A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box.—————————————————————————————————————————————————–Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.[Symbolic Link trick lets attackers bypass FortiGate patches, Fortinet warns](https://securityaffairs.com/176473/hacking/symbolic-link-trick-lets-attackers-bypass-fortigate-patches-fortinet-warns.html) [Attackers are exploiting recently disclosed OttoKit WordPress plugin flaw](https://securityaffairs.com/176461/security/ottokit-wordpress-plugin-flaw-exploitation.html) [Laboratory Services Cooperative data breach impacts 1.6 Million People](https://securityaffairs.com/176451/data-breach/laboratory-services-cooperative-data-breach.html) [Palo Alto warns of brute-force login attempts on PAN-OS GlobalProtect gateways indicating possible upcoming attacks](https://securityaffairs.com/176446/hacking/brute-force-login-attempts-on-pan-os-globalprotect.html) [Gamaredon targeted the military mission of a Western country based in Ukraine](https://securityaffairs.com/176433/apt/gamaredon-targeted-the-military-mission-of-a-western-country-based-in-ukraine.html) [U.S. CISA adds Linux Kernel flaws to its Known Exploited Vulnerabilities catalog](https://securityaffairs.com/176427/hacking/u-s-cisa-adds-linux-kernel-flaws-to-its-known-exploited-vulnerabilities-catalog.html) [AkiraBot: AI-Powered spam bot evades CAPTCHA to target 80,000+ websites](https://securityaffairs.com/176415/cyber-crime/akirabot-ai-powered-spam-bot-evades-captcha-to-target-80000-websites.html) [An APT group exploited ESET flaw to execute malware](https://securityaffairs.com/176364/security/an-apt-group-exploited-eset-flaw-to-execute-malware.html) [Oracle confirms the hack of two obsolete servers hacked. No Oracle Cloud systems or customer data were affected](https://securityaffairs.com/176398/data-breach/oracle-confirms-the-hack-of-two-obsolete-servers-hacked-no-oracle-cloud-systems-or-customer-data-were-affected.html) [National Social Security Fund of Morocco Suffers Data Breach](https://securityaffairs.com/176388/security/national-social-security-fund-of-morocco-suffers-data-breach.html) [Critical Fortinet FortiSwitch flaw allows remote attackers to change admin passwords](https://securityaffairs.com/176380/security/fortinet-fortiswitch-flaw.html) [The US Treasury’s OCC disclosed an undetected major email breach for over a year](https://securityaffairs.com/176373/data-breach/the-us-treasurys-occ-disclosed-an-undetected-major-email-breach-for-over-a-year.html) [U.S. CISA adds Gladinet CentreStack and ZTA Microsoft Windows Common Log File System (CLFS) Driver flaws to its Known Exploited Vulnerabilities catalog](https://securityaffairs.com/176366/hacking/u-s-cisa-adds-gladinet-centrestack-and-zta-microsoft-windows-common-log-file-system-clfs-driver-flaws-to-its-known-exploited-vulnerabilities-catalog.html) [WhatsApp fixed a spoofing flaw that could enable Remote Code Execution](https://securityaffairs.com/176357/security/whatsapp-fixed-a-spoofing-flaw-that-could-enable-remote-code-execution.html) [Everest ransomware group’s Tor leak site offline after a defacement](https://securityaffairs.com/176345/cyber-crime/everest-ransomware-groups-tor-leak-site-offline-after-a-defacement.html) [Google fixed two actively exploited Android zero-days](https://securityaffairs.com/176337/hacking/google-fixed-two-actively-exploited-android-zero-days.html) [U.S. CISA adds Ivanti Connect Secure, Policy Secure and ZTA Gateways flaw to its Known Exploited Vulnerabilities catalog](https://securityaffairs.com/176332/security/u-s-cisa-adds-ivanti-connect-secure-policy-secure-and-zta-gateways-flaw-to-its-known-exploited-vulnerabilities-catalog-2.html) [A member of the Scattered Spider cybercrime group pleads guilty](https://securityaffairs.com/176323/cyber-crime/scattered-spider-cybercrime-group-member-pleaded-guilty.html) [The controversial case of the threat actor EncryptHub](https://securityaffairs.com/176251/cyber-crime/the-controversial-case-of-the-threat-actor-encrypthub.html) [PoisonSeed Campaign uses stolen email credentials to spread crypto seed scams and and empty wallets](https://securityaffairs.com/176317/cyber-crime/poisonseed-campaign-uses-stolen-email-credentials-to-spread-crypto-seed-scams-and-and-empty-wallets.html) [EDR-as-a-Service makes the headlines in the cybercrime landscape](https://securityaffairs.com/176266/cyber-crime/edr-as-a-service-edr-cybercrime.html) [Oracle privately notifies Cloud data breach to customers](https://securityaffairs.com/176278/data-breach/oracle-privately-notifies-cloud-data-breach-to-customers.html) [Expert used ChatGPT-4o to create a replica of his passport in just 5 minutes bypassing KYC](https://securityaffairs.com/176224/security/chatgpt-4o-to-create-a-replica-of-his-passport-in-just-five-minutes.html)**International Press — Newsletter****Cybercrime**[Unmasking EncryptHub: Help from ChatGPT -& OPSEC blunders](https://outpost24.com/blog/unmasking-encrypthub-chatgpt-partner-crime/)[PoisonSeed Campaign Targets CRM and Bulk Email Providers in Supply Chain Spam Operation](https://www.silentpush.com/blog/poisonseed/)[Palm Coast man linked to ‘Scattered Spider’ cybercrime gang pleads guilty to charges related to cryptocurrency theft](https://www.news4jax.com/news/local/2025/04/04/palm-coast-man-linked-to-scattered-spider-cybercrime-gang-pleads-guilty-to-charges-related-to-cryptocurrency-theft/)[Everest ransomware group’s darknet site offline following defacement](https://therecord.media/everest-ransomware-site-offline-following-defacement)[Food giant WK Kellogg discloses data breach linked to Clop ransomware](https://www.bleepingcomputer.com/news/security/food-giant-wk-kellogg-discloses-data-breach-linked-to-clop-ransomware/)[Cybercriminals Attacked National Social Security Fund of Morocco — Millions of Digital Identities at Risk of Data Breach](https://www.resecurity.com/blog/article/cybercriminals-attacked-national-social-security-fund-of-morocco-millions-of-digital-identities-at-risk-of-data-breach)[Operation Endgame follow-up leads to five detentions and interrogations as well as server takedowns](https://www.europol.europa.eu/media-press/newsroom/news/operation-endgame-follow-leads-to-five-detentions-and-interrogations-well-server-takedowns)[South African telecom provider serving 7.7 million confirms data leak following cyberattack](https://therecord.media/south-african-telecom-provider-discloses-data-breach-ransomware)**Malware**[Lazarus Expands Malicious npm Campaign: 11 New Packages Add Malware Loaders and Bitbucket Payloads](https://socket.dev/blog/lazarus-expands-malicious-npm-campaign-11-new-packages-add-malware-loaders-and-bitbucket)[BadBazaar: iOS and Android Surveillanceware by China’s APT15 Used to Target Tibetans and Uyghurs](https://www.lookout.com/threat-intelligence/article/badbazaar-surveillanceware-apt15)[Attackers distributing a miner and the ClipBanker Trojan via SourceForge](https://securelist.com/miner-clipbanker-sourceforge-campaign/116088/)[AkiraBot -| AI-Powered Bot Bypasses CAPTCHAs, Spams Websites At Scale](https://www.sentinelone.com/labs/akirabot-ai-powered-bot-bypasses-captchas-spams-websites-at-scale/)[Lookout Mobile Threat Landscape Report — 2024 in Review](https://www.lookout.com/threat-intelligence/report/2024-annual-mobile-threat-report)[Newly Registered Domains Distributing SpyNote Malware](https://dti.domaintools.com/newly-registered-domains-distributing-spynote-malware/)**Hacking**[NSA, CISA, FBI, and International Partners Release Cybersecurity Advisory on ‘Fast Flux,’ a National Security Threat](https://www.cisa.gov/news-events/alerts/2025/04/03/nsa-cisa-fbi-and-international-partners-release-cybersecurity-advisory-fast-flux-national-security)[Surge in Palo Alto Networks Scanner Activity Indicates Possible Upcoming Threats](https://www.greynoise.io/blog/surge-palo-alto-networks-scanner-activity)[Critical SureTriggers Plugin Vulnerability Exploited within 4 hours](https://patchstack.com/articles/critical-suretriggers-plugin-vulnerability-exploited-within-4-hours/)[Exploitation of CLFS zero-day leads to ransomware activity](https://www.microsoft.com/en-us/security/blog/2025/04/08/exploitation-of-clfs-zero-day-leads-to-ransomware-activity/)[Fortinet — Analysis of Threat Actor Activity](https://www.fortinet.com/blog/psirt-blogs/analysis-of-threat-actor-activity)**Intelligence and Information Warfare**[BeaverTail and Tropidoor Malware Distributed via Recruitment Emails](https://asec.ahnlab.com/en/87299/)[Hackers Spied on 100 US Bank Regulators’ Emails for Over a Year](https://www.bloomberg.com/news/articles/2025-04-08/hackers-spied-on-100-bank-regulators-emails-for-over-a-year)[How ToddyCat tried to hide behind AV software](https://securelist.com/toddycat-apt-exploits-vulnerability-in-eset-software-for-dll-proxying/116086/)[Court document reveals locations of WhatsApp victims targeted by NSO spyware](https://techcrunch.com/2025/04/09/court-document-reveals-locations-of-whatsapp-victims-targeted-by-nso-spyware/)[Shuckworm Targets Foreign Military Mission Based in Ukraine](https://www.security.com/threat-intelligence/shuckworm-ukraine-gammasteel)[Targeted espionage activity UAC-0226 against innovation centers, government and law enforcement agencies using the GIFTEDCROOK stealer](https://cert.gov.ua/article/6282946)[China Admitted to Volt Typhoon Cyberattacks on US Critical Infrastructure: Report](https://www.securityweek.com/china-admitted-to-us-that-it-conducted-volt-typhoon-attacks-report/)**Cybersecurity**[Alan Turing Institute: UK can’t handle a fight against AI-enabled crims](https://www.theregister.com/2025/04/04/nca_ati_ai_report/)[EU answer to Trump may involve data use by Big Tech, France says](https://fortune.com/2025/04/05/eu-retaliation-trump-tariffs-data-use-by-big-tech-environmental-regulation/)[Google fixes Android zero-days exploited in attacks, 60 other flaws](https://www.bleepingcomputer.com/news/security/google-fixes-android-zero-days-exploited-in-attacks-60-other-flaws/) [](https://www.securityweek.com/whatsapp-vulnerability-could-facilitate-remote-code-execution/)[WhatsApp Vulnerability Could Facilitate Remote Code Execution](https://www.securityweek.com/whatsapp-vulnerability-could-facilitate-remote-code-execution/)[Trump orders probe of former cybersecurity chief for declaring 2020 election secure](https://eu.usatoday.com/story/news/politics/2025/04/09/trump-orders-probe-krebs-2020-election/83016002007/)[Cybersecurity industry falls silent as Trump turns ire on SentinelOne](https://www.reuters.com/world/us/cybersecurity-industry-falls-silent-trump-turns-ire-sentinelone-2025-04-10/)[Cybersecurity Community Must Not Remain Silent On Executive Order Attacking Former CISA Director](https://www.eff.org/deeplinks/2025/04/cybersecurity-community-must-not-remain-silent-executive-order-attacking-former)[Ransomware attack cost IKEA operator in Eastern Europe $23 million](https://www.bleepingcomputer.com/news/security/ransomware-attack-cost-ikea-operator-in-eastern-europe-23-million/)[](https://www.theregister.com/2025/04/11/meta_senate_china/)[Ex-Meta exec tells Senate Zuck dangled US citizen data in bid to enter China](https://www.theregister.com/2025/04/11/meta_senate_china/)Follow me on Twitter: [**@securityaffairs**](https://twitter.com/securityaffairs) and [**Facebook**](https://www.facebook.com/sec.affairs) and [**Mastodon**](https://infosec.exchange/@securityaffairs)[**Pierluigi Paganini**](http://www.linkedin.com/pub/pierluigi-paganini/b/742/559)**(** [**SecurityAffairs**](http://securityaffairs.co/wordpress/)**–** **hacking, newsletter)**
Related Tags:
DEV-0391
UNC3236
Voltzite
Vanguard Panda
Nylon Typhoon
ToddyCat
Aqua Blizzard
Storm-0875
Octo Tempest
Associated Indicators: