A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box.
Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.
| Multiple Vulnerabilities in GoSign Desktop lead to Remote Code Execution |
| U.S. CISA adds Fortinet FortiWeb flaw to its Known Exploited Vulnerabilities catalog |
| Critical CVE-2025-59367 flaw lets hackers access ASUS DSL routers remotely |
| Millions of sites at risk from Imunify360 critical flaw exploit |
| Critical FortiWeb flaw under attack, allowing complete compromise |
| Germany’s BSI issues guidelines to counter evasion attacks targeting LLMs |
| Washington Post notifies 10,000 individuals affected in Oracle-linked data theft |
| Chrome extension “Safery” steals Ethereum wallet seed phrases |
| A new round of Europol’s Operation Endgame dismantled Rhadamanthys, Venom RAT, and Elysium botnet |
| U.S. CISA adds WatchGuard Firebox, Microsoft Windows, and Gladinet Triofox flaws to its Known Exploited Vulnerabilities catalog |
| Amazon alerts: advanced threat actor exploits Cisco ISE & Citrix NetScaler zero-days |
| Google sues cybercriminal group Smishing Triad |
| New Danabot Windows version appears in the threat landscape after May disruption |
| Australia’s spy chief warns of China-linked threats to critical infrastructure |
| Synology patches critical BeeStation RCE flaw shown at Pwn2Own Ireland 2025 |
| $7.3B crypto laundering: ‘Bitcoin Queen’ sentenced to 11 Years in UK |
| Microsoft Patch Tuesday security updates for November 2025 fixed an actively exploited Windows Kernel bug |
| SAP fixed a maximum severity flaw in SQL Anywhere Monitor |
| Fantasy Hub: Russian-sold Android RAT boasts full device espionage as MaaS |
| North Korea-linked Konni APT used Google Find Hub to erase data and spy on defectors |
| U.S. CISA adds Samsung mobile devices flaw to its Known Exploited Vulnerabilities catalog |
| Critical Triofox bug exploited to run malicious payloads via AV configuration |
| GlassWorm malware has resurfaced on the Open VSX registry |
| Denmark and Norway investigate Yutong bus security flaw amid rising tech fears |
| Agentic AI in Cybersecurity: Beyond Triage to Strategic Threat Hunting |
| Nine NuGet packages disrupt DBs and industrial systems with time-delayed payloads |
| QNAP fixed multiple zero-days in its software demonstrated at Pwn2Own 2025 |
| AI chat privacy at risk: Microsoft details Whisper Leak side-channel attack |
International Press – Newsletter
Cybercrime
Phishing Campaigns “I Paid Twice” Targeting Booking.com Hotels and Customers
Roman Novak, a crypto fraudster, and his wife were killed in the UAE
Yanluowang initial access broker pleaded guilty to ransomware attacks
Man and woman jailed for their roles in multibillion-pound fraudulent Bitcoin scheme
Google sues cybercriminal group behind E-ZPass, USPS text phishing scams
The Great Indonesian TEA Theft: Analyzing a NPM Spam Campaign
End of the game for cybercrime infrastructure: 1025 servers taken down
Thousands of Domains Target Hotel Guests in Massive Phishing Campaign
New Scam Center Strike Force Battles Southeast Asian Crypto Investment Fraud Targeting Americans
Malware
9 Malicious NuGet Packages Deliver Time-Delayed Destructive Payloads
Q3 2025 Ransomware Report
Fantasy Hub: Another Russian Based RAT as M-a-a-S
Unleashing the Kraken ransomware group
Malicious Chrome Extension Exfiltrates Seed Phrases, Enabling Wallet Takeover
Hacking
Whisper Leak: A novel side-channel attack on remote language models
No Place Like Localhost: Unauthenticated Remote Access via Triofox Vulnerability CVE-2025-12480
Dangerous runC flaws could allow hackers to escape Docker containers
CISA Flags Critical WatchGuard Fireware Flaw Exposing 54,000 Fireboxes to No-Login Attacks
Suspected Fortinet zero-day exploited in the wild
Critical Vulnerability in Fortinet FortiWeb Exploited in the Wild
Critical: Remote Code Execution via Malicious Obfuscated Malware in Imunify360 AV (AI-bolit)
Multiple Vulnerabilities in GoSign Desktop leads to Remote Code Execution
Intelligence and Information Warfare
Samsung Spyware Attack — Critical Landfall 0-Day Exploited
Australia Sanctions Hackers Supporting North Korea’s Weapons Program
Top US Army General Says He’s Letting ChatGPT Make Military Decisions
State-Sponsored Remote Wipe Tactics Targeting Android Devices
Why a lot of people are getting hacked with government spyware
It’s time to reckon with the geopolitics of artificial intelligence
Amazon discovers APT exploiting Cisco and Citrix zero-days
Disrupting the first reported AI-orchestrated cyber espionage campaign
Iranian Hackers Launch ‘SpearSpecter’ Spy Operation on Defense & Government Targets
Contagious Interview Actors Now Utilize JSON Storage Services for Malware Delivery
Justice Department Announces Nationwide Actions to Combat Illicit North Korean Government Revenue Generation
Cybersecurity
Fearing vulnerability to China, Europe has a new worry: Electric buses
ENISA Sectorial Threat Landscape – Public Administration
Meta is earning a fortune on a deluge of fraudulent ads, documents show
Drilling Down on Uncle Sam’s Proposed TP-Link Ban
The November 2025 Security Update Review
Firefox expands fingerprint protections: advancing towards a more private web
Evasion Attacks on LLMs – Countermeasures in Practice
Elon Musk’s X botched its security key switchover, locking users out
CISA Updates Guidance on Patching Cisco Devices Targeted in China-Linked Attacks
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
Pierluigi Paganini
(SecurityAffairs – hacking, newsletter)
