A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box.—————————————————————————————————————————————————–Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.[Rhysida Ransomware gang claims the hack of the Government of Peru](https://securityaffairs.com/177388/cyber-crime/rhysida-ransomware-gang-claims-the-hack-of-the-government-of-peru.html) [DragonForce group claims the theft of data after Co-op cyberattack](https://securityaffairs.com/177376/cyber-crime/dragonforce-group-claims-the-theft-of-data-after-co-op-cyberattack.html) [U.S. CISA adds Yii Framework and Commvault Command Center flaws to its Known Exploited Vulnerabilities catalog](https://securityaffairs.com/177367/hacking/u-s-cisa-adds-yii-framework-and-commvault-command-center-flaws-to-its-known-exploited-vulnerabilities-catalog.html) [Ireland’s DPC fined TikTok €530M for sending EU user data to China](https://securityaffairs.com/177349/laws-and-regulations/irelands-dpc-fined-tiktok-e530m-for-sending-eu-user-data-to-china.html) [Microsoft sets all new accounts passwordless by default](https://securityaffairs.com/177339/security/microsoft-sets-all-new-accounts-passwordless-by-default.html) [Luxury department store Harrods suffered a cyberattack](https://securityaffairs.com/177330/cyber-crime/luxury-department-store-harrods-suffered-a-cyberattack.html) [U.S. CISA adds SonicWall SMA100 and Apache HTTP Server flaws to its Known Exploited Vulnerabilities catalog](https://securityaffairs.com/177301/hacking/u-s-cisa-adds-sonicwall-sma100-and-apache-http-server-flaws-to-its-known-exploited-vulnerabilities-catalog.html) [Pro-Russia hacktivist group NoName057(16) is targeting Dutch organizations](https://securityaffairs.com/177312/hacktivism/pro-russia-hacktivist-group-noname05716-is-targeting-dutch-organizations.html) [FBI shared a list of phishing domains associated with the LabHost PhaaS platform](https://securityaffairs.com/177293/cyber-crime/fbi-shared-a-list-of-phishing-domains-associated-with-the-labhost-phaas-platform.html) [Canadian electric utility Nova Scotia Power and parent company Emera suffered a cyberattack](https://securityaffairs.com/177281/hacking/canadian-electric-utility-nova-scotia-power-and-parent-company-emera-suffered-a-cyberattack.html) [Two SonicWall SMA100 flaws actively exploited in the wild](https://securityaffairs.com/177278/security/two-sonicwall-sma100-flaws-actively-exploited-in-the-wild.html) [Hive0117 group targets Russian firms with new variant of DarkWatchman malware](https://securityaffairs.com/177268/cyber-crime/hive0117-targets-russian-firms-with-darkwatchman-malware.html) [Russia-linked group Nebulous Mantis targets NATO-related defense organizations](https://securityaffairs.com/177255/intelligence/nebulous-mantis-targets-nato-related-defense-organizations.html) [France links Russian APT28 to attacks on dozen French entities](https://securityaffairs.com/177238/apt/france-links-russian-apt28-to-attacks-on-dozen-french-entities.html) [Indian Court ordered to block email service Proton Mail](https://securityaffairs.com/177232/laws-and-regulations/indian-court-ordered-to-block-email-service-proton-mail.html) [AirBorne flaws can lead to fully hijack Apple devices](https://securityaffairs.com/177225/hacking/airborne-flaws-can-lead-to-fully-hijack-apple-devices.html) [U.S. CISA adds SAP NetWeaver flaw to its Known Exploited Vulnerabilities catalog](https://securityaffairs.com/177218/hacking/u-s-cisa-adds-sap-netweaver-flaw-to-its-known-exploited-vulnerabilities-catalog.html) [SentinelOne warns of threat actors targeting its systems and high-value clients](https://securityaffairs.com/177205/security/sentinelone-warns-threat-actors-targeting-its-systems-and-high-value-clients.html) [Google Threat Intelligence Group (GTIG) tracked 75 actively exploited zero-day flaws in 2024](https://securityaffairs.com/177180/hacking/google-threat-intelligence-group-gtig-tracked-75-actively-exploited-zero-day-flaws-in-2024.html) [VeriSource data breach impacted 4M individuals](https://securityaffairs.com/177172/data-breach/verisource-services-inc-data-breach.html) [U.S. CISA adds Qualitia Active! Mail, Broadcom Brocade Fabric OS, and Commvault Web Server flaws to its Known Exploited Vulnerabilities catalog](https://securityaffairs.com/177161/hacking/u-s-cisa-adds-qualitia-active-mail-broadcom-brocade-fabric-os-and-commvault-web-server-flaws-to-its-known-exploited-vulnerabilities-catalog.html) [The Turmoil Following BreachForums Shutdown: Confusion, Risks, and a New Beginning](https://securityaffairs.com/177146/hacking/the-turmoil-following-breachforums-shutdown-confusion-risks-and-a-new-beginning.html) [Earth Kurma APT is actively targeting government and telecommunications orgs in Southeast Asia](https://securityaffairs.com/177125/apt/earth-kurma-apt-is-actively-targeting-government-and-telecommunications-orgs-in-southeast-asia.html) [A large-scale phishing campaign targets WordPress WooCommerce users](https://securityaffairs.com/177115/hacking/a-large-scale-phishing-campaign-targets-wordpress-woocommerce-users.html) [PoC rootkit Curing evades traditional Linux detection systems](https://securityaffairs.com/177098/hacking/poc-rootkit-curing-evades-traditional-linux-detection-systems.html) [Attackers chained Craft CMS zero-days attacks in the wild](https://securityaffairs.com/177085/hacking/attackers-chained-craft-cms-zero-days-attacks-in-the-wild.html) [Storm-1977 targets education sector with password spraying, Microsoft warns](https://securityaffairs.com/177067/hacking/storm-1977-targets-education-sector-with-password-spraying-microsoft-warns.html)**International Press — Newsletter****Cybercrime**[Grinex Emerges as Likely Garantex Rebrand](https://www.trmlabs.com/resources/blog/grinex-emerges-as-likely-garantex-rebrand)[Marks -& Spencer breach linked to Scattered Spider ransomware attack](https://www.bleepingcomputer.com/news/security/marks-and-spencer-breach-linked-to-scattered-spider-ransomware-attack/)[Alleged Nemesis Market founder charged by federal grand jury with money laundering, drug distribution](https://therecord.media/nemesis-market-founder-charged)[DarkWatchman cybercrime malware returns on Russian networks](https://therecord.media/darkwatchman-malware-russia-cybercrime-hive0117)[Emera and Nova Scotia Power Responding to Cybersecurity Incident](https://www.businesswire.com/news/home/20250428562798/en/Emera-and-Nova-Scotia-Power-Responding-to-Cybersecurity-Incident)[Phishing Domains Associated with LabHost PhaaS Platform Users](https://www.ic3.gov/CSA/2025/250429.pdf)[Santa Clarita Man Agrees to Plead Guilty to Hacking Disney Employee’s Computer, Downloading Confidential Data from Company](https://www.justice.gov/usao-cdca/pr/santa-clarita-man-agrees-plead-guilty-hacking-disney-employees-computer-downloading)[Ukrainian National Extradited from Spain to Face Conspiracy to Use Ransomware Charge](https://www.justice.gov/usao-edny/pr/ukrainian-national-extradited-spain-face-conspiracy-use-ransomware-charge)[Harrods latest retailer to be hit by cyber attack](https://www.bbc.com/news/articles/c62x4zxe418o)[Co-op cyber attack affects customer data, firm admits, after hackers contact BBC](https://www.bbc.com/news/articles/crkx3vy54nzo)**Malware**[io_uring Is Back, This Time as a Rootkit](https://www.armosec.io/blog/io_uring-rootkit-bypasses-linux-security/)[I StealC You: Tracking the Rapid Changes To StealC](https://www.zscaler.com/blogs/security-research/i-stealc-you-tracking-rapid-changes-stealc)[Interesting WordPress Malware Disguised as Legitimate Anti-Malware Plugin](https://www.wordfence.com/blog/2025/04/interesting-wordpress-malware-disguised-as-legitimate-anti-malware-plugin/)[Using Trusted Protocols Against You: Gmail as a C2 Mechanism](https://socket.dev/blog/using-trusted-protocols-against-you-gmail-as-a-c2-mechanism)[Dual Explanations via Subgraph Matching for Malware Detection](https://arxiv.org/abs/2504.20904)**Hacking**[Investigating an in-the-wild campaign using RCE in CraftCMS](https://sensepost.com/blog/2025/investigating-an-in-the-wild-campaign-using-rce-in-craftcms/)[Fake Security Vulnerability Phishing Campaign Targets WooCommerce Users](https://patchstack.com/articles/fake-security-vulnerability-phishing-campaign-targets-woocommerce-users/)[‘Source of data’: are electric cars vulnerable to cyber spies and hackers?](https://www.theguardian.com/environment/2025/apr/29/source-of-data-are-electric-cars-vulnerable-to-cyber-spies-and-hackers)[Hello A 2024 Zero-Day Exploitation Analysis](https://services.google.com/fh/files/misc/2024-zero-day-exploitation-analysis-en.pdf)[Wormable Zero-Click Remote Code Execution (RCE) in AirPlay Protocol Puts Apple -& IoT Devices at Risk](https://www.oligo.security/blog/airborne) [](https://thehackernews.com/2025/05/sonicwall-confirms-active-exploitation.html)[SonicWall Confirms Active Exploitation of Flaws Affecting Multiple Appliance Models](https://thehackernews.com/2025/05/sonicwall-confirms-active-exploitation.html)[When Space Goes Dark: Inside the Cyberattack on Poland’s Space Agency](https://medium.com/@devenchhajed24/when-space-goes-dark-inside-the-cyberattack-on-polands-space-agency-851e66857a7e)[Lessons from a Blue Team failure](https://www.hacktivesecurity.com/blog/2025/04/23/lessons-from-a-blue-team-failure/)**Intelligence and Information Warfare**[A few secretive AI companies could crush free society, researchers warn](https://www.zdnet.com/article/a-few-secretive-ai-companies-could-crush-free-society-researchers-warn/)[Earth Kurma APT Campaign Targets Southeast Asian Government, Telecom Sectors](https://www.trendmicro.com/en_us/research/25/d/earth-kurma-apt-campaign.html)[Top Tier Target -| What It Takes to Defend a Cybersecurity Company from Today’s Adversaries](https://www.sentinelone.com/labs/top-tier-target-what-it-takes-to-defend-a-cybersecurity-company-from-todays-adversaries/)[Russia — Attribution of cyber attacks on France to the Russian military intelligence service (APT28) (April 29th 2025)](https://www.diplomatie.gouv.fr/en/country-files/russia/news/2025/article/russia-attribution-of-cyber-attacks-on-france-to-the-russian-military)[Inside the Latest Espionage Campaign of Nebulous Mantis](https://catalyst.prodaft.com/public/report/inside-the-latest-espionage-campaign-of-nebulous-mantis/overview)[Skip to main contentSkip to footer Claude API Solutions Research Commitments Learn News Try Claude Societal Impacts Detecting and Countering Malicious Uses of Claude: March 2025](https://www.anthropic.com/news/detecting-and-countering-malicious-uses-of-claude-march-2025)[Pro-Russian hacker group shuts down websites of numerous Dutch municipalities and provinces](https://www.ad.nl/tech/pro-russische-hackersgroep-legt-websites-van-talloze-nederlandse-gemeentes-en-provincies-plat~a5cf8235/)[FortiGuard Incident Response Team Detects Intrusion into Middle East Critical National Infrastructure](https://www.fortinet.com/blog/threat-research/fortiguard-incident-response-team-detects-intrusion-into-middle-east-critical-national-infrastructure)[TheWizards APT group uses SLAAC spoofing to perform adversary-in-the-middle attacks](https://www.welivesecurity.com/en/eset-research/thewizards-apt-group-slaac-spoofing-adversary-in-the-middle-attacks/)**Cybersecurity**[U.S. government agency sounds alarm on AI’s toll on environment, humanity](https://mashable.com/article/generative-ai-environment-impact-us-government)[Inside the Verizon 2025 DBIR: Five Trends That Signal a Shift in the Cyber Threat Economy](https://www.securityweek.com/inside-the-verizon-2025-dbir-five-trends-that-signal-a-shift-in-the-cyber-threat-economy/)[Building Private Processing for AI tools on WhatsApp](https://engineering.fb.com/2025/04/29/security/whatsapp-private-processing-ai-tools/)[Indian court orders blocking of Proton Mail](https://techcrunch.com/2025/04/29/indian-court-orders-blocking-of-proton-mail/)[AI, Automation, and Dark Web Fuel Evolving Threat Landscape](https://www.darkreading.com/remote-workforce/ai-automation-dark-web-fuel-evolving-threat-landscape)[DDoS Attacks Now Key Weapons in Geopolitical Conflicts, NETSCOUT Warns](https://www.techrepublic.com/article/news-ddos-cyberattacks-political-conflicts-netscout/)[Pushing passkeys forward: Microsoft’s latest updates for simpler, safer sign-ins](https://www.microsoft.com/en-us/security/blog/2025/05/01/pushing-passkeys-forward-microsofts-latest-updates-for-simpler-safer-sign-ins/)[Irish Data Protection Commission fines TikTok €530 million and orders corrective measures following Inquiry into transfers of EEA User Data to China](https://www.dataprotection.ie/en/news-media/latest-news/irish-data-protection-commission-fines-tiktok-eu530-million-and-orders-corrective-measures-following)[How to stay safe from ‘quishing’ and protect yourself from QR code scams](https://proton.me/blog/quishing-qr-code-scams)Follow me on Twitter: [@securityaffairs](https://twitter.com/securityaffairs) and [Facebook](https://www.facebook.com/sec.affairs) and [Mastodon](https://infosec.exchange/@securityaffairs)[Pierluigi Paganini](http://www.linkedin.com/pub/pierluigi-paganini/b/742/559)([SecurityAffairs](http://securityaffairs.co/wordpress/) — hacking, newsletter)
Related Tags:
Desert Falcon
Arid Viper
Two-tailed Scorpion
Mantis
Big Bang APT
TAG-63
APT-C-23
Storm-0875
Octo Tempest
Associated Indicators: