A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box.—————————————————————————————————————————————————–Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.[African multinational telco giant MTN Group disclosed a data breach](https://securityaffairs.com/177037/security/african-multinational-telco-giant-mtn-disclosed-a-data-breach.html) [CEO of cybersecurity firm charged with installing malware on hospital systems](https://securityaffairs.com/177020/cyber-crime/ceo-of-cybersecurity-firm-charged-with-installing-malware-on-hospital-systems.html) [JPCERT warns of DslogdRAT malware deployed in Ivanti Connect Secure](https://securityaffairs.com/177002/malware/jpcert-warns-of-dslogdrat-malware-deployed-in-ivanti-connect-secure.html) [SAP NetWeaver zero-day allegedly exploited by an initial access broker](https://securityaffairs.com/176983/hacking/sap-netweaver-zero-day-allegedly-exploited-by-an-initial-access-broker.html) [Operation SyncHole: Lazarus APT targets supply chains in South Korea](https://securityaffairs.com/176964/apt/operation-synchole-lazarus-apt-targets-supply-chains-in-south-korea.html) [Interlock ransomware gang started leaking data allegedly stolen from leading kidney dialysis firm DaVita](https://securityaffairs.com/176946/cyber-crime/interlock-ransomware-gang-started-leaking-data-allegedly-stolen-from-leading-kidney-dialysis-firm-davita.html) [Yale New Haven Health (YNHHS) data breach impacted 5.5 million patients](https://securityaffairs.com/176937/data-breach/yale-new-haven-health-ynhhs-data-breach-impacted-5-5-million-patients.html) [Crooks exploit the death of Pope Francis](https://securityaffairs.com/176917/cyber-crime/crooks-exploit-the-death-of-pope-francis.html) [WhatsApp introduces Advanced Chat Privacy to protect sensitive communications](https://securityaffairs.com/176901/security/whatsapp-adds-advanced-chat-privacy-feature.html) [Android spyware hidden in mapping software targets Russian soldiers](https://securityaffairs.com/176886/malware/android-spyware-hidden-in-mapping-software-targets-russian-soldiers.html) [Crypto mining campaign targets Docker environments with new evasion technique](https://securityaffairs.com/176877/malware/crypto-mining-campaign-targets-docker-environments-with-new-evasion-technique.html) [The popular xrpl.js Ripple cryptocurrency library was compromised in a supply chain attack](https://securityaffairs.com/176844/hacking/the-xrpl-js-ripple-cryptocurrency-library-was-compromised-in-a-supply-chain-attack.html) [British retailer giant Marks -& Spencer (M-&S) is managing a cyber incident](https://securityaffairs.com/176820/hacking/marks-spencer-ms-is-managing-a-cyber-incident.html) [Chinese Cybercriminals Released Z-NFC Tool for Payment Fraud](https://securityaffairs.com/176829/cyber-crime/chinese-cybercriminals-released-z-nfc-tool-for-payment-fraud.html) [Millions of SK Telecom customers are potentially at risk following USIM data compromise](https://securityaffairs.com/176802/data-breach/sk-telecom-data-breach.html) [Abilene city, Texas, takes systems offline following a cyberattack](https://securityaffairs.com/176793/hacking/abilene-city-texas-takes-systems-offline-following-a-cyberattack.html) [Japan ‘s FSA warns of unauthorized trades via stolen credentials from fake security firms’ sites](https://securityaffairs.com/176776/hacking/japan-s-financial-services-agency-warns-of-unauthorized-trades.html) [Kimsuky APT exploited BlueKeep RDP flaw in attacks against South Korea and Japan](https://securityaffairs.com/176756/apt/kimsuky-apt-exploited-bluekeep-rdp-flaw-in-attacks-against-south-korea-and-japan.html) [New sophisticate malware SuperCard X targets Androids via NFC relay attacks](https://securityaffairs.com/176737/malware/supercard-x-a-new-sophisticate-malware-targets-androids-via-nfc-relay-attacks.html) [Russia-linked APT29 targets European diplomatic entities with GRAPELOADER malware](https://securityaffairs.com/176730/apt/russia-linked-apt29-targets-european-diplomatic-entities-with-grapeloader.html)**International Press — Newsletter****Cybercrime**[Hackers pounce on Pope’s death with scams](https://www.politico.eu/article/hackers-pounce-on-popes-death-with-scams/)[Damage caused by unauthorized access to and transactions on internet trading services is increasing sharply](https://www.fsa.go.jp/ordinary/chuui/chuui_phishing.html)[Southeast Asian cyber fraud industry at ‘inflection point’ as it expands globally](https://therecord.media/southeast-asia-cyber-fraud-at-inflection-point)[British retailer M-&S confirms being hit by ‘cyber incident’ amid store delays](https://therecord.media/british-retailer-MS-confirms-cyber-incident-store-delays)[Blue Shield of California Data Breach Impacts 4.7 Million People](https://www.securityweek.com/blue-shield-of-california-data-breach-impacts-4-7-million-people/)[NFC Fraud Wave: Evolution of Ghost Tap on the Dark Web](https://www.resecurity.com/blog/article/nfc-fraud-wave-evolution-of-ghost-tap-on-the-dark-web)[FBI says online scams raked in $16.6 billion last year](https://www-nbcnews-com.cdn.ampproject.org/c/s/www.nbcnews.com/news/amp/rcna202358)[Interlock ransomware claims DaVita attack, leaks stolen data](https://www.bleepingcomputer.com/news/security/interlock-ransomware-claims-davita-attack-leaks-stolen-data/)[Cyber Firm CEO Accused of Placing Malware on Hospital Device](https://www.bankinfosecurity.com/cyber-firm-ceo-accused-placing-malware-on-hospital-device-a-28063)[Ransomware Groups Evolve Affiliate Models](https://www.secureworks.com/blog/ransomware-groups-evolve-affiliate-models)[Introducing ToyMaker, an initial access broker working in cahoots with double extortion gangs](https://blog.talosintelligence.com/introducing-toymaker-an-initial-access-broker/)[AI-Enabled Darcula-Suite Makes Phishing Kits More Accessible, Easier to Deploy](https://www.netcraft.com/blog/ai-enabled-darcula-suite-makes-phishing-kits-more-accessible-easier-to-deploy/)**Malware**[XRP supply chain attack: Official NPM package infected with crypto stealing backdoor](https://www.aikido.dev/blog/xrp-supplychain-attack-official-npm-package-infected-with-crypto-stealing-backdoor)[SuperCard X: exposing a Chinese-speaker MaaS for NFC Relay fraud operation](https://www.cleafy.com/cleafy-labs/supercardx-exposing-chinese-speaker-maas-for-nfc-relay-fraud-operation)[New Rust Botnet ‘RustoBot’ is Routed via Routers](https://www.fortinet.com/blog/threat-research/new-rust-botnet-rustobot-is-routed-via-routers)[DslogdRAT Malware Installed in Ivanti Connect Secure](https://blogs.jpcert.or.jp/en/2025/04/dslogdrat.html)[Iran-Linked Hackers Target Israel with MURKYTOUR Malware via Fake Job Campaign](https://thehackernews.com/2025/04/iran-linked-hackers-target-israel-with.html)**Hacking**[Remote Exploitation of Nissan Leaf: Controlling Critical Body Elements from the Internet](https://i.blackhat.com/Asia-25/Asia-25-Evdokimov-Remote-Exploitation-of-Nissan-Leaf.pdf)[Obfuscation Overdrive: Next-Gen Cryptojacking with Layers](https://www.darktrace.com/blog/obfuscation-overdrive-next-gen-cryptojacking-with-layers)[ConfusedComposer: A Privilege Escalation Vulnerability Impacting GCP Composer](https://www.tenable.com/blog/confusedcomposer-a-privilege-escalation-vulnerability-impacting-gcp-composer)[ReliaQuest Uncovers New Critical Vulnerability in SAP NetWeaver](https://reliaquest.com/blog/threat-spotlight-reliaquest-uncovers-vulnerability-behind-sap-netweaver-compromise/)[Novel Universal Bypass for All Major LLMs](https://hiddenlayer.com/innovation-hub/novel-universal-bypass-for-all-major-llms/)[Fake Security Vulnerability Phishing Campaign Targets WooCommerce Users](https://patchstack.com/articles/fake-security-vulnerability-phishing-campaign-targets-woocommerce-users/)[Craft CMS RCE exploit chain used in zero-day attacks to steal data](https://www.bleepingcomputer.com/news/security/craft-cms-rce-exploit-chain-used-in-zero-day-attacks-to-steal-data/)**Intelligence and Information Warfare**[APT Group Profiles — Larva-24005](https://asec.ahnlab.com/en/87554/)[Whistleblower: DOGE Siphoned NLRB Case Data](https://krebsonsecurity.com/2025/04/whistleblower-doge-siphoned-nlrb-case-data/)[Android spyware trojan targets Russian military personnel who use Alpine Quest mapping software](https://news.drweb.com/show/?i=15006&lng=en)[Phishing for Codes: Russian Threat Actors Target Microsoft 365 OAuth Workflows](https://www.volexity.com/blog/2025/04/22/phishing-for-codes-russian-threat-actors-target-microsoft-365-oauth-workflows/)[Inside Gamaredon’s PteroLNK: Dead Drop Resolvers and evasive Infrastructure](https://harfanglab.io/insidethelab/gamaredons-pterolnk-analysis/)[DPRK Hackers Steal $137M from TRON Users in Single-Day Phishing Attack](https://thehackernews.com/2025/04/dprk-hackers-steal-137m-from-tron-users.html)[Operation SyncHole: Lazarus APT goes back to the well](https://securelist.com/operation-synchole-watering-hole-attacks-by-lazarus/116326/)[FBI seeks help to unmask Salt Typhoon hackers behind telecom breaches](https://www.bleepingcomputer.com/news/security/fbi-seeks-help-to-unmask-salt-typhoon-hackers-behind-telecom-breaches/)[North Korean Hackers Spread Malware via Fake Crypto Firms and Job Interview Lures](https://thehackernews.com/2025/04/north-korean-hackers-spread-malware-via.html)**Cybersecurity**[SK Telecom warns customer USIM data exposed in malware attack](https://www.bleepingcomputer.com/news/security/sk-telecom-warns-customer-usim-data-exposed-in-malware-attack/)[Adversarial machine learning is cybersecurity’s new frontier](https://www.linkedin.com/pulse/adversarial-machine-learning-cybersecuritys-new-luca-sambucci-qjg9f/)[Introducing Advanced Chat Privacy: Enhanced Protection for Your Most Sensitive Conversations](https://blog.whatsapp.com/introducing-advanced-chat-privacy)[Microsoft Defender XDR False Positive Leads to Massive Data Leak of 1,700+ Sensitive Documents](https://cybersecuritynews.com/microsoft-defender-xdr-false-positive-leads-to-massive-data-leak/#google_vignette)[What Are We Really Securing?](https://www.linkedin.com/pulse/what-we-really-securing-jen-easterly-auyae/)[Understanding the threat landscape for Kubernetes and containerized assets](https://www.microsoft.com/en-us/security/blog/2025/04/23/understanding-the-threat-landscape-for-kubernetes-and-containerized-assets/)[Employee monitoring app leaks 21 million screenshots in real time](https://cybernews.com/security/employee-monitoring-app-leaks-millions-screenshots/)[Mobile provider MTN says cyberattack compromised customer data](https://www.bleepingcomputer.com/news/security/mobile-provider-mtn-says-cyberattack-compromised-customer-data/)Follow me on Twitter: [@securityaffairs](https://twitter.com/securityaffairs) and [Facebook](https://www.facebook.com/sec.affairs) and [Mastodon](https://infosec.exchange/@securityaffairs)[Pierluigi Paganini](http://www.linkedin.com/pub/pierluigi-paganini/b/742/559)([SecurityAffairs](http://securityaffairs.co/wordpress/) — hacking, newsletter)
Related Tags:
TA427
Emerald Sleet
Midnight Blizzard
NAICS: 521 – Monetary Authorities-central Bank
NAICS: 524 – Insurance Carriers And Related Activities
NAICS: 44 – Retail Trade – Auto
Food
Home
NAICS: 921 – Executive
Legislative
Other General Government Support
NAICS: 54 – Professional
Scientific
Technical Services
NAICS: 513 – Publishing Industries
Associated Indicators: