Security Affairs newsletter Round 524 by Pierluigi Paganini – INTERNATIONAL EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box.—————————————————————————————————————————————————–Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.[US Government officials targeted with texts and AI-generated deepfake voice messages impersonating senior U.S. officials](https://securityaffairs.com/177987/cyber-crime/us-government-officials-targeted-texts-and-ai-generated-deepfake.html) [Shields up US retailers. Scattered Spider threat actors can target them](https://securityaffairs.com/177974/cyber-crime/shields-up-us-retailers-scattered-spider-threat-actors.html) [U.S. CISA adds Google Chromium, DrayTek routers, and SAP NetWeaver flaws to its Known Exploited Vulnerabilities catalog](https://securityaffairs.com/177962/hacking/u-s-cisa-adds-google-chromium-draytek-routers-and-sap-netweaver-flaws-to-its-known-exploited-vulnerabilities-catalog.html) [Pwn2Own Berlin 2025 Day Two: researcher earned 150K hacking VMware ESXi](https://securityaffairs.com/177943/hacking/pwn2own-berlin-2025-day-two-researcher-earned-150k-hacking-vmware-esxi.html) [New botnet HTTPBot targets gaming and tech industries with surgical attacks](https://securityaffairs.com/177930/malware/new-botnet-httpbot-targets-gaming-and-tech-industries-with-surgical-attacks.html) [Meta plans to train AI on EU user data from May 27 without consent](https://securityaffairs.com/177920/security/meta-plans-to-train-ai-on-eu-user-data-from-may-27-without-consent.html) [AI in the Cloud: The Rising Tide of Security and Privacy Risks](https://securityaffairs.com/177911/uncategorized/ai-in-the-cloud-the-rising-tide-of-security-and-privacy-risks.html) [Google fixed a Chrome vulnerability that could lead to full account takeover](https://securityaffairs.com/177899/security/google-fixed-a-chrome-vulnerability-that-could-lead-to-full-account-takeover.html) [Nova Scotia Power discloses data breach after March security incident](https://securityaffairs.com/177887/cyber-crime/nova-scotia-power-discloses-data-breach-after-march-security-incident.html) [Coinbase disclosed a data breach after an extortion attempt](https://securityaffairs.com/177878/cyber-crime/coinbase-disclosed-a-data-breach-after-an-extortion-attempt.html) [U.S. CISA adds a Fortinet flaw to its Known Exploited Vulnerabilities catalog](https://securityaffairs.com/177862/hacking/u-s-cisa-adds-a-fortinet-flaw-to-its-known-exploited-vulnerabilities-catalog.html) [Kosovo authorities extradited admin of the cybercrime marketplace BlackDB.cc](https://securityaffairs.com/177870/cyber-crime/kosovo-authorities-extradited-admin-of-the-cybercrime-marketplace-blackdb-cc.html) [U.S. CISA adds Microsoft Windows flaws to its Known Exploited Vulnerabilities catalog](https://securityaffairs.com/177856/security/u-s-cisa-adds-microsoft-windows-flaws-to-its-known-exploited-vulnerabilities-catalog.html) [Ivanti fixed two EPMM flaws exploited in limited attacks](https://securityaffairs.com/177846/uncategorized/ivanti-fixed-two-epmm-flaws-exploited-in-limited-attacks.html) [Microsoft Patch Tuesday security updates for May 2025 fixed 5 actively exploited zero-days](https://securityaffairs.com/177839/hacking/microsoft-patch-tuesday-security-updates-for-may-2025-fixed-5-actively-exploited-zero-days.html) [Fortinet fixed actively exploited FortiVoice zero-day](https://securityaffairs.com/177800/security/fortinet-fixed-actively-exploited-fortivoice-zero-day.html) [How Interlock Ransomware Affects the Defense Industrial Base Supply Chain](https://securityaffairs.com/177792/malware/how-interlock-ransomware-affects-the-defense-industrial-base-supply-chain.html) [Marks and Spencer confirms data breach after April cyber attack](https://securityaffairs.com/177784/data-breach/marks-and-spencer-confirms-data-breach-after-april-cyber-attack.html) [Moldovan Police arrested a 45-year-old foreign man participating in ransomware attacks on Dutch companies](https://securityaffairs.com/177772/cyber-crime/moldovan-police-arrested-a-45-year-old-foreign-man-participating-in-ransomware-attacks-on-dutch-companies.html) [APT group exploited Output Messenger Zero-Day to target Kurdish military operating in Iraq](https://securityaffairs.com/177758/apt/apt-group-exploited-output-messenger-zero-day-to-target-kurdish-military-operating-in-iraq.html) [Apple released security updates to fix multiple flaws in iOS and macOS](https://securityaffairs.com/177748/security/apple-released-security-updates-to-fix-multiple-flaws-in-ios-and-macos.html) [U.S. CISA adds TeleMessage TM SGNL to its Known Exploited Vulnerabilities catalog](https://securityaffairs.com/177743/hacking/u-s-cisa-adds-telemessage-tm-sgnl-to-its-known-exploited-vulnerabilities-catalog.html) [Researchers found one-click RCE in ASUS’s pre-installed software DriverHub](https://securityaffairs.com/177731/hacking/researchers-found-one-click-rce-in-asus-s-pre-installed-software-driverhub.html) [Threat actors use fake AI tools to deliver the information stealer Noodlophile](https://securityaffairs.com/177719/security/threat-actors-use-fake-ai-tools-to-deliver-the-information-stealer-noodlophile.html) [German police seized eXch crypto exchange](https://securityaffairs.com/177706/cyber-crime/german-police-seized-exch-crypto-exchange.html) [Google will pay Texas $1.4 billion over its location tracking practices](https://securityaffairs.com/177683/laws-and-regulations/google-will-pay-texas-1-4-billion-over-its-location-tracking-practices.html)**International Press — Newsletter****Cybercrime**[Crypto swapping service ‘eXch’ shut down](https://www.bka.de/DE/Presse/Listenseite_Pressemitteilungen/2025/Presse2025/250509_exch_abgeschaltet.html) [](https://thehackernews.com/2025/05/moldovan-police-arrest-suspect-in-45m.html)[Moldovan Police Arrest Suspect in €4.5M Ransomware Attack on Dutch Research Agency](https://thehackernews.com/2025/05/moldovan-police-arrest-suspect-in-45m.html)[How Interlock Ransomware Affects the Defense Industrial Base Supply Chain](https://www.resecurity.com/blog/article/how-interlock-ransomware-affects-the-defense-industrial-base-supply-chain)[Administrator Of Online Criminal Marketplace Extradited From Kosovo To The United States](https://www.justice.gov/usao-mdfl/pr/administrator-online-criminal-marketplace-extradited-kosovo-united-states)[Coinbase Rejects $20M Ransom After Rogue Contractors Bribed to Leak Customer Data](https://www.securityweek.com/coinbase-rejects-20m-ransom-after-rogue-contractors-bribed-to-leak-customer-data/)[Defending Against UNC3944: Cybercrime Hardening Guidance from the Frontlines](https://cloud.google.com/blog/topics/threat-intelligence/unc3944-proactive-hardening-recommendations)[Additional 12 Defendants Charged in RICO Conspiracy for over $263 Million Cryptocurrency Thefts, Money Laundering, Home Break-Ins](https://www.justice.gov/usao-dc/pr/additional-12-defendants-charged-rico-conspiracy-over-263-million-cryptocurrency-thefts)[Senior US Officials Impersonated in Malicious Messaging Campaign](https://www.ic3.gov/PSA/2025/PSA250515)**Malware**[PupkinStealer : A .NET-Based Info-Stealer](https://www.cyfirma.com/research/pupkinstealer-a-net-based-info-stealer/)[Interlock ransomware evolving under the radar](https://blog.sekoia.io/interlock-ransomware-evolving-under-the-radar/)[High Risk Warning for Windows Ecosystem: New Botnet Family HTTPBot is Expanding](https://nsfocusglobal.com/high-risk-warning-for-windows-ecosystem-new-botnet-family-httpbot-is-expanding/)[Printer maker Procolored offered malware-laced drivers for months](https://www.bleepingcomputer.com/news/security/printer-maker-procolored-offered-malware-laced-drivers-for-months/)[Fileless Execution: PowerShell Based Shellcode Loader Executes Remcos RAT](https://blog.qualys.com/vulnerabilities-threat-research/2025/05/15/fileless-execution-powershell-based-shellcode-loader-executes-remcos-rat)**Hacking**[One-Click RCE in ASUS’s Preinstalled Driver Software](https://mrbruh.com/asusdriverhub/)[Revealed — The Hackers Behind The World’s Most Prolific Cyberattacks](https://www.forbes.com/sites/daveywinder/2025/05/13/the-3-masked-hackers-behind-the-worlds-most-prolific-cyberattacks/)[SAP Zero — Frostbite: How Russian RaaS Actor Qilin Exploited CVE-2025-31324 Weeks Before its Public Disclosure](https://op-c.net/blog/sap-cve-2025-31324-qilin-breach/)**Intelligence and Information Warfare**[Marbled Dust leverages zero-day in Output Messenger for regional espionage](https://www.microsoft.com/en-us/security/blog/2025/05/12/marbled-dust-leverages-zero-day-in-output-messenger-for-regional-espionage/)[China-Nexus Nation State Actors Exploit SAP NetWeaver (CVE-2025-31324) to Target Critical Infrastructures](https://blog.eclecticiq.com/china-nexus-nation-state-actors-exploit-sap-netweaver-cve-2025-31324-to-target-critical-infrastructures)[TA406 Pivots to the Front](https://www.proofpoint.com/us/blog/threat-insight/ta406-pivots-front)[ReliaQuest Uncovers New Critical Vulnerability in SAP NetWeaver](https://reliaquest.com/blog/threat-spotlight-reliaquest-uncovers-vulnerability-behind-sap-netweaver-compromise/)[Robot Soldiers, Neural Networks: How Machine Vision Is Changing Warfare](https://www.photonicsonline.com/doc/robot-soldiers-neural-networks-how-machine-vision-is-changing-warfare-0001)[Chinese ‘kill switches’ found hidden in US solar farms](https://www.thetimes.com/article/b92dff31-fec5-42d2-b856-2c9b9d15dd41?shareToken=6e2a1b821a1324ef25114cc076db4487)[Operation RoundPress](https://www.welivesecurity.com/en/eset-research/operation-roundpress/)**Cybersecurity**[Google to pay Texas $1.4 billion in data privacy settlement](https://www.cnbc.com/2025/05/09/google-texas-data-privacy-settlement-paxton.html)[The May 2025 Security Update Review](https://www.zerodayinitiative.com/blog/2025/5/13/the-may-2025-security-update-review)[Protecting Our Customers — Standing Up to Extortionists](https://www.coinbase.com/it/blog/protecting-our-customers-standing-up-to-extortionists)[Nova Scotia Power confirms hackers stole customer data in cyberattack](https://www.bleepingcomputer.com/news/security/nova-scotia-power-confirms-hackers-stole-customer-data-in-cyberattack/)[‘They yanked their own plug’: How Co-op averted an even worse cyber attack](https://www.bbc.com/news/articles/cwy382w9eglo)[noyb sends Meta ‘cease and desist’ letter over AI training. European Class Action as potential next step](https://noyb.eu/en/noyb-sends-meta-cease-and-desist-letter-over-ai-training-european-class-action-potential-next-step)[Cofense Reveals Rapid Rise in AI-Powered Phishing: New Threat Every 42 Seconds](https://www.businesswire.com/news/home/20250514953658/en/Cofense-Reveals-Rapid-Rise-in-AI-Powered-Phishing-New-Threat-Every-42-Seconds)[Japan enacts new Active Cyberdefense Law allowing for offensive cyber operations](https://therecord.media/japan-enacts-new-law-allowing-offensive-cyber-operations)Follow me on Twitter: [@securityaffairs](https://twitter.com/securityaffairs) and [Facebook](https://www.facebook.com/sec.affairs) and [Mastodon](https://infosec.exchange/@securityaffairs)[Pierluigi Paganini](http://www.linkedin.com/pub/pierluigi-paganini/b/742/559)([SecurityAffairs](http://securityaffairs.co/wordpress/) — hacking, newsletter)

Related Tags:
Cosmic Wolf

Marbled Dust

SILICON

Sea Turtle

Teal Kurma

CVE-2025-31324

ControlX

CHROMIUM

Charcoal Typhoon

Associated Indicators:
null