Threat Intel Solutions

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box.—————————————————————————————————————————————————–Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.[Ransomware gangs exploit a Paragon Partition Manager BioNTdrv.sys driver zero-day](https://securityaffairs.com/174789/cyber-crime/ransomware-gangs-paragon-partition-manager-biontdrv-sys-driver-zero-day-attacks.html) [Microsoft disrupted a global cybercrime ring abusing Azure OpenAI Service](https://securityaffairs.com/174779/cyber-crime/azure-abuse-scheme-individuals-exposed.html) [Attackers could hack smart solar systems and cause serious damages](https://securityaffairs.com/174769/hacking/attackers-could-hack-smart-solar-systems.html) [Enhanced capabilities sustain the rapid growth of Vo1d botnet](https://securityaffairs.com/174762/malware/enhanced-capabilities-sustain-the-rapid-growth-of-vo1d-botnet.html) [Cisco fixed command injection and DoS flaws in Nexus switches](https://securityaffairs.com/174753/security/cisco-fixed-command-injection-and-dos-flaws-in-nexus-switches.html) [China-linked threat actors stole 10% of Belgian State Security Service (VSSE)’s staff emails](https://securityaffairs.com/174743/intelligence/china-linked-threat-actors-stole-10-of-belgian-state-security-service-vsse-emails.html) [FBI: North Korea-linked TraderTraitor is responsible for $1.5 Billion Bybit hack](https://securityaffairs.com/174735/cyber-crime/fbi-north-korea-responsible-bybit-hack.html) [Criminal group UAC-0173 targets the Notary Office of Ukraine](https://securityaffairs.com/174723/cyber-crime/uac-0173-targets-the-notary-office-of-ukraine.html) [Cellebrite blocked Serbia from using its solution because misuse of the equipment for political reasons](https://securityaffairs.com/174707/intelligence/cellebrite-blocked-serbia-from-using-its-solution-because-misuse-of-the-equipment-for-political-reasons.html) [DragonForce Ransomware group is targeting Saudi Arabia](https://securityaffairs.com/174717/cyber-crime/dragonforce-ransomware-group-is-targeting-saudi-arabia.html) [New Ghostwriter campaign targets Ukrainian Government and opposition activists in Belarus](https://securityaffairs.com/174696/intelligence/ghostwriter-targets-ukrainian-gov-and-opposition-in-belarus.html) [New LightSpy spyware variant comes with enhanced data collection features targeting social media platforms](https://securityaffairs.com/174674/malware/new-lightspy-spyware-variant-data-collection-targets-social-media-platforms.html) [U.S. CISA adds Microsoft Partner Center and Synacor Zimbra Collaboration Suite flaws to its Known Exploited Vulnerabilities catalog](https://securityaffairs.com/174664/security/u-s-cisa-adds-microsoft-partner-center-and-synacor-zimbra-collaboration-suite-flaws-to-its-known-exploited-vulnerabilities-catalog.html) [GitVenom campaign targets gamers and crypto investors by posing as fake GitHub projects](https://securityaffairs.com/174651/malware/gitvenom-campaign-targets-gamers-and-crypto-investors.html) [LockBit taunts FBI Director Kash Patel with alleged ‘Classified’ leak threat](https://securityaffairs.com/174639/cyber-crime/lockbit-taunts-fbi-director-kash-patel.html) [EU sanctioned the leader of North Korea-linked APT groups](https://securityaffairs.com/174622/security/eu-sanctioned-the-leader-of-north-korea-linked-apt-groups.html) [U.S. CISA adds Adobe ColdFusion and Oracle Agile PLM flaws to its Known Exploited Vulnerabilities catalog](https://securityaffairs.com/174613/security/u-s-cisa-adds-adobe-coldfusion-and-oracle-agile-plm-flaws-to-its-known-exploited-vulnerabilities-catalog.html) [Russia warns financial sector organizations of IT service provider LANIT compromise](https://securityaffairs.com/174604/hacking/russia-warns-financial-sector-lanit-hack.html) [A large botnet targets M365 accounts with password spraying attacks](https://securityaffairs.com/174595/cyber-crime/large-botnet-targets-m365-password-spraying-attacks.html) [Australia bans Kaspersky over national security concerns](https://securityaffairs.com/174586/intelligence/australia-bans-kaspersky-over-national-security-concerns.html) [A data leak exposes the operations of the Chinese private firm TopSec, which provides Censorship-as-a-Service](https://securityaffairs.com/174579/intelligence/china-firm-topsec-provides-censorship-services.html) [SpyLend Android malware found on Google Play enabled financial cyber crime and extortion](https://securityaffairs.com/174540/malware/spylend-android-malware-100k-downloard.html) [Leaked Black Basta chat logs reveal the gang’s operations](https://securityaffairs.com/174547/cyber-crime/leaked-black-basta-chat-logs-reveal-internal-conflicts.html) [U.S. CISA adds Microsoft Power Pages flaw to its Known Exploited Vulnerabilities catalog](https://securityaffairs.com/174541/hacking/u-s-cisa-adds-microsoft-power-pages-flaw-known-exploited-vulnerabilities-catalog.html) [Lazarus APT stole $1.5B from Bybit, it is the largest cryptocurrency heist ever](https://securityaffairs.com/174514/cyber-crime/lazarus-stole-1-5b-from-bybit-cryptocurrency-heist.html)**International Press — Newsletter**=====================================**Cybercrime**[Mining Company NioCorp Loses $500,000 in BEC Hack](https://www.securityweek.com/mining-company-niocorp-loses-500000-in-bec-hack/)[Inside Black Basta’s Exposed Internal Chat Logs: A Firsthand Look](https://susapr.medium.com/inside-black-bastas-exposed-internal-chat-logs-a-firsthand-look-33db9bff992f)[The Bleeding Edge of Phishing: darcula-suite 3.0 Enables DIY Phishing of Any Brand](https://www.netcraft.com/blog/darcula-v3-phishing-kits-targeting-any-brand/)[The Largest Theft in History — Following the Money Trail from the Bybit Hack](https://www.elliptic.co/blog/bybit-hack-largest-in-history)[Silent Killers: Unmasking a Large-Scale Legacy Driver Exploitation Campaign](https://research.checkpoint.com/2025/large-scale-exploitation-of-legacy-driver/)[Russian hackers extend olive branch to new FBI director Kash Patel](https://www.dailydot.com/debug/lockbit-hackers-kash-patel-classififed-fbi-data/)[Processing 23 Billion Rows of ALIEN TXTBASE Stealer Logs](https://www.troyhunt.com/processing-23-billion-rows-of-alien-txtbase-stealer-logs/)[Streamjacking Scams On YouTube Leverage CS2 Pro Player Championships to Defraud Gamers](https://www.bitdefender.com/en-us/blog/hotforsecurity/streamjacking-scams-on-youtube-leverage-cs2-pro-player-championships-to-defraud-gamers)[ALIEN TXTBASE Data Leak: A Deep Analysis of the Breach](https://www.d3lab.net/alien-txtbase-data-leak-a-deep-analysis-of-the-breach/)[DragonForce Ransomware Group is Targeting Saudi Arabia](https://www.resecurity.com/blog/article/dragonforce-ransomware-group-is-targeting-saudi-arabia)[U.S. Soldier Charged in AT-&T Hack Searched ‘Can Hacking Be Treason’](https://krebsonsecurity.com/2025/02/u-s-soldier-charged-in-att-hack-searched-can-hacking-be-treason/)[Group-IB contributes to joint operation of Royal Thai Police and Singapore Police Force leading to arrest of cybercriminal behind more than 90 data leaks worldwide](https://www.group-ib.com/media-center/press-releases/joint-operation-with-royal-thai-police-and-singapore-police-force/)[UAC-0173 against the Notary Office of Ukraine (CERT-UA#13738)](https://cert.gov.ua/article/6282536)[North Korea Responsible for $1.5 Billion Bybit Hack](https://www.ic3.gov/PSA/2025/PSA250226)[Leaked Black Basta Ransomware Chat Logs Reveal Inner Workings and Internal Conflicts](https://thehackernews.com/2025/02/leaked-black-basta-chat-logs-reveal.html)[Silent Push Pivots into New Lazarus Group Infrastructure, Acquires Sensitive Intel Related to $1.4B ByBit Hack and Past Attacks](https://www.silentpush.com/blog/lazarus-bybit/)[No, you’re not fired — but beware of job termination scams](https://www.welivesecurity.com/en/scams/no-youre-not-fired-beware-job-termination-scams/)[Disrupting a global cybercrime network abusing generative AI](https://blogs.microsoft.com/on-the-issues/2025/02/27/disrupting-cybercrime-abusing-gen-ai/)**Malware**[DragonForce Ransomware Group is Targeting Saudi Arabia](https://www.resecurity.com/blog/article/dragonforce-ransomware-group-is-targeting-saudi-arabia)[Massive Botnet Targets M365 with Stealthy Password Spraying Attacks](https://securityscorecard.com/research/massive-botnet-targets-m365-with-stealthy-password-spraying-attacks/)[Notorious Malware, Spam Host ‘Prospero’ Moves to Kaspersky Lab](https://krebsonsecurity.com/2025/02/notorious-malware-spam-host-prospero-moves-to-kaspersky-lab/)[The GitVenom campaign: cryptocurrency theft using GitHub](https://securelist.com/gitvenom-campaign/115694/)[LightSpy Expands Command List to Include Social Media Platforms](https://hunt.io/blog/lightspy-malware-targets-facebook-instagram)[Auto-Color: An Emerging and Evasive Linux Backdoor](https://unit42.paloaltonetworks.com/new-linux-backdoor-auto-color/)[Anubis: A New Ransomware Threat](https://www.kelacyber.com/blog/anubis-a-new-ransomware-threat/)[PolarEdge: Unveiling an uncovered ORB network](https://blog.sekoia.io/polaredge-unveiling-an-uncovered-iot-botnet/)[GrassCall malware campaign drains crypto wallets via fake job interviews](https://www.bleepingcomputer.com/news/security/grasscall-malware-campaign-drains-crypto-wallets-via-fake-job-interviews/)**Hacking**[Indiana Jones: There Are Always Some Useful Ancient Relics](https://www.linkedin.com/pulse/indiana-jones-always-some-useful-ancient-relics-luca-sambucci-hrbmf/)[Streamlining vulnerability research with IDA Pro and Rust](https://security.humanativaspa.it/streamlining-vulnerability-research-with-ida-pro-and-rust/)[First analysis of Apple’s USB Restricted Mode bypass (CVE-2025-24200)](https://blog.quarkslab.com/first-analysis-of-apples-usb-restricted-mode-bypass-cve-2025-24200.html)[360XSS: Mass Website Exploitation via Virtual Tour Framework for SEO Poisoning](https://olegzay.com/360xss/)[Operation SalmonSlalom](https://ics-cert.kaspersky.com/publications/reports/2025/02/24/fatalrat-attacks-in-apac-backdoor-delivered-via-an-overly-long-infection-chain-to-chinese-speaking-targets/)[A Disney Worker Downloaded an AI Tool. It Led to a Hack That Ruined His Life](https://www.wsj.com/tech/cybersecurity/disney-employee-ai-tool-hacker-cyberattack-3700c931)[How hackers capture your solar panels and cause grid havoc](https://www.dw.com/en/how-hackers-capture-your-solar-panels-and-cause-grid-havoc/a-71593448)[Paragon Partition Manager contains five memory vulnerabilities within its BioNTdrv.sys driver that allow for privilege escalation and denial-of-service (DoS) attacks](https://www.kb.cert.org/vuls/id/726882)**Intelligence and Information Warfare**[Censorship as a Service -| Leak Reveals Public-Private Collaboration to Monitor Chinese Cyberspace](https://www.sentinelone.com/labs/censorship-as-a-service-leak-reveals-public-private-collaboration-to-monitor-chinese-cyberspace/)[EU sanctions North Korean tied to Lazarus group over involvement in Ukraine war](https://therecord.media/eu-sanctions-north-korea-ukraine-war-lazarus-group)[Disrupting malicious uses of our models: an update February 2025](https://cdn.openai.com/threat-intelligence-reports/disrupting-malicious-uses-of-our-models-february-2025-update.pdf)[Ghostwriter -| New Campaign Targets Ukrainian Government and Belarusian Opposition](https://www.sentinelone.com/labs/ghostwriter-new-campaign-targets-ukrainian-government-and-belarusian-opposition/)[Ghostwriter -| New Campaign Targets Ukrainian Government and Belarusian Opposition](https://www.sentinelone.com/labs/ghostwriter-new-campaign-targets-ukrainian-government-and-belarusian-opposition/)[Squidoor: Suspected Chinese Threat Actor’s Backdoor Targets Global Organizations](https://unit42.paloaltonetworks.com/advanced-backdoor-squidoor/)[Erudite Mogwai Uses Custom Stowaway to Stealthily Advance Online](https://rt-solar.ru/solar-4rays/blog/5261/)[Winos 4.0 Spreads via Impersonation of Official Email to Target Users in Taiwan](https://www.fortinet.com/blog/threat-research/winos-spreads-via-impersonation-of-official-email-to-target-users-in-taiwan)[Belgian prosecutor probes alleged Chinese hacking of intelligence service](https://www.reuters.com/world/belgian-prosecutor-probes-alleged-chinese-hacking-intelligence-service-2025-02-26/)[Exclusive: Hegseth orders Cyber Command to stand down on Russia planning](https://therecord.media/hegseth-orders-cyber-command-stand-down-russia-planning)**Cybersecurity**[Trump 2.0 Brings Cuts to Cyber, Consumer Protections](https://krebsonsecurity.com/2025/02/trump-2-0-brings-cuts-to-cyber-consumer-protections/)[Skybox Security shuts down, lays off 300 employees as Tufin acquires assets](https://www.calcalistech.com/ctechnews/article/s1wi4rc5yl)[CERT-EU’s Annual Threat Landscape Report 2024](https://cert.europa.eu/publications/threat-intelligence/tlr2024/pdf)[Serbia: Cellebrite halts product use in Serbia following Amnesty surveillance report](https://www.amnesty.org/en/latest/news/2025/02/cellebrite-halts-product-use-in-serbia-following-amnesty-surveillance-report/)[Geolocation data brokers: What they do and what happens when they leak](https://www.kaspersky.com/blog/geolocation-data-broker-leak/53050/)[ALIEN TXTBASE Data Leak: A Deep Analysis of the Breach](https://www.d3lab.net/alien-txtbase-data-leak-a-deep-analysis-of-the-breach/)[Signal Adopted by Swedish Armed Forces for Secure Communications](https://cyberinsider.com/swedish-armed-forces-adopt-signal-for-secure-communications/)[Defending America’s Cyber Defenders](https://www.linkedin.com/pulse/defending-americas-cyber-defenders-jen-easterly-hae2e/)[Meta is firing about 20 employees for leaking information](https://www.theverge.com/labor/621059/meta-fires-20-employee-leakers)[Meta’s undersea cable to be longer than the Earth is round](https://newatlas.com/telecommunications/meta-undersea-cable-be-longer-earth-round/)Follow me on Twitter: [**@securityaffairs**](https://twitter.com/securityaffairs) and [**Facebook**](https://www.facebook.com/sec.affairs) and [**Mastodon**](https://infosec.exchange/@securityaffairs)[**Pierluigi Paganini**](http://www.linkedin.com/pub/pierluigi-paganini/b/742/559)**(** [**SecurityAffairs**](http://securityaffairs.co/wordpress/)**–** **hacking, newsletter)**

Related Tags:
Playcrypt

Play

NAICS: 921 – Executive

Legislative

Other General Government Support

NAICS: 335 – Electrical Equipment

Appliance

Component Manufacturing

NAICS: 52 – Finance And Insurance

NAICS: 518 – Computing Infrastructure Providers

Data Processing

Web Hosting

Related Services

NAICS: 92 – Public Administration

NAICS: 339 – Miscellaneous Manufacturing

NAICS: 922 – Justice

Public Order

Safety Activities

Associated Indicators: