A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box.—————————————————————————————————————————————————–Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.[Ascension reveals personal data of 437,329 patients exposed in cyberattack](https://securityaffairs.com/177676/data-breach/ascension-reveals-personal-data-of-437329-patients-exposed-in-cyberattack.html) [Operation Moonlander dismantled the botnet behind Anyproxy and 5socks cybercriminals services](https://securityaffairs.com/177664/malware/operation-moonlander-dismantled-the-botnet-behind-anyproxy-and-5socks-cybercriminals-services.html) [A cyber attack briefly disrupted South African Airways operations](https://securityaffairs.com/177656/hacking/a-cyber-attack-briefly-disrupted-south-african-airways-operations.html) [Cybercriminal services target end-of-life routers, FBI warns](https://securityaffairs.com/177648/cyber-crime/malware-targets-end-of-life-routers.html) [Russia-linked ColdRiver used LostKeys malware in recent attacks](https://securityaffairs.com/177638/apt/russia-linked-coldriver-used-lostkeys-malware-in-recent-attacks.html) [SonicWall fixed SMA 100 flaws that could be chained to execute arbitrary code](https://securityaffairs.com/177626/hacking/sonicwall-fixed-sma-100-flaws-that-could-be-chained-to-execute-arbitrary-code.html) [The LockBit ransomware site was breached, database dump was leaked online](https://securityaffairs.com/177619/cyber-crime/the-lockbit-ransomware-site-was-breached-database-dump-was-leaked-online.html) [Cisco fixed a critical flaw in its IOS XE Wireless Controller](https://securityaffairs.com/177609/security/cisco-fixed-a-critical-flaw-in-its-ios-xe-wireless-controller.html) [U.S. CISA adds GoVision device flaws to its Known Exploited Vulnerabilities catalog](https://securityaffairs.com/177599/security/u-s-cisa-adds-govision-device-flaws-to-its-known-exploited-vulnerabilities-catalog.html) [Polish authorities arrested 4 people behind DDoS-for-hire platforms](https://securityaffairs.com/177590/cyber-crime/polish-police-arrested-4-people-behind-ddos-for-hire-platforms.html) [Play ransomware affiliate leveraged zero-day to deploy malware](https://securityaffairs.com/177573/cyber-crime/play-ransomware-affiliate-leveraged-zero-day-to-deploy-malware.html) [Canary Exploit tool allows to find servers affected by Apache Parquet flaw](https://securityaffairs.com/177565/security/canary-exploit-tool-allows-to-find-servers-affected-by-apache-parquet-flaw.html) [Unsophisticated cyber actors are targeting the U.S. Energy sector](https://securityaffairs.com/177551/security/unsophisticated-cyber-actors-are-targeting-the-u-s-energy-sector.html) [NSO Group must pay WhatsApp over $167M in damages for attacks on its users](https://securityaffairs.com/177543/laws-and-regulations/nso-group-must-pay-whatsapp-over-167m-in-damages-for-attacks-on-its-users.html) [U.S. CISA adds FreeType flaw to its Known Exploited Vulnerabilities catalog](https://securityaffairs.com/177537/hacking/u-s-cisa-adds-freetype-flaw-to-its-known-exploited-vulnerabilities-catalog.html) [Samsung MagicINFO flaw exploited days after PoC exploit publication](https://securityaffairs.com/177529/hacking/samsung-magicinfo-vulnerability-exploited-after-poc-publication.html) [Experts warn of a second wave of attacks targeting SAP NetWeaver bug CVE-2025-31324](https://securityaffairs.com/177522/hacking/experts-warn-of-a-second-wave-of-attacks-targeting-sap-netweaver-bug-cve-2025-31324.html) [U.S. CISA adds Langflow flaw to its Known Exploited Vulnerabilities catalog](https://securityaffairs.com/177481/hacking/u-s-cisa-adds-langflow-flaw-to-its-known-exploited-vulnerabilities-catalog.html) [Google fixed actively exploited Android flaw CVE-2025-27363](https://securityaffairs.com/177514/mobile-2/google-fixed-actively-exploited-android-flaw-cve-2025-27363.html) [New ‘Bring Your Own Installer (BYOI)’ technique allows to bypass EDR](https://securityaffairs.com/177494/hacking/new-bring-your-own-installer-byoi-technique-allows-to-bypass-edr.html) [Smishing on a Massive Scale: ‘Panda Shop’ Chinese Carding Syndicate](https://securityaffairs.com/177502/cyber-crime/smishing-on-a-massive-scale-panda-shop-chinese-carding-syndicate.html) [Kelly Benefits December data breach impacted over 400,000 individuals](https://securityaffairs.com/177476/data-breach/kelly-benefits-december-data-breach-impacted-over-400000-individuals.html) [A hacker stole data from TeleMessage, the firm that sells modified versions of Signal to the U.S. gov](https://securityaffairs.com/177458/hacking/a-hacker-stole-data-from-telemessage-the-firm-that-sells-modified-versions-of-signal-to-the-u-s-gov.html) [Experts shared up-to-date C2 domains and other artifacts related to recent MintsLoader attacks](https://securityaffairs.com/177448/malware/experts-shared-up-to-date-c2-domains-and-other-artifacts-related-to-recent-mintsloader-attacks.html) [Sansec uncovered a supply chain attack via 21 backdoored Magento extensions](https://securityaffairs.com/177436/malware/sansec-uncovered-a-supply-chain-attack-via-21-backdoored-magento-extensions.html) [US authorities have indicted Black Kingdom ransomware admin](https://securityaffairs.com/177423/cyber-crime/us-authorities-have-indicted-black-kingdom-ransomware-admin.html) [Malicious Go Modules designed to wipe Linux systems](https://securityaffairs.com/177411/malware/malicious-go-modules-designed-to-wipe-linux-systems.html)**International Press — Newsletter****Cybercrime**[Yemeni Man Charged in Federal Indictment Alleging He Sent ‘Black Kingdom’ Malware to Extort Businesses, Schools, and Medical Clinics](https://www.justice.gov/usao-cdca/pr/yemeni-man-charged-federal-indictment-alleging-he-sent-black-kingdom-malware-extort)[Big Game Ransomware: the myths experts tell board members](https://doublepulsar.com/big-game-ransomware-the-myths-experts-tell-board-members-03d5e1d1c4b7)[DragonForce Ransomware Cartel attacks on UK high street retailers: walking in the front door](https://doublepulsar.com/dragonforce-ransomware-cartel-attacks-on-uk-high-street-retailers-walking-in-the-front-door-52ed8ba68534)[From Callback Phishing to Extortion: Luna Moth Abuse Reamaze Helpdesk and RMM Tools Against U.S. Legal and Financial Sectors](https://blog.eclecticiq.com/from-callback-phishing-to-extortion-luna-moth-abuse-reamaze-helpdesk-and-rmm-tools-against-u.s.-legal-and-financial-sectors)[Uncovering Actor TTP Patterns and the Role of DNS in Investment Scams](https://blogs.infoblox.com/threat-intelligence/uncovering-actor-ttp-patterns-and-the-role-of-dns-in-investment-scams/)[Ransomware Attackers Leveraged Privilege Escalation Zero-day](https://www.security.com/threat-intelligence/play-ransomware-zero-day)[DDoS-for-hire empire brought down: Poland arrests 4 administrators, US seizes 9 domains](https://www.europol.europa.eu/media-press/newsroom/news/ddos-for-hire-empire-brought-down-poland-arrests-4-administrators-us-seizes-9-domains)[LockBit ransomware gang hacked, victim negotiations exposed](https://www.bleepingcomputer.com/news/security/lockbit-ransomware-gang-hacked-victim-negotiations-exposed/)[Pakistani Firm Shipped Fentanyl Analogs, Scams to US](https://krebsonsecurity.com/2025/05/pakistani-firm-shipped-fentanyl-analogs-scams-to-us/)[PowerSchool hacker now extorting individual school districts](https://www.bleepingcomputer.com/news/security/powerschool-hacker-now-extorting-individual-school-districts/)[Cyber criminal services target EoL Routers to Launch attack and hide their activities](https://www.ic3.gov/CSA/2025/250507.pdf)[Botnet Dismantled in International Operation, Russian and Kazakhstani Administrators Indicted](https://www.justice.gov/usao-ndok/pr/botnet-dismantled-international-operation-russian-and-kazakhstani-administrators)[LOCKBIT RANSOMWARE LEAKED](https://theravenfile.com/2025/05/09/lockbit-ransomware-leaked/)[One Small Click for an Admin, One Giant Breach for the Organization](https://www.varonis.com/blog/seo-poisoning#initial-access-and-persistence)**Malware**[iClicker site hack targeted students with malware via fake CAPTCHA](https://www.bleepingcomputer.com/news/security/iclicker-hack-targeted-students-with-malware-via-fake-captcha/)[Backdoor found in popular ecommerce components](https://sansec.io/research/license-backdoor)[Stealthy Linux backdoor leveraging residential proxies and NHAS reverse SSH](https://securebulletin.com/stealthy-linux-backdoor-leveraging-residential-proxies-and-nhas-reverse-ssh/)[Malicious PyPI Package Targets Discord Developers with Remote Access Trojan](https://socket.dev/blog/malicious-pypi-package-targets-discord-developers-with-RAT)[Backdooring the IDE: Malicious npm Packages Hijack Cursor Editor on macOS](https://socket.dev/blog/malicious-npm-packages-hijack-cursor-editor-on-macos)**Hacking**[The Signal Clone the Trump Admin Uses Was Hacked](https://www.404media.co/the-signal-clone-the-trump-admin-uses-was-hacked/)[Unsafe at Any Speed: Abusing Python Exec for Unauth RCE in Langflow AI](https://horizon3.ai/attack-research/disclosures/unsafe-at-any-speed-abusing-python-exec-for-unauth-rce-in-langflow-ai/)[Bring Your Own Installer: Bypassing SentinelOne Through Agent Version Change Interruption](https://www.aon.com/en/insights/cyber-labs/bring-your-own-installer-bypassing-sentinelone)[When Space Goes Dark: Inside the Cyberattack on Poland’s Space Agency](https://medium.com/@devenchhajed24/when-space-goes-dark-inside-the-cyberattack-on-polands-space-agency-851e66857a7e)[My Zero Day Quest -& BlueHat Podcast](https://security.humanativaspa.it/my-zero-day-quest-bluehat-podcast/)[SAP NetWeaver Flaw Lets Hackers Take Full Control: CVE-2025-31324 Explained](https://onapsis.com/blog/active-exploitation-of-sap-vulnerability-cve-2025-31324/)[Arctic Wolf Observes Exploitation of Path Traversal Vulnerability in Samsung MagicINFO 9 Server (CVE-2024-7399)](https://arcticwolf.com/resources/blog/cve-2024-7399/)[Canary Exploit tool for CVE-2025-30065 Apache Parquet Avro Vulnerability](https://www.f5.com/labs/articles/threat-intelligence/canary-exploit-tool-for-cve-2025-30065-apache-parquet-avro-vulnerability)[Multiple vulnerabilities in SonicWall SMA 100 series (FIXED)](https://www.rapid7.com/blog/post/2025/05/07/multiple-vulnerabilities-in-sonicwall-sma-100-series-2025/)[Tesla Model 3 VCSEC Vulnerability Lets Hackers Run Arbitrary Code](https://gbhackers.com/tesla-model-3-vcsec-vulnerability/)[CVE-2024-11477- 7-Zip ZSTD Buffer Overflow Vulnerability](https://www.crowdfense.com/cve-2024-11477-7zip-zstd-buffer-overflow/)[Recently Disclosed SureTriggers Critical Privilege Escalation Vulnerability Under Active Exploitation](https://www.wordfence.com/blog/2025/05/recently-disclosed-suretriggers-critical-privilege-escalation-vulnerability-under-active-exploitation/)**Intelligence and Information Warfare**[Russian hackers target Romanian state websites on election day](https://therecord.media/hackers-target-romanian-websites-election)[COLDRIVER Using New Malware To Steal Documents From Western Targets and NGOs](https://cloud.google.com/blog/topics/threat-intelligence/coldriver-steal-documents-western-targets-ngos)[Tulsi Gabbard Reused the Same Weak Password on Multiple Accounts for Years](https://www.wired.com/story/tulsi-gabbard-dni-weak-password/)[‘US on High Alert’: Pentagon Confirms Mysterious Signal Traced to Russian Space Anomaly Now Feared as Major Threat](https://www.sustainability-times.com/policy/us-on-high-alert-pentagon-confirms-mysterious-signal-traced-to-russian-space-anomaly-now-feared-as-major-threat/)[MirrorFace Targets Japan and Taiwan with ROAMINGMOUSE and Upgraded ANEL Malware](https://thehackernews.com/2025/05/mirrorface-targets-japan-and-taiwan.html)**Cybersecurity**[Trump Crypto Corruption Intensifies as Abu Dhabi Firm Invests $2 Billion](https://www.rollingstone.com/politics/politics-news/trump-crypto-corruption-abu-dhabi-deal-1235329793/)[Update ASAP: Google Fixes Android Flaw (CVE-2025-27363) Exploited by Attackers](https://thehackernews.com/2025/05/google-fixes-actively-exploited-android.html)[NSO Group must pay more than $167 million in damages to WhatsApp for spyware campaign](https://techcrunch.com/2025/05/06/nso-group-must-pay-more-than-167-million-in-damages-to-whatsapp-for-spyware-campaign/)[Unsophisticated Cyber Actor(s) Targeting Operational Technology](https://www.cisa.gov/news-events/alerts/2025/05/06/unsophisticated-cyber-actors-targeting-operational-technology)[Winning the Fight Against Spyware Merchant NSO](https://about.fb.com/news/2025/05/winning-the-fight-against-spyware-merchant-nso/)[Cisco Patches CVE-2025-20188 (10.0 CVSS) in IOS XE That Enables Root Exploits via JWT](https://thehackernews.com/2025/05/cisco-patches-cve-2025-20188-100-cvss.html)[Internet tracking: How and why we’re followed online](https://us.norton.com/blog/privacy/internet-tracking)[Google to pay Texas $1.4 billion in data privacy settlement](https://www.cnbc.com/2025/05/09/google-texas-data-privacy-settlement-paxton.html)[Negotiations with the Akira ransomware group: an ill-advised approach](https://www.security-chu.com/2025/05/entidades-negociando-con-el-grupo-akira-ransomware.html)Follow me on Twitter: [@securityaffairs](https://twitter.com/securityaffairs) and [Facebook](https://www.facebook.com/sec.affairs) and [Mastodon](https://infosec.exchange/@securityaffairs)[Pierluigi Paganini](http://www.linkedin.com/pub/pierluigi-paganini/b/742/559)([SecurityAffairs](http://securityaffairs.co/wordpress/) — hacking, [newsletter](https://securityaffairs.com/tag/newsletter))
Related Tags:
CVE-2024-7399
CVE-2025-31324
CVE-2025-30065
CVE-2025-27363
CVE-2024-11477
Star Blizzard
TA446
COLDRIVER
Callisto Group
Associated Indicators: