A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box.—————————————————————————————————————————————————–Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.[Attackers exploited SonicWall SMA appliances since January 2025](https://securityaffairs.com/176706/security/attackers-exploited-sonicwall-sma-appliances-since-january-2025.html) [ASUS routers with AiCloud vulnerable to auth bypass exploit](https://securityaffairs.com/176697/security/asus-warns-of-a-router-authentication-bypass-flaw.html) [U.S. CISA adds Apple products and Microsoft Windows NTLM flaws to its Known Exploited Vulnerabilities catalog](https://securityaffairs.com/176687/hacking/u-s-cisa-adds-apple-products-and-microsoft-windows-ntlm-flaws-to-its-known-exploited-vulnerabilities-catalog.html) [Entertainment venue management firm Legends International disclosed a data breach](https://securityaffairs.com/176674/data-breach/legends-international-disclosed-a-data-breach.html) [China-linked APT Mustang Panda upgrades tools in its arsenal](https://securityaffairs.com/176662/apt/china-linked-apt-mustang-panda-upgrades-tools-in-its-arsenal.html) [Node.js malvertising campaign targets crypto users](https://securityaffairs.com/176651/hacking/node-js-malvertising-campaign-targets-crypto-users.html) [Apple released emergency updates for actively exploited flaws](https://securityaffairs.com/176644/security/apple-emergency-updates-actively-exploited-ios-ipados-macos-bugs.html) [U.S. CISA adds SonicWall SMA100 Appliance flaw to its Known Exploited Vulnerabilities catalog](https://securityaffairs.com/176630/hacking/u-s-cisa-adds-sonicwall-sma100-appliance-flaw-to-its-known-exploited-vulnerabilities-catalog.html) [CISA’s 11-Month extension ensures continuity of MITRE’s CVE Program](https://securityaffairs.com/176608/security/cisas-11-month-extension-ensures-continuity-of-mitres-cve-program.html) [Chinese Android phones shipped with malware-laced WhatsApp, Telegram apps](https://securityaffairs.com/176600/malware/chinese-android-phones-shipped-with-malware-laced-whatsapp-telegram-apps.html) [Cyber Threats Against Energy Sector Surge as Global Tensions Mount](https://securityaffairs.com/176591/hacking/cyber-threats-against-energy-sector-surge-as-global-tensions-mount.html) [Government contractor Conduent disclosed a data breach](https://securityaffairs.com/176581/data-breach/government-contractor-conduent-disclosed-a-data-breach.html) [Critical Apache Roller flaw allows to retain unauthorized access even after a password change](https://securityaffairs.com/176577/security/critical-apache-roller-flaw-allows-to-retain-unauthorized-access-even-after-a-password-change.html) [Meta will use public EU user data to train its AI models](https://securityaffairs.com/176569/digital-id/meta-will-use-public-eu-user-data-to-train-its-ai-models.html) [Hertz disclosed a data breach following 2024 Cleo zero-day attack](https://securityaffairs.com/176562/data-breach/hertz-disclosed-a-data-breach-following-2024-cleo-zero-day-attack.html) [Gladinet flaw CVE-2025-30406 actively exploited in the wild](https://securityaffairs.com/176552/hacking/gladinet-flaw-cve-2025-30406-actively-exploited-in-the-wild.html) [New malware ‘ResolverRAT’ targets healthcare, pharmaceutical firms](https://securityaffairs.com/176537/malware/new-malware-resolverrat-targets-healthcare-pharmaceutical-firms.html) [Security](https://securityaffairs.com/176530/security/malicious-npm-packages-to-steal-paypal-credentials.html) [Malicious NPM packages target PayPal users](https://securityaffairs.com/176530/security/malicious-npm-packages-to-steal-paypal-credentials.html) [Tycoon2FA phishing kit rolled out significant updates](https://securityaffairs.com/176521/cyber-crime/tycoon2fa-phishing-kit-rolled-out-significant-updates.html) [South African telecom provider Cell C disclosed a data breach following a cyberattack](https://securityaffairs.com/176509/data-breach/south-african-telecom-provider-cell-c-disclosed-a-data-breach.html) [China admitted its role in Volt Typhoon cyberattacks on U.S. infrastructure](https://securityaffairs.com/176485/apt/china-admitted-its-role-in-volt-typhoon-cyberattacks-on-u-s-infrastructure.html)**International Press — Newsletter****Cybercrime**[Pixel-Perfect Trap: The Surge of SVG-Borne Phishing Attacks](https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/pixel-perfect-trap-the-surge-of-svg-borne-phishing-attacks/)[Threat actors misuse Node.js to deliver malware and other malicious payloads](https://www.microsoft.com/en-us/security/blog/2025/04/15/threat-actors-misuse-node-js-to-deliver-malware-and-other-malicious-payloads/)[Byte Bandits: How Fake PDF Converters Are Stealing More Than Just Your Documents](https://www.cloudsek.com/blog/byte-bandits-how-fake-pdf-converters-are-stealing-more-than-just-your-documents)[Man Helped Chinese Nationals Get Jobs Involving Sensitive US Government Projects](https://www.securityweek.com/man-helped-chinese-nationals-get-jobs-involving-sensitive-us-government-projects/)[Unmasking the new XorDDoS controller and infrastructure](https://blog.talosintelligence.com/unmasking-the-new-xorddos-controller-and-infrastructure/)**Malware**[Malicious NPM Packages Targeting PayPal Users](https://www.fortinet.com/blog/threat-research/malicious-npm-packages-targeting-paypal-users)[New Malware Variant Identified: ResolverRAT Enters the Maze](https://www.morphisec.com/blog/new-malware-variant-identified-resolverrat-enters-the-maze/)[Nice chatting with you: what connects cheap Android smartphones, WhatsApp and cryptocurrency theft?](https://news.drweb.com/show/)[BPFDoor’s Hidden Controller Used Against Asia, Middle East Targets](https://www.trendmicro.com/en_us/research/25/d/bpfdoor-hidden-controller.html)[Gorilla, a newly discovered Android malware](https://catalyst.prodaft.com/public/report/gorilla/overview)[Cascading Shadows: An Attack Chain Approach to Avoid Detection and Complicate Analysis](https://unit42.paloaltonetworks.com/phishing-campaign-with-complex-attack-chain/)[IronHusky updates the forgotten MysterySnail RAT to target Russia and Mongolia](https://securelist.com/mysterysnail-new-version/116226/)-*-*-*-* [Unmasking the new XorDDoS controller and infrastructure](https://blog.talosintelligence.com/unmasking-the-new-xorddos-controller-and-infrastructure/)-*-*-*-*-* [Byte Bandits: How Fake PDF Converters Are Stealing More Than Just Your Documents](https://www.cloudsek.com/blog/byte-bandits-how-fake-pdf-converters-are-stealing-more-than-just-your-documents)-*-*-*-*-*-*[Renewed APT29 Phishing Campaign Against European Diplomats](https://research.checkpoint.com/2025/apt29-phishing-campaign/)-*-*-*-* [Goodbye HTA, Hello MSI: New TTPs and Clusters of an APT driven by Multi-Platform Attacks](https://www.seqrite.com/blog/goodbye-hta-hello-msi-new-ttps-and-clusters-of-an-apt-driven-by-multi-platform-attacks/)-*-*-*-*-*-*[Slow Pisces Targets Developers With Coding Challenges and Introduces New Customized Python Malware](https://unit42.paloaltonetworks.com/slow-pisces-new-custom-malware/)-*-*-*-*-* [Threat actors misuse Node.js to deliver malware and other malicious payloads](https://www.microsoft.com/en-us/security/blog/2025/04/15/threat-actors-misuse-node-js-to-deliver-malware-and-other-malicious-payloads/)-*-*-*-* [Latest Mustang Panda Arsenal: ToneShell and StarProxy -| P1](https://www.zscaler.com/blogs/security-research/latest-mustang-panda-arsenal-toneshell-and-starproxy-p1)-*-*-*-* [Latest Mustang Panda Arsenal: PAKLOG, CorKLOG, and SplatCloak -| P2](https://www.zscaler.com/blogs/security-research/latest-mustang-panda-arsenal-paklog-corklog-and-splatcloak-p2)-*-*-*-*-* [Around the World in 90 Days: State-Sponsored Actors Try ClickFix](https://www.proofpoint.com/us/blog/threat-insight/around-world-90-days-state-sponsored-actors-try-clickfix)[Large Language Model (LLM) for Software Security: Code Analysis, Malware Analysis, Reverse Engineering](https://arxiv.org/abs/2504.07137)[Malware analysis assisted by AI with R2AI](https://arxiv.org/abs/2504.07574)[A Machine Learning-Based Ransomware Detection Method for Attackers’ Neutralization Techniques Using Format-Preserving Encryption](https://www.mdpi.com/1424-8220/25/8/2406)[AOAFS: A Malware Detection System Using an Improved Arithmetic Optimization Algorithm](https://www.mdpi.com/2227-7080/13/4/145)**Hacking**[Tycoon2FA New Evasion Technique for 2025](https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/tycoon2fa-new-evasion-technique-for-2025/)[CVE-2025-30406 — Critical Gladinet CentreStack -& Triofox Vulnerability Exploited In The Wild](https://www.huntress.com/blog/cve-2025-30406-critical-gladinet-centrestack-triofox-vulnerability-exploited-in-the-wild)[Aiding reverse engineering with Rust and a local LLM](https://security.humanativaspa.it/aiding-reverse-engineering-with-rust-and-a-local-llm/)[Apple fixes two zero-days exploited in targeted iPhone attacks](https://www.bleepingcomputer.com/news/security/apple-fixes-two-zero-days-exploited-in-targeted-iphone-attacks/)[Task Scheduler– New Vulnerabilities for schtasks.exe](https://cymulate.com/blog/task-scheduler-new-vulnerabilities-for-schtasks-exe/)[Over 16,000 Fortinet devices compromised with symlink backdoor](https://www.bleepingcomputer.com/news/security/over-16-000-fortinet-devices-compromised-with-symlink-backdoor/)[Notorious image board 4chan hacked and internal data leaked](https://techcrunch.com/2025/04/15/notorious-image-board-4chan-hacked-and-internal-data-leaked/)[Around the World in 90 Days: State-Sponsored Actors Try ClickFix](https://www.proofpoint.com/us/blog/threat-insight/around-world-90-days-state-sponsored-actors-try-clickfix)[CVE-2025-24054, NTLM Exploit in the Wild](https://research.checkpoint.com/2025/cve-2025-24054-ntlm-exploit-in-the-wild/)[Credential Access Campaign Targeting SonicWall SMA Devices Potentially Linked to Exploitation of CVE-2021-20035](https://arcticwolf.com/resources/blog/credential-access-campaign-targeting-sonicwall-sma-devices-potentially-linked-to-exploitation-of-cve-2021-20035/)**Intelligence and Information Warfare**[Goodbye HTA, Hello MSI: New TTPs and Clusters of an APT driven by Multi-Platform Attacks](https://www.seqrite.com/blog/goodbye-hta-hello-msi-new-ttps-and-clusters-of-an-apt-driven-by-multi-platform-attacks/)[Taiwan charges Chinese ship captain with breaking subsea cables](https://therecord.media/taiwan-charges-ship-captain-submarine-cable-break)[Slow Pisces Targets Developers With Coding Challenges and Introduces New Customized Python Malware](https://unit42.paloaltonetworks.com/slow-pisces-new-custom-malware/)[Renewed APT29 Phishing Campaign Against European Diplomats](https://research.checkpoint.com/2025/apt29-phishing-campaign/)[NSO lawyer names Mexico, Saudi Arabia, and Uzbekistan as spyware customers accused of 2019 WhatsApp hacks](https://techcrunch.com/2025/04/16/nso-lawyer-names-mexico-saudi-arabia-and-uzbekistan-as-spyware-customers-accused-of-2019-whatsapp-hacks/)[Gamaredon: The Turncoat Spies Relentlessly Hacking Ukraine](https://www.wired.com/story/gamaredon-turncoat-spies-hacking-ukraine/)[Latest Mustang Panda Arsenal: ToneShell and StarProxy -| P1](https://www.zscaler.com/blogs/security-research/latest-mustang-panda-arsenal-toneshell-and-starproxy-p1)[Latest Mustang Panda Arsenal: PAKLOG, CorKLOG, and SplatCloak -| P2](https://www.zscaler.com/blogs/security-research/latest-mustang-panda-arsenal-paklog-corklog-and-splatcloak-p2)**Cybersecurity**[Making AI Work Harder for Europeans](https://about.fb.com/news/2025/04/making-ai-work-harder-for-europeans/)[Govtech giant Conduent confirms client data stolen in January cyberattack](https://www.bleepingcomputer.com/news/security/govtech-giant-conduent-confirms-client-data-stolen-in-january-cyberattack/)[CISA extends CVE program contract with MITRE for 11 months amid alarm over potential lapse](https://therecord.media/cisa-extends-cve-program-contract-with-mitre)[Google adds Android auto-reboot to block forensic data extractions](https://www.bleepingcomputer.com/news/security/google-adds-android-auto-reboot-to-block-forensic-data-extractions/)[Pentagon’s ‘SWAT team of nerds’ resigns en masse](https://www.politico.com/news/2025/04/15/pentagons-digital-resignations-00290930)Follow me on Twitter: **[@securityaffairs](https://twitter.com/securityaffairs) and [Facebook](https://www.facebook.com/sec.affairs) and [Mastodon](https://infosec.exchange/@securityaffairs)**[Pierluigi Paganini](http://www.linkedin.com/pub/pierluigi-paganini/b/742/559)([SecurityAffairs](http://securityaffairs.co/wordpress/) — hacking, newsletter)
Related Tags:
CVE-2025-30406
CVE-2025-24054
Insidious Taurus
DEV-0391
UNC3236
Voltzite
Vanguard Panda
Midnight Blizzard
NAICS: 483 – Water Transportation
Associated Indicators: