A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box.
Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.
| Experts found an unsecured 16TB database containing 4.3B professional records |
| Germany calls in Russian Ambassador over air traffic control hack claims |
| U.S. CISA adds Google Chromium and Sierra Wireless AirLink ALEOS flaws to its Known Exploited Vulnerabilities catalog |
| Emergency fixes deployed by Google and Apple after targeted attacks |
| Notepad++ fixed updater bugs that allowed malicious update hijacking |
| Elastic detects stealthy NANOREMOTE malware using Google Drive as C2 |
| U.S. CISA adds an OSGeo GeoServer flaw to its Known Exploited Vulnerabilities catalog |
| Critical Gogs zero-day under attack, 700 servers hacked |
| GeminiJack zero-click flaw in Gemini Enterprise allowed corporate data exfiltration |
| Google fixed a new actively exploited Chrome zero-day |
| Pro-Russia Hacktivist Support: Ukrainian Faces US Charges |
| Fortinet fixed two critical authentication-bypass vulnerabilities |
| New EtherRAT backdoor surfaces in React2Shell attacks tied to North Korea |
| U.S. CISA adds Microsoft Windows and WinRAR flaws to its Known Exploited Vulnerabilities catalog |
| Microsoft Patch Tuesday security updates for December 2025 fixed an actively exploited zero-day |
| Ivanti warns customers of new EPM flaw enabling remote code execution |
| Broadside botnet hits TBK DVRs, raising alarms for maritime logistics |
| Polish Police arrest 3 Ukrainians for possessing advanced hacking tools |
| FinCEN data shows $4.5B in ransomware payments, record spike in 2023 |
| FBI: Crooks manipulate online photos to fuel virtual kidnapping ransoms |
| Oracle EBS zero-day used by Clop to breach Barts Health NHS |
| AWS: China-linked threat actors weaponized React2Shell hours after disclosure |
| U.S. CISA adds a Meta React Server Components flaw to its Known Exploited Vulnerabilities catalog |
| Porsche outage in Russia serves as a reminder of the risks in connected vehicle security |
International Press – Newsletter
Barts Health NHS – Cl0p cyberattack update
Criminals Using Altered Proof-of-Life Media to Extort Victims in Virtual Kidnapping for Ransom Scams
Ransomware Trends in Bank Secrecy Act Data Between 2022 and 2024
I’ve investigated ‘stalkerware’ for five years. Here’s what I’ve learned
Teen who allegedly stole millions of persona
Malware
SEEDSNATCHER : Dissecting an Android Malware Targeting Multiple Crypto Wallet Mnemonic Phrase
JS#SMUGGLER: Multi-Stage – Hidden Iframes, Obfuscated JavaScript, Silent Redirectors & NetSupport RAT Delivery
PeerBlight Linux Backdoor Exploits React2Shell CVE-2025-55182
SetcodeRat Exposed: A Telegram Secret Stealing Trojan Customized for Chinese-speaking Regions
PyStoreRAT: A New AI-Driven Supply Chain Malware Campaign Targeting IT & OSINT Professionals
Hacking
Critical Security Vulnerability in React Server Components
From Inbox to Wipeout: Perplexity Comet’s AI Browser Quietly Erasing Google Drive
They “traveled” around Europe with a spy detector and hacking equipment
CVE-2025-10573: Ivanti EPM Unauthenticated Stored Cross-Site Scripting (Fixed)
The Anatomy of a React2Shell Compromise
Small numbers of Notepad++ users reporting security woes
Pro-Russia Hacktivists Conduct Opportunistic Attacks Against US and Global Critical Infrastructure
High Fidelity Detection Mechanism for RSC/Next.js RCE (CVE-2025-55182 & CVE-2025-66478)
Chrome Targeted by Active In-the-Wild Exploit Tied to Undisclosed High-Severity Flaw
Active Exploitation of Gladinet CentreStack/Triofox Insecure Cryptography Vulnerability
GeminiJack: The Google Gemini Zero-Click Vulnerability Leaked Gmail, Calendar and Docs Data
Gogs 0-Day Exploited in the Wild
Threat Spotlight: Introducing GhostFrame, a new super stealthy phishing kit
Intelligence and Information Warfare
UDPGangster Campaigns Target Multiple Countries
Go behind the browser with Chrome’s new AI features
Latest Contagious Interview malware campaign abuses Microsoft VSCode Tasks
EtherRAT: DPRK uses novel Ethereum implant in React2Shell attacks
Crisis in Icebergen: How NATO crafts stories to sharpen cyber skills
Pro-Russia Hacktivists Conduct Opportunistic Attacks Against US and Global Critical Infrastructure
Justice Department Announces Actions to Combat Two Russian State-Sponsored Cyber Criminal Hacking Groups
Hamas-Affiliated Ashen Lepus Targets Middle Eastern Diplomatic Entities With New AshTag Malware Suite
Google and Apple roll out emergency security updates after zero-day attacks
Cyberattack: Berlin summons Russia’s ambassador
Cybersecurity
The December 2025 Security Update Review
The AI arms race: Inside the invisible war between hackers and defenders
Fortinet Patches Critical Authentication Bypass Vulnerabilities
Cyber Army of Russia Reborn / Z-Pentest
AI is accelerating cyberattacks. Is your network prepared?
Shadow AI Security Breaches will hit 40% of all Companies by 2030, Warns Gartner
‘End-to-end encrypted’ smart toilet camera is not actually end-to-end encrypted
4.3 Billion Work Profiles Exposed: Scammers Now Know Where You Work
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
Pierluigi Paganini
(SecurityAffairs – hacking, newsletter)