A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box.—————————————————————————————————————————————————–Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.[U.S. CISA adds Apple iOS and iPadOS and Mitel SIP Phones flaws to its Known Exploited Vulnerabilities catalog](https://securityaffairs.com/174246/security/u-s-cisa-adds-apple-ios-and-ipados-and-mitel-sip-phones-flaws-to-its-known-exploited-vulnerabilities-catalog.html) [Attackers exploit recently disclosed Palo Alto Networks PAN-OS firewalls bug](https://securityaffairs.com/174237/hacking/exploitation-palo-alto-networks-pan-os-firewalls-bug.html) [U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog](https://securityaffairs.com/174233/hacking/u-s-cisa-adds-simplehelp-flaw-known-exploited-vulnerabilities-catalog.html) [China-linked APT Salt Typhoon breached telecoms by exploiting Cisco router flaws](https://securityaffairs.com/174226/apt/salt-typhoon-exploited-cisco-ios-xe-flaws.html) [Experts discovered PostgreSQL flaw chained with BeyondTrust zeroday in targeted attacks](https://securityaffairs.com/174218/hacking/postgresql-flaw-chained-with-beyondtrust-zeroday.html) [Valve removed the game PirateFi from the Steam video game platform because contained a malware](https://securityaffairs.com/174205/malware/valve-removed-a-game-from-steam.html) [The Rise of Cyber Espionage: UAV and C-UAV Technologies as Targets](https://securityaffairs.com/174199/intelligence/the-rise-of-cyber-espionage-uav-and-c-uav-technologies-as-targets.html) [China-linked APTs’ tool employed in RA World Ransomware attack](https://securityaffairs.com/174189/apt/ra-world-ransomware-attack-china-apt-possible-link.html) [Russia-linked APT Seashell Blizzard is behind the long running global access operation BadPilot campaign](https://securityaffairs.com/174173/apt/russia-linked-seashell-blizzard-apt-badpilot-op.html) [Sarcoma ransomware gang claims the theft of sensitive data from PCB maker Unimicron](https://securityaffairs.com/174159/cyber-crime/sarcoma-ransomware-claims-the-theft-of-sensitive-data-from-pcb-maker-unimicron.html) [Cyber Crime](https://securityaffairs.com/174148/cyber-crime/russian-cybercriminal-alexander-vinnik-is-being-released-from-u-s.html) [Russian cybercriminal Alexander Vinnik is being released from U.S. custody in exchange for Marc Fogel](https://securityaffairs.com/174148/cyber-crime/russian-cybercriminal-alexander-vinnik-is-being-released-from-u-s.html) [North Korea-linked APT Emerald Sleet is using a new tactic](https://securityaffairs.com/174142/apt/emerald-sleet-is-using-a-new-tactic.html) [U.S. CISA adds Microsoft Windows, Zyxel device flaws to its Known Exploited Vulnerabilities catalog](https://securityaffairs.com/174135/security/u-s-cisa-adds-microsoft-windows-zyxel-device-flaws-known-exploited-vulnerabilities-catalog.html) [Microsoft Patch Tuesday security updates for February 2025 ficed 2 actively exploited bugs](https://securityaffairs.com/174126/hacking/microsoft-patch-tuesday-security-updates-february-2025.html) [Hacking](https://securityaffairs.com/174117/hacking/fortinet-fortios-zero-day-exploited.html) [Attackers exploit a new zero-day to hijack Fortinet firewalls](https://securityaffairs.com/174117/hacking/fortinet-fortios-zero-day-exploited.html) [Security](https://securityaffairs.com/174111/security/openssl-patched-the-vulnerability-cve-2024-12797.html) [OpenSSL patched high-severity flaw CVE-2024-12797](https://securityaffairs.com/174111/security/openssl-patched-the-vulnerability-cve-2024-12797.html) [Progress Software fixed multiple high-severity LoadMaster flaws](https://securityaffairs.com/174103/security/progress-software-loadmaster-software-flaws.html) [Security](https://securityaffairs.com/174095/security/artificial-intelligence-enhanced-data-security.html) [Artificial intelligence (AI) as an Enabler for Enhanced Data Security](https://securityaffairs.com/174095/security/artificial-intelligence-enhanced-data-security.html) [Crooks use Google Tag Manager skimmer to steal credit card data from a Magento-based e-stores](https://securityaffairs.com/174085/cyber-crime/google-tag-manager-gtm-e-skimmer-software-in-magento.html) [Operation Phobos Aetor: Police dismantled 8Base ransomware gang](https://securityaffairs.com/174078/cyber-crime/police-dismantled-8base-ransomware-gang.html) [Apple fixes iPhone and iPad bug exploited in ‘extremely sophisticated attacks’](https://securityaffairs.com/174066/hacking/apple-fixes-iphone-and-ipad-bug-exploited-in-extremely-sophisticated-attacks.html) [HPE is notifying individuals affected by a December 2023 attack](https://securityaffairs.com/174057/data-breach/hpe-notifying-individuals-impacted-by-december-2023-attack.html) [XE Group shifts from credit card skimming to exploiting zero-days](https://securityaffairs.com/174045/cyber-crime/xe-group-exploiting-zero-days.html) [UK Gov demands backdoor to access Apple iCloud backups worldwide](https://securityaffairs.com/174032/laws-and-regulations/uk-gov-demands-backdoor-apple-icloud-backups.html)**International Press — Newsletter****Cybercrime**[XE Group: From Credit Card Skimming to Exploiting Zero-Days](https://intezer.com/blog/research/xe-group-exploiting-zero-days/)[Four alleged hackers arrested in Phuket for hacking 17 Swiss firms](https://www.nationthailand.com/news/general/40046122)[The Untold Story of a Crypto Crimefighter’s Descent Into Nigerian Prison Security](https://www.wired.com/story/untold-story-crypto-crimefighters-descent-nigerian-prison-binance/)[Amsterdam police dismantle digital criminal network; 127 servers taken offline](https://www.politie.nl/nieuws/2025/februari/13/politie-amsterdam-ontmantelt-digitaal-crimineel-netwerk-127-servers-offline-gehaald.html)[AFP joins global crackdown on cybercriminal infrastructure provider](https://www.afp.gov.au/news-centre/media-release/afp-joins-global-crackdown-cybercriminal-infrastructure-provider)[Did You Download This Steam Game? Sorry, It’s Windows Malware](https://www.pcmag.com/news/did-you-download-this-steam-game-sorry-its-windows-malware)**Malware**[Mobile Indian Cyber Heist: FatBoyPanel And His Massive Data Breach](https://www.zimperium.com/blog/mobile-indian-cyber-heist-fatboypanel-and-his-massive-data-breach/)[Google Tag Manager Skimmer Steals Credit Card Info From Magento Site](https://blog.sucuri.net/2025/02/google-tag-manager-skimmer-steals-credit-card-info-from-magento-site.html)[From South America to Southeast Asia: The Fragile Web of REF7707](https://www.elastic.co/security-labs/fragile-web-ref7707)[Deep Learning-Driven Malware Classification with API Call Sequence Analysis and Concept Drift Handling](https://arxiv.org/abs/2502.08679)**Hacking**[Chinese-Speaking Group Manipulates SEO with BadIIS](https://www.trendmicro.com/en_us/research/25/b/chinese-speaking-group-manipulates-seo-with-badiis.html)[Apple fixes iPhone and iPad bug used in an ‘extremely sophisticated attack’](https://techcrunch.com/2025/02/10/apple-fixes-iphone-and-ipad-bug-used-in-an-extremely-sophisticated-attack/)[Fault Injection — Looking for a Unicorn](https://security.humanativaspa.it/fault-injection-looking-for-a-unicorn/)[Massive brute force attack uses 2.8 million IPs to target VPN devices](https://www.bleepingcomputer.com/news/security/massive-brute-force-attack-uses-28-million-ips-to-target-vpn-devices/)[Console Chaos: A Campaign Targeting Publicly Exposed Management Interfaces on Fortinet FortiGate Firewalls](https://arcticwolf.com/resources/blog/console-chaos-targets-fortinet-fortigate-firewalls/)[Android Deep Dive: Implicit Intents Introduction](https://www.hacktivesecurity.com/blog/2025/02/12/android-deep-dive-implicit-intents/)[How Wiz found a Critical NVIDIA AI vulnerability: Deep Dive into a container escape (CVE-2024-0132)](https://www.wiz.io/blog/nvidia-ai-vulnerability-deep-dive-cve-2024-0132)[Surge in attacks exploiting old ThinkPHP and ownCloud flaws](https://www.bleepingcomputer.com/news/security/surge-in-attacks-exploiting-old-thinkphp-and-owncloud-flaws/)[CVE-2025-1094: PostgreSQL psql SQL injection (FIXED)](https://www.rapid7.com/blog/post/2025/02/13/cve-2025-1094-postgresql-psql-sql-injection-fixed/)[whoAMI: A cloud image name confusion attack](https://securitylabs.datadoghq.com/articles/whoami-a-cloud-image-name-confusion-attack/)[GreyNoise Observes Active Exploitation of PAN-OS Authentication Bypass Vulnerability (CVE-2025-0108)](https://www.greynoise.io/blog/greynoise-observes-active-exploitation-of-pan-os-authentication-bypass-vulnerability-cve-2025-0108)**Intelligence and Information Warfare**[Another person targeted by Paragon spyware comes forward](https://techcrunch.com/2025/02/11/another-person-targeted-by-paragon-spyware-comes-forward/)[Sandworm APT Targets Ukrainian Users with Trojanized Microsoft KMS Activation Tools in Cyber Espionage Campaigns](https://blog.eclecticiq.com/sandworm-apt-targets-ukrainian-users-with-trojanized-microsoft-kms-activation-tools-in-cyber-espionage-campaigns)[The BadPilot campaign: Seashell Blizzard subgroup conducts multiyear global access operation](https://www.microsoft.com/en-us/security/blog/2025/02/12/the-badpilot-campaign-seashell-blizzard-subgroup-conducts-multiyear-global-access-operation/)[The Risk of a Taiwan Invasion Is Rising Fast](https://www.recordedfuture.com/research/risk-taiwan-invasion-rising)[China-linked Espionage Tools Used in Ransomware Attacks](https://www.security.com/threat-intelligence/chinese-espionage-ransomware)[Analyzing DEEP#DRIVE: North Korean Threat Actors Observed Exploiting Trusted Platforms for Targeted Attacks](https://www.securonix.com/blog/analyzing-deepdrive-north-korean-threat-actors-observed-exploiting-trusted-platforms-for-targeted-attacks/)[The Rise of Cyber Espionage: UAV and C-UAV Technologies as Targets](https://www.resecurity.com/blog/article/the-rise-of-cyber-espionage-uav-and-c-uav-technologies-as-targets)[RedMike (Salt Typhoon) Exploits Vulnerable Cisco Devices of Global Telecommunications Providers](https://go.recordedfuture.com/hubfs/reports/cta-cn-2025-0213.pdf)[Spyware maker caught distributing malicious Android apps for years](https://techcrunch.com/2025/02/13/spyware-maker-caught-distributing-malicious-android-apps-for-years/)[Operation Marstech Mayhem Lazarus Group’s Open-Source Trap: North Korea’s New Malware Tactic Targeting Developers and Crypto Wallets](https://securityscorecard.com/wp-content/uploads/2025/02/Operation-Marstech-Mayhem-Report_021025_03.pdf)[Storm-2372 conducts device code phishing campaign](https://www.microsoft.com/en-us/security/blog/2025/02/13/storm-2372-conducts-device-code-phishing-campaign/)**Cybersecurity**[DOGE Teen Owns ‘Tesla.Sexy LLC’ and Worked at Startup That Has Hired Convicted Hackers](https://www.wired.com/story/edward-coristine-tesla-sexy-path-networks-doge/)[Meta staff torrented nearly 82TB of pirated books for AI training — court records reveal copyright violations](https://www.tomshardware.com/tech-industry/artificial-intelligence/meta-staff-torrented-nearly-82tb-of-pirated-books-for-ai-training-court-records-reveal-copyright-violations)[Fortinet warns of new zero-day exploited to hijack firewalls](https://www.bleepingcomputer.com/news/security/fortinet-warns-of-new-zero-day-exploited-to-hijack-firewalls/)[The February 2025 Security Update Review](https://www.zerodayinitiative.com/blog/2025/2/11/the-february-2025-security-update-review)[Barcelona-based spyware startup Variston shuts down, per filing](https://techcrunch.com/2025/02/13/barcelona-based-spyware-startup-variston-reportedly-shuts-down/)[Tackling AI security risks to unleash growth and deliver Plan for Change](https://www.gov.uk/government/news/tackling-ai-security-risks-to-unleash-growth-and-deliver-plan-for-change)[Nginx/Apache Path Confusion to Auth Bypass in PAN-OS (CVE-2025-0108)](https://www.assetnote.io/resources/research/nginx-apache-path-confusion-to-auth-bypass-in-pan-os)Follow me on Twitter: [**@securityaffairs**](https://twitter.com/securityaffairs) and [**Facebook**](https://www.facebook.com/sec.affairs) and [Mastodon](https://infosec.exchange/@securityaffairs)[**Pierluigi Paganini**](http://www.linkedin.com/pub/pierluigi-paganini/b/742/559)**(** [**SecurityAffairs**](http://securityaffairs.co/wordpress/)**–** **hacking, newsletter)**
Related Tags:
CVE-2024-12797
CVE-2025-0108
APT43
TA427
APT44
CVE-2024-0132
FROZENBARENTS
Seashell Blizzard
Emerald Sleet
Associated Indicators: