Security Affairs newsletter Round 506 by Pierluigi Paganini – INTERNATIONAL EDITION

The data of members of the PSA, the force that depends on Bullrich, was hacked and part of their salary was stolen  

A Day in the Life of a Prolific Voice Phishing Crew  

Phish-free PayPal Phishing  

Marijuana dispensary STIIIZY warns of leaked IDs after November data breach  

Operators of Cryptocurrency Mixers Charged with Money Laundering  

Fintech Giant Finastra Investigating Data Breach  

Telefonica Breach: Infostealer Malware Opens Door for Social Engineering Tactics  

Hackers Claim Massive Breach of Location Data Giant, Threaten to Leak Data  

Malware

Finding Malware: Unveiling PLAYFULGHOST with Google Security Operations  

EAGERBEE, with updated and novel components, targets the Middle East  

Gayfemboy: A Botnet Deliver Through a Four-Faith Industrial Router 0-day Exploit

Recruitment Phishing Scam Imitates CrowdStrike Hiring Process

Hacking

Breaking the Chain: Wiz Uncovers a Signature Verification Bypass in Nuclei, the Popular Vulnerability Scanner (CVE-2024-43405) 

Bad Likert Judge: A Novel Multi-Turn Technique to Jailbreak LLMs by Misusing Their Evaluation Capability  

Genetic Engineering Meets Reverse Engineering: DNA Sequencer’s Vulnerable BIOS

Ivanti Flaw CVE-2025-0282 Actively Exploited, Impacts Connect Secure and Policy Secure

GFI KerioControl Firewall Vulnerability Exploited in the Wild 

Samsung S24: Out of bounds write in APE Decoder 

Facebook awards researcher $100,000 for finding bug that granted internal access  

Intelligence and Information Warfare 

Chinese hack of US telecoms compromised more firms than previously known, WSJ says  

US designates Tencent as Chinese military company  

CISA Update on Treasury Breach  

Russian internet provider confirms its network was ‘destroyed’ following attack claimed by Ukrainian hackers    

Ivanti Connect Secure VPN Targeted in New Zero-Day Exploitation  

Chinese State-Sponsored RedDelta Targeted Taiwan, Mongolia, and Southeast Asia with Adapted PlugX Infection Chain  

Chinese cyber-spies peek over shoulder of officials probing real-estate deals near American military bases  

Cybersecurity

Meta is ending its fact-checking program in favor of a ‘community notes’ system similar to X  

New labels will help people pick devices less at risk of hacking 

Elon Musk says all human data for AI training ‘exhausted’ 

China releases world’s most powerful electronic warfare weapon design software – for free