Threat Intel Solutions

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box.—————————————————————————————————————————————————–Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.[FBI and DOJ seize $8.2 Million in romance baiting crypto fraud scheme](https://securityaffairs.com/175990/cyber-crime/fbi-and-doj-seize-8-2-million-in-romance-baiting-crypto-fraud-scheme.html) [Experts warn of the new sophisticate Crocodilus mobile banking Trojan](https://securityaffairs.com/175976/malware/new-sophisticate-crocodilus-mobile-banking-trojan.html) [Crooks are reviving the Grandoreiro banking trojan](https://securityaffairs.com/175964/malware/crooks-are-reviving-the-grandoreiro-banking-trojan.html) [Russian authorities arrest three suspects behind Mamont Android banking trojan](https://securityaffairs.com/175935/cyber-crime/russian-authorities-arrest-three-suspects-behind-mamont-android-banking-trojan.html) [Mozilla fixed critical Firefox vulnerability CVE-2025-2857](https://securityaffairs.com/175945/security/mozilla-fixed-critical-firefox-vulnerability-cve-2025-2857.html) [U.S. CISA adds Google Chromium Mojo flaw to its Known Exploited Vulnerabilities catalog](https://securityaffairs.com/175936/security/u-s-cisa-adds-google-chromium-mojo-flaw-to-its-known-exploited-vulnerabilities-catalog.html) [Crooks target DeepSeek users with fake sponsored Google ads to deliver malware](https://securityaffairs.com/175923/malware/crooks-deepseek-users-with-fake-sponsored-google-ads-to-deliver-malware.html) [U.S. CISA adds Sitecore CMS and XP, and GitHub Action flaws to its Known Exploited Vulnerabilities catalog](https://securityaffairs.com/175915/security/u-s-cisa-adds-sitecore-cms-and-xp-and-github-action-flaws-to-its-known-exploited-vulnerabilities-catalog.html) [Arkana Security group claims the hack of US telco provider WideOpenWest (WOW!)](https://securityaffairs.com/175905/data-breach/arkana-security-group-claims-the-hack-of-wideopenwest-wow.html) [New ReaderUpdate malware variants target macOS users](https://securityaffairs.com/175891/malware/readerupdate-malware-variants-targets-macos.html) [BlackLock Ransomware Targeted by Cybersecurity Firm](https://securityaffairs.com/175877/cyber-crime/blacklock-ransomware-targeted-by-cybersecurity-firm.html) [Google fixed the first actively exploited Chrome zero-day since the start of the year](https://securityaffairs.com/175862/hacking/google-fixed-first-chrome-zero-day-in-2025.html) [Authentication bypass CVE-2025-22230 impacts VMware Windows Tools](https://securityaffairs.com/175858/security/authentication-bypass-cve-2025-22230-in-vmware-tools-for-windows.html) [Android malware campaigns use .NET MAUI to evade detection](https://securityaffairs.com/175843/cyber-crime/android-malware-uses-net-maui-to-evade-detection.html) [Astral Foods, South Africa’s largest poultry producer, lost over $1M due to a cyberattack](https://securityaffairs.com/175833/security/astral-foods-cyber-attack.html) [A cyberattack hits Ukraine’s national railway operator Ukrzaliznytsia](https://securityaffairs.com/175810/hacking/cyberattack-hit-ukraines-national-railway-operator.html) [Chinese APT Weaver Ant infiltrated a telco in Asia for over four years](https://securityaffairs.com/175800/apt/chinese-apt-weaver-ant-infiltrated-a-telco-for-over-four-years.html) [Medusa ransomware uses malicious Windows driver ABYSSWORKER to disable security tools](https://securityaffairs.com/175790/security/medusa-ransomware-uses-abyssworker-driver.html) [Attackers can bypass middleware auth checks by exploiting critical Next.js flaw](https://securityaffairs.com/175775/security/next-js-react-framework-critical-issue.html) [FBI warns of malicious free online document converters spreading malware](https://securityaffairs.com/175764/cyber-crime/malicious-free-online-document-converters.html) [Cloak ransomware group hacked the Virginia Attorney General’s Office](https://securityaffairs.com/175751/data-breach/cloak-group-hacked-virginia-attorney-generals-office.html) [UAT-5918 ATP group targets critical Taiwan](https://securityaffairs.com/175728/hacking/uat-5918-atp-group-targets-critical-taiwan.html)**International Press — Newsletter****Cybercrime**[Ransomware Group Claims Attack on Virginia Attorney General’s Office](https://www.securityweek.com/ransomware-group-claims-attack-on-virginia-attorney-generals-office/)[FBI Denver Warns of Online File Converter Scam](https://www.fbi.gov/contact-us/field-offices/denver/news/fbi-denver-warns-of-online-file-converter-scam)[The DNA of organised crime is changing — and so is the threat to Europe](https://www.europol.europa.eu/media-press/newsroom/news/dna-of-organised-crime-changing-and-so-threat-to-europe)[Exclusive: DOGE staffer ‘Big Balls’ provided tech support to cybercrime ring, records show](https://www.reuters.com/world/us/doge-staffer-big-balls-provided-tech-support-cybercrime-ring-records-show-2025-03-26/)[A Sneaky Phish Just Grabbed my Mailchimp Mailing List](https://www.troyhunt.com/a-sneaky-phish-just-grabbed-my-mailchimp-mailing-list/)[Arrests in Tap-to-Pay Scheme Powered by Phishing](https://krebsonsecurity.com/2025/03/arrests-in-tap-to-pay-scheme-powered-by-phishing/)[DeepSeek users targeted with fake sponsored Google ads that deliver malware](https://www.malwarebytes.com/blog/news/2025/03/deepseek-users-targeted-with-fake-sponsored-google-ads-that-deliver-malware)[Russia arrests three for allegedly creating Mamont malware, tied to over 300 cybercrimes](https://therecord.media/mamont-banking-malware-arrests-russia)[DOJ Seizes USD 8.2M Tied to Pig Butchering Scheme](https://www.trmlabs.com/resources/blog/doj-seizes-usd-8-2m-tied-to-pig-butchering-scheme)**Malware**[Microsoft Trusted Signing service abused to code-sign malware](https://www.bleepingcomputer.com/news/security/microsoft-trusted-signing-service-abused-to-code-sign-malware/)[Shedding light on the ABYSSWORKER driver](https://www.elastic.co/security-labs/abyssworker)[Raspberry Robin: Copy Shop USB Worm Evolves to Initial Access Broker Enabling Other Threat Actor Attacks](https://www.silentpush.com/blog/raspberry-robin/)[Shifting the sands of RansomHub’s EDRKillShifter](https://www.welivesecurity.com/en/eset-research/shifting-sands-ransomhub-edrkillshifter/)[Multiple crypto packages hijacked, turned into info-stealers](https://www.sonatype.com/blog/multiple-crypto-packages-hijacked-turned-into-info-stealers)[CoffeeLoader: A Brew of Stealthy Techniques](https://www.zscaler.com/blogs/security-research/coffeeloader-brew-stealthy-techniques)[PJobRAT makes a comeback, takes another crack at chat apps](https://news.sophos.com/en-us/2025/03/27/pjobrat-makes-a-comeback-takes-another-crack-at-chat-apps/)[Exposing Crocodilus: New Device Takeover Malware Targeting Android Devices](https://www.threatfabric.com/blogs/exposing-crocodilus-new-device-takeover-malware-targeting-android-devices)**Hacking**[Next.js and the corrupt middleware: the authorizing artifact](https://zhero-web-sec.github.io/research-and-things/nextjs-and-the-corrupt-middleware)[Blacklock Ransomware: A Late Holiday Gift with Intrusion into the Threat Actor’s Infrastructure](https://www.resecurity.com/blog/article/blacklock-ransomware-a-late-holiday-gift-with-intrusion-into-the-threat-actors-infrastructure)[CVE-2025-26633: How Water Gamayun Weaponizes MUIPath using MSC EvilTwin](https://www.trendmicro.com/en_us/research/25/c/cve-2025-26633-water-gamayun.html)[New GitHub Action supply chain attack: reviewdog/action-setup](https://www.wiz.io/blog/new-github-action-supply-chain-attack-reviewdog-action-setup)[OpenAI Offering $100K Bounties for Critical Vulnerabilities](https://www.securityweek.com/openai-offering-100k-bounties-for-critical-vulnerabilities/)[Over 150K websites hit by full-page hijack linking to Chinese gambling sites](https://cside.dev/blog/over-150k-websites-hit-by-full-page-hijack-linking-to-chinese-gambling-sites)**Intelligence and Information Warfare**[Weaver Ant, the Web Shell Whisperer: Tracking a Live China-nexus Operation](https://www.sygnia.co/threat-reports-and-advisories/weaver-ant-tracking-a-china-nexus-cyber-espionage-operation/)[Ex-NSA boss: Election security focus helped dissuade increase in Russian meddling with US](https://www.theregister.com/2025/03/23/nsa_rogers_russia/)[RedCurl’s Ransomware Debut: A Technical Deep Dive](https://www.bitdefender.com/en-us/blog/businessinsights/redcurl-qwcrypt-ransomware-technical-deep-dive)[You will always remember this as the day you finally caught FamousSparrow](https://www.welivesecurity.com/en/eset-research/you-will-always-remember-this-as-the-day-you-finally-caught-famoussparrow/)[Private Data and Passwords of Senior U.S. Security Officials Found Online](https://www.spiegel.de/international/world/pete-hegseth-mike-waltz-tulsi-gabbard-private-data-and-passwords-of-senior-u-s-security-officials-found-online-a-14221f90-e5c2-48e5-bc63-10b705521fb7)[TURNING AID INTO ATTACK: EXPLOITATION OF PAKISTAN’S YOUTH LAPTOP SCHEME TO TARGET INDIA](https://www.cyfirma.com/research/turning-aid-into-attack-exploitation-of-pakistans-youth-laptop-scheme-to-target-india/)**Cybersecurity**[The Trump Administration Accidentally Texted Me Its War Plans](https://www.theatlantic.com/politics/archive/2025/03/trump-administration-accidentally-texted-me-its-war-plans/682151/)[Flailing OpenAI Calls for Ban on Chinese AI](https://futurism.com/openai-ban-chinese-ai-deepseek)[Why government workers and military planners all love Signal now](https://www.washingtonpost.com/technology/2025/03/25/signal-government-trump-administration-federal-workers/)[SignalGate Isn’t About Signal](https://www.wired.com/story/signalgate-isnt-about-signal/)[TCCing is Believing](https://objective-see.org/blog/blog_0x7F.html)[Oracle Health breach compromises patient data at US hospitals](https://www.bleepingcomputer.com/news/security/oracle-health-breach-compromises-patient-data-at-us-hospitals/)Follow me on Twitter: [**@securityaffairs**](https://twitter.com/securityaffairs) and [**Facebook**](https://www.facebook.com/sec.affairs) and [**Mastodon**](https://infosec.exchange/@securityaffairs)[**Pierluigi Paganini**](http://www.linkedin.com/pub/pierluigi-paganini/b/742/559)**(** [**SecurityAffairs**](http://securityaffairs.co/wordpress/)**–** **hacking, [newsletter](https://securityaffairs.com/175740/breaking-news/security-affairs-newsletter-round-516-by-pierluigi-paganini-international-edition.html))**

Related Tags:
CVE-2025-22230

CVE-2025-26633

Raspberry Robin

ControlX

CHROMIUM

Charcoal Typhoon

NAICS: 48 – Transportation

NAICS: 921 – Executive

Legislative

Other General Government Support

NAICS: 54 – Professional

Scientific

Technical Services

Associated Indicators: