A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box.—————————————————————————————————————————————————–Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.[U.S. Treasury removed sanctions against the crypto mixer service Tornado Cash](https://securityaffairs.com/175718/security/u-s-treasury-removed-sanctions-tornado-cash.html) [Zero-day broker Operation Zero offers up to $4 million for Telegram exploits](https://securityaffairs.com/175709/hacking/operation-zero-offers-4m-for-telegram-exploits.html) [RansomHub affiliate uses custom backdoor Betruger](https://securityaffairs.com/175701/cyber-crime/ransomhub-affiliate-uses-custom-backdoor-betruger.html) [Cisco Smart Licensing Utility flaws actively exploited in the wild](https://securityaffairs.com/175692/security/cisco-smart-licensing-utility-flaws-actively-exploited-in-the-wild.html) [Pennsylvania State Education Association data breach impacts 500,000 individuals](https://securityaffairs.com/175681/data-breach/pennsylvania-state-education-association-data-breach.html) [Veeam fixed critical Backup -& Replication flaw CVE-2025-23120](https://securityaffairs.com/175674/slider/veeam-critical-backup-replication-vulnerability.html) [U.S. CISA adds Edimax IC-7100 IP Camera, NAKIVO, and SAP NetWeaver AS Java flaws to its Known Exploited Vulnerabilities catalog](https://securityaffairs.com/175663/security/u-s-cisa-adds-edimax-ic-7100-ip-camera-nakivo-and-sap-netweaver-as-java-flaws-to-its-known-exploited-vulnerabilities-catalog.html) [CERT-UA warns of cyber espionage against the Ukrainian defense industry using Dark Crystal RAT](https://securityaffairs.com/175642/hacking/cert-ua-warns-ukrainian-defense-industry-dark-crystal-rat.html) [WhatsApp fixed zero-day flaw used to deploy Paragon Graphite spyware](https://securityaffairs.com/175629/security/whatsapp-fixed-zero-day-flaw-used-to-deploy-paragon-graphite-spyware-spyware.html) [California Cryobank, the largest US sperm bank, disclosed a data breach](https://securityaffairs.com/175602/breaking-news/california-cryobank-the-largest-us-sperm-bank-disclosed-a-data-breach.html) [Rules File Backdoor: AI Code Editors exploited for silent supply chain attacks](https://securityaffairs.com/175593/hacking/rules-file-backdoor-ai-code-editors-silent-supply-chain-attacks.html) [U.S. CISA adds Fortinet FortiOS/FortiProxy and GitHub Action flaws to its Known Exploited Vulnerabilities catalog](https://securityaffairs.com/175583/security/u-s-cisa-adds-fortinet-fortios-fortiproxy-and-github-action-flaws-to-its-known-exploited-vulnerabilities-catalog.html) [Nation-state actors and cybercrime gangs abuse malicious .lnk files for espionage and data theft](https://securityaffairs.com/175569/apt/nation-state-actors-and-cybercrime-gangs-abuse-malicious-lnk-files-for-espionage-and-data-theft.html) [ChatGPT SSRF bug quickly becomes a favorite attack vector](https://securityaffairs.com/175560/hacking/chatgpt-ssrf-bug-quickly-becomes-a-favorite-attack-vector.html) [GitHub Action tj-actions/changed-files was compromised in supply chain attack](https://securityaffairs.com/175547/hacking/github-action-tj-actions-changed-files-was-compromised.html) [New StilachiRAT uses sophisticated techniques to avoid detection](https://securityaffairs.com/175530/malware/stilachirat-uses-sophisticated-techniques-to-avoid-detection.html) [Threat actors rapidly exploit new Apache Tomcat flaw following PoC release](https://securityaffairs.com/175522/security/threat-actors-rapidly-exploit-new-apache-tomcat-flaw-following-poc-release.html) [Attackers use CSS to create evasive phishing messages](https://securityaffairs.com/175512/security/attackers-use-css-to-create-evasive-phishing-messages.html) [Researcher releases free GPU-Based decryptor for Linux Akira ransomware](https://securityaffairs.com/175494/malware/free-decryptor-linux-akira-ransomware-brute-force.html) [Denmark warns of increased state-sponsored campaigns targeting the European telcos](https://securityaffairs.com/175479/intelligence/denmark-warns-of-increased-state-sponsored-campaigns-targeting-the-european-telcos.html) [A ransomware attack hit the Micronesian state of Yap, causing the health system network to go down.](https://securityaffairs.com/175445/cyber-crime/a-ransomware-attack-hit-the-micronesian-state-of-yap.html)**International Press — Newsletter****Cybercrime**[Blockchain gaming platform WEMIX hacked to steal $6.1 million](https://www.bleepingcomputer.com/news/security/blockchain-gaming-platform-wemix-hacked-to-steal-61-million/)[Babuk2 Ransomware: Extortion Attempts Based on False Claims](https://www.halcyon.ai/blog/babuk2-ransomware-extortion-attempts-based-on-false-claims)[Western Alliance Bank notifies 21,899 customers of data breach](https://www.bleepingcomputer.com/news/security/western-alliance-bank-notifies-21-899-customers-of-data-breach/)[Cybercriminals Exploit Checkpoint’s Driver in a BYOVD Attack!](https://venaksecurity.com/2025/03/20/cybercriminals-exploit-checkpoints-driver-in-a-byovd-attack/)[Tornado Cash Delisting](https://home.treasury.gov/news/press-releases/sb0057)[LayerX Labs Identifies New Phishing Campaign Targeted at Mac Users](https://layerxsecurity.com/blog/layerx-identifies-new-phishing-campaign-targeted-at-mac-users/)**Malware**[Jaguar Land Rover Breached by HELLCAT Ransomware Group Using Its Infostealer Playbook—Then a Second Hacker Strikes](https://www.infostealers.com/article/jaguar-land-rover-breached-by-hellcat-ransomware-using-its-infostealer-playbook-then-a-second-hacker-strikes/)[ClearFake’s New Widespread Variant: Increased Web3 Exploitation for Malware Delivery](https://blog.sekoia.io/clearfakes-new-widespread-variant-increased-web3-exploitation-for-malware-delivery/)[StilachiRAT analysis: From system reconnaissance to cryptocurrency theft](https://www.microsoft.com/en-us/security/blog/2025/03/17/stilachirat-analysis-from-system-reconnaissance-to-cryptocurrency-theft/)[Arcane stealer: We want all your data](https://securelist.com/arcane-stealer/115919/)[Shedding light on the ABYSSWORKER driver](https://www.elastic.co/security-labs/abyssworker)[RansomHub: Attackers Leverage New Custom Backdoor](https://www.security.com/threat-intelligence/ransomhub-betruger-backdoor)**Hacking**[Decrypting Encrypted files from Akira Ransomware (Linux/ESXI variant 2024) using a bunch of GPUs](https://tinyhack.com/2025/03/13/decrypting-encrypted-files-from-akira-ransomware-linux-esxi-variant-2024-using-a-bunch-of-gpus/)[Abusing with style: Leveraging cascading style sheets for evasion and tracking](https://blog.talosintelligence.com/css-abuse-for-evasion-and-tracking/)[One PUT Request to Own Tomcat: CVE-2025-24813 RCE is in the Wild](https://lab.wallarm.com/one-put-request-to-own-tomcat-cve-2025-24813-rce-is-in-the-wild/)[Harden-Runner detection: tj-actions/changed-files action is compromised](https://www.stepsecurity.io/blog/harden-runner-detection-tj-actions-changed-files-action-is-compromised)[ZDI-CAN-25373: Windows Shortcut Exploit Abused as Zero-Day in Widespread APT Campaigns](https://www.trendmicro.com/en_us/research/25/c/windows-shortcut-zero-day-exploit.html)[New Vulnerability in GitHub Copilot and Cursor: How Hackers Can Weaponize Code Agents](https://www.pillar.security/blog/new-vulnerability-in-github-copilot-and-cursor-how-hackers-can-weaponize-code-agents)[By Executive Order, We Are Banning Blacklists — Domain-Level RCE in Veeam Backup -& Replication (CVE-2025-23120)](https://labs.watchtowr.com/by-executive-order-we-are-banning-blacklists-domain-level-rce-in-veeam-backup-replication-cve-2025-23120/)[Technical Advisory: Mass Exploitation of CVE-2024-4577](https://www.bitdefender.com/en-us/blog/businessinsights/technical-advisory-update-mass-exploitation-cve-2024-4577)[Exploit Attempts for Cisco Smart Licensing Utility CVE-2024-20439 and CVE-2024-20440](https://isc.sans.edu/forums/diary/Exploit+Attempts+for+Cisco+Smart+Licensing+Utility+CVE202420439+and+CVE202420440/31782/)**Intelligence and Information Warfare**[The cyber threat to the telecommunications sector](https://www.cfcs.dk/da/cybertruslen/trusselsvurderinger/tele/)[Ukraine seeks to bolster offensive cyber capabilities amid rising threats from Russia](https://therecord.media/ukraine-russia-cyber-offensive-bolster)[Russia, China Hitting West With ‘Massive Digital Arsenals’: EU](https://www.barrons.com/news/russia-china-hitting-west-with-massive-digital-arsenals-eu-3c25ab40)[UAC-0200: Espionage against the defense-industrial complex using DarkCrystal RAT (CERT-UA#14045)](https://cert.gov.ua/article/6282737)[Head Mare and Twelve join forces to attack Russian entities](https://securelist.com/head-mare-twelve-collaboration/115887/)[Operation FishMedley](https://www.welivesecurity.com/en/eset-research/operation-fishmedley/)[UAT-5918 targets critical infrastructure entities in Taiwan](https://blog.talosintelligence.com/uat-5918-targets-critical-infra-in-taiwan/) [](https://therecord.media/ontario-police-citizen-lab-spyware-report)[Canadian provincial police appear to be using advanced commercial spyware](https://therecord.media/ontario-police-citizen-lab-spyware-report)[Ukraine’s IT Army keeps up attacks on Russia despite waning media hype](https://therecord.media/it-army-keeps-up-attacks-on-russia-ukraine)[North Korea launches new unit with a focus on AI hacking, per report](https://techcrunch.com/2025/03/20/north-korea-launches-new-unit-with-a-focus-on-ai-hacking-per-report/)[Musk’s X suspends opposition accounts in Turkey amid civil unrest](https://www.politico.eu/article/musks-x-suspends-opposition-accounts-turkey-protest-civil-unrest-erdogan-imamoglu-istanbul-mayor/)[UAT-5918 targets critical infrastructure entities in Taiwan](https://blog.talosintelligence.com/uat-5918-targets-critical-infra-in-taiwan/)**Cybersecurity**[The Rise and Fall of Terrorgram: Inside a Global Online Hate Network](https://www.propublica.org/article/rise-and-fall-terrorgram-inside-global-online-hate-network-frontline-telegram)[OpenAI Says It’s ‘Over’ If It Can’t Steal All Your Copyrighted Work](https://futurism.com/openai-over-copyrighted-work)[](https://www.securityweek.com/nist-announces-hqc-as-fifth-standardized-post-quantum-algorithm/)[NIST Announces HQC as Fifth Standardized Post Quantum Algorithm](https://www.securityweek.com/nist-announces-hqc-as-fifth-standardized-post-quantum-algorithm/)[WhatsApp patched zero-click flaw exploited in Paragon spyware attacks](https://www.bleepingcomputer.com/news/security/whatsapp-patched-zero-day-flaw-used-in-paragon-spyware-attacks/)[Russian zero-day seller is offering up to $4 million for Telegram exploits](https://techcrunch.com/2025/03/21/russian-zero-day-seller-is-offering-up-to-4-million-for-telegram-exploits/)[Federal judge blocks DOGE’s access to Social Security Administration’s banks of personal information](https://techcrunch.com/2025/03/20/federal-judge-blocks-doges-access-to-social-security-administrations-banks-of-personal-information/)Follow me on Twitter: [**@securityaffairs**](https://twitter.com/securityaffairs) and [**Facebook**](https://www.facebook.com/sec.affairs) and [**Mastodon**](https://infosec.exchange/@securityaffairs)[**Pierluigi Paganini**](http://www.linkedin.com/pub/pierluigi-paganini/b/742/559)**(** [**SecurityAffairs**](http://securityaffairs.co/wordpress/)**–** **hacking, newsletter)**
Related Tags:
CVE-2025-24813
CVE-2024-20439
CVE-2024-20440
GOLD SAHARA
Akira
PUNK SPIDER
CVE-2024-4577
NAICS: 921 – Executive
Legislative
Other General Government Support
NAICS: 61 – Educational Services
Associated Indicators: