A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box.
Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.
| French authorities investigate AI ‘undressing’ deepfakes on X |
| Thousands of ColdFusion exploit attempts spotted during Christmas holiday |
| Two U.S. cybersecurity professionals plead guilty in BlackCat/Alphv ransomware case |
| Covenant Health data breach after ransomware attack impacted over 478,000 people |
| Phishing campaign abuses Google Cloud Application to impersonate legitimate Google emails |
| IBM warns of critical API Connect bug enabling remote access |
| Trust Wallet confirms second Shai-Hulud supply-chain attack, $8.5M in crypto stolen |
| React2Shell under attack: RondoDox Botnet spreads miners and malware |
| ESA disclosed a data breach, hackers breached external servers |
| Singapore CSA warns of maximun severity SmarterMail RCE flaw |
| MongoBleed (CVE-2025-14847): the US, China, and the EU are among the top exploited GEOs |
| Coupang announces $1.17B compensation plan for 33.7M data breach victims |
| Mustang Panda deploys ToneShell via signed kernel-mode rootkit driver |
| Lithuanian suspect arrested over KMSAuto malware that infected 2.8M systems |
| U.S. CISA adds a flaw in MongoDB Server to its Known Exploited Vulnerabilities catalog |
| Romania’s Oltenia Energy Complex suffers major ransomware attack |
| Korean Air discloses data breach after the hack of its catering and duty-free supplier |
| MongoBleed flaw actively exploited in attacks in the wild |
| Evasive Panda cyberespionage campaign uses DNS poisoning to install MgBot backdoor |
| Condé Nast faces major data breach: 2.3M WIRED records leaked, 40M more at risk |
| Stolen LastPass backups enable crypto theft through 2025 |
International Press – Newsletter
Hacker Leaks 2.3M Wired.com Records, Claims 40M-User Condé Nast Breach
Foreign hackers who distributed virtual asset embezzlement malwareNew recruits secured through Interpol warrants,extradited to Korea and arrested
Two Americans Plead Guilty to Targeting Multiple U.S. Victims Using ALPHV BlackCat Ransomware
Bitfinex crypto thief who was serving five years thanks Trump for early release
Malware
Spearphishing Campaign Abuses npm Registry to Target U.S. and Allied Manufacturing and Healthcare Organizations
EmEditor Supply Chain Incident Details Disclosed: Distribution of Information-Stealing Malware Sweeps Through Domestic Government and Enterprise Entities
GlassWorm Goes Mac: Fresh Infrastructure, New Tricks
RondoDoX Botnet Weaponizes React2Shell
Hacking
MongoBleed (CVE-2025-14847): MongoDB Memory Leak Flaw
MongoBleed (CVE-2025-14847) exploited in the wild: everything you need to know
Trust Wallet Browser Extension v2.68 Incident: An Update to Our Community
Phishing Campaign Leverages Trusted Google Cloud Automation Capabilities to Evade Detection
New ErrTraffic service enables ClickFix attacks via fake browser glitches
ColdFusion++ Christmas Campaign: Catching a Coordinated Callback Calamity
The Anatomy of a React2Shell Compromise
Intelligence and Information Warfare
Evasive Panda APT poisons DNS requests to deliver MgBot
The HoneyMyte APT evolves with a kernel-mode rootkit and a ToneShell backdoor
Silver Fox Targeting India Using Tax Themed Phishing Lures
DarkSpectre: Unmasking the Threat Actor Behind 8.8 Million Infected Browsers
You’ve been targeted by government spyware. Now what?
Drones to Diplomas: How Russia’s Largest Private University is Linked to a $25M Essay Mill
APT36 : Multi-Stage LNK Malware Campaign Targeting Indian Government Entities
Cybersecurity
December 27 Advisory: MongoBleed – Critical MongoDB Uninitialized Memory Disclosure Vulnerability [CVE-2025-14847]
Data breach at Korean Air leaks 30,000 employee records
Coupang to Issue $1.17 Billion in Vouchers Over Data Breach
European Space Agency confirms breach following leak of internal data
Non Proliferation and Iran-related Designations; Cyber-related and Russia-related Designations Removals
France to investigate deepfakes of women stripped naked by Grok
REGARDING THE ACQUISITION OF CERTAIN ASSETS OF EMCORE CORPORATION BY HIEFO CORPORATION
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
Pierluigi Paganini
(SecurityAffairs – hacking, newsletter)