A new round of the weekly Securitythe weekly Security Affairs newsletterAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box.——————————————————————————————————————————————————————————————-Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.[Silent Ransom Group targeting law firms, the FBI warns](https://securityaffairs.com/178239/malware/silent-ransom-group-targeting-law-firms-the-fbi-warns.html) [Leader of Qakbot cybercrime network indicted in U.S. crackdown](https://securityaffairs.com/178232/uncategorized/leader-of-qakbot-cybercrime-network-indicted-in-u-s-crackdown.html) [Operation RapTor led to the arrest of 270 dark web vendors and buyers](https://securityaffairs.com/178221/deep-web/operation-raptor-arrest-270-dark-web-vendors-and-buyers.html) [Chinese threat actors exploited Trimble Cityworks flaw to breach U.S. local government networks](https://securityaffairs.com/178203/hacking/chinese-threat-actors-exploited-trimble-cityworks-flaw-to-breach-u-s-local-government-networks.html) [U.S. CISA adds a Samsung MagicINFO 9 Server flaw to its Known Exploited Vulnerabilities catalog](https://securityaffairs.com/178194/hacking/cisa-adds-a-samsung-magicinfo-9-server-flaw-known-exploited-vulnerabilities-catalog.html) [New Signal update stops Windows from capturing user chats](https://securityaffairs.com/178187/digital-id/new-signal-update-stops-windows-from-capturing-user-chats.html) [Law enforcement dismantled the infrastructure behind Lumma Stealer MaaS](https://securityaffairs.com/178176/cyber-crime/law-enforcement-dismantled-the-infrastructure-behind-lumma-stealer-maas.html) [Russia-linked APT28 targets western logistics entities and technology firms](https://securityaffairs.com/178165/apt/russia-linked-apt28-targets-western-logistics-entities-and-technology-firms.html) [A cyberattack was responsible for the week-long outage affecting Cellcom wireless network](https://securityaffairs.com/178158/security/a-cyberattack-was-responsible-for-the-week-long-outage-affecting-cellcom-wireless-network.html) [Coinbase data breach impacted 69,461 individuals](https://securityaffairs.com/178151/data-breach/coinbase-data-breach-impacted-69461-individuals.html) [U.S. CISA adds Ivanti EPMM, MDaemon Email Server, Srimax Output Messenger, Zimbra Collaboration, and ZKTeco BioTime flaws to its Known Exploited Vulnerabilities catalog](https://securityaffairs.com/178140/security/u-s-cisa-adds-ivanti-epmm-mdaemon-email-server-srimax-output-messenger-zimbra-collaboration-and-zkteco-biotime-flaws-to-its-known-exploited-vulnerabilities-catalog.html) [A critical flaw in OpenPGP.js lets attackers spoof message signatures](https://securityaffairs.com/178131/uncategorized/a-openpgp-js-flaw-lets-attackers-spoof-message-signatures.html) [SK Telecom revealed that malware breach began in 2022](https://securityaffairs.com/178120/data-breach/sk-telecom-revealed-that-malware-breach-began-in-2022.html) [4G Calling (VoLTE) flaw allowed to locate any O2 customer with a phone call](https://securityaffairs.com/178114/hacking/4g-calling-volte-flaw-allowed-to-locate-any-o2-customer-with-a-phone-call.html) [China-linked UnsolicitedBooker APT used new backdoor MarsSnake in recent attacks](https://securityaffairs.com/178105/malware/china-linked-unsolicitedbooker-used-new-backdoor-marssnake.html) [UK’s Legal Aid Agency discloses a data breach following April cyber attack](https://securityaffairs.com/178088/data-breach/uks-legal-aid-agency-discloses-data-breach-following-april-cyber-attack.html) [Sarcoma Ransomware Unveiled: Anatomy of a Double Extortion Gang](https://securityaffairs.com/178072/malware/sarcoma-ransomware-unveiled-anatomy-of-a-double-extortion-gang.html) [Mozilla fixed zero-days recently demonstrated at Pwn2Own Berlin 2025](https://securityaffairs.com/178064/security/mozilla-fixed-zero-days-demonstrated-at-pwn2own-berlin-2025.html) [Japan passed a law allowing preemptive offensive cyber actions](https://securityaffairs.com/178056/laws-and-regulations/japan-passed-a-law-allowing-preemptive-offensive-cyber-actions.html) [James Comey is under investigation by Secret Service for a seashell photo showing ‘8647’](https://securityaffairs.com/178030/laws-and-regulations/james-comey-is-under-investigation-by-secret-service-for-a-seashell-photo-showing-8647.html) [Pwn2Own Berlin 2025: total prize money reached $1,078,750](https://securityaffairs.com/178040/hacking/pwn2own-berlin-2025-total-prize-money-reached-1078750.html) [Experts found rogue devices, including hidden cellular radios, in Chinese-made power inverters used worldwide](https://securityaffairs.com/178005/hacking/rogue-devices-in-chinese-made-power-inverters-used-worldwide.html)**International Press — Newsletter****Cybercrime**[M-&S hackers believed to have gained access through third party](https://www.bbc.com/news/articles/cpqe213vw3po)[Domestic abuse victim data stolen in Legal Aid hack](https://www.bbc.com/news/articles/cgr5g4pv2l0o)[An $8.4 Billion Chinese Hub for Crypto Crime Is Incorporated in Colorado](https://www.wired.com/story/xinbi-guarantee-crypto-scam-hub/)[‘SKT All Subscribers’ SIM Card Information Leaked’… Malicious Codes Increase to 25 Types](https://news.kbs.co.kr/news/pc/view/view.do?ncd=8257346)[Worcester College Student to Plead Guilty to Cyber Extortions](https://www.justice.gov/usao-ma/pr/worcester-college-student-plead-guilty-cyber-extortions)[A familiar playbook with a twist: 3AM ransomware actors dropped virtual machine with vishing and Quick Assist](https://news.sophos.com/en-us/2025/05/20/a-familiar-playbook-with-a-twist-3am-ransomware-actors-dropped-virtual-machine-with-vishing-and-quick-assist/)[Cellcom Service Disruption Caused by Cyberattack](https://www.securityweek.com/cellcom-service-disruption-caused-by-cyberattack/)[Justice Department Seizes Domains Behind Major Information-Stealing Malware Operation](https://www.justice.gov/opa/pr/justice-department-seizes-domains-behind-major-information-stealing-malware-operation)[270 arrested in global dark web crackdown targeting online drug and criminal networks](https://www.europol.europa.eu/media-press/newsroom/news/270-arrested-in-global-dark-web-crackdown-targeting-online-drug-and-criminal-networks?utm_source=chatgpt.com)[KrebsOnSecurity Hit With Near-Record 6.3 Tbps DDoS](https://krebsonsecurity.com/2025/05/krebsonsecurity-hit-with-near-record-6-3-tbps-ddos/)[TikTok Videos Promise Pirated Apps, Deliver Vidar and StealC Infostealers Instead](https://www.trendmicro.com/en_us/research/25/e/tiktok-videos-infostealers.html)[Leader of Qakbot Malware Conspiracy Indicted for Involvement in Global Ransomware Scheme](https://www.justice.gov/opa/pr/leader-qakbot-malware-conspiracy-indicted-involvement-global-ransomware-scheme)[Silent Ransom Group Targeting Law Firms](https://www.ic3.gov/CSA/2025/250523.pdf)[Operation ENDGAME strikes again: the ransomware kill chain broken at its source](https://www.europol.europa.eu/media-press/newsroom/news/operation-endgame-strikes-again-ransomware-kill-chain-broken-its-source)**Malware**[Sarcoma Ransomware Unveiled: Anatomy of a Double Extortion Gang](https://securityaffairs.com/wp-content/uploads/2025/05/Sarcoma-Ransomware.pdf)[RVTools Bumblebee Malware Attack — How a Trusted IT Tool Became a Malware Delivery Vector](https://zerodaylabs.net/rvtools-bumblebee-malware/)[RedisRaider: Weaponizing misconfigured Redis to mine cryptocurrency at scale](https://securitylabs.datadoghq.com/articles/redisraider-weaponizing-misconfigured-redis/)[Hidden Threats of Dual-Function Malware Found in Chrome Extensions](https://dti.domaintools.com/dual-function-malware-chrome-extensions/) [](https://thehackernews.com/2025/05/chinese-hackers-deploy-marssnake.html)[Lumma Stealer: Breaking down the delivery techniques and capabilities of a prolific infostealer](https://www.microsoft.com/en-us/security/blog/2025/05/21/lumma-stealer-breaking-down-the-delivery-techniques-and-capabilities-of-a-prolific-infostealer/)[A Brief History of DanaBot, Longtime Ecrime Juggernaut Disrupted by Operation Endgame](https://www.proofpoint.com/us/blog/threat-insight/brief-history-danabot-longtime-ecrime-juggernaut-disrupted-operation-endgame)**Hacking**[Pwn2Own Berlin 2025: Day Three Results](https://www.zerodayinitiative.com/blog/2025/5/17/pwn2own-berlin-2025-day-three-results)[Firefox Security Response to pwn2own 2025](https://blog.mozilla.org/security/2025/05/17/firefox-security-response-to-pwn2own-2025/)[The Legacy Loophole: How Attackers Are Exploiting Entra ID and What to Do About It](https://guardz.com/blog/the-legacy-loophole-how-attackers-are-exploiting-entra-id-and-what-to-do-about-it/)[O2 VoLTE: locating any customer with a phone call](https://mastdatabase.co.uk/blog/2025/05/o2-expose-customer-location-call-4g/)[ViciousTrap — Infiltrate, Control, Lure: Turning edge devices into honeypots en masse](https://blog.sekoia.io/vicioustrap-infiltrate-control-lure-turning-edge-devices-into-honeypots-en-masse/)[Advisory Update on Cyber Threat Activity Targeting Commvault’s SaaS Cloud Application (Metallic)](https://www.cisa.gov/news-events/alerts/2025/05/22/advisory-update-cyber-threat-activity-targeting-commvaults-saas-cloud-application-metallic)**Intelligence and Information Warfare**[Rogue communication devices found in Chinese solar power inverters](https://www.reuters.com/sustainability/climate-energy/ghost-machine-rogue-communication-devices-found-chinese-inverters-2025-05-14/)[New Japan law allows preemptive defense of infrastructure cyberattack](https://english.kyodonews.net/news/2025/05/c92993cc70e6-new-japan-law-allows-preemptive-defense-of-infrastructure-cyberattack.html)[ESET APT Activity Report Q4 2024–Q1 2025](https://www.welivesecurity.com/en/eset-research/eset-apt-activity-report-q4-2024-q1-2025/)[From banks to battalions: SideWinder’s attacks on South Asia’s public sector](https://www.acronis.com/en-us/cyber-protection-center/posts/from-banks-to-battalions-sidewinders-attacks-on-south-asias-public-sector/)[Russian GRU Targeting Western Logistics Entities and Technology Companies](https://media.defense.gov/2025/May/21/2003719846/-1/-1/0/CSA_RUSSIAN_GRU_TARGET_LOGISTICS.PDF)[UAT-6382 exploits Cityworks zero-day vulnerability to deliver malware](https://blog.talosintelligence.com/uat-6382-exploits-cityworks-vulnerability/)**Cybersecurity**[Ex-FBI boss James Comey investigated for seashell photo seen as threat to Trump](https://www.bbc.com/news/articles/c70nqk9rlxpo)[‘We would be less confidential than Google’ — Proton threatens to quit Switzerland over new surveillance law](https://www.techradar.com/vpn/vpn-privacy-security/we-would-be-less-confidential-than-google-proton-threatens-to-quit-switzerland-over-new-surveillance-law)Japan passed a law allowing preemptive offensive cyber actions[We Made Luigi Mangione’s 3D-Printed Gun—and Fired It](https://www.wired.com/story/luigi-mangione-ghost-gun-built-tested/)[Cyber attack threat keeps me awake at night, bank boss says](https://www.bbc.com/news/articles/c4g3372vl3yo)[By Default, Signal Doesn’t Recall](https://signal.org/blog/signal-doesnt-recall/)Follow me on Twitter: [@securityaffairs](https://twitter.com/securityaffairs) and [Facebook](https://www.facebook.com/sec.affairs) and [Mastodon](https://infosec.exchange/@securityaffairs)[Pierluigi Paganini](http://www.linkedin.com/pub/pierluigi-paganini/b/742/559)([SecurityAffairs](http://securityaffairs.co/wordpress/) — hacking, newsletter)
Related Tags:
Solar
Lumma Stealer
LummaStealer
GruesomeLarch
FROZENLAKE
Forest Blizzard
NAICS: 921 – Executive
Legislative
Other General Government Support
NAICS: 54 – Professional
Scientific
Technical Services
NAICS: 517 – Telecommunications
Associated Indicators: