Security Affairs
- Get link
- X
- Other Apps
"Resecurity caught ShinyHunters in honeytrap."
Views expressed in this cybersecurity, cyber crime update are those of the reporters and correspondents. Accessed on 04 January 2026, 2156 UTC.
Content and Source: "Security Affairs" via email subscription from https://feedly.com.
https://feedly.com/i/subscription/feed%2Fhttp%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2Ffeed
Please check subscription link or scroll down to read your selections. Thanks for joining us today.
Russ Roberts (https://www.hawaiicybersecurityjournal.net).
Security Affairs
Today
Resecurity caught ShinyHunters (SLH) using decoy accounts; the group attacked airlines, telecoms, and law enforcement in Sept 2025. In an interesting development, Resecurity has caught actors known as “ ShinyHunters ” or “ Scattered Lapsus$ Hunters” (SLH) leveraging honeypot (decoy) accounts. The company was one of the first to release a public report detailing the group’s activities in September In light of the tragic events that have occurred in Venezuela, what is happening to the Internet in the country, and how are users accessing it? Yesterday, the United States launched a “ large scale strike ” in Venezuela, capturing Venezuelan President Nicolas Maduro and his wife. Former Venezuelan leader Nicolás Maduro and his wife were taken to New York , and face federal charges, which he deni by Pierluigi Paganini / 7hSecurity Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter Evasive Panda APT poisons DNS requests to deliver MgBot Spearphishing Campaign Abuses npm Registry to Target U.S. and Allied Manufacturing and Healthcare Organizations EmEditor Supply Chain Incident Details Disclosed: Distribution of Information- by Pierluigi Paganini / 7hA new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. French authorities investigate AI ‘undressing’ deepfakes on X Thousands of ColdFusion exploit attempts spotted during Christmas holiday Two U.S. cyb Trump ordered the divestment of a $2.9M chip deal, citing U.S. national security risks if HieFo retained control of Emcore ’s technology. President Trump ordered the divestment of a $2.9 million chips deal, citing national security risks tied to HieFo Corp.’s control of Emcore ’s chip technology. HieFo (short for High Efficiency Photonics ) is a U.S.-based technology company specializing in the d
Resecurity caught ShinyHunters (SLH) using decoy accounts; the group attacked airlines, telecoms, and law enforcement in Sept 2025. In an interesting development, Resecurity has caught actors known as “ ShinyHunters ” or “ Scattered Lapsus$ Hunters” (SLH) leveraging honeypot (decoy) accounts. The company was one of the first to release a public report detailing the group’s activities in September
In light of the tragic events that have occurred in Venezuela, what is happening to the Internet in the country, and how are users accessing it? Yesterday, the United States launched a “ large scale strike ” in Venezuela, capturing Venezuelan President Nicolas Maduro and his wife. Former Venezuelan leader Nicolás Maduro and his wife were taken to New York , and face federal charges, which he deni
by Pierluigi Paganini / 7h
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter Evasive Panda APT poisons DNS requests to deliver MgBot Spearphishing Campaign Abuses npm Registry to Target U.S. and Allied Manufacturing and Healthcare Organizations EmEditor Supply Chain Incident Details Disclosed: Distribution of Information-
by Pierluigi Paganini / 7h
A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. French authorities investigate AI ‘undressing’ deepfakes on X Thousands of ColdFusion exploit attempts spotted during Christmas holiday Two U.S. cyb
Trump ordered the divestment of a $2.9M chip deal, citing U.S. national security risks if HieFo retained control of Emcore ’s technology. President Trump ordered the divestment of a $2.9 million chips deal, citing national security risks tied to HieFo Corp.’s control of Emcore ’s chip technology. HieFo (short for High Efficiency Photonics ) is a U.S.-based technology company specializing in the d
Yesterday
France will probe AI-generated sexual deepfakes made with Grok on X after hundreds of women and teens reported “undressed” images shared online. French authorities will investigate AI-generated sexually explicit deepfakes created with Grok on X after hundreds of women and teens reported manipulated “undressed” images shared on social media. Grok is an artificial intelligence chatbot developed by IoC > 2 IPs•by Pierluigi Paganini / 1d•4 TTPsGreyNoise observed thousands of attacks targeting about a dozen Adobe ColdFusion vulnerabilities during the Christmas 2025 holiday. GreyNoise reports a coordinated campaign exploiting about a dozen Adobe ColdFusion vulnerabilities, with thousands of attack attempts observed during the Christmas 2025 holiday. “GreyNoise observed a coordinated exploitation campaign targeting Adobe ColdFusion server
France will probe AI-generated sexual deepfakes made with Grok on X after hundreds of women and teens reported “undressed” images shared online. French authorities will investigate AI-generated sexually explicit deepfakes created with Grok on X after hundreds of women and teens reported manipulated “undressed” images shared on social media. Grok is an artificial intelligence chatbot developed by
IoC > 2 IPs
by Pierluigi Paganini / 1d
•4 TTPs
GreyNoise observed thousands of attacks targeting about a dozen Adobe ColdFusion vulnerabilities during the Christmas 2025 holiday. GreyNoise reports a coordinated campaign exploiting about a dozen Adobe ColdFusion vulnerabilities, with thousands of attack attempts observed during the Christmas 2025 holiday. “GreyNoise observed a coordinated exploitation campaign targeting Adobe ColdFusion server
Jan 2, 2026
Two U.S. cybersecurity professionals pleaded guilty to charges tied to their roles in BlackCat/Alphv ransomware attacks. The U.S. cybersecurity professionals Ryan Goldberg and Kevin Martin pleaded guilty to charges tied to their roles in BlackCat/Alphv ransomware attacks that occurred in 2023. Court records show Ryan Goldberg, Kevin Martin, and a co-conspirator deployed ALPHV BlackCat ransomware Covenant Health suffered a ransomware attack by the Qilin group in May 2025, compromising data of over 478,000 individuals. Covenant Health , Inc., based in Andover, Massachusetts, is a healthcare organization that provides medical services and patient care. Covenant Health operates hospitals, clinics, or related healthcare facilities in multiple states, including Massachusetts, Maine, New Hampsh Researchers uncovered a phishing campaign abusing Google Cloud Application Integration to send emails posing as legitimate Google messages. Check Point researchers have revealed a phishing campaign that abuses Google Cloud Application Integration to send emails impersonating legitimate Google messages. The attack uses layered redirection with trusted cloud services, user validation checks, and br by Pierluigi Paganini / 2dIBM disclosed a critical API Connect flaw (CVE-2025-13915, CVSS 9.8) that allows remote access via an authentication bypass. IBM addressed a critical API Connect vulnerability, tracked as CVE-2025-13915 (CVSS score of 9.8) that allows remote access via an authentication bypass. API Connect is IBM’s API management platform. It’s used by organizations to create, secure, manage, publish, and monitor
Two U.S. cybersecurity professionals pleaded guilty to charges tied to their roles in BlackCat/Alphv ransomware attacks. The U.S. cybersecurity professionals Ryan Goldberg and Kevin Martin pleaded guilty to charges tied to their roles in BlackCat/Alphv ransomware attacks that occurred in 2023. Court records show Ryan Goldberg, Kevin Martin, and a co-conspirator deployed ALPHV BlackCat ransomware
Covenant Health suffered a ransomware attack by the Qilin group in May 2025, compromising data of over 478,000 individuals. Covenant Health , Inc., based in Andover, Massachusetts, is a healthcare organization that provides medical services and patient care. Covenant Health operates hospitals, clinics, or related healthcare facilities in multiple states, including Massachusetts, Maine, New Hampsh
Researchers uncovered a phishing campaign abusing Google Cloud Application Integration to send emails posing as legitimate Google messages. Check Point researchers have revealed a phishing campaign that abuses Google Cloud Application Integration to send emails impersonating legitimate Google messages. The attack uses layered redirection with trusted cloud services, user validation checks, and br
by Pierluigi Paganini / 2d
IBM disclosed a critical API Connect flaw (CVE-2025-13915, CVSS 9.8) that allows remote access via an authentication bypass. IBM addressed a critical API Connect vulnerability, tracked as CVE-2025-13915 (CVSS score of 9.8) that allows remote access via an authentication bypass. API Connect is IBM’s API management platform. It’s used by organizations to create, secure, manage, publish, and monitor
Jan 1, 2026
Trust Wallet says a second Shai-Hulud supply-chain attack likely compromised its Chrome extension, leading to the theft of about $8.5M in crypto. Trust Wallet linked a second Shai-Hulud supply-chain attack to its Chrome extension hack, which resulted in the theft of about $8.5 million in crypto assets. The investigation reveals that the attacker independently developed and published a malicious T 7 TTPs•by Pierluigi Paganini / 3dRondoDox botnet exploits the critical React2Shell flaw (CVE-2025-55182) to infect vulnerable Next.js servers with malware and cryptominers. CloudSEK researchers warn that the RondoDox botnet is exploiting the critical React2Shell flaw ( CVE-2025-55182 ) to drop malware and cryptominers on vulnerable Next.js servers. “CloudSEK’s report details a persistent nine-month RondoDoX botnet campaign targe
Trust Wallet says a second Shai-Hulud supply-chain attack likely compromised its Chrome extension, leading to the theft of about $8.5M in crypto. Trust Wallet linked a second Shai-Hulud supply-chain attack to its Chrome extension hack, which resulted in the theft of about $8.5 million in crypto assets. The investigation reveals that the attacker independently developed and published a malicious T
7 TTPs
by Pierluigi Paganini / 3d
RondoDox botnet exploits the critical React2Shell flaw (CVE-2025-55182) to infect vulnerable Next.js servers with malware and cryptominers. CloudSEK researchers warn that the RondoDox botnet is exploiting the critical React2Shell flaw ( CVE-2025-55182 ) to drop malware and cryptominers on vulnerable Next.js servers. “CloudSEK’s report details a persistent nine-month RondoDoX botnet campaign targe
Dec 31, 2025
ESA confirmed a data breach after a hacker offered to sell stolen data, confirming that external science servers were compromised. The European Space Agency (ESA) disclosed a data breach after a threat actor offered to sell data allegedly stolen from the organization. A hacker who goes online with the moniker “888” announced on BreachForums the hack of ESA systems on December 18. SecurityWeek rep Singapore’s CSA warns of CVE-2025-52691, a critical SmarterMail flaw enabling unauthenticated remote code execution via arbitrary file upload. Singapore’s Cyber Security Agency of Singapore (CSA) warns of a maximum severity flaw, tracked as CVE-2025-52691 (CVSS score of 10.0), in SmarterMail. The vulnerability enables unauthenticated remote code execution via arbitrary file upload. “Successful ex
ESA confirmed a data breach after a hacker offered to sell stolen data, confirming that external science servers were compromised. The European Space Agency (ESA) disclosed a data breach after a threat actor offered to sell data allegedly stolen from the organization. A hacker who goes online with the moniker “888” announced on BreachForums the hack of ESA systems on December 18. SecurityWeek rep
Singapore’s CSA warns of CVE-2025-52691, a critical SmarterMail flaw enabling unauthenticated remote code execution via arbitrary file upload. Singapore’s Cyber Security Agency of Singapore (CSA) warns of a maximum severity flaw, tracked as CVE-2025-52691 (CVSS score of 10.0), in SmarterMail. The vulnerability enables unauthenticated remote code execution via arbitrary file upload. “Successful ex
Dec 30, 2025
Lateral Movement (Enterprise TA0008)•by Pierluigi Paganini / 4dMongoBleed (CVE-2025-14847) lets attackers remotely leak memory from unpatched MongoDB servers using zlib compression, without authentication. A critical vulnerability, CVE-2025-14847 ( MongoBleed ), was disclosed right after Christmas, an unwelcome “gift” for the cybersecurity community, impacting MongoDB Server deployments that use zlib network compression. MongoDB is a popular open-source NoSQ
Lateral Movement (Enterprise TA0008)
by Pierluigi Paganini / 4d
MongoBleed (CVE-2025-14847) lets attackers remotely leak memory from unpatched MongoDB servers using zlib compression, without authentication. A critical vulnerability, CVE-2025-14847 ( MongoBleed ), was disclosed right after Christmas, an unwelcome “gift” for the cybersecurity community, impacting MongoDB Server deployments that use zlib network compression. MongoDB is a popular open-source NoSQ
End of feed
- Get link
- X
- Other Apps
Comments
Post a Comment
Please leave a comment about our recent post.