"Russian authorities arrest three suspects behind Mamont Android Banking Trojan."

Views expressed in this cybersecurity, cyber crime update are those of the reporters and correspondents.  Accessed on 28 March 2025, 2106 UTC.

Content and Source:  Email subscription via https://feedly.com.

 https://feedly.com/i/subscription/feed%2Fhttp%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2Ffeed

Please check link or scroll down to read your selections.  Thanks for joining us today.

Russ Roberts (https://www.hawaiicybersecurityjournal.net).

Security Affairs

71K followers26 articles per week

#security#tech

33

Most popular

Russian authorities arrest three suspects behind Mamont Android banking trojan

Three arrested for Mamont malware

•

by Pierluigi Paganini / 1h

Russian authorities arrested three suspects for developing Mamont, a newly identified Android banking trojan. Russian authorities arrested three suspects in Saratov for developing Mamont (Russian for mammoth), a recently discovered Android banking trojan. “Three Saratov residents are suspected of fraud and unauthorized access to computer information. Officers from the fraud prevention department

Mozilla fixed critical Firefox vulnerability CVE-2025-2857

Privilege Escalation (Enterprise TA0004)

•

by Pierluigi Paganini / 10h

•

CVE-2025-2857

Mozilla addressed a critical vulnerability, tracked as CVE-2025-2857, impacting its Firefox browser for Windows. Mozilla has released security updates to address a critical flaw, tracked as CVE-2025-2857, impacting its Firefox browser for Windows. Recently, Google addressed a similar vulnerability, tracked as CVE-2025-2783 , in Chrome that has been actively exploited in the wild as a zero-day. Th

FBI warns of malicious free online document converters spreading malware

FBI warns of malware in converters

•

by Pierluigi Paganini / 4d

The FBI warns of a significant increase in scams involving free online document converters to infect users with malware. The FBI warns that threat actors use malicious online document converters to steal users’ sensitive information and infect their systems with malware. “The FBI Denver Field Office is warning that agents are increasingly seeing a scam involving free online document converter too

Yesterday

U.S. CISA adds Google Chromium Mojo flaw to its Known Exploited Vulnerabilities catalog

Privilege Escalation (Enterprise TA0004)

•

by Pierluigi Paganini / 21h

•

CVE-2025-2783

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Google Chromium Mojo flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a Google Chromium Mojo sandbox escape vulnerability, tracked as CVE-2025-2783 , to its Known Exploited Vulnerabilities (KEV) catalog . This week Google has released out-of-band fixes to ad

Crooks target DeepSeek users with fake sponsored Google ads to deliver malware

by Pierluigi Paganini / 1d

Cybercriminals are exploiting the popularity of DeepSeek by using fake sponsored Google ads to distribute malware. While DeepSeek is rising in popularity, threat actors are attempting to exploit it by using fake sponsored Google ads to distribute malware, Malwarebytes researchers warn. Crooks are using DeepSeek as a lure to trap unsuspecting Google searchers. “Unfortunately, we are getting so use

U.S. CISA adds Sitecore CMS and XP, and GitHub Action flaws to its Known Exploited Vulnerabilities catalog

3 TTPs

•

by Pierluigi Paganini / 1d

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Sitecore CMS and XP, and GitHub Action flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added [ 1 , 2 ] the following vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog : CVE-2019-9875 Sitecore CMS and Experience Platform (XP) Deserialization Vu

Mar 26, 2025

Arkana Security group claims the hack of US telco provider WideOpenWest (WOW!)

2 TTPs

•

by Pierluigi Paganini / 1d

•

Arkana ransomware targets WideOpenWest

Arkana Security, a new ransomware group, claims to have breached the telecommunications provider WideOpenWest (WOW!). The new ransomware group Arkana Security claims to have hacked US telecom provider WOW!, stealing customer data. WideOpenWest (WOW!) is a US-based telecommunications company that provides broadband internet, cable TV, and phone services. It operates mainly in the Midwest and South

New ReaderUpdate malware variants target macOS users

IoC > 5 hashes

•

by Pierluigi Paganini / 1d

•

8 TTPs

•

New ReaderUpdate malware variants detected

New ReaderUpdate malware variants, now written in Crystal, Nim, Rust, and Go, targets macOS users, SentinelOne warns. SentinelOne researchers warn that multiple versions of the ReaderUpdate malware written in Crystal, Nim, Rust, and Go programming languages, are targeting macOS users. ReaderUpdate is a macOS malware loader that has been active since 2020, the malicious code was first seen as a co

BlackLock Ransomware Targeted by Cybersecurity Firm

6 TTPs

•

by Pierluigi Paganini / 2d

•

BlackLock ransomware targets 40 organizations

Resecurity found an LFI flaw in the leak site of BlackLock ransomware, exposing clearnet IPs and server details. Resecurity has identified a Local File Include (LFI) vulnerability in Data Leak Site (DLS) of BlackLock Ransomware. Cybersecurity experts were able to exploit misconfiguration in vulnerable web-app used by ransomware operators to publish victims’ data – leading to clearnet IP addresses

Mar 25, 2025

Google fixed the first actively exploited Chrome zero-day since the start of the year

Privilege Escalation (Enterprise TA0004)

•

by Pierluigi Paganini / 2d

•

CVE-2025-2783

Google fixed a flaw in the Chrome browser for Windows that was actively exploited in attacks targeting organizations in Russia. Google has released out-of-band fixes to address a high-severity security vulnerability, tracked as CVE-2025-2783 , in Chrome browser for Windows. The flaw was actively exploited in attacks targeting organizations in Russia. The vulnerability is an incorrect handle provi

Authentication bypass CVE-2025-22230 impacts VMware Windows Tools

CVE-2025-22230 & 1 other

•

by Pierluigi Paganini / 2d

Broadcom addressed a high-severity authentication bypass vulnerability, tracked as CVE-2025-22230, in VMware Tools for Windows. Broadcom released security updates to address a high-severity authentication bypass vulnerability, tracked as CVE-2025-22230 (CVSS score 9.8), impacting VMware Tools for Windows. VMware Tools for Windows is a suite of utilities that enhances the performance and usability

Android malware campaigns use .NET MAUI to evade detection

3 TTPs

•

by Pierluigi Paganini / 3d

•

Hackers exploit .NET MAUI for malware

Researchers warn of a new Android malware that uses .NET MAUI to mimic legit services and evade detection. McAfee researchers warn of Android malware campaigns using .NET MAUI to evade detection. These threats disguise themselves as legitimate services to steal sensitive information from users. .NET MAUI (Multi-platform App UI) is a cross-platform framework by Microsoft for building native mobile

Astral Foods, South Africa’s largest poultry producer, lost over $1M due to a cyberattack

Impact (Enterprise TA0040)

•

by Pierluigi Paganini / 3d

•

Astral Foods reports profit decline

disrupting deliveries and impacting operations. Astral Foods is a South African integrated poultry producer and one of the country’s largest food companies. It specializes in poultry production, animal feed, and related agricultural operations. The company supplies chicken products to retail, wholesale, and fast-food markets in South Africa and neighboring countries. Astral reported over $1 bill

Mar 24, 2025

A cyberattack hits Ukraine’s national railway operator Ukrzaliznytsia

Ukraine railway suffers cyberattack

•

by Pierluigi Paganini / 3d

A cyberattack on Ukraine’s national railway operator Ukrzaliznytsia disrupted online ticket services, causing long lines at Kyiv’s station. The Record Media first reported the news of a cyber attack on Ukraine’s national railway operator Ukrzaliznytsia that disrupted online ticket services, causing long lines at Kyiv’s station. The incident led to overcrowding and long delays as people were force

Chinese APT Weaver Ant infiltrated a telco in Asia for over four years

by Pierluigi Paganini / 3d

China-linked APT Weaver Ant infiltrated the network of a telecommunications services provider for over four years. The China-linked threat actor Weaver Ant infiltrated the network of a telecom provider in Asia for over four years. During a forensic investigation, Sygnia researchers observed multiple alerts that revealed a re-enabled threat actor account by a service account from an unidentified s

Medusa ransomware uses malicious Windows driver ABYSSWORKER to disable security tools

5 TTPs

•

by Pierluigi Paganini / 4d

Medusa ransomware uses a malicious Windows driver ABYSSWORKER to disable security tools, making detection and mitigation more difficult. Elastic Security Labs tracked a financially driven MEDUSA ransomware campaign using a HEARTCRYPT-packed loader and a revoked certificate-signed driver, ABYSSWORKER, to disable EDR tools. The attackers used a 64-bit Windows PE driver named smuol.sys, disguised as

Attackers can bypass middleware auth checks by exploiting critical Next.js flaw

CVE-2025-29927

•

by Pierluigi Paganini / 4d

A critical flaw in the Next.js React framework could be exploited to bypass authorization checks under certain conditions. Maintainers of Next.js React framework addressed a critical vulnerability tracked as CVE-2025-29927 (CVSS score of 9.1) with the release of versions versions 12.3.5, 13.5.9, 14.2.25, and 15.2.3. “Next.js version 15.2.3 has been released to address a security vulnerability ( C

Mar 23, 2025

Cloak ransomware group hacked the Virginia Attorney General’s Office

8 TTPs

•

by Pierluigi Paganini / 4d

•

Cloak ransomware attacks Virginia Attorney General

The Cloak ransomware group claims responsibility for a cyberattack on the Virginia Attorney General’s Office that occurred in February. The ransomware group Cloak has claimed responsibility for a February cyberattack on the Virginia Attorney General Office . A cyberattack on the Virginia Attorney General’s Office forced officials to shut down IT systems, including email and VPN, and revert to pap

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 38

by Pierluigi Paganini / 5d

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Decrypting Encrypted files from Akira Ransomware (Linux/ESXI variant 2024) using a bunch of GPUs Jaguar Land Rover Breached by HELLCAT Ransomware Group Using Its Infostealer Playbook—Then a Second Hacker Strikes ClearFake’s New Widespread Variant: Increased Web3 Ex

Security Affairs newsletter Round 516 by Pierluigi Paganini – INTERNATIONAL EDITION

by Pierluigi Paganini / 5d

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. U.S. Treasury removed sanctions against the crypto mixer service Tornado Cash Zero-day broker Operation Zero offers up to $4 million for Telegram exploits

UAT-5918 ATP group targets critical Taiwan

IoC > 29 hashes

•

by Pierluigi Paganini / 5d

•

19 TTPs

•

UAT-5918 targets Taiwan's critical infrastructure

Cisco Talos found UAT-5918, active since 2023, using web shells and open-source tools for persistence, info theft, and credential harvesting. Cisco Talos uncovered UAT-5918, an info-stealing threat actor active since 2023, using web shells and open-sourc