[Subaru Starlink flaw allowed experts to remotely hack cars](https://securityaffairs.com/173434/security/subaru-starlink-vulnerability-remote-attacks.html) [Participants in the Pwn2Own Automotive 2025 earned $886,250](https://securityaffairs.com/173426/breaking-news/pwn2own-automotive-2025-final-results.html) [U.S. CISA adds SonicWall SMA1000 flaw to its Known Exploited Vulnerabilities catalog](https://securityaffairs.com/173417/security/u-s-cisa-adds-sonicwall-sma1000-flaw-known-exploited-vulnerabilities-catalog.html) [J-magic malware campaign targets Juniper routers](https://securityaffairs.com/173408/security/j-magic-malware-campaign-targets-juniper-routers.html) [SonicWall warns of a critical CVE-2025-23006 zero-day likely exploited in the wild](https://securityaffairs.com/173387/security/sonicwall-warns-zero-day-sma-1000-series.html) [U.S. CISA adds JQuery flaw to its Known Exploited Vulnerabilities catalog](https://securityaffairs.com/173388/breaking-news/u-s-cisa-adds-jquery-flaw-known-exploited-vulnerabilities-catalog.html) [Pwn2Own Automotive 2025 Day 2: organizers awarded $335,500](https://securityaffairs.com/173376/hacking/pwn2own-automotive-2025-day-2.html) [Chinese threat actors used two advanced exploit chains to hack Ivanti CSA](https://securityaffairs.com/173369/hacking/chinese-threat-actors-hack-ivanti-csa.html) [Cisco addresses a critical privilege escalation bug in Meeting Management](https://securityaffairs.com/173361/security/cisco-meeting-management-critical-flaw.html) [U.S. President Donald Trump granted a ‘full and unconditional pardon’ to Ross Ulbricht, Silk Road creator](https://securityaffairs.com/173350/cyber-crime/trump-granted-pardon-to-ross-ulbricht.html) [Pwn2Own Automotive 2025 Day 1: organizers awarded $382,750 for 16 zero-days](https://securityaffairs.com/173344/hacking/pwn2own-automotive-2025-day-1.html) [Subaru Starlink flaw allowed experts to remotely hack cars](https://securityaffairs.com/173434/security/subaru-starlink-vulnerability-remote-attacks.html) [Two ransomware groups abuse Microsoft’s Office 365 platform to gain access to target organizations](https://securityaffairs.com/173328/cyber-crime/ransomware-groups-abuse-microsofts-office-365-platform.html) [Cloudflare blocked a record-breaking 5.6 Tbps DDoS attack](https://securityaffairs.com/173318/cyber-crime/cloudflare-blocked-record-5-6-tbps-ddos-attack.html) [A 7-Zip bug allows to bypass the Mark of the Web (MotW) feature](https://securityaffairs.com/173310/hacking/7-zip-flaw-bypass-the-mark-of-the-web-motw.html) [Former CIA analyst pleaded guilty to leaking top-secret documents](https://securityaffairs.com/173302/intelligence/former-cia-analyst-pleaded-guilty-to-leaking-top-secret-docs.html) [New Mirai botnet variant Murdoc Botnet targets AVTECH IP cameras and Huawei HG532 routers](https://securityaffairs.com/173294/cyber-crime/new-mirai-botnet-variant-murdoc-botnet-targets-avtech-ip-cameras-and-huawei-hg532-routers.html) [CERT-UA warned of scammers impersonating the agency using fake AnyDesk requests](https://securityaffairs.com/173285/hacking/cert-ua-warned-of-scammers-impersonating-the-agency-using-fake-anydesk.html) [HPE is investigating IntelBroker’s claims of the company hack](https://securityaffairs.com/173265/data-breach/hpe-is-investigating-intelbrokers-claims-of-hack.html) [Esperts found new DoNot Team APT group’s Android malware](https://securityaffairs.com/173257/apt/donot-team-android-malware.html) [Malicious npm and PyPI target Solana Private keys to steal funds from victims’ wallets](https://securityaffairs.com/173249/cyber-crime/malicious-npm-and-pypi-target-solana-private-keys.html) [Planet WGS-804HPT Industrial Switch flaws could be chained to achieve remote code execution](https://securityaffairs.com/173237/security/wgs-804hpt-flaws.html) [A flaw in the W3 Total Cache plugin exposes hundreds of thousands of WordPress sites to attacks](https://securityaffairs.com/173219/security/w3-total-cache-wordpress-plugin-cve-2024-12365.html)**International Press — Newsletter****Cybercrime**[HPE investigates breach as hacker claims to steal source code](https://www.bleepingcomputer.com/news/security/hewlett-packard-enterprise-investigates-new-breach-claims/)[Malware stole internal PowerSchool passwords from engineer’s hacked computer](https://techcrunch.com/2025/01/17/malware-stole-internal-powerschool-passwords-from-engineers-hacked-computer/)[Former CIA Analyst Pleads Guilty to Transmitting Top Secret National Defense Information](https://www.justice.gov/opa/pr/former-cia-analyst-pleads-guilty-transmitting-top-secret-national-defense-information)[Trump pardons Silk Road dark web market creator Ross Ulbricht](https://www.bbc.com/news/articles/cz7e0jve875o)[TRIPLESTRENGTH Hits Cloud for Cryptojacking, On-Premises Systems for Ransomware](https://thehackernews.com/2025/01/triplestrength-targets-cloud-platforms.html)[Millions Impacted by PowerSchool Data Breach](https://www.securityweek.com/millions-impacted-by-powerschool-data-breach/)**Malware**[Gmail For Exfiltration: Malicious npm Packages Target Solana Private Keys and Drain Victims’ Wallets](https://socket.dev/blog/gmail-for-exfiltration-malicious-npm-packages-target-solana-private-keys-and-drain-victim-s)[Threat Bulletin: Weaponized Software Targets Chinese-Speaking Organizations](https://intezer.com/blog/malware-analysis/weaponized-software-targets-chinese/)[The J-Magic Show: Magic Packets and Where to find them](https://blog.lumen.com/the-j-magic-show-magic-packets-and-where-to-find-them/)[HellCat and Morpheus -| Two Brands, One Payload as Ransomware Affiliates Drop Identical Code](https://www.sentinelone.com/blog/hellcat-and-morpheus-two-brands-one-payload-as-ransomware-affiliates-drop-identical-code/)[Homebrew macOS Users Targeted With Information Stealer Malware](https://www.securityweek.com/homebrew-macos-users-targeted-with-information-stealer-malware/)[Lumma Stealer: Fake CAPTCHAs -& New Techniques to Evade Detection](https://www.netskope.com/blog/lumma-stealer-fake-captchas-new-techniques-to-evade-detection)**Hacking**[Hack The Emulated Planet: Vulnerability Hunting Planet WGS-804HPT Industrial Switch](https://claroty.com/team82/research/hack-the-emulated-planet-vulnerability-hunting-planet-wgs-804hpt-industrial-switch)[Mercedes-Benz Head Unit security research report](https://securelist.com/mercedes-benz-head-unit-security-research/115218/)[Nebula Broker: offensive operations made in Italy](https://fortgale.com/blog/featured/nebula-broker-offensive-operations-italy/)[Attempts to carry out cyberattacks using AnyDesk, allegedly on behalf of CERT-UA](https://cert.gov.ua/article/6282069)[CISA and FBI Release Advisory on How Threat Actors Chained Vulnerabilities in Ivanti Cloud Service Applications](https://www.cisa.gov/news-events/alerts/2025/01/22/cisa-and-fbi-release-advisory-how-threat-actors-chained-vulnerabilities-ivanti-cloud-service)[PANdora’s Box: Vulnerabilities Found in NGFW](https://eclypsium.com/blog/pandoras-box-vulns-in-security-appliances/)[Lessons From Red Teaming 100 Generative AI Products](https://arxiv.org/abs/2501.07238)[Pwn2Own Automotive 2025 — Day Three and Final Results](https://www.zerodayinitiative.com/blog/2025/1/23/pwn2own-automotive-2025-day-three-and-final-results)[Hacking Subaru: Tracking and Controlling Cars via the STARLINK Admin Panel](https://samcurry.net/hacking-subaru)[Hidden Waymo feature let researcher customize robotaxi’s display](https://techcrunch.com/2025/01/23/hidden-waymo-feature-let-researcher-customize-robotaxis-display/)**Intelligence and Information Warfare**[Android malware in DoNot APT Operations](https://www.cyfirma.com/research/android-malware-in-donot-apt-operations/)[Philippines arrests Chinese national suspected of spying on critical infrastructure](https://therecord.media/philippines-arrests-chinese-nationa-spying-critical-infrastructure)[Two North Korean Nationals and Three Facilitators Indicted for Multi-Year Fraudulent Remote Information Technology Worker Scheme that Generated Revenue for the Democratic People’s Republic of Korea](https://www.justice.gov/opa/pr/two-north-korean-nationals-and-three-facilitators-indicted-multi-year-fraudulent-remote)[PlushDaemon compromises supply chain of Korean VPN service](https://www.welivesecurity.com/en/eset-research/plushdaemon-compromises-supply-chain-korean-vpn-service/)**Cybersecurity** [](https://www.securityweek.com/doras-deadline-looms-navigating-the-eus-mandate-for-threat-led-penetration-testing/)[DORA’s Deadline Looms: Navigating the EU’s Mandate for Threat Led Penetration Testing](https://www.securityweek.com/doras-deadline-looms-navigating-the-eus-mandate-for-threat-led-penetration-testing/)[DORA Arrives: European Financial Services Faces New Regulation](https://insight.scmagazineuk.com/dora-arrives-european-financial-services-faces-new-regulation)[Record-breaking 5.6 Tbps DDoS attack and global DDoS trends for 2024 Q4](https://blog.cloudflare.com/ddos-threat-report-for-2024-q4/)[MasterCard DNS Error Went Unnoticed for Years](https://krebsonsecurity.com/2025/01/mastercard-dns-error-went-unnoticed-for-years/)[Trump administration fires members of cybersecurity review board in ‘horribly shortsighted’ decision](https://techcrunch.com/2025/01/22/trump-administration-fires-members-of-cybersecurity-review-board-in-horribly-shortsighted-decision/)Android’s New Identity Check Feature Locks Device Settings Outside Trusted Locations[Under Trump, US Cyberdefense Loses Its Head](https://www.wired.com/story/big-interview-jen-easterly-cisa-cybersecurity/)[Cloudflare Issue Can Leak Chat App Users’ Broad Location](https://www.404media.co/cloudflare-issue-can-leak-chat-app-users-broad-location/)Follow me on Twitter: [**@securityaffairs**](https://twitter.com/securityaffairs) and [**Facebook**](https://www.facebook.com/sec.affairs) and [Mastodon](https://infosec.exchange/@securityaffairs)[**Pierluigi Paganini**](http://www.linkedin.com/pub/pierluigi-paganini/b/742/559)**(** [**SecurityAffairs**](http://securityaffairs.co/wordpress/)**–** **hacking, newsletter)**
Related Tags:
NAICS: 61 – Educational Services
NAICS: 71 – Arts
Entertainment
Recreation
NAICS: 611 – Educational Services
NAICS: 54 – Professional
Scientific
Technical Services
NAICS: 713 – Amusement
Gambling
Recreation Industries
NAICS: 334 – Computer And Electronic Product Manufacturing
NAICS: 336 – Transportation Equipment Manufacturing
NAICS: 541 – Professional
Scientific
Technical Services
NAICS: 333 – Machinery Manufacturing
Associated Indicators:
null