Security Affairs
- Get link
- X
- Other Apps
"Trust Wallet warns users to update chrome extension after $7M security loss."
Views expressed in this cybersecurity, cyber crime update are those of the reporters and correspondents. Accessed on 26 December 2025, 2128 UTC.
Content and Source: Email subscription via https://feedly.com.
https://feedly.com/i/subscription/feed%2Fhttp%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2Ffeed
Please check email subscription link or scroll down to read your selections. Thanks for joining us today.
Russ Roberts (https://www.hawaiicybersecurityjournal.net).
95
Today
Trust Wallet urged users to update its Chrome extension after a security incident caused about $7 million in losses. Trust Wallet warned users to update its Google Chrome extension after a security incident that resulted in about $7 million in losses. The flaw affects version 2.68 of the multi-chain, non-custodial wallet, which has around one million users. “We’ve confirmed that approximately $7M
Pro-Russian hacking group Noname057 claimed responsibility for the cyberattack that recently disrupted La Poste’s digital banking and online services. This week, the French national postal service La Poste confirmed a major cyber incident had knocked its information systems offline, disrupting digital banking and online services for millions of customers. On social media, La Poste said the disrup
A June data breach exposed the personal information of more than 22 million Aflac customers, the company confirmed. A data breach in June exposed the information of more than 22 million Aflac customers, according to a new statement from the insurance giant. The company detected suspicious activity on a limited number of systems in June and promptly launched an incident response, with the assistan
Spotify shut down accounts after Anna’s Archive scraped and published data on 86 million songs, confirming action against unlawful scraping. Spotify disabled user accounts after an open-source group published files containing 86 million songs scraped from the platform. The group, Anna’s Archive, said it found a method to extract Spotify files and released a database of tracks and metadata. Spotif
Yesterday
Initial Access (Enterprise TA0001)
by Pierluigi Paganini / 1d
Fortinet reported active exploitation of a five-year-old FortiOS SSL VPN flaw, abused in the wild under specific configurations. Fortinet researchers observed “recent abuse” of a five-year-old security vulnerability, tracked as CVE-2020-12812 (CVSS score: 5.2), in FortiOS SSL VPN. The vulnerability is exploited in attacks in the wild under certain configurations. CVE-2020-12812 is an improper aut
2 TTPs
by Pierluigi Paganini / 1d
MongoDB addressed a high-severity vulnerability that can be exploited to achieve remote code execution on vulnerable servers. MongoDB addressed a high-severity vulnerability, tracked as CVE-2025-14847 (CVSS score 8.7), an unauthenticated, remote attacker can exploit the issue to execute arbitrary code on vulnerable servers. “An client-side exploit of the Server’s zlib implementation can return un
Dec 24, 2025
The U.S. seized the ‘web3adspanels.org’ domain and database used by cybercriminals to store stolen bank login credentials. The FBI seized the domain web3adspanels[.]org and its database after cybercriminals used it to store bank login credentials stolen from U.S. victims. A criminal group ran fake ads on Google and Bing that mimicked real bank advertisements. Victims who clicked were redirected t
The FCC announced a ban on drones and critical components made in foreign countries, citing national security concerns. The U.S. Federal Communications Commission (FCC) said it has banned drones and key components manufactured abroad over national security concerns. The U.S. government said drones can improve safety and innovation but also pose security risks if used by criminals or threat actors
Italy fined Apple €98.6 million, ruling its App Tracking Transparency feature limited competition in the App Store. Italy’s antitrust authority fined Apple €98.6 million ($116 million) for ruling that its App Tracking Transparency framework restricted competition in the App Store. “The Italian Competition Authority has imposed a 98,635,416.67 euro fine on Apple Inc., Apple Distribution Internatio
La Poste said a major network incident took its systems offline, disrupting digital banking and online services for millions of users. The French national postal service La Poste confirmed a major cyber incident had knocked its information systems offline, disrupting digital banking and online services for millions of customers. Les services essentiels de la banque ne sont pas impactés. Les paiem
Dec 23, 2025
Collection (Enterprise TA0009)
by Pierluigi Paganini / 3d
•Hackers breached Red Hat’s GitLab, stealing data of 21,000 customers; Nissan confirmed exposure via a self-managed GitLab instance. Japanese carmaker Nissan disclosed a data breach tied to a self-managed GitLab instance used by Red Hat Consulting. Threat actors gained access to the GitLab instance, stealing data from 21,000 customers. In October, the Crimson Collective claimed it had stolen 570GB
A critical flaw in the n8n automation platform could allow attackers to execute arbitrary code if exploited under specific conditions. Researchers warn that a critical vulnerability, tracked as CVE-2025-68613 (CVSS score of 9.9), in the n8n workflow automation platform could allow attackers to achieve arbitrary code execution under certain circumstances. The package gets about 57,000 downloads pe
by Pierluigi Paganini / 3d
Attackers exploited a supply chain weakness, abusing trusted components to compromise systems and spread malicious activity across connected targets. Your next breach probably won’t start inside your network—it will start with someone you trust. Every supplier, contractor, and service provider needs access to your systems to keep business running, yet each login is a potential doorway for attacke
Dec 22, 2025
2 TTPs
by Pierluigi Paganini / 3d
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a Digiever DS-2105 Pro flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a Digiever DS-2105 Pro vulnerability, tracked as CVE-2023-52163 (CVSS Score of 8.8), to its Known Exploited Vulnerabilities (KEV) catalog . Digiever DS-2105 Pro is a network video record
Romania’s national water management authority, Romanian Waters, was hit by a ransomware attack over the weekend. Romanian Waters (Administrația Națională Apele Române), the country’s water management authority, suffered a ransomware attack over the weekend. According to the National Cyber Security Directorate (DNSC), the incident affected around 1,000 computer systems across the central organizat
Ukrainian Artem Stryzhak (35) pleaded guilty in the U.S. for Nefilim ransomware attacks; he was arrested in Spain in 2024, extradited in April 2025. A 35-year-old Ukrainian, Artem Aleksandrovych Stryzhak (35), pleaded guilty in the U.S. for Nefilim ransomware attacks. The Ukrainian citizen was arrested in Spain in 2024 and extradited to the US in April 2025. He pleaded guilty to conspiracy to com
Researchers report renewed activity by Iran-linked Infy (Prince of Persia), showing the hacking group remains active and dangerous after years of silence. SafeBreach researchers have spotted renewed activity from the Iran-linked APT group Infy, also known as Prince of Persia , nearly five years after its last known campaigns in Europe. SafeBreach warns the group remains active, larger in scale th
Dec 21, 2025
Hackers stole personal data of about 27,500 people from the University of Sydney after accessing an online code library, the university confirmed. The University of Sydney disclosed a data breach in which threat actors accessed an online code library and stole personal information linked to about 27,500 individuals, including current and former staff, affiliates, students, and alumni. In response
Waymo temporarily halted its San Francisco robotaxi service after a major blackout left multiple autonomous vehicles stranded on city streets. Waymo temporarily halted its robotaxi service in San Francisco after a widespread blackout caused multiple autonomous vehicles to stall on city streets. “We have temporarily suspended our ride-hailing services in the San Francisco Bay Area due to the wides
by Pierluigi Paganini / 5d
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter CyberVolk | A Deep Dive into the Hacktivists, Tools and Ransomware Fueling Pro-Russian Cyber Attacks Operation MoneyMount-ISO — Deploying Phantom Stealer via ISO-Mounted Executables Inside GhostPoster: How a PNG Icon Infected 50,000 Firefox Users
by Pierluigi Paganini / 5d
A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. ATM Jackpotting ring busted: 54 indicted by DoJ U.S. CISA adds a flaw in WatchGuard Fireware OS to its Known Exploited Vulnerabilities catalog Russi
Dec 20, 2025
The U.S. Department of Justice has indicted 54 individuals over a multi-million-dollar ATM jackpotting fraud scheme. U.S. DoJ indicted 54 people for a nationwide ATM jackpotting scheme that stole millions via malware. The case links the crimes to the cybercrime group Tren de Aragua , including charges of fraud, money laundering, and material support to a terrorist organization. ATM jackpotting is
IoC > 4 IPs
by Pierluigi Paganini / 6d
•5 TTPs
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a WatchGuard Fireware OS flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a WatchGuard Firebox OS vulnerability, tracked as CVE-2025-14733 (CVSS Score of 9.3), to its Known Exploited Vulnerabilities (KEV) catalog . This flaw is a critical out-of-bounds write
Dec 19, 2025
Denmark has blamed Russia for a destructive cyberattack on a water utility, calling it part of Moscow’s hybrid campaign against Western critical infrastructure. Denmark has accused Russia of orchestrating destructive cyberattacks against a water utility in 2024, framing them as part of broader hybrid attacks on Western critical infrastructure. Denmark’s Defence Intelligence Service attributed a d
7 TTPs
by Pierluigi Paganini / 7d
The Clop ransomware group is targeting Gladinet CentreStack file servers in a new large-scale extortion campaign. The Clop ransomware group is targeting Gladinet CentreStack file servers in a new large-scale extortion campaign aimed at stealing sensitive data from organizations worldwide. Gladinet CentreStack is a software platform that allows organizations to turn their existing file servers, NA
by Pierluigi Paganini / 7d
A new UEFI flaw exposes some ASRock, ASUS, GIGABYTE, and MSI motherboards to early-boot DMA attacks, bypassing IOMMU protections. Researchers warn of a new UEFI vulnerability that affects select ASRock, ASUS, GIGABYTE, and MSI motherboards, enabling early-boot DMA attacks that bypass IOMMU protections. UEFI (Unified Extensible Firmware Interface) is the modern firmware standard that initializes h
Dec 18, 2025
Cisco disclosed a critical zero-day (CVE-2025-20393) in Secure Email Gateway and Secure Email and Web Manager, actively exploited by a China-linked group. Cisco disclosed a critical zero-day, tracked as CVE-2025-20393 , in Secure Email Gateway and Secure Email/Web Manager, which is actively exploited by a China-linked threat group. Cisco reported a December 10 campaign targeting certain Secure Em
2 TTPs
by Pierluigi Paganini / 7d
Hewlett Packard Enterprise (HPE) fixed a critical OneView flaw that could allow attackers to achieve remote code execution. Hewlett Packard Enterprise (HPE) addressed a maximum-severity security vulnerability, tracked as CVE-2025-37164 (CVSS score of 10.0), in OneView Software . An attacker can exploit the flaw to achieve remote code execution. HPE OneView is an integrated IT management and autom
by Pierluigi Paganini / 8d
Resecurity reports a Q4 2025 surge in criminal use of DIG AI on Tor, enabling scalable illicit activity and posing new risks ahead of major 2026 events. During Q4 2025, Resecurity observed a notable increase in malicious actors utilizing DIG AI, accelerating during the Winter Holidays, when illegal activity worldwide reached a new record. With important events scheduled for 2026, including the Wi
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Cisco, SonicWall, and ASUS flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Apple and Gladinet CentreStack and Triofox flaws to its Known Exploited Vulnerabilities (KEV) catalog . Below are the flaws added to the catalog: CVE-2025-20393 (CVSS score of 10.0)
Dec 17, 2025
5 TTPs
by Pierluigi Paganini / 8d
Attackers abuse WhatsApp’s device-linking feature to hijack accounts via pairing codes in the GhostPairing campaign. Attackers are exploiting WhatsApp’s device-linking feature to hijack accounts using pairing codes in a campaign dubbed GhostPairing, without requiring authentication. Gen Digital first observed the GhostPairing campaign in Czechia, but warns that it can spread globally via compromi
4 TTPs
by Pierluigi Paganini / 9d
SonicWall warned users to patch a SMA1000 AMC flaw that was exploited as a zero-day privilege escalation vulnerability in attacks. SonicWall urged customers to address a vulnerability, tracked as CVE-2025-40602, in the SMA1000 Appliance Management Console that was exploited as a zero-day in attacks in the wild. The flaw is a local privilege escalation issue which is due to insufficient authorizat
French prosecutors probe a suspected cyberattack on GNV ferry Fantastic, raising concerns of a possible remote hijack. French prosecutors are investigating a suspected cyberattack on the GNV ferry Fantastic, raising fears of a potential remote hijack. The ferry Fantastic sails between Sète and North Africa, and French authorities are investigating a suspected attempt to compromise the ship’s IT s
4 TTPs
by Pierluigi Paganini / 9d
Askul disclosed that an October RansomHouse ransomware attack compromised over 700,000 records at the Japanese e-commerce and logistics firm. Askul is a Japanese e-commerce and logistics company best known for supplying office products, stationery, IT equipment, and everyday business consumables to companies and consumers. It operates large-scale fulfillment and delivery services across Japan and
7 TTPs
by Pierluigi Paganini / 9d
Amazon disclosed a years-long Russian state-backed cyber campaign targeting Western critical infrastructure from 2021 to 2025. Amazon Threat Intelligence reports a long-running Russian state-
- Get link
- X
- Other Apps
Comments
Post a Comment
Please leave a comment about our recent post.