A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box.—————————————————————————————————————————————————–Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.[Lazarus APT stole $1.5B from Bybit, it is the largest cryptocurrency heist ever](https://securityaffairs.com/174514/cyber-crime/lazarus-stole-1-5b-from-bybit-cryptocurrency-heist.html) [Apple removes iCloud encryption in UK following backdoor demand](https://securityaffairs.com/174500/security/apple-removes-icloud-encryption-in-uk.html) [B1ack’s Stash released 1 Million credit cards](https://securityaffairs.com/174488/cyber-crime/b1acks-stash-released-1-million-credit-cards.html) [U.S. CISA adds Craft CMS and Palo Alto Networks PAN-OS flaws to its Known Exploited Vulnerabilities catalog](https://securityaffairs.com/174483/security/u-s-cisa-adds-craft-cms-palo-alto-networks-pan-os-flaws-known-exploited-vulnerabilities-catalog.html) [Atlassian fixed critical flaws in Confluence and Crowd](https://securityaffairs.com/174474/security/atlassian-fixed-critical-flaws-in-confluence-and-crowd.html) [Salt Typhoon used custom malware JumbledPath to spy U.S. telecom providers](https://securityaffairs.com/174460/apt/salt-typhoon-custom-malware-jumbledpath-to-spy-u-s-telecom-providers.html) [NailaoLocker ransomware targets EU healthcare-related entities](https://securityaffairs.com/174440/malware/nailaolocker-ransomware-targets-eu-healthcare-related-entities.html) [Microsoft fixed actively exploited flaw in Power Pages](https://securityaffairs.com/174430/security/microsoft-fixed-actively-exploited-flaw-in-power-pages.html) [Citrix addressed NetScaler console privilege escalation flaw](https://securityaffairs.com/174425/security/citrix-addressed-netscaler-console-privilege-escalation-flaw.html) [Palo Alto Networks warns that CVE-2025-0111 flaw is actively exploited in attacks](https://securityaffairs.com/174409/hacking/palo-alto-networks-cve-2025-0111-actively-exploited.html) [Russia-linked APTs target Signal messenger](https://securityaffairs.com/174397/cyber-warfare-2/russia-linked-threat-actors-exploit-signals-linked-devices-feature.html) [Venture capital firm Insight Partners discloses security breach](https://securityaffairs.com/174392/hacking/insight-partners-discloses-security-breach.html) [OpenSSH bugs allows Man-in-the-Middle and DoS Attacks](https://securityaffairs.com/174384/security/openssh-vulnerabilities-mitm-dos.html) [U.S. CISA adds SonicWall SonicOS and Palo Alto PAN-OS flaws to its Known Exploited Vulnerabilities catalog](https://securityaffairs.com/174375/security/u-s-cisa-adds-sonicwall-sonicos-and-palo-alto-pan-os-flaws-to-its-known-exploited-vulnerabilities-catalog.html) [Juniper Networks fixed a critical flaw in Session Smart Routers](https://securityaffairs.com/174365/security/juniper-networks-fixed-a-critical-flaw-in-session-smart-routers.html) [China-linked APT group Winnti targets Japanese organizations since March 2024](https://securityaffairs.com/174353/apt/china-linked-apt-group-winnti-targets-japanese-orgs.html) [Xerox VersaLink C7025 Multifunction printer flaws may expose Windows Active Directory credentials to attackers](https://securityaffairs.com/174342/hacking/xerox-versalink-c7025-multifunction-printer-flaws.html) [New XCSSET macOS malware variant used in limited attacks](https://securityaffairs.com/174333/malware/apple-macos-malware-xcsset-limited-attacks.html) [Dutch Police shut down bulletproof hosting provider Zservers and seized 127 servers](https://securityaffairs.com/174321/hacking/dutch-police-seized-127-servers-bulletproof-hosting-service-zservers-xhost.html) [New Golang-based backdoor relies on Telegram for C2 communication](https://securityaffairs.com/174306/malware/golang-based-backdoor-uses-telegram-for-c2.html) [Pro-Russia collective NoName057(16) launched a new wave of DDoS attacks on Italian sites](https://securityaffairs.com/174294/hacktivism/noname05716-launched-ddos-attacks-on-italian-sites.html) [whoAMI attack could allow remote code execution within AWS account](https://securityaffairs.com/174283/breaking-news/whoami-attack-rce-within-aws-account.html) [Storm-2372 used the device code phishing technique since August 2024](https://securityaffairs.com/174270/apt/storm-2372-used-device-code-phishing-technique.html)**International Press — Newsletter****Cybercrime**[Amsterdam police dismantle digital criminal network; 127 servers taken offline](https://www.politie.nl/nieuws/2025/februari/13/politie-amsterdam-ontmantelt-digitaal-crimineel-netwerk-127-servers-offline-gehaald.html)[Another Lizard Arrested, Lizard Lair Hacked](https://krebsonsecurity.com/2015/01/another-lizard-arrested-lizard-lair-hacked/)[X Phishing -| Campaign Targeting High Profile Accounts Returns, Promoting Crypto Scams](https://www.sentinelone.com/labs/phishing-on-x-high-profile-account-targeting-campaign-returns/)[StaryDobry ruins New Year’s Eve, delivering miner instead of presents](https://securelist.com/starydobry-campaign-spreads-xmrig-miner-via-torrents/115509/)[How Phished Data Turns into Apple -& Google Wallets](https://krebsonsecurity.com/2025/02/how-phished-data-turns-into-apple-google-wallets/)[US Army soldier pleads guilty to AT-&T and Verizon hacks](https://techcrunch.com/2025/02/19/us-army-soldier-pleads-guilty-to-att-and-verizon-hacks/) [](https://www.theregister.com/2025/02/21/thailand_ready_to_welcome_7000/)[Thailand ready to welcome 7,000 trafficked scam call center victims back from Myanmar](https://www.theregister.com/2025/02/21/thailand_ready_to_welcome_7000/)[B1ack’s Stash Releases 1 Million Credit Cards on a Deep Web Forum](https://www.d3lab.net/b1acks-stash-releases-1-million-credit-cards-on-a-deep-web-forum/)**Malware**[You’ve Got Malware: FINALDRAFT Hides in Your Drafts](https://www.elastic.co/security-labs/finaldraft)[Telegram Abused as C2 Channel for New Golang Backdoor](https://www.netskope.com/blog/telegram-abused-as-c2-channel-for-new-golang-backdoor)[Infostealing Malware Infections in the U.S. Military -& Defense Sector: A Cybersecurity Disaster in the Making](https://www.infostealers.com/article/infostealing-malware-infections-in-the-u-s-military-defense-sector-a-cybersecurity-disaster-in-the-making/)[Analyzing ELF/Sshdinjector.A!tr with a Human and Artificial Analyst](https://www.fortinet.com/blog/threat-research/analyzing-elf-sshdinjector-with-a-human-and-artificial-analyst)[Training Approach for Long Short-Term Memory Network Classifier](https://www.mdpi.com/2079-9292/14/4/810)**Hacking**[whoAMI: A cloud image name confusion attack](https://securitylabs.datadoghq.com/articles/whoami-a-cloud-image-name-confusion-attack/)[Xerox Versalink C7025 Multifunction Printer: Pass-Back Attack Vulnerabilities (FIXED)](https://www.rapid7.com/blog/post/2025/02/14/xerox-versalink-c7025-multifunction-printer-pass-back-attack-vulnerabilities-fixed/)[](https://www.securityweek.com/how-hackers-manipulate-agentic-ai-with-prompt-engineering/)[How Hackers Manipulate Agentic AI with Prompt Engineering](https://www.securityweek.com/how-hackers-manipulate-agentic-ai-with-prompt-engineering/)[Palo Alto Networks tags new firewall bug as exploited in attacks](https://www.bleepingcomputer.com/news/security/palo-alto-networks-tags-new-firewall-bug-as-exploited-in-attacks/)[Bybit Confirms Record-Breaking $1.46 Billion Crypto Heist in Sophisticated Cold Wallet Attack](https://thehackernews.com/2025/02/bybit-confirms-record-breaking-146.html)**Intelligence and Information Warfare**[Multiple Russian Threat Actors Targeting Microsoft Device Code Authentication](https://www.volexity.com/blog/2025/02/13/multiple-russian-threat-actors-targeting-microsoft-device-code-authentication/)[Earth Preta Mixes Legitimate and Malicious Components to Sidestep Detection](https://www.trendmicro.com/en_us/research/25/b/earth-preta-mixes-legitimate-and-malicious-components-to-sidestep-detection.html)[Signals of Trouble: Multiple Russia-Aligned Threat Actors Actively Targeting Signal Messenger](https://cloud.google.com/blog/topics/threat-intelligence/russia-targeting-signal-messenger/)[Backdoored Executables for Signal, Line, and Gmail Target Chinese-Speaking Users](https://hunt.io/blog/backdoored-executables-for-signal-line-gmail-target-chinese-users)[Spanish spyware startup Mollitiam Industries shuts down](https://techcrunch.com/2025/02/19/spanish-spyware-startup-mollitiam-industries-shuts-down/)[DOGE Now Has Access to the Top US Cybersecurity Agency](https://www.wired.com/story/doge-cisa-coristine-cybersecurity/)[Meet NailaoLocker: a ransomware distributed in Europe by ShadowPad and PlugX backdoors](https://www.orangecyberdefense.com/global/blog/cert-news/meet-nailaolocker-a-ransomware-distributed-in-europe-by-shadowpad-and-plugx-backdoors)[Weathering the storm: In the midst of a Typhoon](https://blog.talosintelligence.com/salt-typhoon-analysis/)[We need a new doctrine for Cyberdefence](https://www.linkedin.com/pulse/we-need-new-doctrine-cyberdefence-andrea-rigoni-anwme/)**Cybersecurity**[EFF Sues OPM, DOGE and Musk for Endangering the Privacy of Millions](https://www.eff.org/press/releases/eff-sues-opm-doge-and-musk-endangering-privacy-millions)[Protecting Global Data Privacy: The Urgent Need for Encryption Safeguards](https://www.linkedin.com/pulse/protecting-global-data-privacy-urgent-need-encryption-safeguards-dui7c/)[X is reportedly blocking links to secure Signal contact pages](https://arstechnica.com/gadgets/2025/02/x-is-reportedly-blocking-links-to-secure-signal-contact-pages/)[Qualys TRU Discovers Two Vulnerabilities in OpenSSH: CVE-2025-26465 -& CVE-2025-26466](https://blog.qualys.com/vulnerabilities-threat-research/2025/02/18/qualys-tru-discovers-two-vulnerabilities-in-openssh-cve-2025-26465-cve-2025-26466)[Nearly 10% of employee gen AI prompts include sensitive data](https://www.csoonline.com/article/3819170/nearly-10-of-employee-gen-ai-prompts-include-sensitive-data.html)[Signals of Trouble: Multiple Russia-Aligned Threat Actors Actively Targeting Signal Messenger](https://cloud.google.com/blog/topics/threat-intelligence/russia-targeting-signal-messenger/)[Apple Removes Cloud Encryption Feature From UK After Backdoor Order](https://www.bloomberg.com/news/articles/2025-02-21/apple-removes-end-to-end-encryption-feature-from-uk-after-backdoor-order)Follow me on Twitter: [**@securityaffairs**](https://twitter.com/securityaffairs) and [**Facebook**](https://www.facebook.com/sec.affairs) and [Mastodon](https://infosec.exchange/@securityaffairs)[**Pierluigi Paganini**](http://www.linkedin.com/pub/pierluigi-paganini/b/742/559)**(** [**SecurityAffairs**](http://securityaffairs.co/wordpress/)**–** **hacking, newsletter)**
Related Tags:
CVE-2025-26465
CVE-2025-0111
NAICS: 551 – Management Of Companies And Enterprises
NAICS: 55 – Management Of Companies And Enterprises
NAICS: 921 – Executive
Legislative
Other General Government Support
NAICS: 459 – Sporting Goods
Hobby
Musical Instrument
Book
Miscellaneous Retailers
NAICS: 45 – Retail Trade – Fuel
Other
NAICS: 519 – Web Search Portals
Libraries
Archives
Other Information Services
NAICS: 333 – Machinery Manufacturing
Associated Indicators: